Re: Stumped and need some help with agent
On Mon, 18 Jun 2012 02:43, papill...@gmail.com said: Let me ask this: are there any major security implications (aside from sacrificing the security of pinentry) to hacking gpg2 to not use agent? You simply can't use gpg2 without gpg-agent. It is a part of GnuPG and required. Yes, these changes are permanent. gpg-agent is designed to take care of all private key operations. Thus gpg and gpgsm only need to care about public key and the per messages session keys. Modularizing a system in this way is much safer; it is similar to what you do with a smartcard or a HSM. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Stumped and need some help with agent
On Sat, 16 Jun 2012 22:42, papill...@gmail.com said: For some reason, every time I do anything to an encrypted message, I have to re-enter my passphrase. If I open a message, I enter my passphrase, then, when I reply to it, I have to enter it again. And to send that reply? Yep, enter it again! Your gpg-agent is not installed properly. man gpg-agent to see how it is to be started. If there is no gpg-agent it will only be started as needed and then can't act as a passphrase cache. Ubuntu should have handled this for you. We will change gpg-agent in the next version to automagically start itself as a daemon on the first access - this allow to use gpg-agent without any additional system setup. system, renamed the gpa.conf file (just in case) and added the no-use-agent entry to my gpg.conf file with no result. gpg2 ignores this option because gpg-agent is a required part of the GnuPG-2 system. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Stumped and need some help with agent
On 6/17/2012 7:10 AM, Werner Koch wrote: On Sat, 16 Jun 2012 22:42, papill...@gmail.com said: For some reason, every time I do anything to an encrypted message, I have to re-enter my passphrase. If I open a message, I enter my passphrase, then, when I reply to it, I have to enter it again. And to send that reply? Yep, enter it again! Your gpg-agent is not installed properly. man gpg-agent to see how it is to be started. If there is no gpg-agent it will only be started as needed and then can't act as a passphrase cache. Ubuntu should have handled this for you. Wait...you expect me to read the man page? What kind of barbarian are you, anyway?!? lol Just kidding. For some reason, with all my troubleshooting, I never even considered reading the man page. I'll do that and see what I can find. Thank you for the help! We will change gpg-agent in the next version to automagically start itself as a daemon on the first access - this allow to use gpg-agent without any additional system setup. Sounds good. I assume the way it's started now is on an 'as needed' basis? system, renamed the gpa.conf file (just in case) and added the no-use-agent entry to my gpg.conf file with no result. gpg2 ignores this option because gpg-agent is a required part of the GnuPG-2 system. I figured that out while going through some of the posts relating to gpg-agent. Is this a permanent change? I know pinentry is supposed to be a safer way to enter passphrases so I'm assuming that the mandatory use of gpg-agent will continue on into future versions? Let me ask this: are there any major security implications (aside from sacrificing the security of pinentry) to hacking gpg2 to not use agent? I'm not considering doing this as I don't see a real need but I'm curious. Thanks! Anthony ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Stumped and need some help with agent
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello Everyone, I'm having a devil of a time with Ubuntu 11.04 with GnuPG and need a bit of help. This MIGHT be a problem with the Enigmail plugin but I think it's probably something to do with my GnuPG configuration so I'm asking here first. Basically, I have GPG 1.4.11 installed. For some reason, I also have the binary for gpg2 at /usr/bin/gpg2. However, my Enigmail is picking up /usr/bin/gpg so all should be fine (I think). For some reason, every time I do anything to an encrypted message, I have to re-enter my passphrase. If I open a message, I enter my passphrase, then, when I reply to it, I have to enter it again. And to send that reply? Yep, enter it again! Obviously, something is amiss. Can anyone lend me a hand and help me figure this out? I've even gone as far as to rename the gpg2 binary so it couldn't be found by the system, renamed the gpa.conf file (just in case) and added the no-use-agent entry to my gpg.conf file with no result. Help?!? Please! Anthony -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJP3O+yAAoJEE8yDBL3zdVpbT4QAKEC7YGvBbv1s5flFc4qMlXx 4a9RG6cmHNf6P03xBRTwJxo98+RgxIxRSF+62NPRf2X8SPlzKKMgyW++lUX3Qijf aC+zsUANLioAxHlEkcixtepCjFQQGGW9PJwHEEu0AVjY819gvywBVz37CKIQ+VWj PbfjM/0LkVvwLTGRQnJ3v11LIjNBGpiR0Df+47pxp9nvpfl0xKimfqfSe7TwHddx kKWGyUPMCkpHuLXIRycbH637LLe+CV/GwsRxGd2xZUvhSouDPXN30wKsBOyAffeO VxJjoy5EE8JcUflWbJOLhTVZYUCY+gzCmosYugYi0tDgqmLRSVNqUCrL29ltJWnb oZGsffYLincRlY0jwWc4DLCj4Tg8zAmZmtiC1JYqDUAPxVuKaoWX1OV5u3ySmPNo 8Of/UKr4jT9SluHaEVlZP2QaItzxQX4t0/9w8vxmQqaxtaR+D9UqhuVIJd5eaCee t10YLE2Tlus6MYh1IScLpgorKT2TZOa+hmugJ3KlsTLSY/vjDuwdXRxXlqo/RP49 /FXKyMwcx1aHR0xowiKHu1VJpNG+NmyUkK1Gwux185QMyUgmfr0dajfGjZWhin1g MBLZXZB7SPu5zfG4InIJAUE92hb/vsKe9g58bKBc7Tx2N9/+W6aNiNf0uXrq4nsz 7IRG8xa+3NiunLwwox6a =7/5c -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Stumped and need some help with agent
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 16/06/12 21:42, Anthony Papillion wrote: Hello Everyone, I'm having a devil of a time with Ubuntu 11.04 with GnuPG and need a bit of help. This MIGHT be a problem with the Enigmail plugin but I think it's probably something to do with my GnuPG configuration so I'm asking here first. Basically, I have GPG 1.4.11 installed. For some reason, I also have the binary for gpg2 at /usr/bin/gpg2. However, my Enigmail is picking up /usr/bin/gpg so all should be fine (I think). For some reason, every time I do anything to an encrypted message, I have to re-enter my passphrase. If I open a message, I enter my passphrase, then, when I reply to it, I have to enter it again. And to send that reply? Yep, enter it again! Obviously, something is amiss. Can anyone lend me a hand and help me figure this out? I've even gone as far as to rename the gpg2 binary so it couldn't be found by the system, renamed the gpa.conf file (just in case) and added the no-use-agent entry to my gpg.conf file with no result. Help?!? Please! Anthony ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Hello Anthony, In your .gnupg directory you want to edit the file (or create one) gpg-agent.conf and add the lines default-cache-ttl 9000 default-cache-ttl-ssh 1800 You can install the programme GPA and it will under preferences edit it for you. If I recall Ubuntu does not have it so go to ftp://ftp.gnupg.org/gcrypt/gpa// download gpa - you have to ./configure - make - make install. Also make sure gpg-agent's running. David - -- https://linuxcounter.net/user/512854.html - http://gbenet.com/blog - cryptology - for books how-to's - mailing lists and more -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP3QqEAAoJEOJpqm7flRExAFEH+wTSqxeM9z4+yxKHJ55dszfZ f3lBLSZaae1U0Ij21TY4pAa1kEW9y0bSMZwcAwFijmmj2ACiK26+jDinA9A/9zO7 I5XOCLyzyaCKSL73CEh/zoySII/u5KBHJbCA8lDY2dmbRBCYbXwYwj59D6cnmPDW 6/le/wy/mQrweymo63sSDLQ6HrhdcOhYMDp6hHCZNYbc2w6tCtSh00KI99WvVk7l ZC6sDm/x3PAZL7EeRR7i+78xrMzGCBQHjoSIOfzHaYsrdaMJPEVOtJrUZScu3ojQ iLAg8Oi4UynznDJJxzBZ/mDtcJyR+FlRtF4TGSSDL5/x2A7ZUggc0nsY3b9SQwE= =YD/g -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Stumped and need some help with agent
On 06/16/2012 05:37 PM, da...@gbenet.com wrote: On 16/06/12 21:42, Anthony Papillion wrote: Hello Everyone, Can anyone lend me a hand and help me figure this out? I've even gone as far as to rename the gpg2 binary so it couldn't be found by the system, renamed the gpa.conf file (just in case) and added the no-use-agent entry to my gpg.conf file with no result. Hello Anthony, In your .gnupg directory you want to edit the file (or create one) gpg-agent.conf and add the lines default-cache-ttl 9000 default-cache-ttl-ssh 1800 You can install the programme GPA and it will under preferences edit it for you. If I recall Ubuntu does not have it so go to ftp://ftp.gnupg.org/gcrypt/gpa// download gpa - you have to ./configure - make - make install. Also make sure gpg-agent's running. Hi David, Thank you for the help! So I went ahead and I downloaded gpa (thankfully, I didn't need to compile it. It was in my distro's repository) and installed it. I made the changes to the .conf file as suggested. When I typed 'which gpg-agent' to make sure I had agent installed it told me it was in /usr/bin/gpg-agent. When I executed it, I get the message 'gpg-agent is installed and running'. Everything looks fine. Then... When I look in my process list, I don't see gpg-agent. And when I go to Thunderbird and try to access encrypted messages, I still get Enigmail's passphrase manager instead of pinentry. Note that I've told Enigmail to use gpg-agent instead of its own manager but that makes no difference. The problem of having to enter my passphrase at every step continues. Does this look more like a problem with Enigmail than GnuPG? Understand, I am not using GPG2 but rather 1.4.11. However, it looks like I have gpg2 installed (/usr/bin/gpg2). Any other suggestions? Thanks, Anthony ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users