-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Tuesday 16 September 2014 at 5:15:12 PM, in
, ved...@nym.hush.com
wrote:
> Does this work on GnuPG 1.4.x ?
> GnuPG (1.4.16) gives me the following error:
> gpg: Invalid option "--faked-system-time"
1.4.18 and 2.0.26 (on Windows) both g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Tuesday 16 September 2014 at 6:16:07 PM, in
, Peter Lebbing wrote:
> By the way, if stuff regularly exceeds the expiration
> date in your home, you should buy smaller portions, not
> throw out more.
Depends on pricing. Where I live, it is
On Wed, 17 Sep 2014 00:38, mailinglis...@hauke-laging.de said:
> several people. I.e. there is no concensus. And the majority of those
> who have commented supports my suggestion.
... and the 2400 other subscribers are having a bag of popcorn while
watching the discussion.
scnr,
Werner
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 9/16/14 3:38 PM, Hauke Laging wrote:
| Am Di 16.09.2014, 12:03:20 schrieb Doug Barton:
|> On 9/16/14 11:53 AM, Hauke Laging wrote:
|>> Am Di 16.09.2014, 10:31:00 schrieb Doug Barton:
|>>> which further highlights that adding options to make
Am Di 16.09.2014, 12:03:20 schrieb Doug Barton:
> On 9/16/14 11:53 AM, Hauke Laging wrote:
> > Am Di 16.09.2014, 10:31:00 schrieb Doug Barton:
> >> which further highlights that adding options to make life
> >> easier for people who don't understand what key expiry means, or
> >> how to manage
On 9/16/14 12:12 PM, Nicholas Cole wrote:
I'll admit that I hadn't actually realised how hard it is to make
GnuPG change the expiry dates of subkeys at the same time as changing
the expiry date of the main key. What is the approved way to do this?
It wasn't *that* hard, just not what I expecte
> However, I can't help but feel angry by your dismissal of my beliefs
I did not dismiss your beliefs, nor did I mock them. When I said "in
deference to Peter's hot-button issue of food expiration," there was no
perjoration or sarcasm attached to that. I said precisely, exactly,
what I meant: in
On Tue, 16 Sep 2014 21:30, ved...@nym.hush.com said:
> As the '--faked-system-time' option is interesting, maybe
> re-implementing it in both 2.x and 1.x might be an easy workaround in
> those cases where a user has forgotten to update an expired key.
No. --faked-system-time is actually a debugg
On 16/09/14 21:15, Robert J. Hansen wrote:
> [shrug] As soon as I let the opinions of other people I've never met
> start weighing heavily on my self-esteem, I'll let you know. Until
> then, I really don't care.
However, I can't help but feel angry by your dismissal of my beliefs and
misrepresen
On 9/16/2014 at 2:56 PM, "Hauke Laging" wrote:
>What I want would make life easier mostly for the contacts of
>those who
>don't manage their keys well.
=
Which is especially reasonable,
since it seems that the option of '--faked-system-time' (which used to work on
earlier versions of Gnu
On 09/16/2014 12:26 PM, Werner Koch wrote:
> On Tue, 16 Sep 2014 16:26, d...@fifthhorseman.net said:
>
>> i've definitely seen people update their primary key's expiration date
>> and fail to update the expiration date of their subkey, so they have a
>> valid cert, but it still can't be used for e
>>> You can't argue that these aren't real users. You can't argue
>>> it's not a real impact. You can only argue that the impact isn't
>>> that big. But that is a long shot from "so hypothetical it's hard
>>> to take seriously". I don't understand where that came from.
>>
>> Sure I can. You weren
I'll admit that I hadn't actually realised how hard it is to make
GnuPG change the expiry dates of subkeys at the same time as changing
the expiry date of the main key. What is the approved way to do this?
N.
___
Gnupg-users mailing list
Gnupg-users@gn
> Furthermore it seems proven to me now that even the elite of the OpenPGP
> users "don't understand what key expiry means".
Or, perhaps, many people are seeing that you do not understand the
meaning of, "don't use this key past this date." You look into the
abyss, the abyss looks into you, and
On 9/16/14 11:53 AM, Hauke Laging wrote:
Am Di 16.09.2014, 10:31:00 schrieb Doug Barton:
which further highlights that adding options to make life
easier for people who don't understand what key expiry means, or
how to manage it properly, is probably not a good idea. :)
What I want would
> Ouch, that's really selective quoting you're doing.
No, I'm using the same verbiage I did before. Quoting myself:
=
"Hauke, this entire argument is what I meant when I talked about gilding
the lily repeatedly. If you can find half a dozen *real users* who are
being *really impacted* by th
Am Di 16.09.2014, 10:31:00 schrieb Doug Barton:
> which further highlights that adding options to make life easier
> for people who don't understand what key expiry means, or how to
> manage it properly, is probably not a good idea. :)
What I want would make life easier mostly for the contac
On 16/09/14 20:41, Robert J. Hansen wrote:
>> Ouch, that's really selective quoting you're doing.
>
> No, I'm using the same verbiage I did before. Quoting myself:
No no no no, let me put that in context for you.
>>> If you can find half a dozen *real users* who are
>>> being *really impacted*
On 16/09/14 16:16, Robert J. Hansen wrote:
>> A bloody shame to throw it away. You really throw out perfectly good food?
>
> As a farm kid, the answer is a resounding "yes, and you should be thanking
> me."
I'm sorry I keep going on, but I have got to get this off my chest. You are
urging me to d
On Tue, 16 Sep 2014 18:06, mailinglis...@hauke-laging.de said:
> And that's the point: For some (strange...) reason it is impossible in
> 1.4.x and 2.0.x to import secret key parts if there are already secret
It is not strange but a well known problem for which there will be no
solution for 2.0
On 9/16/14 10:18 AM, Peter Lebbing wrote:
On 16/09/14 16:41, Werner Koch wrote:
To put this discussion to an end, he may simply do a jump to the left
and put the option --faked-system-time ISODATESTRING on his command
line.
Regardless of whether you personally support or oppose the possibility
On Tue, 16 Sep 2014 16:26, d...@fifthhorseman.net said:
> i've definitely seen people update their primary key's expiration date
> and fail to update the expiration date of their subkey, so they have a
> valid cert, but it still can't be used for encryption. So they have to
There needs to be war
On 16/09/14 16:41, Werner Koch wrote:
> To put this discussion to an end, he may simply do a jump to the left
> and put the option --faked-system-time ISODATESTRING on his command
> line.
Regardless of whether you personally support or oppose the possibility
to override the expiry date, as it's yo
On 16/09/14 16:16, Robert J. Hansen wrote:
> As a farm kid, the answer is a resounding "yes, and you should be
> thanking me."
> American, European and Australian food supplies are the safest in
> the world precisely because we throw away so much good food. Can we
> prove that the food is safe?
On 9/16/14 9:26 AM, Werner Koch wrote:
On Tue, 16 Sep 2014 16:26, d...@fifthhorseman.net said:
i've definitely seen people update their primary key's expiration date
and fail to update the expiration date of their subkey, so they have a
valid cert, but it still can't be used for encryption. So
On 16/09/14 16:31, Robert J. Hansen wrote:
> And how much impact did this really have on you? What was to prevent
> you from using symmetric encryption? It's not as if you don't have a
> secure communication channel with yourself over which a symmetric key
> can be negotiated.
Because I was arch
Huh?
I'm sorry, but that went WAY above my head. :)
OK let me try generating keys w/o passphrase and see if it works.
Thanks.
On 16 September 2014 22:07, Hauke Laging
wrote:
> Am Di 16.09.2014, 20:36:03 schrieb Sam M:
> > --batch cannot be used when generating revocation keys, and
> > --pass
Am Di 16.09.2014, 20:36:03 schrieb Sam M:
> --batch cannot be used when generating revocation keys, and
> --password-file and --password-fd are only usable with --batch.
You can use the "echo ... | gpg ... --command-fd" part you know from my
script in order to delete the passphrase (and add it af
On Tue, 16 Sep 2014 17:44, martin-gnupg-us...@dkyb.de said:
> until". So if an enforced "expiration date" does not make sense, I would
> prefer to rename it to any of the other options and than allow sending
I doubt that it makes sense to add an extra option for a rare corner use
case. There are
On 9/16/2014 at 10:51 AM, "Werner Koch" wrote:
>To put this discussion to an end, he may simply do a jump to the
>left
>and put the option --faked-system-time ISODATESTRING on his command
>line.
=
Does this work on GnuPG 1.4.x ?
GnuPG (1.4.16) gives me the following error:
gpg: Invalid
This is a resent because I accidentally mailed Peter Lebbing directly
without the mailing list.
Allow me to lay to rest all the confusion in this thread.
On Tue, Sep 16, 2014 at 6:45 AM, Peter Lebbing
wrote:
> I wanted to encrypt a document to myself on an offline system[1].
> However, that cop
On 16/09/14 15:08, Sam M wrote:
> Am I doing something wrong?
Not really. But GnuPG currently can't update a secret key; so it listens
the first time you tell it to import, which gets you one subkey. All
subsequent times, it doesn't change what it already has.
It would work if you did this with j
Am Di 16.09.2014, 18:38:42 schrieb Sam M:
> For each of the subkeys of interest, I did the following ("a" being
> the looping variable) -
> --export-secret-subkeys
> This gives me 3 files that I want in a separate keyring (listed below
> with MD5) -
>
> a5fcd3e138a869d03a2b398e180ab729
> A6213
On 9/16/14 6:58 AM, Daniel Kahn Gillmor wrote:
I've been in a situation where i'm sitting with a friend, talking about
a project we're hoping to work on together, and i wanted to send them
confidential information about the project to read later. I know they
have an OpenPGP cert, so i fire up an
Am 16.09.2014 um 16:41 schrieb Werner Koch:
> On Tue, 16 Sep 2014 12:52, martin-gnupg-us...@dkyb.de said:
>
>> In Germany on food products you will find the word "Expiration Date"
>> which literally means: "Don't eat me after that date." But there is a
>
> Actually you find "mindestens haltbar bi
On Tue, Sep 16, 2014 at 03:04:08PM +0100, Nicholas Cole wrote:
> Can anyone explain to me why one would want to continue using a key
> and yet not simply change the expiry date? I really find all of the
> examples being given to be incredibly contrived.
Uhm, are you sure that you really mean to s
--batch cannot be used when generating revocation keys, and --password-file
and --password-fd are only usable with --batch.
On 16 September 2014 20:01, Daniel Kahn Gillmor
wrote:
> On 09/16/2014 08:28 AM, Sam M wrote:
> >
> > This works, but can I automatically provide GPG with a passphrase whic
On Tue, Sep 16, 2014 at 04:01:27PM +0100, Nicholas Cole wrote:
> On Tuesday, 16 September 2014, Peter Pentchev wrote:
>
> > On Tue, Sep 16, 2014 at 03:04:08PM +0100, Nicholas Cole wrote:
> > > Can anyone explain to me why one would want to continue using a key
> > > and yet not simply change the
On Tuesday, 16 September 2014, Peter Pentchev wrote:
> On Tue, Sep 16, 2014 at 03:04:08PM +0100, Nicholas Cole wrote:
> > Can anyone explain to me why one would want to continue using a key
> > and yet not simply change the expiry date? I really find all of the
> > examples being given to be inc
On Tue, 16 Sep 2014 12:52, martin-gnupg-us...@dkyb.de said:
> In Germany on food products you will find the word "Expiration Date"
> which literally means: "Don't eat me after that date." But there is a
Actually you find "mindestens haltbar bis DATE" which literally means
"at least stable/durable
On Mon, 15 Sep 2014 23:53, do...@dougbarton.us said:
>> Actually the sematics of an expired (sub)key may come from the 1999 or
>> so idea of adding features to mitigate the effect of the UK RIP act (or
>> whatever it is called now).
>
> Wow, blast from the past. :) It's not clear to me how you're
> I wanted to encrypt a document to myself on an offline system[1].
> However, that copy of my own key was expired, and it wouldn't do it. I
> was in a bit of a hurry, trying to get things done. Now, I had to get a
> USB drive, start another computer, export my updated key, and import it
> on the o
On 09/16/2014 08:28 AM, Sam M wrote:
>
> This works, but can I automatically provide GPG with a passphrase which it
> asks for at the end?
You probably want to look into the --batch and --passphrase-fd or
--passphrase or --passphrase-file options.
Regards,
--dkg
signature.asc
Descrip
On 09/16/2014 10:04 AM, Nicholas Cole wrote:
> Can anyone explain to me why one would want to continue using a key
> and yet not simply change the expiry date? I really find all of the
> examples being given to be incredibly contrived.
"incredibly contrived" suggests that the people who are repor
> Sure! A week might be a bit much, but if it were 3 or 4 days I'd
> agree.
Yes, and this is reasonable. My example was against what I saw as
Hauke's overly broad "expiration dates don't mean anything except what
you project onto them." No, expiration dates *do* mean something, and
you've agreed
Can anyone explain to me why one would want to continue using a key
and yet not simply change the expiry date? I really find all of the
examples being given to be incredibly contrived. It takes no time at
all these days to change the date and distribute the new key. As I've
said, if the tools to
On 09/16/2014 06:45 AM, Peter Lebbing wrote:
> On 16/09/14 02:12, Robert J. Hansen wrote:
>> If you can find half a dozen *real users* who are being *really
>> impacted* by this, I'd love to hear about them.
>
> I wanted to encrypt a document to myself on an offline system[1].
> However, that copy
I'll try, with the example.
Commands are in Courier bold, output in Courier. My notes are in normal
font.
*gpg2 --expert --no-default-keyring --secret-keyring $seckey --keyring
$pubkey --display-charset utf-8 --command-fd 0 --status-fd 2 --edit
A6213A0EC2D5F16F*
Secret key is available.
pub 4
Hello.
Am trying to generate revocation keys for master/sub keys. But I'm always
asked for a password.
I'm using the following -
touch "revf"
echo "y" >> "revf"
echo "0" >> "revf"
echo "No reason specified" >> "revf"
echo "" >> "revf"
echo "y" >> "revf"
echo >> "revf"
gpg2 --expert --no-default
On 16/09/14 14:08, Sam M wrote:
> Now, when I
> import the three subkeys into the same (non-default) keyring, only one
> is showing up in the key listing or when I try and edit the keys.
Could you define "show up", i.e., could you give an example of you
trying a command and the output it generates
Werner,
Security and encryption is difficult, and users are not usually up to
trying to figure out the details. As long as an external audit tells them
their information is safe, they are happy. They don't want to go into the
details.
I have a particular use case that I have been working on for a
On 16/09/14 12:52, Martin Behrendt wrote:
> But as far as I know, in the US it says "Best before" to avoid that
> confusion and make clear that this product is probably still good, some
> time after that date.
In the Netherlands, we have both. "Expiration" means the food might be
spoiled and you c
Hello.
After generating a master key, I generated 3 subkeys, one for encryption,
one for signing and one for authentication. Now, when I import the three
subkeys into the same (non-default) keyring, only one is showing up in the
key listing or when I try and edit the keys.
Is this normal behaviou
Am 16.09.2014 um 12:13 schrieb Peter Lebbing:
> On 15/09/14 21:56, Robert J. Hansen wrote:
>> From the plain meaning of the word, "expiration."
>>
>> There's a half-finished liter of milk in my fridge that's now a week
>> past its expiration date. (Yes, yes, I'm going to throw it out once
>> I ge
On 16/09/14 02:12, Robert J. Hansen wrote:
> If you can find half a dozen *real users* who are being *really
> impacted* by this, I'd love to hear about them.
I wanted to encrypt a document to myself on an offline system[1].
However, that copy of my own key was expired, and it wouldn't do it. I
wa
On 15/09/14 21:56, Robert J. Hansen wrote:
> From the plain meaning of the word, "expiration."
>
> There's a half-finished liter of milk in my fridge that's now a week
> past its expiration date. (Yes, yes, I'm going to throw it out once
> I get home...)
>
> If you want, feel free to come by.
56 matches
Mail list logo
