What are key helpers?

Hello mailing list members, In the option desription of --exec-path and in some descriptions of other options as well I can read of "Key helpers". What kind of program is a key helpers? Are key helpers part of the GnuPG suite oder are they external programs? Does anybody know some examples and for

Re: A problem in the web of trust model or a gnupg bug?

On 25/02/16 00:45, Daniel Kahn Gillmor wrote: > so the reason for revocation should affect whether signatures made > before the revocation are worthy of consideration. Ah, thanks for the rectification! Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me e

Re: Possible values for --compress-level and --bzip2-compress-level

On 24/02/16 15:11, Josef Carnap wrote: > I have a question to the options --compress-level and > --bzip2-compress-level. Which are the supportet (possible) > values of each of the options? -- Numbers from 0 up to 6? The canonical way to use the BZIP2 algorithm on Linux is through the bzip2 program

Re: Problem compiling 2.0.29

On 24/02/16 22:45, Anthony Papillion wrote: > ../../g10/gpg2: error while loading shared libraries: libgcrypt.so.20: > cannot open shared object file: No such file or directory Where did you install the library? Is that path in /etc/ld.so.conf? Perhaps you need to run # ldconfig to update the l

Re: FAQ maintenance

Le 2016-02-03 21:12, Robert J. Hansen a écrit : > Time for my semi-regular FAQ perusing and updating. I plan on updating > the FAQ to include a link to the FSF's email security guide, but that > seems like such an unobjectionable change I'm not going to kick it > around the list for pre-approval.

Re: FAQ maintenance

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 02/05/2016 01:34 PM, Robert J. Hansen wrote: >> If somebody can create a long-keyID-collision... > > That seems to be a big 'if' right now. Short collisions are easy; > long ones are nontrivial. Or did I miss something? https://www.ietf.org/ma

Re: status of ed25519 draft

On Wed, 24 Feb 2016 18:31, br...@minton.name said: > The next draft is due soon. How long does it usually take the IETF to > ratify a draft RFC? There won't be an RFC for that I-D. Instead it will hopefully be part of rfc-4880bis (the updated OpenPGP specs which is in the works). Given that the

Re: A problem in the web of trust model or a gnupg bug?

On Thu, 25 Feb 2016 00:45, d...@fifthhorseman.net said: > according to https://tools.ietf.org/html/rfc4880#section-5.2.3.23 : > >If a key has been revoked because of a compromise, all signatures >created by that key are suspect. However, if it was merely >superseded or retired, old si

Re: Decrypt without importing key to keyring

On Wed, 24 Feb 2016 11:34, thecisso...@hotmail.fr said: > Hi, is there a way to use a private key (PGP) to decrypt a message > without adding it to the keyring. I don't want the private key to be No there is no such way, You may however delete the key after use. gpgsm has a concept of ephemeral k

Re: FAQ maintenance

(If this feels like droning on to you, just stop reading and go do something fun!) On 2016-02-25 14:25, Kristian Fiskerstrand wrote: Now, the real question discussed here though isn't really collission but preimage attack, that is a different story and far more difficult :) Thanks for the li

Single GPG key and multiple yubikeys

So I have a single gpg key for work with 3 sub keys. I have copied it to a yubikey nano just fine. Removed the yubi and removed my gpg key and then reimported the gpg key and inserted yubikey number two and did keytocard again for the second yubikey. When ever I do ssh -l git github.com gpg-a

Re: Single GPG key and multiple yubikeys

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 02/25/2016 02:38 PM, Richard Genthner wrote: > So I have a single gpg key for work with 3 sub keys. I have copied > it to a yubikey nano just fine. Removed the yubi and removed my gpg > key and then reimported the gpg key and inserted yubikey numb

Re: FAQ maintenance

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 02/25/2016 02:38 PM, Peter Lebbing wrote: > (If this feels like droning on to you, just stop reading and go do > something fun!) > > On 2016-02-25 14:25, Kristian Fiskerstrand wrote: >> Now, the real question discussed here though isn't really >

Re: Single GPG key and multiple yubikeys

How do I delete the stubs with out deleting key? and when I do gpg --card-status never updates the application id. Kristian Fiskerstrand February 25, 2016 at 9:48 AM -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Delete the stubs and do gpg

Re: FAQ maintenance

On 2016-02-25 15:50, Kristian Fiskerstrand wrote: (in particular in cases where action from yourself is required, default key for signing etc). I agree. Note that the discussed case, encrypt-to, silently encrypts to unvalidated keys that happen to be on a keyring. Just pick any key on your ke

Re: Single GPG key and multiple yubikeys

On 2016-02-25 15:44, Richard Genthner wrote: How do I delete the stubs with out deleting key? and when I do gpg --card-status never updates the application id. gpg --delete-secret-keys XXX But don't do this when your primary key is on-disk, only do this when all your secret key material is st

Re: Single GPG key and multiple yubikeys

Yeah, what I'm hoping to do is be able to carry my card with me and jump on a terminal while traveling and sign and login to things. Peter Lebbing February 25, 2016 at 9:56 AM gpg --delete-secret-keys XXX But don't do this when your primary key is on-disk, on

Specify UID for --sign-key

hello gnupg-users, is it possible to specifiy the uid for --sign-key (so i don't have to go through the gpg --edit dialog)? i tried using =Name or just as described on [0], but i always get asked if i want to sign all the uids and then i have to say no and choose the one i specified... thanks &

Re: FAQ maintenance

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 02/25/2016 03:54 PM, Peter Lebbing wrote: > On 2016-02-25 15:50, Kristian Fiskerstrand wrote: >> (in particular in cases where action from yourself is required, >> default key for signing etc). > > I agree. Note that the discussed case, encrypt-t

Re: FAQ maintenance

On 25/02/16 19:11, Robert J. Hansen wrote: > If an attacker can control your gpg.conf file, there are so many worse > things to do that it's hard for me to take this seriously. I never, ever, once, argued the opposite. I sure hope you're not implying I am, or that Kristian is. If you recall, I tal

Re: FAQ maintenance

> Yeah, the no validation mode of encrypt-to really does call for > prudence in this specific case If an attacker can control your gpg.conf file, there are so many worse things to do that it's hard for me to take this seriously. ___ Gnupg-users mailing

Re: Possible values for --compress-level and --bzip2-compress-level

On Feb 24, 2016, at 9:11 AM, Josef Carnap wrote: > > Hello everyone, > > I have a question to the options --compress-level and > --bzip2-compress-level. Which are the supportet (possible) > values of each of the options? -- Numbers from 0 up to 6? 1 through 9, with 1 being the least compression

Re: FAQ maintenance

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 02/05/2016 12:23 PM, Peter Lebbing wrote: > Furthermore, I think a reasonably often asked question is "Why > can't I provide the password in a pipe to GnuPG anymore?". Old 1.4 > allowed this, but 2.0 is incapable of it and 2.1 needs a loopback >

Re: FAQ maintenance

On 25/02/16 20:24, Kristian Fiskerstrand wrote: > 2.0 supports --batch --passphrase-fd 0 Oh! I must have mixed up some things. Thanks for the rectification! I think perhaps I was thinking of entering a smartcard PIN, for which you do need a loopback pinentry (right??), and which was impossible t

Re: FAQ maintenance

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 02/25/2016 08:30 PM, Peter Lebbing wrote: > On 25/02/16 20:24, Kristian Fiskerstrand wrote: >> 2.0 supports --batch --passphrase-fd 0 > > Oh! I must have mixed up some things. > > Thanks for the rectification! > > I think perhaps I was thinking

cipher used when both --encrypt and --symmetric is specified

I am looking for some help to figure out what cipher is used for symmetric encryption when both pass phrase and public keys are used. I have configured my gpg.conf with my preferred cipher algorithms as follows: personal-cipher-preferences AES256 TWOFISH CAMELLIA256 AES192 CAMELLIA192 AES CAST5 CAM

Re: FAQ maintenance

On 02/25/2016 06:50 AM, Kristian Fiskerstrand wrote: On 02/25/2016 02:38 PM, Peter Lebbing wrote: (If this feels like droning on to you, just stop reading and go do something fun!) On 2016-02-25 14:25, Kristian Fiskerstrand wrote: Now, the real question discussed here though isn't really col

Re: FAQ maintenance

On Thu 2016-02-25 09:50:57 -0500, Kristian Fiskerstrand wrote: > Well, it depends. Sure, should always use full fingerprint for > certificate validation etc, no question asked. But the internal keyid > and the packet structure use 64 bit keyid as identifier I consider it a bug that GnuPG uses th

Re: Specify UID for --sign-key

Hi Muri-- On Thu 2016-02-25 18:59:53 +0100, Muri Nicanor wrote: > is it possible to specifiy the uid for --sign-key (so i don't have to go > through the gpg --edit dialog)? i tried using > =Name > or just > > as described on [0], but i always get asked if i want to sign all the > uids and then