Re: gpg-agent 2.1 persistent socket between sessions

Ok great enabling lingering works, i don't know why but on previous Ubuntu version lingering is not enabled but the /run/user/PID folder was not cleaned... Thanks ! - Original Message - From: "Kostis Anagnostopoulos" To: "Laurent Lavaud" Cc: "GNUPG-Users" Sent: Wednesday, October 25,

gpg 2.2.x devuan jessie no TOFU TLS

cannot work this out installed sqlite3 and gnutls available packages and -dev packages anybody confirm a working devuan jessie 2.2.x install and care to explain ? many thank yous -- -- GnuPG v2.2.1 has been configured as follows: Revision: 355ca9e (1

Verify that the file is from who I expect it to be from

Hi all maybe I'm missing something, but how do I verify not only that an encrypted file is signed, but that it is signed by the party I expect to have signed it? In other words, if two parties can supply a file with the same name I want to make sure that when I think I'm dealing with a file from p

Re: Verify that the file is from who I expect it to be from

> maybe I'm missing something, but how do I verify not only that an > encrypted file is signed, but that it is signed by the party I expect to > have signed it? Look for output like: = Signature made 10/26/17 22:01:37 Eastern Daylight Time using RSA key CC11BE7CBBED77B120F37B01

gpg 2.2.x devuan jessie no TOFU TLS

Forwarded Message Subject: gpg 2.2.x devuan jessie no TOFU TLS Date: Fri, 27 Oct 2017 01:00:36 +1100 From: Fulano Diego Perez To: GnuPG Users , d...@lists.dyne.org cannot work this out installed sqlite3 and gnutls available packages and -dev packages anybody confirm a work

Re: Verify that the file is from who I expect it to be from

You need to verify the key that signed it. A valid signature means nothing. A malicious actor could sign any message or days with a valid, verifiable key and send it to you. The heart of the matter is the key that signed it. Gnupg tells you which key signed the data, usually by long key ID IIRC.

Re: Verify that the file is from who I expect it to be from

Thanks - I get the line saying "good signature" i n my message, but are you saying that I have to grep the output for the message and the email address of the encryptor? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/lis

Re: Verify that the file is from who I expect it to be from

Yes - that's what my OP meant - Verifying the key. But I'm hoping to avoid greping the output. What I'd love to do is provide the key I want verified and for GnuPG to confirm e.g. something like the following would be fab: gpg2 --verify-sign On 27 October 2017 at 15:08, Antony Prince wrote:

Re: Verify that the file is from who I expect it to be from

On 10/26/2017 11:01 PM, Dan Horne wrote: > Yes - that's what my OP meant - Verifying the key. But I'm hoping to > avoid greping the output. What I'd love to do is provide the key I want > verified and for GnuPG to confirm e.g. something like the following > would be fab: > > gpg2 --verify-sign

Re: gpg 2.2.x devuan jessie no TOFU TLS

On Fri 2017-10-27 01:00:36 +1100, Fulano Diego Perez wrote: > cannot work this out > > installed sqlite3 and gnutls available packages and -dev packages what versions of these packages did you install? can you provide more explicit details? the debian packages build fine on stretch and later, bu