This is mostly a wishlist comment, I guess:
It would be great if gnupg would look at all information (keys)
available to it before deciding whether it could perform a given operation.
For example, using my key:
$ gpg --secret-keyring /media/disk/.gnupg/secring.gpg --list-secret-keys
Werner Koch wrote:
I am pretty sure that this is a problem of the distribution. The most
common problem is that pcscd has been started and thus gained
exclusive access to the reader.
I'd agree, except that mine is now prompting, and accepting input from
the keyboard, for the PIN. That's a
Michael Parker wrote:
Hi,
I tried to setup an external smartcard reader with a pinpad and on gentoo I
don't get it to work.
On an ubuntu-installation the pin isn't enterd by the external pinpad but by
the regualar keyboard and that works fine.
On gentoo I'm asked to enter the pin
Peter S. May wrote:
I would think that it's important for keyservers to widely distribute
the revocation certificates of revoked signatures.
Agreed. But it's not important to distribute signatures that have been
revoked.
If the keyservers
simply omitted revoked signatures from search
Alex L. Mauer wrote:
Is it possible to revoke keys that have been stored on a smart card? It
seems to me that it is not. Am I correct, or do I just need to do
something other than revkey?
Oh right ... my bad on that one (it helps to have the secret key for the
primary key on the keyring
Atom Smasher wrote:
does anyone know if this is true?
http://www.chromance.de/wtf/lol.htm
if it is...
It's not.
See http://www.dansdata.com/keyghost.htm for the source of the images,
and If you do a search for dept. of homeland security's logo, it is a
blue colour circular logo with an
Werner Koch wrote:
The only thing a malicious host can do is to lock the card (by sending
several times a wrong PIN) and to trick you into signing or decrypting
data.
This just made me think.
Wouldn't it thus be trivial [for a malicious host] to destroy a smart
card (by sending the wrong
Jan Niehusmann wrote:
I wondered if the card couldn't just erase itself completly when the
wrong Admin-PIN is entered three times. This would at least save the
card itself, which is worth some euros. But OTOH, just locking the card
is probably easier to implement in a safe way (it's an atomic
Francis Gulotta wrote:
How do we know it's really yours or that you are really you? I'll accept
that this message was signed with it, but by signing you key it means I
have no doubt that it really does indeed belong to Dan Mundy. And I've
nver met him.
I know this is rather controversial, but
Florian Weimer wrote:
* Sean C.:
The I.B.M. software would convert data on a person into a string of seemingly
random characters, using a technique known as a one-way hash function. No
names, addresses or Social Security numbers, for example, would be embedded
within the character string.
When GPG is set to use the gpg-agent but the gpg-agent is not available
(error message gpg-agent is not available in this session or can't
connect to `/path/to/non-existent-pipe': No such file or directory), it
produces a fatal error code of 2 even if the passphrase is successfully
entered at the
11 matches
Mail list logo