On Sunday, 9 April 2023 20:13:46 BST John Scott via Gnupg-users wrote:
> You're a genius!
Hardly. :D
> I actually had a hard time getting Scute 1.7.0 to compile, so I built it from
> Git instead
If you have some time to spare I’d be interested to know which problem(s) you
ran into when trying
Hi,
On Sunday, 9 April 2023 03:35:18 BST John Scott via Gnupg-users wrote:
> Note that GnuPG 2.3 is not available in Debian, not even in Debian
> experimental yet, but as soon as the packagers provide it I will give it a
> try. Perhaps I'll install GnuPG 2.3 myself in /usr/local
Note also that
Hi,
On Friday, 18 November 2022 02:35:24 GMT Michaela Tilson via Gnupg-users wrote:
> I'm looking forward to updated advice from security experts on this. What is
> the safest/most reliable way to get GnuPG as a command line application on
> macOS?
Not pretending to be any kind of security expe
Hi,
On Sunday, 20 November 2022 04:59:32 GMT John Scott via Gnupg-users wrote:
> I'd like to try writing a program for my libreCMC router that feeds the
> Linux entropy pool with data from the token's true RNG.
FYI, I wrote a similar program a few years ago: scdrand [1]. It uses
Scdaemon’s RANDOM
Hi
On Friday, 23 September 2022 12:01:18 BST Tsilimigkras Athanasios wrote:
> MY QUESTION: is there any way of changing the settings on GPGv2.2.4 to allow
> this environment variable to be set and therefore allow passwords to be
> cached as in earlier versions?
No. But if you are using other pro
On Wednesday, 7 September 2022 23:09:54 BST Robert J. Hansen via Gnupg-users
wrote:
> Does anyone know what happened to PGP?
It is *supposedly* still available from Broadcom, under the name “Symantec
Desktop Email Protection” [1].
How you can *actually* get it is another question. My understandi
On Wednesday, 22 June 2022 17:34:45 BST theaetetos--- via Gnupg-users wrote:
> unset SSH_AGENT_PID
> if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
> export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
> fi
>
> I don't understand the condition being checked, but I gather the whole
>
On Tuesday, 15 February 2022 20:32:50 GMT Dan Mahoney (Gushi) via Gnupg-users
wrote:
> Worse still, if you know a key exists via something like DANE (dayjob
> makes DNS software, we like the idea of it being available via DANE),
> there's no way to do gpg --search via DANE, only via a keyserver.
>
Hi,
On Mon, Nov 08, 2021 at 02:45:53PM +1000, Stuart Longland via Gnupg-users wrote:
The HTTP request I need to perform is this one:
https://www.vaultproject.io/docs/auth/cert#via-the-api
I tried using Firefox, it can see the certificate presented by `scute`,
but it seems Vault isn't designed t
Hi,
On Fri, Oct 29, 2021 at 04:04:11PM +0200, Romain LT via Gnupg-users wrote:
dirmngr.conf :
configuration for dirmngr (keyserver access)
Dirmngr is also used for fetching the Certificate Revocation Lists
(CRLs), if you’re using GpgSM (the X.509/SMIME part of GnuPG).
crls.d/DIR.t
On Tue, May 11, 2021 at 02:03:21PM +, mailinglis...@posteo.de wrote:
I´m not that familiar with the TPM in general
Me neither.
is the TPM owner (and SRK) password safe against brute force attacks?
Or do you need a complex password for the TPM?
My understanding is that the TPM offers th
Hi,
On Sun, May 09, 2021 at 10:00:25AM +, mailinglisten--- via Gnupg-users
wrote:
I wasn´t aware the TPM has that much space, does the TPM hold really a
complete key? Does it make sense to use ECC keys to save space on the TPM?
Keys are actually not stored *in* the TPM. When you use the `
Hi,
On Sun, Apr 11, 2021 at 10:07:08PM +0200, karel-v_g--- via Gnupg-users wrote:
Another question: why donˋt you use GCM as a possible mode for AEAD?
This kind of questions should rather go to the IETF OpenPGP mailing list
[1], where the OpenPGP format iself (not its implementations) is
dis
rprint = 4FA2 0823 62FE 73AD 03B8 8830 A8DC 7067 E25F BABB
uid Damien Goutte-Gattat
pub ed25519 3030-08-24 [SC] [expires: 2030-06-30]
Key fingerprint = 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
uid Werner Koch (dist signing key 2020)
The first of those keys is available via a WKD
On Sun, Jan 17, 2021 at 06:53:29PM +0100, Erich Eckner via Gnupg-users wrote:
And I assume, it's non-trivial or even impossible to start proper DNS
queries (for a SRV record) from within JS?
Apparently not, at least that what folks on the IETF openpgp mailing
lists said when the issue had been
On Tue, Jan 12, 2021 at 09:25:15AM +0100, Stefan Claas via Gnupg-users
wrote:
It would be nice to know why the advanced method was added.
To give more flexibility for people setting up a WKD for more than one
domain.
Let’s say that I manage example.org and example.net, and I want to serve
k
On Mon, Jul 27, 2020 at 10:00:07PM +0200, Stefan Claas wrote:
For testing my new Nitrokey I have just install Enigmail for
Thunderbird on a fresh Ubuntu system and when clicking on
a signed message from a friend, which has properly set-up
WKD Thunderbird/Enigmail can not fetch the pub key. :-(
On Sat, May 23, 2020 at 09:35:54PM -0700, Mark wrote:
I'm sure this is a pretty stupid question
No, it’s not.
I'm trying to figure out which files I need to backup to safeguard my
keys.
I’m assuming you are using GnuPG 2.2 on Windows here (based on your
User-Agent).
Everything that need
On Sat, May 16, 2020 at 04:28:58PM -0400, Robert J. Hansen wrote:
With judicious use of the various -clean options, the key spamming bug
is effectively dead...
I’d like to point out that the options you are referring to are actually
enabled by default nowadays (since 2.2.17). So from an user’s
On Wed, May 13, 2020 at 10:02:14AM +0200, Sylvain Besençon via Gnupg-users
wrote:
RJH's answer sounds like a good piece of advice, but still, at the end,
we HAVE to to choose which algorithm to use when creating new key
pairs.
No you don’t.
You can simply use `gpg --gen-key` and let GnuPG cr
On Fri, May 08, 2020 at 12:49:03PM +0200, Grzegorz Kulewski wrote:
Does anybody here have Curve25519 enabled Yubikey and did/could do such
benchmarks?
I have the following tokens:
* a Yubikey NEO with a RSA-2048 key;
* a Yubikey 5 with a Ed25519 key;
* a FST-01G/Gnuk token with a Ed25519 key.
On Wed, Feb 05, 2020 at 03:59:01PM -0700, Mark wrote:
Is there anyway to revoke an OLD LOST PGP key? I no longer have either
the public or private keys but can find the KeyID. I'm guessing not but
figured I'd ask just in case.
The revocation certificate needs to be signed by the private key, so
On Fri, Jan 31, 2020 at 12:55:05AM +0100, mailing list wrote:
I hoped these objects may have been (read) protected by the PIN, but
they´re world readable if you have the card, a bit sad...
Only Private DOs #1 and #2 are readable without any PIN. Reading the
private DO #3 requires the user PIN,
On Fri, Jan 31, 2020 at 12:39:11AM +0100, mailing list wrote:
By the way, is mcl3 the length of the key currently living on the
smartcard or the maximum key length supported by this card?
Neither of those. It's the maximum length of the "Cardholder certificate
DO". This is another data object
Hi,
On Thu, Jan 30, 2020 at 11:24:54PM +0100, mailing list via Gnupg-users wrote:
How do you write to these objects? Can GnuPG do this? I didn´t found
any way with --card-edit or --card-status.
You can use the (undocumented) command "privatedo" from GnuPG's
--card-edit menu. For example, to w
On Mon, Jan 06, 2020 at 04:42:40PM +0100, azbigd...@gmx.com wrote:
I'm still a bit confused on the changes in secring. How does it come up
with the names for those "new" keys as it doesn't seem to corrolate
with anything I can see on the keys.
Files under the $GNUPGHOME/private-keys-v1.d direct
On Sat, Dec 14, 2019 at 08:05:04PM -0500, Dave via Gnupg-users wrote:
I can’t recall encountering any similar complaints about OpenSSL. I
find this somewhat curious, and am wondering if there are OpenSSL
detractors out there that I simply haven’t come across
OpenSSL definitely has its detracto
On Sat, Dec 14, 2019 at 11:18:32PM +0100, Defiant wrote:
Hey, I recall back in the days there were lots of online tutorials about
how to strengthen your GnuPG configuration.
I don’t know which tutorials exactly you’re referring to, but I have
seen several of them myself, and I have always had
On Sun, Dec 08, 2019 at 10:48:47AM -0700, Joseph Bruni via Gnupg-users wrote:
I recall from the early days of PGP that there was a way to create a
corporate key, fragmented into a certain number of potions, which would
require some quorum to be able to perform decryption. [...] Is this
still po
Hi,
On Sun, Oct 27, 2019 at 08:25:10PM +0100, Stefan Claas via Gnupg-users wrote:
Can you please, or somebody else, explain in laymen terms why this is
so?
Simply put, gpg and openssl enc don’t use the same file formats.
Different formats may encode the same data differently, so you can’t
e
Hi,
On Tue, Oct 15, 2019 at 03:17:58PM -0400, Robert J. Hansen wrote:
... Those were the high-priority changes that needed to be made. If
anyone has other suggestions, speak up: I'm listening. :)
A while ago (I can’t find the e-mail anymore) I suggested a few changes
that somehow didn’t fin
On Sat, Oct 12, 2019 at 08:07:58AM -0400, Mark H. Wood wrote:
Humph, I was already grumpy about Mozilla products' insistence on
having their own insular X.509 store, meaning that I have to install
certificates twice (once for Firefox, again for *everything else*.)
Slightly off-topic for this li
On Tue, Sep 17, 2019 at 06:59:34PM +0200, Stefan Claas via Gnupg-users wrote:
I assume that in order to decrypt a message the secret key data must be
unlocked and loaded for a very short time into the computers RAM, in order
to perform the decryption
No. The secret key data remains on the smart
Hi,
On Mon, Sep 16, 2019 at 11:29:19AM +0200, Daniel Bossert wrote:
I need recommendations:
- Which version of software shall I install?
The latest version available for your system, which should in any case
be a version from the 2.2 branch. (If your system is Windows, that would
be Gpg4Win
rg/ftp/gcrypt/scute/scute-1.6.0.tar.bz2
https://gnupg.org/ftp/gcrypt/scute/scute-1.6.0.tar.bz2.sig
Signing key
===
The tarball is signed by the maintainer's key:
rsa4096 2014-03-14
Key fingerprint = 4FA2 0823 62FE 73AD 03B8 8830 A8DC 7067 E25F BABB
Damien Goutte-Gattat
Hi,
On Fri, Jun 14, 2019 at 10:12:51AM +0200, Oscar Carlsson via Gnupg-users wrote:
I'm generally curious on your opinions on the latest new keyserver,
this time running a new software than the normal keyservers.
For what it's worth, my main concern is that it is a centralized
service.
This
On Sun, May 26, 2019 at 11:30:18PM -0700, Procopius via Gnupg-users wrote:
What is the encryption engine for the current GnuPG.
There’s no single symmetric encryption algorithm. OpenPGP allows a set
of algorithms: 3DES, IDEA, CAST5, AES, Blowfish, Twofish, and Camellia
[1,2]. GnuPG supports a
Hi,
On Sun, Mar 10, 2019 at 01:25:41AM -0500, Konstantin Boyandin wrote:
> Question: how do I keep several GnuPG versions installed, every
> version with its own gpg-agent?
A Gpg-agent is tied to a specific home directory (as specified in the
GNUPGHOME environment variable or through the --homedi
On Wed, Jan 09, 2019 at 11:29:06PM +0100, dirk1980ac via Gnupg-users wrote:
> > I only wanted to know why such a large image size in the first
> > place was chosen, when GnuPG suggest a much much smaller
> > size. :-)
>
> I think the 16M are from times, where RAM was nbot measured in GB.
Not quit
Hi,
On Wed, Jan 02, 2019 at 04:02:03PM +1100, gn...@raf.org wrote:
> For some dumb reason I think I was hoping that the RSA
> algorithm wasn't really used to encrypt all the data. I
> thought it was probably used to encrypt a per-file
> randomly-generated symmetric key which was then used to
> enc
On Mon, Dec 31, 2018 at 07:17:21AM +0100, Dirk Gottschalk via Gnupg-users wrote:
> Yes, that's correct. Anyways, I prefer using the --hidden-recipient for
> this purpose. That prevents the disclosure of the communication paths
> with pure GPG-Packet analysis.
You do realize that, in the case of e-
On Tue, Dec 11, 2018 at 12:35:57PM +0100, Alessandro Vesely wrote:
> Is it possible to get OpenPGP functionality on one of those
> contactless cards?
I know of at least one NFC-enabled OpenPGP card, the "Fidesmo
Card" [1].
I never tested it, but from what I remember when I delved into
their site,
On Mon, Dec 10, 2018 at 02:25:08PM +0100, Wiktor Kwapisiewicz via Gnupg-users
wrote:
> On 09.12.2018 20:48, Stefan Claas wrote:
> > Mind you in the 90's PGP key servers accepted also email and Usenet
> > submissions, if i remember correctly. The keyword was then simple
> > the word "add" in the su
Hi GnuPG folks,
The current version of the FAQ recommends creating a revocation
certificate at several places.
§ 7.17
"We recommend you create a revocation certificate immediately
after generating a new GnuPG certificate."
§ 8.5
"What should I do after making my certificate?
Genera
Hi,
First, a warning: I am by no means a "security expert" and I have
very little experience with Mac OS X, which I only use at my
workplace (and only because my employer didn't let me use a
GNU/Linux workstation...).
However and for what it's worth:
On Tue, Nov 06, 2018 at 06:48:07AM -0500, Nic
On Mon, Nov 05, 2018 at 09:30:48PM +0200, Viktor wrote:
> Because of Google or because of "only one user ID" ?
Both, even though the requirement of using only one user ID would
be more acceptable if the address did not have to be associated
with a Google account.
Damien
signature.asc
Descriptio
Hi,
On Mon, Nov 05, 2018 at 05:13:41PM +0100, Juergen Bruckner wrote:
> I just tried to register with a key who has several user-ID's
> (e-mail-adresses) and I always got the error that the user-ID is not the
> same as in log-in/registered e-mail.
From what they say on the home page [1] this is e
On 08/24/2018 07:47 AM, Martin T wrote:
> One more small question- in the output of "gpg --list-keys" or "gpg
> --list-secret-keys" I see two keys, but in the output of
> "gpg-connect-agent 'keyinfo --list' /bye" or "ls
> ~/.gnupg/private-keys-v1.d/" I see four keys with different hashes.
> Why is
Hi,
On 08/23/2018 10:54 AM, Martin T wrote:
> When I start the "gpg --list-secret-keys" with "strace -e open",
> then ~/.gnupg/secring.gpg file is not searched.
GnuPG >= 2.1 does not use ~/.gnupg/secring.gpg anymore. Secret keys are
now stored in the ~/.gnupg/private-keys-v1.d folder (one file pe
On 08/14/2018 12:05 PM, Ralph Corderoy wrote:
> That was my conclusion after having searched a bit this morning,
> but I didn't notice it explicitly documented?
Maybe not in GnuPG's manual, but it is explicitly documented in the
specification of the OpenPGP format (RFC 4880, §12.2 [1]):
> A [V4]
On 08/14/2018 05:20 AM, Damian Rivas wrote:
> Is there a reason why the fingerprints for my public and private keys are
> exactly the same?
Actually there's no such thing as a private key fingerprint.
Fingerprints are only calculated on public keys.
(Theoretically you *could* compute a fingerprin
Hi,
On 06/11/2018 09:30 AM, Max-Julian Pogner wrote:
> *) should i revoke the uid on the old key? => However, as far as i
> know, the secret key is not / was never compromised.
This is probably the best option in my opinion, since you will no longer
use that key with this email address.
Revokin
On 06/06/2018 08:50 PM, Philipp Klaus Krause wrote:
> See https://www.aisec.fraunhofer.de/en/FirmwareProtection.html for
> some research on breaking STM32 readout protection published in
> January.
For what it's worth, STMicroelectronics claims that the attack described
in this paper "affects on
On 05/22/2018 07:58 AM, Konstantin Boyandin via Gnupg-users wrote:
> primary-keyring ~/mounted/gnupg/pubring.gpg
> secret-keyring ~/mounted/gnupg/secring.gpg
> trustdb-name ~/mounted/gnupg/trustdb.gpg
> keyring ~/mounted/gnupg/pubring.gpg
> but I see no obvious directives to relocate pubring.kbx
On 05/21/2018 04:07 AM, Mark Rousell wrote:
> I think you mean that support for 2.0.y has been dropped, surely?
No, I do mean that support for all PGP 2-related stuff has been dropped
from the current stable branch. Modern GnuPG (≥ 2.1) can neither read
nor write anything that has been generated b
On 05/21/2018 06:20 AM, Robert J. Hansen wrote:
> 2. End-of-life 2.0.
That one at least is already done. The 2.0 branch reached EOL with the
2.0.31 release on December 29, 2017. I believe Werner stated clearly
enough that there will be *no* further point release on that branch, not
even for criti
On 05/20/2018 08:45 PM, Mark Rousell wrote:
I presume that one day the 1.x.y code will reach end of life.
There's no plan to terminate the 1.x branch. It will not gain any new
features, but as stated by Werner Koch a few months ago, it "will be
kept alive for use with PGP 2 encrypted and sign
On 05/20/2018 02:51 PM, Dirk Gottschalk via Gnupg-users wrote:
It would be possible to implement something like --legacy to
re-enable the old functionality.
For information, for the problem at hand, two things have been done in
that direction:
In GnuPG itself: GnuPG will now error out when a
Hi,
On 05/10/2018 11:42 PM, Dirk Gottschalk via Gnupg-users wrote:
Where shoult I send this a suggested feature?
Patches should be sent to gnupg-de...@gnupg.org, prefixing the subject
with a "[PATCH scute]" tag. Same for feature requests.
Alternatively, you may also create a Task in the Gnu
On 04/21/2018 05:32 PM, Wink Saville wrote:
Comments on the security of what I'm doing?
Can't really tell anything without knowing your adversary (is it Mossad
or not-Mossad? [1]), but here are a few remarks.
You do not say which version of GnuPG you are using. Assuming you are
using the la
Hi,
On 04/19/2018 03:12 AM, Evan Klitzke wrote:
Later Alice learns about subkeys, so she creates a new signing subkey
for signing her mail/git commits/whatever. How does this work when Bob
sees the new subkey?
For most purposes, the use of subkeys is "transparent" from the user's
point of vi
On 04/02/2018 01:10 AM, NIIBE Yutaka wrote:
Most likely, the length of certificate matters. If you can minimize
your certificate, please try. I don't know the limitation for the card.
I don't know for the v3.3 card, but v2.1 cards allow for a 2048 bytes
certificate (at least mine does, but m
Hi,
On 02/22/2018 02:21 PM, Dmitry Gudkov wrote:
sudo make -f build-aux/speedo.mk INSTALL_PREFIX=/usr/local
[...]
*and all works fine in terminal*
however after installing Enigmail I get this error
You installed GnuPG 2.2.4 in /usr/local, but you still have an older
version in /usr.
Everyt
On 01/10/2018 09:25 AM, Henry wrote:
There are five libraries required to build gnupg2: libgpg-error,
libgcrypt, libassuan, libksba and npth.
Is there a preferred order in which they should be built?
Libgpg-error should be built first as it is required by all other
libraries except npth.
Ap
Hi,
On 01/02/2018 01:43 PM, Maarten Nieber via Gnupg-users wrote:
My hypothesis is that somehow, by creating a few extra keys today, my previous
openpgp key is not visible anymore. Can somebody explain why that might be the
case, and help me to repair this?
My first guess would be that pass
On 10/29/2017 07:18 PM, Shannon C wrote:
Assuming that the secret key was generated outside of an Infineon
chip, but that subsequently subkeys were generated by a chip with the
ROCA vulnerability, does that compromise the main private key, or
only the subkey?
There is no mathematical link betwe
On 10/10/2017 01:38 PM, Matthias Apitz wrote:
it would be nice transfer some small files together with the
USB OpenPGP-card. Is there some memory for read/write on them, maybe
with some commands of the card daemon?
The OpenPGP Card specification defines "Private Use Data Objects" that
you may
Hi,
On 09/18/2017 12:38 PM, Marko Božiković wrote:
Will that change the SSH public key (as it is exported using ssh-add -L for
adding to .ssh/authorized_keys)?
No. The expiration date of the subkey is not part of the key material
itself, it is stored in the subkey binding signature. A modific
On 09/10/2017 11:32 PM, lesto fante wrote:
just to be sure I don't misunderstand, the level 2 key cannot revoke
the level 1 key, right?
No it cannot.
And to be more precise, in the situation where the level-2 key is
compromised, you actually do not revoke the level-2 key itself (using
the co
On 09/10/2017 09:17 PM, lesto fante wrote:
If your level-3 key is compromised, you revoke it, generate a new one and sign
it with the level-2 key. The new level-3 key will be automatically valid for
your correspondents.
what if i lose the level-2 key too? imagine level-2 and level-3 key
are b
On 09/10/2017 08:30 PM, lesto fante wrote:
If your level-1 key is compromised, you revoke it, generate a new one and sign
it with the level-2 key. The new level-1 key will be automatically valid for
your correspondents.
If your level-2 key is compromised, you revoke it, generate a new one, tsi
Hello,
On 09/09/2017 12:50 AM, lesto fante wrote:
Tho achieve that, I think about a multilevel subkey system.
The OpenPGP specification already has some support for a hierarchical
system, in the form of "trust signatures".
(Hereafter, I will use "trust-sign" as a verb to refer to the act of
Hello,
On 09/05/2017 12:58 AM, Mario Castelán Castro wrote:
Are the trust models “classical” and “pgp” as implemented in GNU PG
documented anywhere?
As far as I know, not really. Certainly not in the OpenPGP RFCs. RFC4880
and its predecessors never defined any trust model, they only defined
Hi,
On 08/27/2017 11:40 AM, arznix via Gnupg-users wrote:
Can anyone clarify whether it is possible to create a local Key Server using the
GNUPG tools?
Not with GnuPG itself. The GnuPG project does not provide a keyserver
software.
Most keyservers out there are powered by a software called
On 08/17/2017 03:39 PM, Dirk-Willem van Gulik wrote:
This had me believe that export-secret-subkeys would just export a
subkey.
Instead the output of --list-packets (and the file size) suggests
that both the master and the subkey are exported.
Seemingly, yes. But actually, when using --export-
On 07/31/2017 05:49 PM, Dirk-Willem van Gulik wrote:
For what it is worth - the various best practices at `riseup.net’[1] seem to
strike a good middle ground.
For what it is worth, I disagree.
The main problem I have with that document is that it implies the user
should care about a lot of d
Hi,
The GnuPG Project is pleased to announce the availability of Scute
1.5.0.
Scute is a PKCS#11 module built around the GnuPG Agent and the GnuPG
Smart Card Daemon. It allows you to use your OpenPGP smart card for TLS
client authentication and S/MIME mail and document signing.
Noteworthy chan
Hi,
On 07/02/2017 08:51 PM, Matthias Apitz wrote:
I have a bunch of saved logins in Firefox, protected by some so called
master password. Is there a way for using the GnuPG card as the master
password, maybe some plug-in for FF?
As far as I know, not as the master password protecting Firefox's
Hi,
On 06/16/2017 10:27 AM, Binarus wrote:
Unfortunately, I didn't find any hint on how to extract that key. It is
in the certificate for sure, and I think I will eventually be able to
dump it after playing some time with OpenSSL, but then I eventually
won't know how to integrate it into Enigmai
I forgot an important detail:
On 06/12/2017 01:28 PM, Damien Goutte-Gattat wrote:
First, remove the private key stubs:
$ rm ~/.gnupg/private-keys-v1.d/*.key
This command will delete *all* your private keys. You should use it "as
is" only if *all* your private keys are s
On 06/12/2017 07:31 AM, Matthias Apitz wrote:
Now we are on track with my question. The background is/was: what
exactly I have todo with this backup key, for example in case the GnuPG
card gets lost or stolen?
You would have to import your backup key into your private keyring using
gpg's --imp
lot of cases (including yours).
-- >8 --
Subject: Add safety check against bad card certificate.
* src/agent.c (scute_agent_get_cert): Reject card certificate if
it does not start with an ASN.1 sequence tag.
Signed-off-by: Damien Goutte-Gattat
---
src/agent.c | 2 +-
1 file changed, 1 insertio
On 06/05/2017 07:54 PM, Fabian Peter Hammerle wrote:
Ah, I didn't know I had to write the certificate onto the Yubikey.
You do not *have* to; Scute can fetch the certificate both from the
token itself, or from the gpgsm store. But it will try first to fetch it
from the token.
Storing the ce
On 06/05/2017 07:04 PM, Fabian Peter Hammerle wrote:
scute: scute_agent_get_cert: got certificate from card with length 259
OK, this is weird. 259 bytes seems too short for a X.509 certificate,
especially one based on 4096-bit public key (for comparison, my own
2048-bit certificate is 1587 byte
On 06/05/2017 10:20 AM, Fabian Peter Hammerle wrote:
Does anyone know what might cause the 'sharing violation' error?
I am not sure. Can you check that after starting Firefox, you still have
only one GPG-Agent and one Scdaemon running?
If you run the following command:
$ gpg-connect-agent
Hi,
On 06/03/2017 12:48 AM, Fabian Peter Hammerle wrote:
As far as I understand gpg-agent is running.
Can you please check whether it is really the case? E.g., check that the
socket indicated by "gpgconf --list-dir agent-socket" does exist?
After reading http://scute.org/scute.html/Trouble
Hi,
On 05/30/2017 09:25 PM, Stefan Claas wrote:
The classical procedure would be to sign a key with a sig3 after seeing
the persons id-card in a real meeting. But who guarantees that the
id-card is not fake (if the person is a complete stranger)?
Well, no one. You rely on the ability of the si
On 05/16/2017 07:55 AM, Matthias Apitz wrote:
The question remains: Why I do have to move the files below .gnupg/ to
the other workstation?
The card only contains the private keys. GnuPG also needs some
informations that are only contained in the public parts, such as the
User IDs associated
Hi,
On 02/27/2017 04:07 PM, r...@riseup.net wrote:
I'll use my master key offline. Following this guidelines:
https://incenp.org/notes/2015/using-an-offline-gnupg-master-key.html
I also implemented the Appelbaum's config.(Riseup Best Practices) Will
it work properly if the Master Key isn't on m
On 02/19/2017 03:11 PM, Peter Lebbing wrote:
However, maybe someone has come across a reason to do it where it would
be worth the hassle. There certainly are people using multiple S subkeys.
Some time ago, I did some experiments with a RSA master key with two
sets of subkeys: RSA subkeys and E
On 02/08/2017 06:25 PM, Werner Koch wrote:
The format of the private key files is documented in
gnupg/agent/keyformat.txt
Obviously I had completely overlooked this file, my bad.
Sorry for the disinformation. It's good to know that the documentation
is there.
Damien
signature.asc
Descr
On 02/08/2017 12:13 PM, Marko Bauhardt wrote:
You mean that this “stub” contains no information which can be use to
sign/decrypt/authenticate?
Yes. The stub contains only the serial number of the smartcard on which
the private key is stored.
Or in other words in case someone steal this key,
Hi,
On 02/08/2017 08:23 AM, Marko Bauhardt wrote:
My question is. What is this for a key and for what is that key used
for? The folder name `private-keys-v1.d` sounds like to store keys
from GPG version 1.x. But i’m using 2.0.x. Any comments about his
folder?
This folder holds all the private
On 01/26/2017 12:47 AM, sivmu wrote:
The question I have not yet found any clear answer for, is why is nobody
talking about this and should pgp keys be identified by a stronger hash
alogrithm in the future?
People *do* talk about this. But a change of the hash algorithm used for
fingerprinting
On 01/25/2017 02:41 PM, Robert J. Hansen wrote:
For that matter, I'm still in the dark as to what the big problem with
three-key 3DES is. The best attack against it requires more RAM than
exists in the entire world and only reduces it to 112 bits.
The main problem would be its 64-bit block siz
Hi,
On 01/18/2017 03:51 PM, John Lane wrote:
I think things look ok up to step 9 and point (a) and (b) appear to work
as I expect but (c) doesn't. I'd really appreciate some feedback about
what is happening in:
step 10 (trust level 1 restricted to example.org)
step 14 (trust level 2 restricted t
On 01/18/2017 01:06 PM, Stefan Boehringer wrote:
I don't know why so much is stated as "unbekannt = unknown"...
It looks like you didn't save and restore your trust database when you
deleted your .gnupg folder (it's a file called trustdb.gpg). As a
result, GnuPG does not know what level of ow
On 01/06/2017 10:06 AM, gnupg-users.d...@o.banes.ch wrote:
I was under the impression the OmniKey 3121 is a real reader since it is
on the how to [1].
For what is worth, I have two such readers, which are working flawlessly
with the ccid driver [1] and with 2048-bit keys. I have not tried them
On 12/31/2016 11:22 AM, Guy Wyers wrote:
The command used to build this export was the following (executed with the
-vv option to get all the info):
$ gpg2 -vv -ao secret-key.asc --export-secret-keys
gpg: writing to 'secret-key.asc'
gpg: key 69F91A22: asking agent for the secret parts
gpg: k
On 12/27/2016 11:16 AM, MFPA wrote:
The --export-secret-subkeys command will do what it says on the tin.
That option would still generate a secret key packet for the primary
key, it's just that this packet would not actually contain any key material.
Here, what has been generated is a file c
1 - 100 of 145 matches
Mail list logo