Re: Implications of a common private keys directory in 2.1

I'm going to respond to a few points that I already know my answer to. I might not actually have all that much interesting to say about the more complicated points, though... > But what do you mean by 'deprecated for server use'? I meant that GnuPG 1.4 is not deprecated for server use. By which I

An attempt at backporting 2.1.16 from Debian sid to Debian jessie

Hello dkg and list! Let me start out by thanking Daniel Kahn Gillmor for all his work on GnuPG and its Debian packages. And also thanks to all the other devs! I'd like to use the latest GnuPG 2.1 on my Debian jessie machines. When the Debian package went from version 2.1.11-7 to 2.1.11-7+exp1, it

Re: Hybrid keysigning party, your opinion?

On 08/12/16 14:14, Stephan Beck wrote: > Just some meditations: > > So, the late attendees can see and hear that the ordinary participants > confirm the checksum and that their fingerprints check out? Yes, the late attendees definitely need to be there at the beginning of the party, verifying th

Re: Hybrid keysigning party, your opinion?

Stephan and Lachlan, thank you for thinking about this! I need to make a decision soon, I really need feedback! On 07/12/16 22:44, Stephan Beck wrote: > Doesn't your proposal imply that late attendees could > make their way through all the keysigning without fingerprint > verification? Or do I mis

Recording keysigning attendants on phone (was: Hybrid keysigning party, your opinion?)

On 08/12/16 07:29, Lachlan Gunn wrote: > If I understand correctly, the late attendees still get a copy of the > fingerprints after the fact, they just don't have it on their sheet of > paper. The fingerprint-less piece of paper just lets them keep a record > of who they have verified, and gives t

Re: Implications of a common private keys directory in 2.1

On 06/12/16 15:53, Stephan Beck wrote: > [...], and use it as in > gpg2 --no-default-keyring --secret-keyring file --try-secret-key > [NAME=aspecificlongKeyID | fingerprint] --decrypt > any_signedANDencrypted_message.txt.gpg ? > Would that work? From the GnuPG 2.1 man page: --secret-keyrin

Re: Implications of a common private keys directory in 2.1

On 04/12/16 21:59, Carola Grunwald wrote: > Three months ago I thought it was time to adapt it to GnuPG 2.1, and > the problems began. I would seriously consider the option of just sticking to 1.4. It's not deprecated for server use. It should still have a lot of life left in it. > Just at the mo

Re: Toggle the authenticate capability

On 05/12/16 00:09, Andrew Gallagher wrote: > Mathematically, authentication is just a special case of > signing, so having both S and A on a subkey does not introduce extra > vulnerabilities (that we know of). Mathematically, I think you're wrong, it's very vulnerable :-). Authentication is signin

Hybrid keysigning party, your opinion?

K pub rsa1024/503560C4 2014-08-14 [SC] [expired: 2014-08-21] Key fingerprint = C956 4F26 D57B 160F 7258 7865 6CBD 1E35 5035 60C4 uidDaisy Duck ___ 004 [ ] Fingerprint OK [ ] ID OK

Re: Implications of a common private keys directory in 2.1

On 03/12/16 18:21, MFPA wrote: > If the recipients are hidden, doesn't GnuPG first try the key set > with --default-key, followed by any keys set with --try-secret-key? Hey, I didn't know that! Thanks! > That is sufficient for your smartcard and known-hidden-key examples, > but not for Caro's sit

Re: Implications of a common private keys directory in 2.1

On 25/11/16 00:03, Carola Grunwald wrote: > Let's just say I hold two nym accounts at different nym servers > > https://en.wikipedia.org/wiki/Pseudononymous_remailer#Contemporary_nym_servers Right, you're also hiding the proxy server. So if the proxy used the same public key for multiple nym acco

Re: Is --export-ssh-key functionality possible with GnuPG 2.0?

On 25/11/16 14:36, Stephan Beck wrote: > Would you please describe more in detail where (or in which way, in > which use case) the window is left open? Let me reuse a bit of quote from an earlier mail: >>> A2) Export the secret subkey you'd like to use for ssh authentication >>> purposes and pipe

Re: Is --export-ssh-key functionality possible with GnuPG 2.0?

On 24/11/16 20:56, Peter Lebbing wrote: > This is not true if you are on an NFS share, though! I mean: if you're on an NFS share, or an a disk partition from which things are shared over NFS. So if you're sharing /srv/export and you're on /srv/somewhere/else, it's still

Re: Is --export-ssh-key functionality possible with GnuPG 2.0?

Stephan, thanks for helping out! I think I can improve a bit on one part of it, though. On 24/11/16 17:51, Stephan Beck wrote: > A2) Export the secret subkey you'd like to use for ssh authentication > purposes and pipe it through openpgp2ssh > gpg2 --export-secret-subkeys \ > --export-options ex

Re: Is --export-ssh-key functionality possible with GnuPG 2.0?

On 2016-11-24 18:36, Peter Lebbing wrote: keyinfo --list No, that's wrong, scratch that. That will not work for OpenPGP keys because those aren't handled by the agent in 2.0. Silly me. I'm not sure you can add an OpenPGP auth subkey to the agent's SSH support without r

Re: Is --export-ssh-key functionality possible with GnuPG 2.0?

On 2016-11-24 16:59, Teemu Likonen wrote: I believe that file ~/.gnupg/sshcontrol should contain key's keygrip but how do I get the keygrip when there's no --with-keygrip option in 2.0? I think the following: $ gpg-connect-agent help keyinfo # KEYINFO [--[ssh-]list] [--data] [--ssh-fpr] [--w

Re: Is --export-ssh-key functionality possible with GnuPG 2.0?

On 24/11/16 15:27, Teemu Likonen wrote: > Unfortunately I have GnuPG 2.0.26 (as packaged in Debian 8). Can it be > told to export ssh public keys? I think 2.0 also supported: $ ssh-add -L to list all SSH keys known to the agent. ssh-add is part of the openssh-client package. HTH, Peter. -- I

Re: Implications of a common private keys directory in 2.1

On 24/11/16 14:16, Carola Grunwald wrote: > WME combined with nym server usage for example requires an individual > WME key for each account, as otherwise at least the recipient, who may > communicate with different aliases is able to link them based on their > common signature key-ID. I don't und

Re: Implications of a common private keys directory in 2.1

ly to a bit from another mail: On 24/11/16 00:25, Carola Grunwald wrote: > Peter Lebbing wrote: >> If you sign the data just before the interaction, the signature >> time and the time noted in the Received:-header are virtually >> identical, so the signature time doesn't leak

Re: Implications of a common private keys directory in 2.1

On 23/11/16 18:54, Carola Grunwald wrote: > Which relevant information does the single Received: header, describing > the recipient MTA's interaction with the exit remailer, leak? If you sign the data just before the interaction, the signature time and the time noted in the Received:-header are vi

Re: Primary and Signing Key on Different Smart Cards

On 21/11/16 12:04, Peter Lebbing wrote: > Ah! I don't have time right now, but once I do, I'll try to see to write > up some instructions... Here are instructions for doing this on 2.1. First let me point out: On 20/11/16 22:50, Anton Marchukov wrote: > I think you will have t

Re: configure warnings and errors upon ./configure for Pinentry v0.9.7

On 23/11/16 07:44, David Adamson wrote: > Werner was GTK+-2.0 a potential option for an appropriate development > package for the GUI platform? (I'm not Werner :) Yes, GTK+-2 is one of the pinentries. It's the one I use, on my XFCE Debian jessie. > gpg: lookup_hashtable failed: Unknown system err

Re: configure warnings and errors upon ./configure for Pinentry v0.9.7

On 23/11/16 11:14, Stephan Beck wrote: > [...] and properly symlink > /usr/bin/pinentry to the pinentry-curses you actually would like to use > if you are using text-mode only, I don't know why it should not work. Good one, the symlink. It makes me wonder: is the agent looking in the right place f

Re: Implications of a common private keys directory in 2.1

On 23/11/16 10:53, Andrew Gallagher wrote: > If the message is being automatically decrypted at the MTA then it > provides no more security than TLS. I could concur with this statement if we amend it a little: when two MTA's are explicitly configured as TLS peers. They have to abort the mail excha

Re: How to prevent passphrase caching in 2.1

On 22/11/16 17:20, Carola Grunwald wrote: > They don't have any system account at all. These are users of a > messaging system, only allowed to access its POP3, SMTP and NNTP > service. Perhaps 1.4 is the best release for you... you'll miss out on Elliptic Curve, but other than that, it's still a

Re: Implications of a common private keys directory in 2.1

On 22/11/16 02:54, Carola Grunwald wrote: > - In a multi-user environment the key owning recipient has to be granted > access to the private key with some sender being restricted to only use > the public key no matter whether there's any chance s/he guesses the > correct passphrase. That's what fi

Re: How to prevent passphrase caching in 2.1

On 21/11/16 15:20, Carola Grunwald wrote: > As for each single decryption task only a defined passphrase is > allowed to be used it's essential to have caching, which implicates > the risk of unauthorized passphrase usage, strictly deactivated. Why do you lump these users together? At a first glan

Re: Primary and Signing Key on Different Smart Cards

On 20/11/16 22:50, Anton Marchukov wrote: > I think you will have to keep it as backup too in case you will want > to add another smartcard with a new subkey to an existing key or not? Oh, good point! Maybe it's possible without on-disk keys, I'll try it out later. Otherwise: yes, it would be impo

Re: Primary and Signing Key on Different Smart Cards

On 20/11/16 22:48, Anton Marchukov wrote: >> Which version, GnuPG 2.0 or 2.1? I think you can use 2.1 to reach the desired >> outcome without difficulty, even if it might be a bit non-standard. > > I have 2.1.11 Ah! I don't have time right now, but once I do, I'll try to see to write up some inst

Re: gpg2 --version gpg: Fatal: libgcrypt is too old (need 1.7.0, have 1.6.3)

On 19/11/16 15:13, David Adamson wrote: > Are you proposing I do this every time I wish to use gpg2? > Is this behavior expected in a successful installation or what did I > do wrong and can I fix it? Did you issue a # ldconfig as root after you installed the libraries? Because you say you run D

Re: gpg-agent crashes on Windows 10

On 18/11/16 09:45, Matthias Wachs wrote: > 2.1.12 may be outdated but is the latest version for Windows (available on > Heise): That's not the official place to get your GnuPG downloads. 2.1.15 for Windows is available from . > The version included in gpg4win is e

Re: Primary and Signing Key on Different Smart Cards

On 17/11/16 17:13, Peter Lebbing wrote: > You will need to have the private key on-disk for both versions, I'm > afraid. You will need the private key on-disk *temporarily* while setting up the smartcards. But with Knoppix, that "disk" can be a RAM disk in the main me

Re: Primary and Signing Key on Different Smart Cards

On 17/11/16 15:02, Anton Marchukov wrote: > Now based on my review I have found the situation in gpg2 to be the following: Which version, GnuPG 2.0 or 2.1? I think you can use 2.1 to reach the desired outcome without difficulty, even if it might be a bit non-standard. > 1. Using multiple smartcar

Re: PCI DSS compliance

On 10/11/16 16:24, helices wrote: > Our company must decrypt ~100 files 7x24 in near real time. Upon reflection, isn't this complaince issue for key management, like subkey creation, setting of expiry, stuff like that, rather than decryption? It seems like stuff you need the primary key for, wher

Re: PCI DSS compliance

Disclaimer: I know nothing about these compliance issues. > Our company must decrypt ~100 files 7x24 in near real time. How can > work - or any reasonable alternative - in such a production environment? Couldn't you simply password protect the key and unlock it when the server boots, with se

Re: Specifying different pinentry based on caller?

On 08/11/16 20:24, Tim Chase wrote: > When using a GUI program like Claws Mail, I'd > like to use the graphical pinentry, but I'd prefer to default to the > terminal pinentry for everything else. One step in the right direction is unsetting the DISPLAY environment variable when gpg is invoked. Ens

Re: GNU Privacy Assistance Signing help

The key manager at the bottom says "The key has only a public part" so you can't sign or decrypt with it, as that needs the secret part. If you exported and then imported this key, you should export the secret part as well. Usually, you only export public keys, so it's a different procedure for se

Re: pinentry dialog

On 26/10/16 19:57, Amitesh Mishra wrote: > If i remove the pinentry parameter, the same password works fine. Any > suggestions on that ? I just used $ echo test | gpg2 --no-tty --batch --pinentry-mode loopback --passphrase-fd 0 -o test.out --yes -d test.gpg as a variation on the precise invocati

Re: pinentry dialog

On 25/10/16 05:06, Amitesh Mishra wrote: > 1. Added the passphrase to the perl script in the following manner > > system ("type $PASSFILE | gpg --no-tty --batch --passphrase-fd 0 --output > $CONTACTDECRYPT --yes --decrypt $CONTACTTARGET"); You need to add "--pinentry-mode loopback" to the argume

Re: list revoked UIDs

On 18/10/16 12:42, Martin T wrote: > Is there a > way to list that revoked UID? I think it's: gpg --list-options show-unusable-uids --list-keys <...> I grepped the man page for "revoked" until I hit upon this. > Or wasn't that imported in the first > place? That is a possibility, depending on

Re: reviewing wiki / shortlist PIN-pad readers

On 18/10/16 10:58, NIIBE Yutaka wrote: > I don't think the attack to USB communication could be mitigated by > pinpad card reader. If such an attack is possible, a user already > would be defeated. It would IMO not prevent key usage, so in that sense the user is defeated. It would still limit the

Re: Private key export for SSH

On 11/10/16 13:46, John Lane wrote: > I have Monkeysphere on my radar but I haven't got around to trying > it out. I had hoped for a gpg solution without resorting to third > party... I think I vaguely remember Monkeysphere supporting it. > Yes sure I could do that (and do) but I hoped for way to

Re: Private key export for SSH

On 10/10/16 22:56, John Lane wrote: > The reason why I would like the private key is so that I can use it on > another host where I don't have the benefit of gpg 2.1 (or any gpg, for > that matter). I don't know if you can do private key export; perhaps with monkeysphere? Here's a different idea.

Re: Linux GPG2 Encryption Getting Intermittent gpg: signing failed: Inappropriate ioctl for device When Run From Oracle Apps

On 07/10/16 22:59, Jim Ernst wrote: > I am using the following code with gpg (GnuPG) 2.1.15, and when run on > Linux submitted from an Oracle EBS Apps request it errors with “gpg: > signing failed: Inappropriate ioctl for device”: This sounds like the bug .

Re: Listing signatures in edit mode?

key: -8<--->8- pub rsa2048/DE500B3E 2009-11-12 [C] [expires: 2017-10-19] uid [ultimate] Peter Lebbing sub rsa2048/DE6CDCA1 2009-11-12 [S] [expires: 2017-10-19] sub rsa2048/73A33BEE 2009-11-12 [E] [expires: 2017-10-19] sub rsa2048/B65D

Re: Terminology - certificate or key ?

On 29/09/16 17:17, Robert J. Hansen wrote: > I have to admit to being extremely annoyed with the state of the language we > use. IMO, TOFU has just made it even worse. I tried to be really strict, talk about ownertrust and validity. Always trying to keep them separate. Personally avoiding the wo

Re: :-(( smart card no longer works

c key is 73A33BEE > gpg: using subkey 73A33BEE instead of primary key DE500B3E > gpg: using subkey 73A33BEE instead of primary key DE500B3E > gpg: encrypted with 2048-bit RSA key, ID 73A33BEE, created 2009-11-12 > "Peter Lebbing " It first notices the key it is encrypted to

Re: I think that's a false dichotomy

On 04/09/16 16:35, Robert J. Hansen wrote: > Yes, it would be a mistake for policy to be determined by those who've been > down in the mud with this crap. It would be deeply antidemocratic, in fact. > This decision belongs to the people, not to an extremely small subset of the > people with a (per

Re: I think that's a false dichotomy

On 04/09/16 03:05, Robert J. Hansen wrote: > I'm transitioning out of my job, where for the last eight years I've > been doing research and development into digital forensics, mostly for > government customers. After eight years I reached the point where I > began to think that every adult male sh

Re: Key Discovery Made Simple

On 31/08/16 01:47, gn...@raf.org wrote: > In the cronjob, "*/4" is invalid on > systemd systems (or at least Debian8) In Debian 8, the default cron daemon seems to come from the package 'cron'. I don't think you get the 'systemd-cron' package by default: you need to explicitly install it, and unin

Re: Key Discovery Made Simple

Well, as long as we are submitting minor corrections to the blog post, I wondered about the directory name in this command: > $ make -f ~/b-w32/speedo/gnupg-2.1.15/build-aux/speedo.mk\ > > INSTALL_PREFIX=. speedo_pkg_gnupg_configure='--enable-gpg2-is-gpg \ > > --disable-g13 --ena

Re: Unsubscribe me please

On 24/08/16 18:44, lynda.har...@sympatico.ca wrote: > I have contacted you several times to unsubscribe me please. Yet, the "you" you are contacting are not in the power to help you. It would be strange if the subscribers of a public mailing list could unsubscribe other subscribers. Please foll

Security through obscurity (was: OpenPGP Smartcard recommendations)

On 23/08/16 12:51, Karol Babioch wrote: > However for me this mostly applies to the cryptographic concepts itself > and maybe software implementing them, not necessarily to physical > devices that have to withstand various forms of physical attacks. When > it comes to the real world, I'm not sure i

SSH agent prompts for all passphrases (was: Deleting SSH key(s) from agent)

On 23/08/16 10:46, Karol Babioch wrote: > However, it is annoying to be prompted for passphrases for each key in > the keyring. This is even true for cases in which the public key of my > smartcard is the first and only entry in authorized_keys on a SSH server. Hm. I use both a smartcard and a

Re: SSH agent prompts for all passphrases

On 23/08/16 11:51, Karol Babioch wrote: > Can I somehow control the order in which the client presents its keys to > the server? Is this something the agent controls, or the SSH client itself? I don't know, but perhaps that's best asked on an SSH mailing list? If it turns out that the agent has in

Re: OpenPGP Smartcard recommendations

On 23/08/16 02:54, Karol Babioch wrote: > P.S.: I should also mention that there is some debate about the open > source nature of the YubiKey 4, since its firmware is not open to > review any longer. Should this be a criterion for you, you have to > go with another solution. You'll find details o

Re: Deleting SSH key(s) from agent

On 23/08/16 10:20, Karol Babioch wrote: > How are you guys dealing with multiple SSH keys while making sure the > correct one is being used? I don't make sure the correct one is used. The challenge that is signed with your private key is based on data provided by both the server and the client. I

Re: File Encrypted with Primary key

On 22/08/16 16:45, Scott Linnebur wrote: > Any idea why MoveIt would be encrypting this way? I thought OpenPGP-compliant implementations were required to respect the key flags, but on scanning the OpenPGP RFC (I took RFC 4880), it does not seem to be the case. That is, it is not required that comp

Re: File Encrypted with Primary key

017-10-19] uid [ultimate] Peter Lebbing sub rsa2048/DE6CDCA1 2009-11-12 [S] [expires: 2017-10-19] sub rsa2048/73A33BEE 2009-11-12 [E] [expires: 2017-10-19] sub rsa2048/B65D8246 2009-12-05 [A] [expires: 2017-10-19] If something is encrypted to this key, gpg2 will mention the follow

Re: Deleting SSH key(s) from agent

On 21/08/16 00:11, Karol Babioch wrote: > More specifically it seems to be impossible to delete identities from > the agent once they are added. Let me answer by example: -8<--->8- $ ssh-add -l 2048 27:f1:31:87:c8:05:5e:30:32:04:61:83:af:f5

Re: Standard gnupg folder created despite --homedir parameter

On 11/08/16 00:22, Carola Grunwald wrote: > You made my day! Great! > Please excuse my slow-wittedness > concerning the unixoid folder names. No need to apologise, I wouldn't be able to count the number of times I misread something and later wondered how I could have missed it. And in this case,

Re: Which GPG version?

On 01/08/16 21:48, Patrick Brunschwig wrote: > I see the world a little different :-) The world even! :-) > If you want to try new features like curve-based encryption, or if you > are a developer, then go for 2.1. Otherwise, if you are a regular > end-user, then go for 2.0 and wait with upgradin

Re: Standard gnupg folder created despite --homedir parameter

On 10/08/16 01:23, Carola Grunwald wrote: > May I ask how that translates into the Windows world? Is it a way to > get rid of the ...\AppData\Roaming\gnupg folder? While the directory names give off a strong Unixy vibe[1], the text says "On Windows systems" and "under Windows". Have you tried to

Re: Which GPG version?

On 01/08/16 19:53, Johan Wevers wrote: > It does not. If you want to be able to read pgp 2.x encoded archives you'd > better go for 1.4. Incidentally, for this use case I'd personally recommend to use 2.1 for everything except accessing those ancient archives, and just use 1.4 for that, if that is

Re: Which GPG version?

On 01/08/16 17:54, whi...@mixnym.net wrote: > I see that there are three versions of GnuPG available. Assuming no hardware > constraints, is there any reason to choose Classic 1.4 or Stable 2.0 instead > of Modern 2.1? It appears to do everything the others can and more. I think usually the const

Re: Disambiguating GnuPG Modern, Stable, and Classic

Disclaimer: this is how I understand it. I'm just a bystander looking on, I might have misunderstood. On 27/07/16 14:39, Dashamir Hoxha wrote: > IMHO, a branch that gets new features is not stable. Stable is a branch > that gets only bug fixes. Precisely, I think this is where the questions arise

Re: Yubikey + GNUPG 2.1.14 + GPG Agent Forwarding + Mutt 1.6.0 (gpgme 1.6.0): Not asking for PIN for smartcard on first use of an encryption key

On 21/07/16 08:00, Thomas Glanzmann wrote: > From my point of view gpg-agent should ignore any DISPLAY > settings coming over the unix socket, because it already knows the > DISPLAY location. GnuPG doesn't expect that you forward the normal gpg-agent socket. For forwarding to a remote machine, the

Re: Yubikey 4 gpg 2.1.14 forget passphrase for RSA key

On 19/07/16 12:26, Thomas Glanzmann wrote: > So far I'm unable to tell gpg-agent to forget the > passphrase. I think you're looking for this command: gpg-connect-agent 'SCD RESET' /bye HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted m

Re: That blog post, factual error or not?

On 06/07/16 21:03, Damien Goutte-Gattat wrote: > Yes I did. That's how I found out this behavior actually. Ah, okay, thanks for the extensive info! I wouldn't have expected that. There's probably a good reason :-). Cheers, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigm

Re: That blog post, factual error or not?

Hi Damien, I scanned through your blog post[1] before I wrote my reply. Now as I was about to close the webpage, my eye caught this remark in a smaller font at the bottom: > GnuPG Agent only caches the passphrase protecting the key, never the > key itself—it reads the key from file everytime the

Re: Migrating key to smartcard

On 06/07/16 10:25, Damien Goutte-Gattat wrote: > True enough. In my case, I try to minimize the risk of human error by > using a script which automatically brings the key online (from its > offline USB storage), executes a single GnuPG command, then remove the > key again. What is the threat model

Re: gpg-agent and ~/.ssh/config IdentityFile

On 05/07/16 23:23, Daniel Kahn Gillmor wrote: > You're right, this really is a better question for OpenSSH users. Well, I'm stubborn, and I'm still going to answer here :-). > Do you have a .pub file of the public part of your identity? try > pointing Identities to that file. Yes, that occured

Re: gpg-agent and ~/.ssh/config IdentityFile

On 04/07/16 10:10, Muri Nicanor wrote: > if i use gpg-agent with ssh-support, is there a way to use the > IdentityFile option in ~/.ssh/config? When using ssh-agent i can point > IdentityFile to the corresponding private key, but i don't know how i > could do that using gpg-agent (esp. if the key i

(OT) Tamper Resistance of SmartCards -- NitroKey Pro/ KernelConcepts

On 27/06/16 10:47, NIIBE Yutaka wrote: > Already, I know that an effective counter measure is never sleeping. > Please don't suggest this method. :-) You should integrate the crypto token and PIN pad under your skin. Subdermal keypad on the back of the hand, or one sensor per finger [1]. Nobody ca

Re: AW: WINDOWS - Adding passphrase to gpg via command line

Hi, On 17/06/16 11:25, Mike Kaufmann wrote: > The hint with the homedir did the trick - you are my hero! Ah that's really great! > gpgconf --kill gpg-agent I read that in v2.1.13, gpgconf gains an option "--homedir" as well. So starting with that release, I'd advise to include the --homedir for

Re: WINDOWS - Adding passphrase to gpg via command line

On 17/06/16 10:19, Peter Lebbing wrote: >> I use the following command to sign a file: >> gpg --homedir c:\ESA\EIOPA\PreProd\DCCR --output >> C:\ESA\EIOPA\Export\LI001_DATPPP_EIOPA_01_16.asc --armor -u >> sen...@sendercompany.com --digest-algo SHA512

Re: WINDOWS - Adding passphrase to gpg via command line

On 17/06/16 03:25, Marcos Aurelio Lenharo wrote: > I think this is related to the following issue I opened last year: > > https://bugs.gnupg.org/gnupg/issue2015 Thanks for the pointer! While I'm not sure, I think this isn't the problem in this specific case. I think that bug affects stuff that u

Re: WINDOWS - Adding passphrase to gpg via command line

Well, at least it seems to make more sense now. On 17/06/16 07:24, Mike Kaufmann wrote: > gpg --homedir C:\ESA\EIOPA\PreProd\DCCR -k > [...] > > gpg --homedir C:\ESA\EIOPA\PreProd\DCCR -K > [...] > > gpg --homedir c:\ESA\EIOPA\PreProd\DCCR --with-keygrip -K 29FDE3FE sec > rsa2048/29FDE3FE 2016-0

Re: WINDOWS - Adding passphrase to gpg via command line

On 16/06/16 16:13, Mike Kaufmann wrote: > I've tried this commands with all the KeyGrips that are listed with a command > similar to > gpg2 --with-keygrip -K DCDFDFA4 sec rsa1024/DCDFDFA4 2012-03-17. That part got accidentally mangled when I asked my mailer to reflow the message. It was suppos

Re: WINDOWS - Adding passphrase to gpg via command line

Hello, On 16/06/16 08:46, Mike Kaufmann wrote: > I've used http://www.asciitohex.com/ to convert my passphrase in > hexstring. Therefore I think, that's not the reason. Does it end in bytes 0D or 0A? Those are CR/LF ASCII bytes, and should not be included. > What I'm not sure: Is the value I use

Re: AW: WINDOWS - Adding passphrase to gpg via command line

Hi, > Any further ideas? I am despairing slowly but surely... When I purposely enter the wrong passphrase, the PRESET_PASSPHRASE command succeeds, but subsequently the pinentry will pop up to prompt for the correct passphrase when I try to do anything with the key. So you might have a mistake in

Re: WINDOWS - Adding passphrase to gpg via command line

On 15/06/16 08:33, Mike Kaufmann wrote: > See also the attached screenshot. Do you habe any other ideas? You're missing some necessary quoting. Right now, you're sending four separate commands instead of a single command with three options! gpg-connect-agent 'preset_passphrase 74EC3FAA93CD49446E

Re: WINDOWS - Adding passphrase to gpg via command line

On 13/06/16 08:12, Mike Kaufmann wrote: > Unfortunately when I start gpg-agent with the following command on Windows > Command Line > gpg-connect-agent PRESET_PASSPHRASE > "74EC3FAA93CD49446EC6825C3EBEB2C336CCBE2A" -1 "MyPassphrase" > > I receive the following errors: > ERR 67108992 Missing valu

Re: Configuration hints for using gnupg (2.0.x) interchangeably with graphical frontend and in the terminal

On 09/06/16 19:50, Peter Lebbing wrote: > Of course, if you > multi-display a single "screen" terminal session, it might go haywire as > any X application would, since it would pick the DISPLAY from the > "screen" session that started it. I just realised this ev

Re: Fw: GnuPG - Encryption process issues.

Hello all, Since I'm afraid that the message written by Jonas might not be read, as it is posted solely on the mailing list, let me quote him here and expand on it: On 09/06/16 13:47, Jonas Hedman wrote: > On 16-06-08 22:11:27, Ankit Bhardwaj5 wrote: >> Hello Carlos >> >> As i m busy in completin

Re: Fw: GnuPG - Encryption process issues.

> -> Files Under /home/ehpadm/.gnupg > > -rw--- 1 ehpadm sapsys 1200 May 3 21:54 trustdb.gpg > -rw--- 1 ehpadm sapsys 7438 May 3 21:54 pubring.gpg~ > -rw--- 1 ehpadm sapsys 8557 May 3 21:54 pubring.gpg > -rw--- 1 ehpadm sapsys 4805 May 3 21:54 secring.gpg > -rw--- 1 ehpadm saps

Re: Configuration hints for using gnupg (2.0.x) interchangeably with graphical frontend and in the terminal

On 01/06/16 21:36, Bjoern Kahl wrote: > Currently, whenever Enigmail needs a passphrase, it throws up a popup > window (actually, it runs gpg, which runs the agent, which runs > pinentry-mac, which throws up the window) _somewhere_: sometimes on > the screen I am looking at, sometimes on anothe

Re: Forwarding scdaemon over SSH - is it possible?

On 09/06/16 13:09, Michael Fladischer wrote: > Does anyone have an idea how i could trick gpg2 into using my socket to > talk to my local scdaemon? This sounds like a job for our new superhero the --extra-socket option that gpg-agent gained recently. It is meant for forwarding agent connections to

Re: Fw: GnuPG - Encryption process issues.

On 06/06/16 19:34, Carlos Alberto Moreno Torres wrote: > Please reply to all and direct email > to GnuPG Team if you have any questions for them. Thanks in advance. > > Also, do not remove any of the participants of this email. This turns out to be a problem. When including all recipients, the me

Re: Older gpg version does not ask for passphrase

Hello, On 06/06/16 20:09, Matthias Nick wrote: > On my laptop, running Arch Linux with gpg (GnuPG) 2.1.12 and libgcrypt > 1.7.0, I am always asked for the passphrase. > > Same thing happens on a Debian testing machine running gpg (GnuPG) > 2.1.11 and libgcrypt 1.7.0-beta. > > On that same machin

Re: Curve 25519 encryption subkey - problem encrypting

On 05/06/16 18:47, Brian Minton wrote: > Debian has gnupg 2.1 in experimental. 2.1 has already passed into unstable as well as stretch/testing. The version currently in experimental renames the binary from gpg2 to gpg, which is, I think, truly experimental for now. My gut feeling says that for now

Re: Automating the generation of master keys

On 01/06/16 21:20, Aurélien Vallée wrote: > Okay, so I did try to add the sign usage to the master-key. That works > well and avoids the use of expect for generating the keys. I think it's still an odd limitation of the Key-Usage: option that you cannot generate a master key without optional usage

Re: Automating the generation of master keys

On 01/06/16 19:46, Werner Koch wrote: > ps ax | grep -e '--edit-key' | grep -v grep > > does not work either because you assume that there is only one gpg > command running (actually any process with a string '--edit-key'). ... from any user. That seems odd? Why's the 'a' part of the ps invocat

Re: Problems with USB access to Omnikey 4321

On 15/05/16 18:36, Peter Lebbing wrote: > At this point, I'd really like to know which version of GnuPG you're using. > And > if you're using GnuPG 1.4, do you have 2.x installed? Could you easily install > 2.1 if you don't have a 2.x installed already? On reflect

Re: Problems with USB access to Omnikey 4321

On 15/05/16 13:28, Stefan Midjich wrote: > Thanks for showing me, I tried gpgconf --kill scdaemon, then did your > trick but the scdaemon.log after that was still giving the occasional > swedish error just like the one I pasted. Oh, then what I showed is not sufficient to get the agent and scdaemo

Re: Problems with USB access to Omnikey 4321

On 14/05/16 19:25, Stefan Midjich wrote: > On the console it replies ERR 100696113 In/ut-fel which means > I/O error, gpg-connect-agent does not listen when I set LANGUAGE=C in > the environment so I can't force english errors. I haven't looked into your problem, but let me give this quick hint:

Re: how to configure default sign key for particular user?

On 09/05/16 22:12, Peter Lebbing wrote: > group peter=de500b3e > group test=DCDFDFA4 Crap. I did it wrong. It was a bit silly of me to choose group names that overlapped with the uid's! It doesn't work, I'm sorry. Okay, then maybe group could be accepted for -u (since mu

Re: how to configure default sign key for particular user?

On 09/05/16 21:28, Scott Mcdermott wrote: > Possibly, gpg could overload default-key based on how many args: > > default-key uid1 keyid1 > default-key uid2 keyid2 > default-key keyid3 I think the configuration option "group" already covers your use case. In my gpg.conf: group peter=

Re: OT egpg evaluation

On 08/05/16 14:09, flapflap wrote: > (for that reason, most unix tools > accept a "--" argument to interpret all following args as input/file > names, not as commands) This includes gpg2. The complexity of the gpg2 command line means some things require a good ordering of options and commands, whi

Re: (OT) FSF involvement

On 06/05/16 15:22, flapflap wrote: > Previously, I believed to have read these rules in the "Information for > Maintainers of GNU Software" [0] but could not find it any more. Perhaps chapter 13: [1] > A GNU package should not recommend use of any non-free program, nor should > it require a non-

<    1   2   3   4   5   6   7   8   9   10   >