Re: WKD: conveying intent of encrypt-by-default?

2022-10-13 Thread Phil Pennock via Gnupg-users
On 2022-10-04 at 20:00 -0400, Daniel Kahn Gillmor wrote: > Autocrypt's focus is ubiquitous deployment of keying material (in the > form of OpenPGP certificates) so that people *can* encrypt when sending > mail. We found that one of the big risks is that a peer might > *automatically* encrypt when

WKD: conveying intent of encrypt-by-default?

2022-10-03 Thread Phil Pennock via Gnupg-users
Folks, I setup WKD for work a while back, to publish the PGP keys for those who had them. Then in November I removed the first key because it was causing Protonmail users to keep sending encrypted to the recipient and a lot of his communications turned out to be with Protonmail users. Now we've

Re: --auto-key-retrieve fails for some keys

2021-11-02 Thread Phil Pennock via Gnupg-users
On 2021-11-02 at 16:05 +0100, Tadeus Prastowo via Gnupg-users wrote: > The signature on a Linux kernel can be verified successfully using > `--auto-key-retrieve', but the signature on an Emacs cannot be > verified in the same manner because gpg is unable to retrieve the > needed public key automati

Re: trust-model and federated lookups

2021-10-25 Thread Phil Pennock via Gnupg-users
On 2021-10-25 at 15:12 +0200, Neal H. Walfield wrote: > This absolutely makes sense. One way to model this in the web of > trust is to imagine that you have a "WKD key," which you consider a > partially trusted introducer, and which certifies keys that you > retrieve via WKD. Practically, it's a

trust-model and federated lookups

2021-10-22 Thread Phil Pennock via Gnupg-users
Folks, When evaluating the trust we have in the identity attached to a key, I often see "WARNING: We have NO indication whether the key belongs to the person named as shown above"; at the same time, `--with-key-origin` for the very same key will show "origin=wkd". GnuPG uses the trust-model optio

Re: WKD docs on the wiki, restructuring. Feedback on forUsers page

2021-09-30 Thread Phil Pennock via Gnupg-users
On 2021-09-30 at 12:17 +, ಚಿರಾಗ್ ನಟರಾಜ್ via Gnupg-users wrote: > Hmm, this is odd. I setup WKD as detailed on the > https://wiki.gnupg.org/WKDHosting (using the openpgpkey subdomain), currently > only for one address on my domain (s...@chiraag.me). Opening the file > directly in a web browse

Re: Why is --auto-key-locate only for encrypting?

2021-09-01 Thread Phil Pennock via Gnupg-users
On 2021-09-01 at 13:50 +0200, Ingo Klöcker wrote: > On Mittwoch, 1. September 2021 07:55:21 CEST raf via Gnupg-users wrote: > > Why is the --auto-key-locate only for encrypting (says > > the gpg(1) manpage)? Wouldn't it also be useful when > > receiving emails and verifying signatures? > > --auto-

Re: RSS/Atom for the GnuPG blog?

2021-01-22 Thread Phil Pennock via Gnupg-users
On 2021-01-22 at 18:10 +0100, Werner Koch via Gnupg-users wrote: > BTW, if you are just interested in updates to our software you can check > also https://versions.gnupg.org/swdb.lst for updates. Or watch the > source of this list, which is is in the gnupg-doc repo as swdb.mac. > > The tool gnupg

Re: RSS/Atom for the GnuPG blog?

2021-01-22 Thread Phil Pennock via Gnupg-users
On 2021-01-21 at 11:46 +0100, jman wrote: > There's no direct RSS/Atom feed (afaics). However the blog is a git > repository [0] with a RSS/Atom feed (there's a link at the bottom of the > page). As a workaround you subscribe to that feed (I didn't test it). I have tested it: I use Slack with the

Re: Avoid recipient-compatibility SHA1

2020-11-18 Thread Phil Pennock via Gnupg-users
On 2020-11-17 at 22:18 -0700, Mark wrote: > Not to ask a stupid question but how can you tell which algorithm your > keys are using and if using SHA1 update them to a more secure one? I have a better answer than my previous one, because the very next mailing-list I read has a post today from the S

Re: Avoid recipient-compatibility SHA1

2020-11-18 Thread Phil Pennock via Gnupg-users
gital Signature Algorithm) Public-key size: 1024 bits Creation time: 2001-08-03 17:34:53 UTC UserID: Phil Pennock [censored email address in this list post] Invalid: Policy rejected non-revocation signature (PositiveCertification) because: SHA1 is not cons

Re: Avoid recipient-compatibility SHA1

2020-11-17 Thread Phil Pennock via Gnupg-users
On 2020-11-17 at 15:47 +, Stefan Claas wrote: >} Since 2005, SHA-1 has not been considered secure against well-funded >} opponents;[4] as of 2010 many organizations have recommended its >} replacement.[5][6][7] NIST formally deprecated use of SHA-1 in 2011 >} and disallowed its use for digital

Re: Avoid recipient-compatibility SHA1

2020-11-02 Thread Phil Pennock via Gnupg-users
On 2020-11-02 at 13:49 +0100, Werner Koch via Gnupg-users wrote: > On Fri, 30 Oct 2020 00:10, Phil Pennock said: > > recipient. That's fine. I'd rather create pressure for people to fix > > their systems to use modern cryptography than cater to their brokenness &g

Avoid recipient-compatibility SHA1

2020-10-29 Thread Phil Pennock via Gnupg-users
Folks, Normally everything I do with GnuPG is using SHA256 digests, and I normally keep "weak-digest SHA1" in my gpg.conf file. I just sent a message to N recipients, and I think one of them probably has some preference algorithm in their key details, because this one mail was signed using SHA1,

Re: Which keyserver

2020-09-19 Thread Phil Pennock via Gnupg-users
On 2020-09-19 at 11:44 +0100, MFPA via Gnupg-users wrote: > On Friday 18 September 2020 at 4:32:55 PM, in > , Phil > Pennock via Gnupg-users wrote:- > > > > keys.gnupg.net is a CNAME for > > hkps.pool.sks-keyservers.net -- which is > > now returning zero re

Re: Which keyserver

2020-09-18 Thread Phil Pennock via Gnupg-users
On 2020-09-18 at 15:04 +0200, accounts-gn...@holbrook.no wrote: > Is it possible to define multiple sources of keys with WKD, for example > with a dns TXT record? The use-case would be if the main server is down, > alternative places to get it. The SRV record approach had to be dropped because the

Re: Which keyserver

2020-09-18 Thread Phil Pennock via Gnupg-users
On 2020-09-18 at 08:06 -0700, Mark wrote: > I use GPG4Win and I've noticed that "hkp://keys.gnupg.net" is not > working right. I was not getting any hits back when searching with > Kleopatra and then I tried to ping that server which returned host not > found. So I'm also interested if there is a

Re: Which keyserver

2020-09-18 Thread Phil Pennock via Gnupg-users
On 2020-09-18 at 10:08 +0200, Franck Routier (perso) wrote: > Le jeudi 17 septembre 2020 à 18:13 -0400, Phil Pennock via Gnupg-users > a écrit : > > If publishing keys, I do recommend setting up WKD for your > > domain, which helps a little. > > What is the status

Re: Which keyserver

2020-09-17 Thread Phil Pennock via Gnupg-users
On 2020-09-17 at 22:57 +0200, Martin wrote: > Which keyserver do you recommend these days? For what purpose? For receiving updates to previously known keys, of people who care enough about their keys to distribute their keys across multiple keyservers instead of just going "I pushed it to the key

Re: how to suppress new "insecure passphrase" warning

2020-09-17 Thread Phil Pennock via Gnupg-users
On 2020-09-16 at 15:03 -0700, Alan Bram via Gnupg-users wrote: > I have been using gnupg for a few years now, with no change in the way I > invoke it. Recently (I guess my package manager updated to a new version: > 2.2.23) it started injecting a warning about "insecure passphrase" and > suggesting

Re: gpg-agent is older than us

2020-08-21 Thread Phil Pennock via Gnupg-users
On 2020-08-21 at 19:00 +, Ajax via Gnupg-users wrote: > On a Debian box, 'gpg -K' gives "server 'gpg-agent' is older than us > (2.2.12 < 2.2.21)". 2.2.21 was built using speedo in my home > directory populating ~/bin which appears at the head of $PATH. The > commands 'which gpg' and 'which g

Re: WKD - .onion redirects mapping

2020-08-04 Thread Phil Pennock via Gnupg-users
On 2020-08-04 at 16:46 +0200, Werner Koch via Gnupg-users wrote: > Yes, privacy. But that is just a welcome side-effect. What we need is > that the domain is authenticated so that we can consider the key to be > valid at a certain level. I see no way how you can do this via an > anonymizer becau

WKD - .onion redirects mapping

2020-07-27 Thread Phil Pennock via Gnupg-users
Folks, Is there any facility in GnuPG, or any neat hacks which can be applied to current releases, to be able to remap WKD queries to go to specified .onion hosts? Eg, lists: openpgpkey.debian.org: http://habaivdfcyamjhkk.onion/ and indeed if I use `gpg --list-ke

Re: Multiple UIDs or multiple master keys?

2020-07-14 Thread Phil Pennock via Gnupg-users
On 2020-07-14 at 00:48 +, Philihp Busby via Gnupg-users wrote: > 2: What benefits benefits are there to having separate master keys for >personal and professional use? Outside of not wanting the >identities linked, because I am not yet famous enough for that. When the day comes that I

Re: WKS server problems

2020-03-21 Thread Phil Pennock via Gnupg-users
On 2020-03-21 at 23:30 +, Andrew Gallagher wrote: > I'm trying to follow the WKS instructions from the wiki[1] on a remote > VM, but it hangs at the key generation stage: [...] > gpg (GnuPG) 2.2.4 Is this a newly created VM? Can you not use the opportunity of "nothing else on the system which

Re: Re: Help me on this

2020-03-02 Thread Phil Pennock via Gnupg-users
On 2020-03-02 at 14:23 +, Gubba, Srikanth (HNI Corp) wrote: > Thank you for your response , please see this screen shot it has both keys. > I have imported secret key but still getting same error message , can you > please help on this. Oh, I didn't look closely enough at the error in the or

Re: Help me on this

2020-03-01 Thread Phil Pennock via Gnupg-users
On 2020-02-28 at 22:31 +, Gubba, Srikanth (HNI Corp) via Gnupg-users wrote: > When I want to decryption for the encrypted file am getting below error > message : > gpg: using subkey 7E5B6A6AB3392A8D instead of primary key 1CC8C8AD84BF7E76 > gpg: encrypted with 2048-bit ELG key, ID 7E5B6A6AB33

Re: How to create an authinfo.gpg encrypted file with a GitHub token

2020-02-26 Thread Phil Pennock via Gnupg-users
On 2020-02-26 at 00:18 +, John Stevenson wrote: > I would like to store a GitHub personal access token in a file called > ~/.authinfo.gpg so that the token is not stored unencrypted on my > computer. This file would be used by Emacs to talk to GitHub via its API. > > I have never used GnuPGP

Re: swdb.lst problem

2020-02-10 Thread Phil Pennock via Gnupg-users
On 2020-02-09 at 16:44 -0500, murphy via Gnupg-users wrote: > With a new version of raspbian out for the raspberry pi I'm having > trouble with a speedo compile of gnupg-2.2.19 with error messages: > Also when I try to download swdb.lst directly it fails with: > > ~/Downloads/gnupg-2.2.19/build-a

Re-sign subkey binding with changed digest?

2020-01-08 Thread Phil Pennock via Gnupg-users
So, this SHA-1 mess is "fun". To get a fresh self-sig user ID signature on the main key, I can do this: gpg --expert --cert-digest-algo SHA256 --sign-key ${KEYID:?} The `--expert` overrides the "already signed" safety check, letting you confirm that yes you really want this. Alas, it seems th

Re: Reason string revocation

2019-12-27 Thread Phil Pennock via Gnupg-users
On 2019-12-26 at 23:06 +0100, Dirk-Willem van Gulik wrote: > Is there a flag that shows you the 'reason/explanation' string and cause > when examining a revocation msg with gpg2 ? > > It seems that both --import and a simple 'gpg2 revoc.asc' show you the key - > but not the rest of the info ? $ g

Re: Testing WKD setup?

2019-07-08 Thread Phil Pennock via Gnupg-users
On 2019-07-07 at 20:48 +0200, Wolfgang Traylor via Gnupg-users wrote: > > is there a service or similar where I can check if this email address is > > properly WKD-enabled? > > https://metacode.biz/openpgp/web-key-directory It's nice, but it also checks stuff which isn't per the spec, so gives fa

Re: New keyserver at keys.openpgp.org - what's your take?

2019-07-03 Thread Phil Pennock via Gnupg-users
On 2019-07-03 at 09:17 +0100, Andrew Gallagher wrote: > I didn't even know it supported finger URLs - handy to know! Opening a > finger port may be a step too far for the security-conscious though... Depends upon the implementation. I'm biased here, I wrote my own in Go back in 2016: https://go.

Re: New keyserver at keys.openpgp.org - what's your take?

2019-07-02 Thread Phil Pennock via Gnupg-users
On 2019-07-02 at 11:56 +0200, Wiktor Kwapisiewicz via Gnupg-users wrote: > On 01.07.2019 14:36, Andrew Gallagher wrote: > > OpenPGP already has the "keyserver" field which is rarely used. It is > > supposedly a hint to clients to tell them to prefer a particular > > keyserver, but it could also be

Re: Infinite loop?

2019-06-25 Thread Phil Pennock via Gnupg-users
On 2019-06-25 at 18:47 -0400, Daniel Kahn Gillmor via Gnupg-users wrote: > Interesting! my pubring.kbx is 147MiB, but GnuPG still should not run > forever when doing --list-keys. It takes 17s to complete the listing of > my pubring.kbx, as measured by "time gpg --list-keys > /dev/null" With GnuP

Re: Hostname of key server pool disappeared? hkps.pool.sks-keyservers.net

2019-03-18 Thread Phil Pennock
On 2019-03-18 at 23:09 +1000, Ted Cooper wrote: > If there is a more appropriate place to post this please do let me know. > Methods of contact and persons responsible for the sks-keyservers > infrastructure is not obvious. Onto the problem; The SKS Devel mailing-list is also used for Operations i

Re: Several GnuPG instances, with their corresponding agents

2019-03-11 Thread Phil Pennock
On 2019-03-10 at 01:25 -0500, Konstantin Boyandin via Gnupg-users wrote: > I would like to use, whenever I like, manually builds (such as current > 2.2.13). > > Question: how do I keep several GnuPG versions installed, every version > with its own gpg-agent? After running ./configure [--args], ta

Re: Choice of ECC curve on usb token

2018-06-29 Thread Phil Pennock
On 2018-06-29 at 18:07 +0200, Damien Cassou wrote: > NIIBE Yutaka writes: > > Why not Curve25519, if you use ECC? > > I'm not sure I want ECC after reading this: > https://crypto.stackexchange.com/a/60394/60027 Curve25519 is not NIST ECC. It is ECC. "ECC" = "Elliptic Curve Cryptography", it co

dirmngr Windows DNS resolution of pools (Re: Problem refreshing keys)

2018-06-15 Thread Phil Pennock
On 2018-06-14 at 06:24 -0400, Jerry wrote: > gpg-connect-agent --dirmngr "GETINFO version" /bye > gpg-connect-agent: no running Dirmngr - starting 'C:\Program Files > (x86)\Gpg4win\..\GnuPG\bin\dirmngr.exe' > gpg-connect-agent: waiting for the dirmngr to come up ... (5s) > gpg-connect-agent: waiti

Re: Problem refreshing keys

2018-06-13 Thread Phil Pennock
On 2018-06-13 at 09:52 -0400, Jerry wrote: > On Wed, 13 Jun 2018 15:25:04 +0200, Werner Koch stated: > >The common problem on Windows: You can't use ' to quote; we Unix folks > >always forget about that. Use Bah, I just didn't know. :D I suspected though, which is why I mentioned typing interac

Re: Problem refreshing keys

2018-06-12 Thread Phil Pennock
On 2018-06-12 at 10:05 -0400, Jerry wrote: > Starting C:\Program Files (x86)\GnuPG\bin\gpg.exe --display-charset utf-8 > --refresh-keys... > gpg: refreshing 387 keys from hkps://hkps.pool.sks-keyservers.net > gpg: keyserver refresh failed: Server indicated a failure > > This is happening on a W

Re: Forward gpg-agent to container

2018-06-11 Thread Phil Pennock
On 2018-06-10 at 18:05 +0200, Benjamin Kircher wrote: > This gives me > > gpg: can't connect to the agent: IPC connect call failed > > from within the container. > > Command lines that led to this output are: > > $ docker run --volume $(gpgconf --list-dirs > agent-extra-socket):/root/.gnup

Re: Forward gpg-agent to container

2018-06-05 Thread Phil Pennock
On 2018-06-05 at 17:17 -0400, Phil Pennock wrote: > Shell 2: > $ docker run -it --rm -v /var/run/pdp.gnupg:/root/.gnupg/S.gpg-agent.ssh > alpine > / # chmod 0700 /root/.gnupg && chown root:root /root/.gnupg/S.gpg-agent > / # apk update && apk add --no-cache gnupg I

Re: Forward gpg-agent to container

2018-06-05 Thread Phil Pennock
On 2018-06-05 at 20:18 +0200, Peter Lebbing wrote: > Have you tried by hand whether the concept of communicating over a > socket to a container works at all? You could use socat to create a > socket and communicate, one socat on your host system and one inside the > container. > > I have no experi

Re: A Solution for Sending Messages Safely from EFAIL-safe Senders to EFAIL-unsafe Receivers

2018-05-23 Thread Phil Pennock
On 2018-05-22 at 19:35 -0700, Craig P Hicks wrote: > "A Solution for Sending Messages Safely from EFAIL-safe Senders to > EFAIL-unsafe Receivers" > > https://github.com/craigphicks/efail-safe-send-to-insec-recv/wiki There's an existing semi-standard for trying to improve email security by moving

Re: A postmortem on Efail

2018-05-20 Thread Phil Pennock
On 2018-05-20 at 02:26 -0400, Rob J Hansen wrote: > https://medium.com/@cipherpunk/efail-a-postmortem-4bef2cea4c08 Excellent post. I favor breaking backwards compatibility and including in the shipped README a description of "The conditions under which we anticipate future backwards compatibility

Re: Is signing a file with multiple keys possible

2018-03-23 Thread Phil Pennock
On 2018-03-24 at 00:31 +0100, Dirk Gottschalk via Gnupg-users wrote: > Is it possible to sign a file with multiple keys? Yes. Slightly lower-level operations than normal signing, but not by much, you just need to know about enarmor/dearmor and how signatures are put together. > For Example: John

Re: GnuPG 2.2.4 on Windows - problems accessing some HKPS keyservers

2018-01-23 Thread Phil Pennock
On 2018-01-22 at 20:12 -0500, David Gray via Gnupg-users wrote: > I'm running GnuPG 2.2.4 on Windows. I'm able to successfully query the SKS > keyserver pool via HKPS (hkps://hkps.pool.sks-keyservers.net) with no > problems. I'm trying to query the hkps://keys.mailvelope.com keyserver, and > I'm

Re: failed to convert unprotected openpgp key: Checksum error

2018-01-22 Thread Phil Pennock
On 2018-01-19 at 19:57 +1100, Simon Kissane wrote: > However, when I try to decrypt data encrypted with the private key, I > get a "failed to convert unprotected openpgp key: Checksum error" Simpler check: % gpg --export-secret-key gpg: key 4252EB6983CE74C44F549B6F8666715904EE61F2: error receivin

Re: is there a preferred order to building dependencies for gnupg2

2018-01-10 Thread Phil Pennock
On 2018-01-10 at 11:39 +, Damien Goutte-Gattat wrote: > On 01/10/2018 09:25 AM, Henry wrote: > > There are five libraries required to build gnupg2: libgpg-error, > > libgcrypt, libassuan, libksba and npth. > > > > Is there a preferred order in which they should be built? > > Libgpg-error shou

Re: Performance regression, 2.2.3/recent?

2017-12-05 Thread Phil Pennock
On 2017-12-04 at 18:20 +0900, NIIBE Yutaka wrote: > It seems that pubring.kbx is accessed recursively (something by depth 3, > by fd: 4, 7 and 10 (fd 3 is to check the file type, I guess)). > > Could you please try with --no-expensive-trust-checks option, if it > changes the behavior? Yes: change

Re: Performance regression, 2.2.3/recent?

2017-12-03 Thread Phil Pennock
On 2017-12-03 at 12:19 +0100, Werner Koch wrote: > On Sun, 3 Dec 2017 02:20, gnupg-us...@spodhuis.org said: > > Anyone else seeing major slowdowns with keyring dumping in recent GnuPG > > on Linux? > > By recent do you mean 2.2.3 or a Git version (2.2 branch or master)? 2.2.3. The dump on Linux

Performance regression, 2.2.3/recent?

2017-12-02 Thread Phil Pennock
Anyone else seeing major slowdowns with keyring dumping in recent GnuPG on Linux? I have a dump-state script used for monthly backups where after an hour, I gave up. The step is just: gpg --with-colons --with-fingerprint --with-subkey-fingerprint --with-secret --list-keys but pubring.kbx is

Re: Complete Ubuntu compile of GnuPG

2017-11-22 Thread Phil Pennock
On 2017-11-22 at 08:09 -0500, murphy wrote: > pinentry-program /usr/bin/pinentry-gtk-2 > > This is required since pinentry is not compiled from source but > installed as an Ubuntu package. GnuPG's configure takes --with-pinentry-pgm=... to override the default. (I build the https://public-packag

Re: Questions about particular use cases (integrity verification w/o private key, add E flag to primary key, import secp256k1 key)

2017-08-28 Thread Phil Pennock
On 2017-08-28 at 19:05 -0400, Rob J Hansen wrote: > > 1. Is it possible, when transporting a message from Alice to Bob, > > without holding any of their private keys, to do the following checks: > > - verify the integrity of the message and make sure it is sanitized and > > Bob can decrypt it with

Re: Obtaining sig2 and sig3 signatures

2017-05-30 Thread Phil Pennock
On 2017-05-30 at 21:25 +0200, Stefan Claas wrote: > Let's assume we would exchange signed emails (PGP/SMIME) would these proofs > be enough for you to warrant a sig2? And for a sig3 an additional video > conference? No. A public signature is an attestation to others of identity. If it's based on

Re: Don't send encrypted messages to random users

2017-05-30 Thread Phil Pennock
On 2017-05-29 at 18:58 +, listo factor via Gnupg-users wrote: > This I find surprising: if one does not want receiving > encrypted messages from those that he does not have > existing relationship with, why does he publish his > public key on public keyservers? (1) Who says they published it?

Re: Stripping expired subkey during export?

2017-03-03 Thread Phil Pennock
On 2017-03-03 at 09:51 +0100, Werner Koch wrote: > Not cleaning expired subkeys is a good thing for secret key export, so > that you can keep on decyrpting old mails. Sure, but this is a non-secret export, for the versions for publication. > Exporting a

Stripping expired subkey during export?

2017-03-02 Thread Phil Pennock
For certain exports of my PGP key, I want the key minimized and clean of cruft; while the public keyservers will reaccumulate all signatures, data-sources where "presence is trust" do not need everything else. Smaller keys for DNS records, certain authenticated databases, etc. I also recently upda

Real-world current impact of disabling SHA1

2017-02-24 Thread Phil Pennock
There are various claims going around about how GnuPG should be disabling SHA1 now; the competent cryptographers I know are pointing out that a collision is not a second pre-image, don't panic and cargo-cult (but also yes it's time and past time to be making sure we have a clear path away). I'm no

Re: [Sks-devel] pool.sks-keyservers.net issues

2013-03-01 Thread Phil Pennock
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Short version: bad interaction of GnuPG, cURL and Apache. Can probably be worked around in Apache config, can definitely be worked around in GnuPG code, should aim to get both done. On 2013-02-28 at 10:01 -0800, Doug Barton wrote: > 2001:470:1f0

Re: [Sks-devel] pool.sks-keyservers.net issues

2013-02-28 Thread Phil Pennock
On 2013-02-28 at 09:12 +0100, Niels Laukens wrote: > On 2013-02-28 00:50, Phil Pennock wrote: > > The best fix is to use gpg with a real cURL library. > > I'm currently using a downloaded binary from gpgtools.org. I don't see > libcurl in the list of shared objects

Re: [Sks-devel] pool.sks-keyservers.net issues (was: Questions about OpenPGP best practices)

2013-02-28 Thread Phil Pennock
On 2013-02-27 at 10:57 +0100, Niels Laukens wrote: > Apologies for cross-posting to both mailing lists, but since I got > replies via both ways I feel this is the easiest way to sync them. Current status: Kristian and I have debugged and he found the core issue. If I load down my server, we can s

Re: 1.4.12 beta installer for Windows

2013-02-01 Thread Phil Pennock
> Veet Vivarto wrote: > > My friend and I, are working on a easy to use front-end for GPG for Windows > > and Mac. Veet, Know your competition; "GPG Keychain Access" exists for MacOSX, can be found at http://gpgtools.org/keychain.html and is part of GPGTools, which also provides Mail.app integra

OT: "PGP Keyservers" Google+ Community

2012-12-20 Thread Phil Pennock
[ Somewhat, but not completely, off-topic. ] Hey, if anyone here cares about the sorts of people who care about PGP Keyservers, and if you use Google+, then there's now a G+ Community which will help you find others with tastes as strange as yours. ;) I've created "PGP Keyservers", tagline "Publi

Re: [Sks-devel] SRV records and HKPS requests

2012-12-07 Thread Phil Pennock
On 2012-12-05 at 23:32 -0500, David Shaw wrote: > It's working, it's just misleading since the SRV replacement happens > after the debug logging so the actual URL that is hit is not the one > that is being logged. If you look at netstat, you can see it's > connecting to the right port. Sorry for

Re: [Sks-devel] SRV records and HKPS requests

2012-12-03 Thread Phil Pennock
keytest.spodhuis.org Command:GET * HTTP proxy is "null" * HTTP URL is "http://keytest.spodhuis.org:11371/pks/lookup?op=get&options=mr&search=0x403043153903637F"; * HTTP auth is "null" * HTTP method is GET gpg: key 0x403043153903637F: "Phil Pen

Re: [Sks-devel] SRV records and HKPS requests

2012-12-03 Thread Phil Pennock
On 2012-12-02 at 10:23 -0500, David Shaw wrote: > On Oct 6, 2012, at 10:20 PM, Phil Pennock wrote: > > GnuPG folks (since this is cross-posted, if my mail makes it through): > > > > there is a bug in GnuPG's SRV handling, I've identified where I think > > it

Re: [Sks-devel] SRV records and HKPS requests

2012-12-03 Thread Phil Pennock
On 2012-12-02 at 23:46 -0500, David Shaw wrote: > I tried talking to keytest.spodhuis.org to test, but all the ports > returned in the SRV were not listening. Or at least, not listening to > me ;) *blush* Fixed, sorry. -Phil ___ Gnupg-users mailing l

Re: [Sks-devel] SRV records and HKPS requests

2012-10-07 Thread Phil Pennock
On 2012-10-06 at 22:20 -0400, Phil Pennock wrote: > So, there's a `port` and an `opt->port`; the SRV lookups set `opt->port` > but not `port`, while the URL given to curl uses `port`. > > It seems like changing 537 to: > port = opt->port = newport >

Re: [Sks-devel] SRV records and HKPS requests

2012-10-07 Thread Phil Pennock
GnuPG folks (since this is cross-posted, if my mail makes it through): there is a bug in GnuPG's SRV handling, I've identified where I think it is, it's in the second block of text from me; the first part of this mail relates to SKS and some policy issues around the new keyserver pool Kristian

Re: Ohhhh jeeee: ... this is a bug (getkey.c:2079:merge_selfsigs)

2006-03-02 Thread Phil Pennock
On 2006-03-01 at 19:10 +0100, Sergi Blanch i Torné wrote: > Ok, in this case (David correct me if i am wrong) it look like there was > something broke in the pubring that was fixed when you ran > '--update-trustdb' (over an unpatched binary). Makes sense, although I'm curious as to what, and how

Re: Ohhhh jeeee: ... this is a bug (getkey.c:2079:merge_selfsigs)

2006-03-01 Thread Phil Pennock
On 2006-02-28 at 13:07 +0100, [EMAIL PROTECTED] wrote: > Ok, now it works, but can you send me any information that could be > interesting? For example how you create the 0xC9541FB2, It's a public key for someone else, imported with --recv-key, because it's in a trust path I need. I do have a ra

Re: Ohhhh jeeee: ... this is a bug (getkey.c:2079:merge_selfsigs)

2006-02-28 Thread Phil Pennock
On 2006-02-27 at 23:39 -0500, David Shaw wrote: > This is a heavily patched GnuPG release. Did you try this on the > official version? I hadn't, since the official version has the mpicoder bug which causes it to abort whilst processing some keys on my keyring; Gentoo pulls in your patch, after I

Ohhhh jeeee: ... this is a bug (getkey.c:2079:merge_selfsigs)

2006-02-27 Thread Phil Pennock
Is this a known issue, fixed in 1.4.3? There's nothing obviously dealing with it in http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/cipher/ChangeLog?rev=4003&view=markup> % gpg --version gpg (GnuPG) 1.4.2.1-ecc0.1.6 [...] % gpg --list-sigs 0xC9541FB2 [...] gpg: O j: ... this is a bug (get