On Thu, Jun 13, 2024 at 02:09:15PM -0400, Jack via Gnupg-users wrote:
> On 2024.06.13 06:57, ael via Gnupg-users wrote:
> > Further thoughts on detecting a mistaken passphrase entry when
> > encrypting. I have looked at both
> > man gpg-agent and info
[...snip..]
> I&
On 2024.06.13 06:57, ael via Gnupg-users wrote:
Further thoughts on detecting a mistaken passphrase entry when
encrypting. I have looked at both
man gpg-agent and info
and I could not immediately see anything to help, but I quickly became
lost in the overwhelming volume of the entries :-)
So
I wrote just now:
"Further thoughts on detecting a mistaken passphrase entry when
encrypting. I have looked at both
man gpg-agent and info
and I could not immediately see anything to help, but I quickly became
lost in the overwhelming volume of the entries :-)
So perhaps there is some
Further thoughts on detecting a mistaken passphrase entry when
encrypting. I have looked at both
man gpg-agent and info
and I could not immediately see anything to help, but I quickly became
lost in the overwhelming volume of the entries :-)
So perhaps there is something there that I have
On Mon, Jun 10, 2024 at 08:54:56AM +0200, Werner Koch wrote:
> Hi
>
> which pinnetry are you you using? If you run gpg with -v it should dhow
> the pinentry used.
gpg: pinentry launched (8131 gnome3 1.2.1 /dev/pts/3 xterm-256color :0.0
20620/500/5 500/500 -)
While you are here, I am just try
Hi
which pinnetry are you you using? If you run gpg with -v it should dhow
the pinentry used. You will then see a line like:
gpg: pinentry launched (22013 gtk2 1.2.1 /dev/pts/11 xterm localhost:10.0
20620/1000/5 1000/1000 -)
Salam-Shalom,
Werner
--
The pioneers of a warless world are t
I wanted to use a long passphrase for some local symmetric encryption
but gpg-agent kept timing out before I could fully enter the fullphrase.
I looked at the man page and it was not clear to me whether
--pinentry-timeout
was relevant. And "A Pinentry may or may not honor this request.&quo
Hi, Werner, all.
Please let me take this opportunity to ask you for trustable documentation,
or any other resource, which could help interested users like myself in
providing the gpg-agent with ssh client and daemon errands, on both fresh
and not-so-fresh OS installs. Please consider SELinux
rounded up to the next 32 KiB; usual C style
> prefixes are allowed. For an heavy loaded gpg-agent with many
>concurrent connection this option avoids sign or decrypt errors
>due to out of secure memory error returns.
>
> You should not append the 'M' - it is
rea as required.
The optional value n is a non-negative integer with a suggested
size in bytes of each additionally allocated secure memory area.
The value is rounded up to the next 32 KiB; usual C style
prefixes are allowed. For an heavy loaded gpg-agent wit
that there is a timeout on waiting for this. My best bet, is that the
> password for the key needs to be fetched from the gnome keyring (? if it's
> called that) and that gpg-agent times out waiting for this and just requests
> it
> from the user.
>
> I made a short scri
keyring (? if it's
called that) and that gpg-agent times out waiting for this and just requests it
from the user.
I made a short script in python (attached) demonstrating this. On my machine,
setting WORKERNUM=7 is enough to trigger the issue.
Could somebody point me to a resources explaining wh
On Mon Mar 4, 2024 at 9:13 AM CET, Werner Koch wrote:
> Because all components of gnupg will start gpg-agent and the other
> daemons oin the fly and make sure that only one is started.
Do I understand it correctly that gnupg contains smaller version
of systemd (dependency activation) ins
On Mon, 4 Mar 2024 14:19, Matěj Cepl said:
> Do I understand it correctly that gnupg contains smaller version
> of systemd (dependency activation) inside of itself and that
No. It is not required. Just don't let systemd start gpg-agent or
dirmngr with option --supervised. If you u
On Sun, 3 Mar 2024 20:38, Matěj Cepl said:
> 1. Could you please explain why it is racy? Why from all services
Because all components of gnupg will start gpg-agent and the other
daemons oin the fly and make sure that only one is started. Systemd
does not know about this specific st
g is unsuitable for systemd treatment? It is just one
socket as any other, isn’t it? Could you point to some issue
ticket, email thread, blog post explaining the problem?
2. When running on MicroOS system (or Fedora Atomic) how could
you guarantee that there is only one gpg-agent and gpg
g is unsuitable for systemd treatment? It is just one
socket as any other, isn’t it? Could you point to some issue
ticket, email thread, blog post explaining the problem?
2. When running on MicroOS system (or Fedora Atomic) how could
you guarantee that there is only one gpg-agent and gpg
d: IPC syntax error
(You may use --debug=ipc alsowith gpg to see what is going on)
> 2024-03-02 10:53:20 gpg-agent[2434] DBG: chan_10 <- OPTION xauthority=
gpg-gent receives this from gpg. Look:
$ gpg-connect-agent
> option xauthority=
ERR 67109140 IPC syntax error - option argument exp
Hello,
I am running MicroOS-based distro (which means read-only host and all
work done in podman containers using distrobox). Because I am afraid
gpg-agent got confused when it was started from inside a container, I am
running it on host with systemd --user services (configuration according
Hi!
sorry, for the wrong order of the messages, I simply forgot to sent
them yesterday.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
openpgp-digital-signature.asc
Description: PGP signature
_
On Fri, 23 Feb 2024 22:59, Marcin Wrochna said:
> However, I cannot make `gpg --symmetric` encryption work on the remote,
> as it tells me getting a passphrase is "Forbidden".
Right. It does not sund like a good idea to give the server access to
your local password store (in g
Hi again!
you may want to try the attached patch. It is against the current 2.4
head but should apply also to somewhat older versions. If this solves
your problem, it can go into 2.4.5 soon.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military servic
: Operation cancelled
gpg: symmetric encryption of 'tmp.txt' failed: Operation cancelled
```
Local gpg-agent logs when trying from remote:
```
2024-02-23 22:11:07 gpg-agent[132208]DBG: chan_10 -> OK Pleased to
meet you, process 132243
<- RESET
-> OK
<- OPTION ttyname=/dev/pts/7
-
Thanks, the first approach seems to work fine for me.
- Falko
Am 17.01.24 um 17:56 schrieb Werner Koch:
On Wed, 17 Jan 2024 14:01, Falko Strenzke said:
I would like to run my development version of GPG-agent under valgrind. As I
understand it, for that purpose I have to run it in the
On Wed, 17 Jan 2024 14:01, Falko Strenzke said:
> I would like to run my development version of GPG-agent under valgrind. As I
> understand it, for that purpose I have to run it in the foreground, i.e. in
> server mode. However, whenever I launch it as
No, that will not work for you. I
I would like to run my development version of GPG-agent under valgrind.
As I understand it, for that purpose I have to run it in the foreground,
i.e. in server mode. However, whenever I launch it as
./bin/gpg-agent --homedir --log-file agent.log
--server --debug-all
then, when I launch a
/gpg-agent.conf and "gpgconf --kill gpg-agent". If you
are not yet running 2.4 (or the older 2.3) you should definitely do so.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
openpgp-digital-signature.a
Hi,
I want to use gpg-agent to authenticate to an SSH server via key. This
has previously worked on this machine when I was using a Nitrokey, now I
imported the key that was on the Nitrokey locally from a backup, and SSH
authentication no longer works.
ssh - server lists these
Hi,
I want to use gpg-agent to authenticate to an SSH server via key. This
has previously worked on this machine when I was using a Nitrokey, now I
imported the key that was on the Nitrokey locally from a backup, and SSH
authentication no longer works.
ssh - server lists these
Am Freitag 07 April 2023 01:20:07 schrieb Christian, Mark via Gnupg-users:
> I was hoping to gpg-preset-passphrase a gpg-agent running under the apache
> WSGI service account, so that a python gpgme web wsgi/cgi application could
> access the gpg-agent's private key in order to r
I was hoping to gpg-preset-passphrase a gpg-agent running under the apache WSGI
service account, so that a python gpgme web wsgi/cgi application could access
the gpg-agent's private key in order to run various gpg operations. It seems
the python mod_wsgi script is not finding the gpg-agent.
On Fri, 20 Jan 2023 15:07, Yorick van Pelt said:
> yubikey if it is not inserted, but can't figure out how to make it try the
> yubikey before the password-protected key.
>
> How can I best restore the old behavior?
Unfortunately there is no way to do this right now. The tentative plan
is to ass
Hello,
I have a question regarding the gpg-agent changes in 2.3.7.
I have the following setup:
- gpg-agent configured as ssh-agent, with
- 1 auth subkey, protected by a passphrase
- 1 auth subkey stored on a yubikey.
Prior to upgrading to gnupg 2.3.7, gpg would prompt me for the yubikey
pincode
On Mon, 16 Jan 2023 07:56, Troy said:
> The problem is that there's already a gpg-agent running at the remote
> (I think started by systemd or the X server), which I don't want to
> disturb. For my ssh connection, I try to create a new Unix domain
Don't run the gpg-ag
Hi,
I was wondering if you could give me a pointer.
I'm ssh'ing to a machine where I'm trying to run gpg, which I hope to
talk to the gpg-agent that's running on my local laptop, forwarded
through ssh.
I'm following the instructions at https://wiki.gnupg.org/AgentFor
eiter
Envoyé : 25 octobre 2022 03:44
À : gnupg-users@gnupg.org
Cc : Roy Christian (DAIT-SITL)
Objet : Re: gpg-agent refuse to start
Hi Christian,
Am Donnerstag 06 Oktober 2022 21:01:15 schrieb Roy Christian (DAIT-SITL) via
Gnupg-users:
> Our applications called the GNUPG 1.4.2 executabl
Hi Christian,
Am Donnerstag 06 Oktober 2022 21:01:15 schrieb Roy Christian (DAIT-SITL) via
Gnupg-users:
> Our applications called the GNUPG 1.4.2 executable and it worked without
> issue. We upgraded to GNUPG version 2.2.27 and now we have problems with
> the gpg-agent. This sometime
Hello,
Our applications called the GNUPG 1.4.2 executable and it worked without issue.
We upgraded to GNUPG version 2.2.27 and now we have problems with the
gpg-agent. This sometimes refuses to start. The log looks like this:
gpg-connect-agent: pas d'instance de gpg-agent en cours d'
Hi
On Friday, 23 September 2022 12:01:18 BST Tsilimigkras Athanasios wrote:
> MY QUESTION: is there any way of changing the settings on GPGv2.2.4 to allow
> this environment variable to be set and therefore allow passwords to be
> cached as in earlier versions?
No. But if you are using other pro
ent:-2,
connect /run/user/1000/gnupg/S.gpg-agent:-2
Now at this point I'm under the impression that if gpg were to be called on
the server, and it talks to the socket, it should be triggering my
gpg-agent on my laptop. This seems to work as long as the gpg-agent on the
server doesn't star
ent:-2
>
> Now at this point I'm under the impression that if gpg were to be called
> on the server, and it talks to the socket, it should be triggering my
> gpg-agent on my laptop. This seems to work as long as the gpg-agent on the
> server doesn't start up. If the gpg-age
On Thu, 4 Aug 2022 21:27, folkert said:
> How can I, programmatically, prevent gpg-agent to cache a passphrase?
> Or clear its cache?
Put
max-cache-ttl 0
into gpg-agent.conf
To fluish the cache run
gpgconf --reload gpg-agent
>err = gpgme_set_ctx_flag(ctx, "no-sym
Hi,
How can I, programmatically, prevent gpg-agent to cache a passphrase?
Or clear its cache?
I tried using:
err = gpgme_set_ctx_flag(ctx, "no-symkey-cache", "1");
but then when I run my program for the second time, it uses a cached
item.
Using:
libgpgme-dev
On Fri, 17 Jun 2022 12:23, artur.brzozowski said:
> I've been trying to get gpg-agent running under supervision using
> FreeBSD's native daemon(8) [1]
Please don't do that. The --supervised option has been deprecated
recently because it conflicts with GnuPG's int
Hello.
I've been trying to get gpg-agent running under supervision using
FreeBSD's native daemon(8) [1]
The description for the utility states the following: The daemon
utility detaches itself from the controlling terminal and executes the
program specified by its arguments. Privile
El día lunes, noviembre 08, 2021 a las 11:18:37a. m. +0100, Matthias Apitz
escribió:
> > You did the
> >
> > gpg-connect-agent updatestartuptty /bye
> >
> > thing to tell gpg-agent where it shall pop up the pinentry? Further
> > ...
>
> Thanks fo
rminal raises an error about no secret provided.
>
> You did the
>
> gpg-connect-agent updatestartuptty /bye
>
> thing to tell gpg-agent where it shall pop up the pinentry? Further
> ...
Thanks for the hints. Magically it works now by its own after adding
this to the ~purism/.ba
On Fri, 5 Nov 2021 17:30, Matthias Apitz said:
> But, it does not work locally on the L5 in its "terminal app", the
> "pass" command in the terminal raises an error about no secret provided.
You did the
gpg-connect-agent updatestartuptty /bye
thing to tell gpg-agent
Werner,
I have an issue with the 'pinentry' in the L5:
/usr/bin/pinentry is as default a symlink to /etc/alternatives/pinentry
and pops up on the L5 as somekind graphical application, also when I use
the OpenPGP card in the L5 when connected via SSH to the L5, which is
not what I wanted have to k
El día viernes, noviembre 05, 2021 a las 08:32:17a. m. +0100, Werner Koch via
Gnupg-users escribió:
> it is good that things work for you. And thanks for the hint with the
> smartcard. I was probably blind that I didn't noticed it. I put an
> older card into the slot (cut down with a sharp wir
Hi Matthias,
On Thu, 4 Nov 2021 09:40, Matthias Apitz said:
> I got mine in early October after exactly 4 years waiting. I do not
Same here. I actually met with Todd back then and my colleague Gniibe
write the driver for their planned card reader. Then we had that long
delay.
it is good that
El día jueves, noviembre 04, 2021 a las 09:45:57a. m. +, Andrew Gallagher
via Gnupg-users escribió:
> On 04/11/2021 08:40, Matthias Apitz wrote:
> > I bought the OpenPGP card from
> > Purism for USD 15, I don't know if the small format exist here in
> > Germany.
>
> Not Germany, but Cryptosh
On 04/11/2021 08:40, Matthias Apitz wrote:
I bought the OpenPGP card from
Purism for USD 15, I don't know if the small format exist here in
Germany.
Not Germany, but Cryptoshop in Vienna sells them:
https://en.cryptoshop.com/products/smartcards/open-pgp-smartcard-v2-id-000.html
--
Andrew Gall
El día jueves, noviembre 04, 2021 a las 09:40:40a. m. +0100, Matthias Apitz
escribió:
> ...
>
> I have and have had some Linux mobiles, also the OpenMoko. The
> Purism L5 is the most usefull until now for me. You see, I really don't
> share your opinion. The biggest problem until now is the dura
El día jueves, noviembre 04, 2021 a las 08:31:08a. m. +0100, Werner Koch via
Gnupg-users escribió:
> On Wed, 3 Nov 2021 18:55, Matthias Apitz said:
>
> > card, and available without any laptop or USB dongel, just in my phone -- a
> > big progress. Thanks to Purism to bring this with the L5 to
On Wed, 3 Nov 2021 18:55, Matthias Apitz said:
> card, and available without any laptop or USB dongel, just in my phone -- a
> big progress. Thanks to Purism to bring this with the L5 to the Linux world!
You mean the Librem5 has indeed a second slot for a smartcard? I
recently received mine bu
El día martes, noviembre 02, 2021 a las 06:34:16p. m. +0100, Werner Koch via
Gnupg-users escribió:
> On Sat, 30 Oct 2021 15:50, Matthias Apitz said:
>
> > I just withdraw the USB dongle after the operation. I was thinking that
> > the gpg-agent.conf entry 'max-cache-ttl' will also expire the unl
On Sat, 30 Oct 2021 15:50, Matthias Apitz said:
> I just withdraw the USB dongle after the operation. I was thinking that
> the gpg-agent.conf entry 'max-cache-ttl' will also expire the unlocked
> state of the OpenPGP card, which it does not. How could I do this?
No, it does not because it is th
Hello,
I'm using GnuPG together with an OpenPGP card. When I want to decrypt
something the gpg-agent is via pinentry asking for the PIN to unlock the card.
Normally I don't care about how long the card remains unlocked, because
I just withdraw the USB dongle after the operation. I wa
On Thu, 26 Aug 2021 16:23, Klaus Ethgen said:
> It seems that I have the problem all time I use the QT pinentry. The
> gtk2 pinentry seems to be fine and with the switch to QT one, the
Did you tried pinentry 1.2.0 which we released last week?
FWIW, I am using xfce and had some problem with icons
Am Fr den 27. Aug 2021 um 14:12 schrieb Jerry Seibert:
> On Thu, 26 Aug 2021 16:23:16 +0100, Klaus Ethgen stated:
> >Unfortunately, the gtk3 version of pinentry has some toxic dependencies
> >that I never want to have.
>
> Would you be so kind as to list, and possibly explain, those toxic
> depend
Am Fr den 27. Aug 2021 um 14:12 schrieb Jerry Seibert:
> On Thu, 26 Aug 2021 16:23:16 +0100, Klaus Ethgen stated:
> >Unfortunately, the gtk3 version of pinentry has some toxic dependencies
> >that I never want to have.
>
> Would you be so kind as to list, and possibly explain, those toxic
> depend
On Thu, 26 Aug 2021 16:23:16 +0100, Klaus Ethgen stated:
>Unfortunately, the gtk3 version of pinentry has some toxic dependencies
>that I never want to have.
Would you be so kind as to list, and possibly explain, those toxic
dependencies?
--
Jerry
___
Hi,
I have an update for this issue.
It seems that I have the problem all time I use the QT pinentry. The
gtk2 pinentry seems to be fine and with the switch to QT one, the
problem appears. Now I have the problem on debian and gentoo.
Even more, a `gpg-connect-agent updatestartuptty /bye` over ss
Use gnupg 2.3 and this should work. I am using several tokens in a
local setup for years. Not tested with remote; if you run into problems
enabled IPC debugging for gpg-agent and watch out for GPG_ERR_FORBIDDEN.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen rege
emote I've SSH'ed to (using one of the yubikeys), without
having to reboot/restart machine/gpg-agent/ssh connection.
# Initial research effort
Is this possible? None of the guides/how-to's I've found seem to cover this
use-case where you've got multiple GPG identities on mu
Am Sa den 6. Mär 2021 um 16:32 schrieb Klaus Ethgen:
> [0] https://bugs.gentoo.org/show_bug.cgi?id=774468
Sadly, Gentoo closed that bug as invalid as they do not have pam_gnupg
in their software stack and so they say, that it is a usecase that is
not supportet by them.
It is a bit short thought.
Hi!
I am not sure whether you already di this: Use a script like
--8<---cut here---start->8---
#!/bin/sh
MYPINENTRY="/foo/bar/pinentry-gtk-2"
locale >/tmp/pinentry.err
set >>/tmp/pinentry.err
exec strace -o /tmp/pinentry.trc -e read=0 $MYPINENTRY -d "$@"
2>
I created a bug ([0]) for gentoo.
Gruß
Klaus
[0] https://bugs.gentoo.org/show_bug.cgi?id=774468
--
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
[1] pinentry-gnome3
[2] pinentry-qt5 *
[3] pinentry-curses
From Werner Koch, I enabled pinentry-debug, here are the results:
2021-03-05 20:03:24 gpg-agent[27031] gpg-agent (GnuPG) 2.2.25 started
2021-03-05 20:03:48 gpg-agent[27031] SIGHUP received - re-reading
configu
That was a dead end.
Even without libcap linkage, the pinentry does not work.
Also the process capabilities of a manual started gpg-agent are the
same.
Gruß
Klaus
--
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16Klaus
Some further debuging of the capabilities:
pinentry(-qt) has no file capabilities, the process of gpg-agent has the
following:
~> getpcaps 27031
27031:
cap_dac_override,cap_net_admin,cap_net_raw,cap_sys_rawio,cap_sys_admin=i
And in strace I find the following:
28441 20:23:54 cap
On Fri, Mar 05, 2021 at 10:16:41AM +0100, Klaus Ethgen wrote:
> I have a my setup depending strongly on gpg-agent. For this, I preseed
> some passphrases via pam_gnupg.
>
> While this setup work well on my Devuan machine, I have some troubles on
> the Gentoo one, that I d
Hi Werner,
Am Fr den 5. Mär 2021 um 15:59 schrieb Werner Koch:
> On Fri, 5 Mar 2021 10:16, Klaus Ethgen said:
>
> > While this setup work well on my Devuan machine, I have some troubles on
> > the Gentoo one, that I don't get solved.
>
> I am also using Devuan without problems. Did you used
On Fri, 5 Mar 2021 10:16, Klaus Ethgen said:
> While this setup work well on my Devuan machine, I have some troubles on
> the Gentoo one, that I don't get solved.
I am also using Devuan without problems. Did you used
touch /var/lib/elogind/USERNAME
to avoid elogin stealing the socket direct
Hi,
I have a my setup depending strongly on gpg-agent. For this, I preseed
some passphrases via pam_gnupg.
While this setup work well on my Devuan machine, I have some troubles on
the Gentoo one, that I don't get solved.
When the agent is started when I login via xdm (wdm), the agent does
On Tue, 2 Mar 2021 10:35, Romain Lebrun Thauront said:
> So, is there a way to have BOTH gpg-agent managing ssh, and GTK
> pinentry prompts for unlocking keys ?
I use this for more than a decade. You have to use
gpg-connect-agent updatestartuptty /bye
if you switch your xserver; that
On Tue, 2021-03-02 at 10:35 +, Romain Lebrun Thauront via Gnupg-users wrote:
> Hi folks,
>
> I start using my gpg key as my ssh key and I configure gpg-agent to manage my
> ssh keys as mention in the arch wiki
> article.
> The problem is, it work well but my gpg-agent is
Hi folks,
I start using my gpg key as my ssh key and I configure gpg-agent to manage my
ssh keys as mention in [the arch wiki
article](https://wiki.archlinux.org/index.php/GnuPG#SSH_agent).
The problem is, it work well but my gpg-agent is now "link" to the last
terminal I opened, an
On Dienstag, 24. November 2020 09:30:18 CET surender singh pawar via Gnupg-
users wrote:
> Thanks for quick reply i did the following command only to put
> passphrase in cache ( missed id while writing mail ) got id from gpg
> --list-secret-keys
> gpg-preset-passphrase -vcP "$pgpPassphrase"
> *0
is there any debug
log which I can see to confirm it.
Can you share .if possible, any steps how to build windows gpg agent using
source code.? Most docs are for linux.
details for question is here as well
gnupg - windows :GPG is prompting for passphrase even though passphrase
cache is set in
gpgconf --launch gpg-agent
> "$gpgPath\bin\gpg-preset-passphrase.exe" -v -c -P "$pgpPassphrase"
You need to add the keygrip to the invocation; from the man page:
gpg-preset-passphrase [options] [command] cacheid
cacheid is either a 40 character keygrip of hexadec
Hi folks,
I am kind of stuck on this, hence reaching out to you guyz.
GPG is prompting for passphrase even though passphrase cached in gpg-agent
<https://stackoverflow.com/questions/64939717/gpg-is-promting-for-passphrase-even-though-passphrase-cache-is-set-in-gpg-agent>
(windows) Fol
Hi Andrew!
I solved this issue finally! What a weird UI ...
So ..., apparently, it's not enough to tell the gpg-agent which tty needs
to be used via GPG_TTY!
You also have to do:
> I guess something is wrong on the local machine.
>
export GPG_TTY=$(tty)
gpg-connect-agent updatestar
Hi, Oz.
Does /run/user/1000/gnupg/S.gpg-agent.extra exist on your local machine?
To make it exist I had to add `extra-socket` to my gpg-agent.conf (I'm
on gpg 2.2.12 from vanilla debian):
```
$ cat ~/.gnupg/gpg-agent.conf
enable-ssh-support
extra-socket /run/user/1000/gnupg/S.gpg-agent.extra
```
Hi,
I spend quite sometime trying to set up gpg agent forwarding between two
machines (running debian).
But I can't get this work with the instructions from the gpg wiki.
My ssh config:
Host debian-remote
Hostname 192.168.122.72
RemoteForward /run/user/1000/gnupg/S.gpg-agent
/run
Apologies, I accidentally posted the complete SO question in my previous
email.
That was not my intention. I hope I can still find some answers with the
help from subscribers of this list.
Best wishes
Oz
--
---
Imagine there's no countries
it isn't hard to do
Nothing to kill or die for
And no
Francois Gervais via Gnupg-users wrote:
> Would the SIGCONT be the source of my problem?
No, not at all. It's completely normal.
You need to locate the place where it fails.
* * *
FYI, we have a ticket for signing SSH CA by Gnuk Token.
https://dev.gnupg
I'm trying to follow up on a previous thread as I'm affected by the same
issue.
https://www.mail-archive.com/gnupg-users@gnupg.org/msg37567.html
I'm seeking some help in order to track down the issue.
Here's my current gpg-agent settings:
fgervais@fgervais-System-Product-Na
nupg.org/msg37567.html
>
> I'm seeking some help in order to track down the issue.
>
> Here's my current gpg-agent settings:
>
> fgervais@fgervais-System-Product-Name:~$ cat .gnupg/gpg-agent.conf
> enable-ssh-support
> debug-level guru
> debug-all
> verbose
&g
Hi!
it works for me:
$ ~/b/gnupg-2.2/g10/gpg -k \&E9CAF66DDA858EE60D654C864BB8E12E41C78242
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
pub rsa4096 2011-05-16 [C] [expires: 2
Hi Werner,
Am Di den 25. Aug 2020 um 14:12 schrieb Werner Koch:
> Just to be sure, you quoted the ampersand, right. It works for me and
> some GnuPG components are using it a lot. Just a quick test:
~> gpg --version
gpg (GnuPG) 2.2.20
libgcrypt 1.8.6
...
~> gpg --list-secret-keys
On Fri, 14 Aug 2020 14:31, Klaus Ethgen said:
> However, `gpg --list-keys --list-options show-unusable-subkeys
> --with-keygrip` does not display this keygrip.
You can also use
gpg -k \&KEYGRIP
to list a key. And with gpgsm use
gpgsm -k --with-ephemeral-keys \&KEYGRIP
to see whether ther
Thank you Phil,
/usr/bin/gpg-agent is started by systemd and I think it should be left
as it is for the Debian package manager to use with /usr/bin/gpg. Why
cannot ~/bin/gpg use ~/bin/gpg-agent? Is it true that gpg in $HOME or
/usr/local should work independently from /usr/bin/gpg?
On Sat, Aug
On 2020-08-21 at 19:00 +, Ajax via Gnupg-users wrote:
> On a Debian box, 'gpg -K' gives "server 'gpg-agent' is older than us
> (2.2.12 < 2.2.21)". 2.2.21 was built using speedo in my home
> directory populating ~/bin which appears at the head of $PA
On a Debian box, 'gpg -K' gives "server 'gpg-agent' is older than us
(2.2.12 < 2.2.21)". 2.2.21 was built using speedo in my home
directory populating ~/bin which appears at the head of $PATH. The
commands 'which gpg' and 'which gpg-agent'
Hi!
On Wed, 19 Aug 2020 23:19, Ben Fiedler said:
> % gpgconf --dry-run --create-socketdir
> gpgconf: socketdir is '/run/user/1000/gnupg/d.6oynbz4mc38pz8n5gyedka7a'
> gpgconf: non-default homedir
>
> This is pretty unexpected to me, why is this the case? And is there a
> way to mitigate this
Hi,
I'm using gpg together with a custom GNUPGHOME ($HOME/.config/gnupg) and
the systemd user unit provided in the basic Debian sid install and a
smart card (Yubikey). I am doing both signing/decryption and
authentication (ssh) using gpg, which leads to two different instances
of gpg-agent
On Wed Aug 19, 2020 at 10:10 PM, Ben Fiedler wrote:
Relevant env vars:
DBUS_SESSION_BUS_ADDRESS correctly set
GNUPGHOME=${HOME}/.config/gnupg, set for both the systemd service and
GPG_TTY=$(tty) set and exported in .zshrc
SSH_AUTH_SOCK=${XDG_RUNTIME_DIR}/gnupg/S.gpg-agent.ssh set and exported
in
Hello,
I have one key in my gpg agent that I do not remember anymore and do not
know where it comes from.
`KEYINFO --list` showes me one key (no ssh key), that I do not know. I can
preseed that key with a known passphrase what suggests that I had it in
gnupg once.
However, `gpg --list-keys
1 - 100 of 915 matches
Mail list logo
