Hi Hauke, On 28.04.16 01:46, Hauke Westemeier wrote:
(...) [--homedir doesn't work in gnupg 2.0] > After I set the system variable > GNUPGHOME D:\somehwere\gnupg > it works for GnuPG 2.0. As far as I can see this issue is not yet > mentioned in the "Resolving issues with GnuPG 2.x and gpg-agent" > section in the FAQ. Thanks for the hint! > A third issue that I don't understand yet is that I get errors if I > update some keys from the key servers (others are working). To have > less "random" results (depending on which server is chosen from the > default pool) I explicitly set > keys.gnupg.net > as key server. If I choose to update one single key, for some of them > the error log states the following (sorry that it is in German, the > Umlaute are also wrong in the displayed text and some final letters > seem to be missing as well. I don't know if this is an issue of GnuPG > or Enigmail) > > Herunterladen der Schlüssel ist fehlgeschlagen > gpg: fordere Schl ]ssel BB1D9F6D von hkp-Server keys.gnupg.net a > gpg: Hinweis: Signaturen mit dem MD5 Hashverfahren werden zur ]ckgewiesen > gpg: Schl ]ssel BB1D9F6D: Keine g ]ltigen User-I > gpg: dies k├Ânnte durch fehlende Eigenbeglaubigung verursacht worden > sei gpg: Anzahl insgesamt bearbeiteter Schl ]ssel: > gpg: ohne User-ID: 1 > > The key in this example is actually one of the keys of the Heise > Kryptkampagne > https://www.heise.de/security/dienste/PGP-Schluessel-der-c-t-CA-473386.html > and is marked as "Ungültig" (which translatets to "Invalid" but is > different to "Abgelaufen" ("Expired")) in the Enigmail key manager. Is > this related to the rejection of old (md5?) keys or what could explain > this category? I'm not 100% sure but I think this was not like this in > gpg 1.4. Newer versions of gpg2.x reject signatures using the unsecure hash algorithm MD5. If all self-signatures are stripped off this way, then gpg rejects the whole key because of a missing self signature. Maybe this can be repaired by the key owner by issueing a newer self signature using a newer hash algorithm. However, this can only be done for V4 keys. Keys like this are old, usually almost 20 years, and are in V3 format (which will no longer be supported in GnuPG 2.1) and typically have a key length of 1024 bits, altogether indications that the key is end-of-life. The owner should be generating a new key pair. > If I choose to update all keys ("Keyserver - Update all keys" or some > similar wording) I run into yet an other issue > > Herunterladen der Schlüssel ist fehlgeschlagen > gpg: Hinweis: Signaturen mit dem MD5 Hashverfahren werden zur ]ckgewiesen > gpg: fordere Schl ]ssel F0D6B1E0 von ldap-Server keyserver.pgp.com a > gpg: Keine g ]ltigen OpenPGP-Daten gefunden > gpg: Anzahl insgesamt bearbeiteter Schl ]ssel: > gpg: Schl ]sselserver-Daten ]bertragunsfehler: Nicht gefund > gpg: Schl├╝sselserver-Daten├╝bertragunsfehler: Fehlerhafter > ├Âffentlicher Schl├╝ > gpg: WARNUNG: Schl├╝ssel F0D6B1E0 kann per ldap://keyserver.pgp.com > nicht aktualisiert werden: Fehlerhafter ├Âffentlicher Schl├╝s > gpg: 20 Schl ]ssel werden per hkp://keys.gnupg.net aktualisier > gpg: fordere Schl ]ssel 8ABDF3D7 von hkp-Server keys.gnupg.net a > .... > > Why is actually a different key server ldap://keyserver.pgp.com used > for the first key? As I said, I set keys.gnupg.net as only key server > in the Enigmail settings and this server is used for all others but > the first key. Please create a debug log file for a "refresh all". Instructions for this see here: https://enigmail.net/index.php/en/faq?view=category&id=11#faqLink_6 Please either obfuscate personal information before posting here or send an encrypted mail to me. Ludwig
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
