On Wed, 21 Sep 2022 07:06, Fourhundred Thecat said:
> Why am I prompted for passphrase?
So that --list-packets can show you the encrypted content with all the
inetresting packets. Hit cancel and you are done.
Please note that the output of --list-packets is strictly for debugging
purposes and m
On Tue, 20 Sep 2022 16:56, Louis Holbrook said:
> I am using /usr/bin/pinentry-tty for password input, which in the
> interactive mode lets me paste a password from the terminal.
Please use pinentry-curses or, if you run in an xterm, better one of the
GUI pinentries. The pinentry-tty is a very d
On Sat, 27 Aug 2022 16:17, Tony Lee said:
> Count User Time (s)
> 1024 0.237
For backward compatibility reasons with 1.4 the default count value is
used in this case. The default value is computed by gpg-agent and
depends on your machine (cf. gpg-agent's --s2k-ca
On Fri, 19 Aug 2022 14:48, kho said:
> 4. Another approach is that I could for example have created just 3
> subkeys (not 6) and copied all 3 to smartcard1 and again to smartcard2.
> I thought that having those subkeys separately is ideal, specially in a
> occasion were smartcard2 is stolen. Then
On Thu, 11 Aug 2022 17:25, Sosthène Guédon | Nitrokey said:
> That makes sense to me. However why offer curves not supported by the
> hardware?
Because we can't now what curves a certain smartcard supports. The
announcement of the car capabilities is a relative new and optional
OpenPGP card fea
On Thu, 11 Aug 2022 14:58, Sosthène Guédon | Nitrokey said:
> I'm using gpg 2.2.36 and a OpenPGP smart card implementation we are
> currently developing.
You should better use the stable branch (2.3) instead of the LTS.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth
Hi!
Please share your GnUPG version and the type of smartcard you are using
with us. A 9 year old commit is not very helpful.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
signature.asc
Description: PGP sign
On Sun, 7 Aug 2022 12:46, andrew--- said:
> It looks like GPG4Win as well as "simple" installer are 32bit-only,
> which is somewhat unexpected in 2022. Is there a reason for this?
Windows 64-bit-only installations are pretty rare and thus the 32-bit
GnuPG suite is not a problem.
> Such builds
On Thu, 4 Aug 2022 21:27, folkert said:
> How can I, programmatically, prevent gpg-agent to cache a passphrase?
> Or clear its cache?
Put
max-cache-ttl 0
into gpg-agent.conf
To fluish the cache run
gpgconf --reload gpg-agent
>err = gpgme_set_ctx_flag(ctx, "no-symkey-cache", "1");
>
>
Hi!
This is a quick announcement that a new GnuPG release for 2.2 is
available. We will also preprare a 2.3 release in the next days but due
to summer holidays things are a bit delayed.
See also https://dev.gnupg.org/T5949
Shalom-Salam,
Werner
Noteworthy changes in version 2.2.36 (2022-0
On Fri, 24 Jun 2022 20:47, Minas Argyrou said:
>> scdaemon[x]: detected reader 'ACS ACR38U 0' scdaemon[x]:
Never got them to run properly. Just stay way from this reader type.
> I was never able to get the SC-HSM to work with GnuPG, even though it is
> supposedly supported. This is the
On Fri, 17 Jun 2022 12:23, artur.brzozowski said:
> I've been trying to get gpg-agent running under supervision using
> FreeBSD's native daemon(8) [1]
Please don't do that. The --supervised option has been deprecated
recently because it conflicts with GnuPG's internal management of daemon
proces
On Tue, 14 Jun 2022 08:38, Torsten Bronger said:
> Hallöchen!
>
> Werner Koch writes:
>
>> please let us known your GnuPG versions and your OS.
>
> gpgsm (GnuPG) 2.2.27
Please update to 2.2.35 which
* gpgsm: Fix parsing of certain PKCS#12 files. [T5793]
See https://d
Hi!
please let us known your GnuPG versions and your OS.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
signature.asc
Description: PGP signature
___
Gnupg-users mai
On Thu, 9 Jun 2022 08:11, Jan Eden said:
> Now I corrected the mistake, and all is well.
I don't think this is your mistake. We need to do something about it.
Tracked at https://dev.gnupg.org/T6023
BTW, to ignore local keys and update from WKD (or whatever has been
configured) you can use --lo
On Fri, 3 Jun 2022 18:05, Frank said:
> And I am currently eyeing at the 'ELF visibility' check in the
> configure script.
That is pretty old code from 2007. I do not remember any details; it is
possible that this is based on Uli Drepper's original paper. it was
originally implemented for Libg
On Mon, 30 May 2022 19:52, Matt Borja said:
> - Related to this approach: Is the passphrase on a private key not
> sufficient encryption strength to store the private key in a secure
> cloud
> vault for archival purposes; or could it not be paired with a
The currently used prot
On Sun, 29 May 2022 13:07, Johan Wevers said:
> Why do they do that? BTW, when I search for brainpool I only find
> definitions and RFC's, I seem unable to find why they are needed (or why
> they would be peferred) over other curves.
That is mostly a political issue: In Europe the use of NIST cur
On Wed, 25 May 2022 22:58, Dirk Gottschalk said:
> $ gpg --with-colons --list-config curve
> cfg:curve:cv25519;ed25519;cv448;ed448;nistp256;nistp384;nistp521;secp25
> 6k1
This should read
cfg:curve:cv25519;ed25519;cv448;ed448;nistp256;nistp384;nistp521;brainpoolP256r1;brainpoolP384r1;brainpoolP5
20-08-24 [expires: 2030-06-30]
6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
ed25519 2021-05-19 [expires: 2027-04-04]
AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD
Niibe Yutaka (GnuPG Release Key)
brainpoolP256r1 2021-10-15 [expires: 2029-12-31]
On Tue, 19 Apr 2022 15:52, Vishal Rana said:
> Digital signature verification is failing. Getting "*Bad signature*" error.
> How to debug this??
gpg --debug hashing --verify ..
Creates files with the actual hashed data - compare them to thoe create
by the signing process.
> But observation is
[expires: 2030-06-30]
6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
ed25519 2021-05-19 [expires: 2027-04-04]
AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD
Niibe Yutaka (GnuPG Release Key)
brainpoolP256r1 2021-10-15 [expires: 2029-12-31]
02F3 8
On Fri, 8 Apr 2022 14:07, Vishal Rana said:
> But my received signed image is some unreadable "--detach-sign" file .
> How I am able to make a received signed image to * gcry_sexp_t *please
> suggest*.*
See gnupg/g10/parse-packet.c
and gnupg/g10/pkglue.c
and please do yourself a favor and
On Thu, 7 Apr 2022 15:26, Vishal Rana said:
> Please suggest to me how to proceed.
Most GnuPG tools feature a debug option
--debug mpi
--debug crypto
which shows you lots of debug info. For example the raw RSA parameters.
Use "--debug help" to see all debug classes. But always remember that
th
On Tue, 5 Apr 2022 16:57, Matthias Apitz said:
> an OpenPGP card could be used to unlock a ciphered LUKS partition during
> boot of the L5 mobile device, see this posting at the end:
No idea, I don't use LUKS but g13 ;-)
> Werner, what about your L5?
It is gathering dust in one of my drawers -
B 55D8 ED6A BCEF 7E29 4B09 2E28
Andre Heinecke (Release Signing Key)
ed25519 2020-08-24 [expires: 2030-06-30]
6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
ed25519 2021-05-19 [expires: 2027-04-04]
AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C
Hi!
Just for the records
> Oh, I didn't know, I was advised yesterday on another irc channel
> (#debian-facile) to change my key server:
>
> "They were ('keys.gnupg.net' and others) all flooded with fake keys
> mid-2019
You can't talk about fake key on a keyserver. That is not the task of a
key
On Wed, 16 Mar 2022 16:22, Schultschik, Sven said:
> There must be a possibility to proper kill the pinentry
gpg-agent closes the pinentry or kills it on timeout. You need to
properly restore your tty in case the used curses version does not act
correctly or the pinentry died.
Salam-Shalom,
On Wed, 16 Mar 2022 09:26, Daniel Kilimnik said:
> mode. With --pinentry-mode loopback --passphrase-fd 0 activated. It asks
> for my current passphrase, but then exits with a success.
--passphrase-fd works only if a password is request but not if two
passwords are quested (the old one and the new
> I'm using the Cancel methods on ctrl+c but the terminal is anyway messed up.
> Would it be worth a bug report?
No. The pinentry is background process and there is no portable way to
save and restore the screen. Thus your application may want to do
something like this after a gpgme operation:
On Fri, 18 Feb 2022 11:34, Gao Xiaohui said:
> Hi developers, thanks for your reply. But I tried the method you gave:
> use "chcp 65001", and still display abnormal characters. Is there any
> other solution to solve it? If it is a bug, please fix it. Grateful.
You need to install/configure a prope
On Sat, 19 Feb 2022 15:52, Robert J. Hansen said:
> As part of an iterated key derivation function, SHA-1 is still believed safe.
> There's no reason to shy away from it, or AES128.
FWIW: SHA-1 is also used has part of the OpenPGP MDC construction. This
is something alike a MAC and there are no
On Fri, 18 Feb 2022 13:08, Daniel Colquitt said:
> Is the suggestion the gpg does not respect these flags when applying
> symmetric encryption to keys?
gpg does not encrypt private keys. This is done by gpg-agent. The
method how the keys are protected internally are out of scope for
OpenPGP. S
On Wed, 16 Feb 2022 18:03, raf said:
> But maybe it is dead. I don't really need it. My only interest was that
Yes, it is dead. Except for a minority of users, it is impossible to
easily add new resource records. However, putting new files on a
webserver is easy.
FWIW, you can build your keys
cke (Release Signing Key)
ed25519 2020-08-24 [expires: 2030-06-30]
6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
ed25519 2021-05-19 [expires: 2027-04-04]
AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD
Niibe Yutaka (GnuPG Release Key)
brainpoolP
On Mon, 31 Jan 2022 01:09, Ángel said:
> Nothing in the email you receive is actually required. You could have a
> Fully-Encrypted-Email-Messages, which on SMTP looked like:
>
> MAIL FROM:<...>
> RCPT TO:
> DATA
>
>
> .
> QUIT
>
>
> No plaintext at all. (Well, some Received: headers would be added
On Sun, 30 Jan 2022 04:25, Ángel said:
> Could you elaborate? I am surely missing something.
Unfortunately I can't tell you any details because the paper has not yet
been published. The attack is not easy to mount but it is not entirely
academic. It affects the standard for sending private keys
Hi!
On Sun, 30 Jan 2022 14:37, Felix E. Klee said:
> $ echo scd getinfo reader_list | gpg-connect-agent --decode
> OK
scdaemon does not see any reader. That might simply due to another
process which uses the reader (the yubikey tools). Using
debug cardio
verbose
log-file /some/w
On Thu, 27 Jan 2022 08:25, Teemu Likonen said:
> outside your normal computers I suggest using the export format: "gpg
> --export-secret-keys".
Note that there is an attack on the private key export format. Thus my
recommendation not to rely on this unless you can make sure that the
exported key
On Sun, 23 Jan 2022 21:12, Arjun said:
> I have GPG_TTY=$(tty) set in my .bashrc. However, when I ssh in
>
> ssh remote
By default ssh does not allow X forwarding. You need to use an extra
option to ssh to allow X programs on the remote to work on your (local)
X-server.
A quick test is to
On Tue, 18 Jan 2022 15:59, Bernd Graf said:
> How can I require `gpg --verify` to only accept keys from my keyring
> with a certain trust level and fail otherwise (rc!=0)
Use gpgv instead of gpg.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signatu
On Tue, 18 Jan 2022 09:50, Johan Wevers said:
> Well, a bit more respect for backwards compatibility would help a lot by
> that. Now I'm forced to keep an 1.4 and pgp 2.6 version installed just
1.4 should be able to decrypt all 2.6 generated data.
Shalom-Salam,
Werner
--
Die Gedanken sind
> Just to confirm, my scdaemon.conf file should look like this:
>
> debug-level ipc,app,cardio
Replace that by
debug ipc,app,cardio
and remove debug-level lines. (The debug-leve thing is IMHO not very
useful since we got those dedicated selectors. We should eventually
remove the debug level
On Thu, 6 Jan 2022 15:33, Anze Jensterle said:
> checked multiple times). Only deleting the old intermediates instead of the
> root helped. Do you also check all the intermediate paths?
Sure. My former answer was simply wrong.
For details please see https://dev.gnupg.org/T5639 which was fixed
On Fri, 7 Jan 2022 16:23, Marko Božiković said:
> My scdaemon.conf has a single line:
>
> card-timeout 1
Please remove this at least for testing.
> log-file
> debug-level basic
> verbose
Please change the
debug-level ...
to
debug ipc,app,cardio
Actually you should have seen a debug l
On Sun, 9 Jan 2022 10:25, Robert Flosbach said:
> For future reference and people having the same issue: gpg2.3
> introduced a new packet type 20 which provides authenticated
> encryption with associated data (AEAD) [1]. A key generated with
> gpg2.3 supports this encryption type and encryption i
On Thu, 6 Jan 2022 12:02, Anze Jensterle said:
> Any idea why? I suspect it has to do with old intermediates being
> crosssigned as well.
If you don't have the current LE root certificate the old certification
path is tried.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen rege
Hi!
instead of working around the problem, I strongly suggest to update
gpg4win to 4.0 or at least install gnupg 2.2.33 on top of an older
gpg4win. This fixes the problem without a need to tweak the root cert
store.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bun
Hi!
small but important correction:
> Chiasmus: the proprietary GreenBone software from /cryptovision GmbH/
Of course I meant GreenShield and not Greenbone. The latter is a
company which provides free software network security scanners. See
https://www.greenbone.net/en/
Shalom-Salam,
W
0]
6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
ed25519 2021-05-19 [expires: 2027-04-04]
AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD
Niibe Yutaka (GnuPG Release Key)
brainpoolP256r1 2021-10-15 [expires: 2029-12-31]
02F3 8DFF 731F F97C B
> I have attached logs of the wrong and correct behavior I observed
> (debug-level guru, debug-all).
Yes, this is an obvious bug. We have not yet seen it because on Unix we
prefer to use the CCID driver using a different code path and further
with 2.3 there is not much need to specify a port.
He
On Wed, 29 Dec 2021 14:55, Anze Jensterle said:
> I just updated my Windows PC to 2.3. I used the "reader-port" option in
Do you mean gnupg 2.3.4 for Windows or the gpg4win 4.0 ?
> I have attached logs of the wrong and correct behavior I observed
> (debug-level guru, debug-all).
Thanks. We wil
On Wed, 29 Dec 2021 21:33, Andrew Gallagher said:
> OK, so you definitely need to solve the root certificate issue.
This has been fixed with gnupg 2.2.32 - please get an update. The
workaround is to delete the old LE certificate from your Root CA store.
Salam-Shalom,
Werner
--
Die Gedan
On Sun, 26 Dec 2021 09:20, Uwe Brauer said:
> gpgsm (GnuPG) 2.1.11
Please get a decent version. The LTS branch is currently at 2.2.33.
Your version is 5 years old!
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signatu
On Wed, 22 Dec 2021 14:47, Benoît said:
> I got 3x OpenPGP Smart Card v3.3 and I am unable to generate Curve25519
> on the card nor importing a cv/ev25519 to it.
Whether this is supported depends on the type of the card. The Gnuk and
newer Yubikeys support curve25519 but the Zeitcontrol card does
28
Andre Heinecke (Release Signing Key)
ed25519 2020-08-24 [expires: 2030-06-30]
6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
ed25519 2021-05-19 [expires: 2027-04-04]
AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD
Niibe Yutaka (GnuPG Releas
ned by the long term keys of
their respective owners. Current releases are signed by one or more
of these keys:
rsa3072 2017-03-17 [expires: 2027-03-15]
5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28
Andre Heinecke (Release Signing Key)
ed25519 2020-08-24 [expires: 2030-06-30]
6
On Tue, 9 Nov 2021 15:28, Keine Eile said:
> I have a revoked private key in my key ring, which I replaced with new
> one. I really do not want to discard this old key, for what I think
> good reasons. Is there a way to let gpg ignore this key or suppress
> this this¹ notification?
You can delet
On Mon, 8 Nov 2021 20:30, Christoph Klassen said:
> repos). The solution was to run first dpkg --purge --force-all
> libgcrypt20 (couldn't remove it the normal way because of some
Not a good idea. That may break things. It is better to install
libgcrypt and the other libs to /user/local/lib an
On Fri, 29 Oct 2021 16:24, Kazunori Kobayashi said:
> On modern Linux, we can change the maximum number of file descriptors
> per process in some ways. This feature is a well-known way for long
> time operation without reboot in cases such as server machines.
That is a known problem we recently r
On Sat, 6 Nov 2021 12:09, Matthias Apitz said:
> This message is typed on a BT keyboard connected to the L5 and sent
> from mutt on the L5 via SMTP and Wifi to the list while sitting
> in the sun in a beergarden.
Alright. I eventually need to figure out how to turn my Cosmo
Communicator into a
On Fri, 5 Nov 2021 17:30, Matthias Apitz said:
> But, it does not work locally on the L5 in its "terminal app", the
> "pass" command in the terminal raises an error about no secret provided.
You did the
gpg-connect-agent updatestartuptty /bye
thing to tell gpg-agent where it shall pop up the
Hi Matthias,
On Thu, 4 Nov 2021 09:40, Matthias Apitz said:
> I got mine in early October after exactly 4 years waiting. I do not
Same here. I actually met with Todd back then and my colleague Gniibe
write the driver for their planned card reader. Then we had that long
delay.
it is good that
On Wed, 3 Nov 2021 18:55, Matthias Apitz said:
> card, and available without any laptop or USB dongel, just in my phone -- a
> big progress. Thanks to Purism to bring this with the L5 to the Linux world!
You mean the Librem5 has indeed a second slot for a smartcard? I
recently received mine bu
On Sat, 30 Oct 2021 00:20, Damien Goutte-Gattat said:
> Private key only. I believe the purely “mathematical” components of
> the public key can be derived from it (though I may be wrong here),
That is right. Since some releases we also record the creation date of
the key so that we can easily d
On Sat, 30 Oct 2021 15:50, Matthias Apitz said:
> I just withdraw the USB dongle after the operation. I was thinking that
> the gpg-agent.conf entry 'max-cache-ttl' will also expire the unlocked
> state of the OpenPGP card, which it does not. How could I do this?
No, it does not because it is th
On Tue, 26 Oct 2021 18:21, Robert J. Hansen said:
> That's true, and is correct. If you're passing a passphrase via the
> command line, that passphrase becomes visible to anyone with the
> privileges to get a list of processes and arguments. At that point the
> passphrase really isn't providing
he long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
ed25519 2020-08-24 [expires: 2030-06-30]
Key fingerprint = 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
rsa3072 2017-03-17 [expires: 2027-03-15
D8 ED6A BCEF 7E29 4B09 2E28
Andre Heinecke (Release Signing Key)
ed25519 2020-08-24 [expires: 2030-06-30]
6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
ed25519 2021-05-19 [expires: 2027-04-04]
AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD
On Sat, 4 Sep 2021 12:11, Borden said:
> According to gpg --card-status, I have an OpenPGP card v. 2.1 made by
> LogoEmail (that's not from whom I bought it, so I'm not sure if the
Note that re-configuring a card is only possible with certain cards; it
is an optional feature of the specification
g Key)
ed25519 2020-08-24 [expires: 2030-06-30]
6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
ed25519 2021-05-19 [expires: 2027-04-04]
AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD
Niibe Yutaka (GnuPG Release Key)
The keys are available at htt
On Mon, 6 Sep 2021 19:25, meator said:
> Ok, thanks!
Sorry for that. This is a sponsered VM and sometimes we run into OOM
problems. We like to keep these repos on this different machine so that we
can conitnue to collaborate even if other servers fail, or vice versa.
Salam-Shalom,
Werner
On Sun, 5 Sep 2021 18:45, meator meator said:
> Hello, what's up with https://git.gnupg.org/? Is there some
> maintenance happening?
The OOM kicked in and killed the TLS frontend. Its up again.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signatur
On Thu, 26 Aug 2021 16:23, Klaus Ethgen said:
> It seems that I have the problem all time I use the QT pinentry. The
> gtk2 pinentry seems to be fine and with the switch to QT one, the
Did you tried pinentry 1.2.0 which we released last week?
FWIW, I am using xfce and had some problem with icons
igned by one or more
of these four keys:
ed25519 2020-08-24 [expires: 2030-06-30]
Key fingerprint = 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
rsa3072 2017-03-17 [expires: 2027-03-15]
Key fingerprint = 5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E2
Hi!
On Wed, 25 Aug 2021 21:36, Thomas Cage said:
> I have installed the new 2.3.2 version which supports "decryption w/o
> public key but with correct card inserted" with commit 50293ec2eb.
The description is a bit too brief. What we do is to lookup the key on
a configured LDAP server. This al
e keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
ed25519 2020-08-24 [expires: 2030-06-30]
Key fingerprint = 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
rsa3072 201
On Thu, 19 Aug 2021 17:14, Jonas Tobias Hopusch said:
> It's good to see one of you respond to my mail. I was worried that maybe the
> mailinglist broke both the SPF and DKIM checks and prevented it from being
Sorry, for taking long to reply.
> It's been a few months since I generated the key wi
Hi!
On Sat, 31 Jul 2021 23:05, Jonas Tobias Hopusch said:
> Does anyone know what may have gone wrong? Is there any additional
> information I
> can provide to help with tracking down what I presume to be a bug?
It took me a while to track this down. If you look closely at the
listing:
pub
Hi!
On Fri, 6 Aug 2021 18:36, Joey Berkovitz said:
> I was looking through the Smartcard commands and found that while most
> commands related to attribute changes output an SC_OP_SUCCESS, except for
> the name change command which doesn't output a success message on the
> status-fd.
Probably an
On Tue, 27 Jul 2021 11:12, root said:
> I am new to GnuPG and this is a great tool in programming. I am not sure how
> to
> use gpg commands directly in C/C++ codes though. I thought gpgme is
> providing the
> interface to use gpg ?
Yes, please use GPGME or the GPGME C++ bindings
Salam-Shalom
On Tue, 3 Aug 2021 11:19, Vincent Breitmoser said:
> Unlike the other keyservers, keys.openpgp.org has a [privacy policy] that
> doesn't permit distributing email addresses without consent. The key
It is not a privacy policy but a serious misconception much like what
keyserver.com and PGP Univer
On Thu, 29 Jul 2021 18:36, Andrew Gallagher said:
> If you built gnupg from its default configuration, it does not
> automatically look in /etc/ssl/certs for CA certificates. You may want
On Unix and unless gnupg was build with --with-default-trust-store-file
the following collections of certific
On Fri, 23 Jul 2021 20:00, Jonathan Kaczynski said:
> I'm trying to understand the scenario in which we see the log message,
> "gpg: used key is not marked for encryption use." I haven't been able to
> find any mentions of the phrase on the web, so I turned to the source code.
This is a warning t
On Thu, 8 Jul 2021 16:48, NIIBE Yutaka said:
> So, I think that Omnikey CardMan 3121 can work in the use case with
> OpenPGP card if it's key is RSA 1024.
Exactly, I used to use Omnikey readers too but I had to gave up due to
this problem. On Windows Omnikey's driver uses proprietary escape cod
On Wed, 7 Jul 2021 08:30, Daniel Kahn Gillmor said:
> Without a canonical form, we simply can't make such a proposal.
You need to check for the canonical form anway and thus it is easier to
directly sort it. In case of signature subpackets (if that is one of
your concerns), this if of course no
On Tue, 6 Jul 2021 15:59, Daniel Kahn Gillmor said:
> There are no published specifications for how to canonically order
> OpenPGP packets, but i sketched a proposal here:
There has never been a need for such an ordering except for what the
specs require. Introducing a specific order will make
2030-06-30]
Key fingerprint = 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
rsa3072 2017-03-17 [expires: 2027-03-15]
Key fingerprint = 5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28
Andre Heinecke (Release Signing Key)
rsa2048 2011-01-12 [exp
On Tue, 29 Jun 2021 15:31, Стефан Васильев said:
> I don't understand why the BSI is looking for Post Quantum Cryptography
> support with OpenPGP for Thunderbird and not for the promoted gpg4win,
I can't tell you that. I do not have anymore information than you.
From reading the tender it is cle
On Tue, 29 Jun 2021 09:59, Schultschik, Sven said:
> I looked now for days at the code and didn't saw this trivial fault. The
> Nullpoint check for the outstream was missing.
valgrind is your best friend in such cases.
> But a null point check for gpgme wouldn't be a bad idea. This way it could
On Fri, 25 Jun 2021 15:26, Marco said:
> Failed to set input file with error: 117440567 --> Invalid value
Sorry. I missed that we did not implement that (because it is actually
a legacy compatibility function). Thus I can't offer you any function
which takes a file name. You need to open the f
On Fri, 25 Jun 2021 09:39, Marco said:
> err = gpgme_data_new_from_file(&in, input.string().c_str(), 1);
The 1 means copy the data to an internal buffer. Use 0 here to stream
the data.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
D
On Wed, 23 Jun 2021 17:55, Matthew Richardson said:
> provide enough inforation to extract the signature? Does it vary depending
> upon whether the signature is ASCII armored?
Actually gpgsplit can be used to slit an OpenPGP message. In theory it
is possible to convert an encrypted and signed m
On Thu, 24 Jun 2021 09:41, john doe said:
> The executable is in the subdirectory 'bin' as 'gpg.exe'.
Which is usuallay part of the PATH.
> A better idea is to use a file that contains the passthrase if you need
> to automate d/encryption or to use the agent.
An even better idea is not to use a
On Thu, 24 Jun 2021 02:21, Brandon Anderson said:
> First, if you are working on a new revision of the OpenPGP card,
> please let me know if I can reasonably do anything to help. While I
Thanks for your offer. However, it is mainly a spec and hardware thing
and the software part is minor.
If yo
On Wed, 23 Jun 2021 11:38, Christian Chavez said:
> I would like to be able to connect multiple yubikeys representing multiple
> opengpg pub/priv key-pairs/identities to the same _client_, and make use of
> _both_ on a remote I've SSH'ed to (using one of the yubikeys), without
Use gnupg 2.3 and t
On Tue, 22 Jun 2021 21:53, Brandon Anderson said:
> concerned, you could use three. The probability that one card out of
> ten will have a failure in a decade is far higher than the chance that
You should also be concerned that malware bricks your (backup) card.
You can only avoid that by using a
On Mon, 21 Jun 2021 23:47, Brandon Anderson said:
> the PIV functions only support 2048 RSA and NIST curves. The only card
That's per PIV specs.
> What would it take to add support for retirement key slots into the
> GPG smartcard specification? If retirement slots were added to the
> smartcard
On Sun, 20 Jun 2021 18:57, mailinglisten--- said:
> is there any educated guess, when some safe curve (25519?) will find
> their ways into openPGP smart cards?
Yubikeys and the Gnuk token support 25519 for a long time now. For the
Zeitcontrol card, I can't give a concrete timeline.
Shalom-Salam
On Wed, 16 Jun 2021 21:18, Ajax said:
>> $ build-aux/getswdb.sh
>
> Which gave :
> ... No such file or directory
$ tar tjvf gnupg-2.2.28.tar.bz2 | grep getswdb.sh
-rwxr-xr-x 1000/1000 4831 2021-05-21 07:35
gnupg-2.2.28/build-aux/getswdb.sh
Shalom-Salam,
Werner
--
Die Gedanken sind
201 - 300 of 4125 matches
Mail list logo
