Re: --refresh-keys for WKD

On Mon, 22 Oct 2018 17:52, wik...@metacode.biz said: > Is there a small bug in recent GPA (0.10.0)? I looked up: > "test-...@metacode.biz" and got "No keys were found" but when I clicked > "details" I got the correct "key imported" GnuPG log details. Sure I noticed this as well but thought it is

Re: --refresh-keys for WKD

On Mon, 22 Oct 2018 14:22, gnupg-users@gnupg.org said: > gpg --auto-key-locate clear,nodefault,wkd --locate-key u...@example.com Here is why these auto-key-locate (AKL) parameters are required: clear := Remove all existing AKL setting from a config file. nodefault := Do not use the defa

[Announce] GPA 0.10.0 released

Current releases are signed by one or more of these four keys: rsa2048 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048 2014-10-29 [expires: 2019-12-31] Key fingerprint = 46CC 7308 65BB 5C78 EBAB A

Re: Question about specifics of --locate-key option

program t-mbox-utils.c has these vectors: /* input */ /* Output, NULL = invalid */ { "Werner Koch ", "w...@gnupg.org" }, { "", "w...@gnupg.org" }, { "w...@gnupg.org", "w...@gnupg.org" }, { &qu

Re: Decryption troubles

On Wed, 10 Oct 2018 20:33, siem...@cleanfuels.nl said: > gpg: decryption failed: No secret key Well, you don't have the secret key (aka private key) to decrypt the message. > sec   rsa2048 2009-09-27 [SCA] >   A5F3C219AB2601BEC1BCE4F2AEEC5E2ED87628F5 [..] > ssb   rsa2048 2009-09-27 [E] > ss

Re: Decryption troubles

On Wed, 10 Oct 2018 14:02, siem...@cleanfuels.nl said: > I am using GPA with GnuPG 2.2.10. IIRC, the latest released GPA version is way behind what we have in the repo. To figure out your problem, please run gpg on the command line: gpg -vd -o OUTPUTFILE ENCRYPTED_FILE check the error mess

[Announce] GnuPG Made Easy (GPGME) 1.12.0 released

the long term keys of their respective owners. Current releases are signed by one or more of these four keys: rsa2048 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048 2014-10-29 [expires: 2019-12-31] Ke

Re: [openpgp-email] 4th OpenPGP Email Summit - Update

On Sun, 7 Oct 2018 10:57, patr...@enigmail.net said: > - we will start on Saturday at 09:30. If you have any issues such as finding > the location or with local logistics, here is my phone number: +41 78 631 6622 Huh, that is early. Andre and me might arrive a bit later. Salam-Shalom, We

Re: Wrong key usage (0x19, 0x2) on key

ant to apply and test it in stable. 73 de DD9JN -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From b6275f3bda8edff34274c5b921508567f491ab9c Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 8 Oct 2018 16:14:17 +0200 Subject: [PATCH GnuPG] gpg: Fix extra check for sign usag

Re: Where to put "export-pka" output in DNS?

On Wed, 3 Oct 2018 14:44, keesdejong+b...@gmail.com said: > I want to make use of PKA, I saw a few blogs [1] where they did this in TXT > DNS records. However, this seems to not work anymore. When I issue `gpg2 Please don't use this anymore. It never got any kind of widespread adoption and thus

Re: converting gpg files into PEM and certification change confusion

On Tue, 2 Oct 2018 10:43, aheine...@intevation.de said: > Any hints / documentation on how to achive this? That is easy if you have the keygrip (gpg --with-keygrip -K) --8<---cut here---start->8--- $ gpgsm --gen-key gpgsm (GnuPG) 2.3.0-beta459; Copyright (C) 2

Re: [INTERNET] Re: converting gpg files into PEM and certification change confusion

On Fri, 28 Sep 2018 09:52, gnupg-users@gnupg.org said: > You can get a free certificate from Let's Encrypt, they are valid for 3 > months. .. and you can automated the update of the certificates. There are lot of tools for this; we at gnupg.org use the Dehydrated script. Salam-Shalom, Wern

Re: converting gpg files into PEM and certification change confusion

On Thu, 27 Sep 2018 22:34, gnupg-users@gnupg.org said: > OpenPGP ones. Likewise openssl is used to work with X.509 certs, > /etc/ssl/certs/ca-bundle.crt contains X.509 certs too. FWIW: GnuPG also supports X.509 and CMS (aka S/MIME) you have to use the gpgsm tool, which is similar to gpg as far as

Re: Monitoring queries to gpg-agent?

On Tue, 25 Sep 2018 23:03, k...@dev.terastrm.net said: > I would like to see the queries to gpg-agent that clients are > sending. Like what key are they trying to access and whatever other That is easy. Put log-file socket:// debug ipc into ~/.gnupg/gpg-agent.conf. Feed your monitor proce

Re: Performance regression for gnupg v2 keys

On Thu, 20 Sep 2018 15:05, fka...@posteo.net said: > When I change the passphrase of an existing 1.x generated key with > gpg 2.2.8, the key gets somehow updated (slow). So this is not about the key but about the protection of the private key. That protection (teh passphrase) is there as a fails

Re: disable/prevent start of gpg-agent service?

On Tue, 18 Sep 2018 14:48, gnupg-users@gnupg.org said: > Can I disable this service? No, it is an important component of gnupg. It handles the private keys and caches the passphrases. > Can I de-install this service permanently? No. > I need gnupg only occasionally for on-demand en-/de-crypti

Re: AW: AW: AW: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"

On Tue, 4 Sep 2018 18:31, roman.fied...@ait.ac.at said: > At which byte offset should I find the signer key fingerprint? That is an encrypted message and thus can you seen the the signature. >> Leaving this out would not help because it is easy to >> figure out the key by trial verification ag

Re: AW: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"

On Wed, 5 Sep 2018 10:45, roman.fied...@ait.ac.at said: > No, this is a signed AND encrypted message. Can gpgv only be > used to verify signatures on signed-only but not signed AND > encrypted messages, maybe due to encrypt AFTER sign scheme? Correct. The signature is encrypted and thus it need

Re: AW: AW: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"

On Tue, 4 Sep 2018 10:08, roman.fied...@ait.ac.at said: > [GNUPG:] UNEXPECTED 0 The signature is corrupted in that it has a packet which is expected only in a key. Or the provided key has a data signature packet etc. How did you create the keyfile and the signature? > Could it be, that "--thr

Re: AW: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"

On Tue, 4 Sep 2018 09:52, roman.fied...@ait.ac.at said: > Werner gave a good solution in another followup message. May I recommend > updating the online docu/man page for "--verify" with something like this? we have Note: Sometimes the use of the @command{gpgv} tool is easier than using the

Re: AW: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"

On Mon, 3 Sep 2018 19:25, pe...@digitalbrains.com said: > It could be that recently an option was added to check a signature by a > certificate in a file, but in general you need to import a certificate No, that is nlot the case. We only added the option -f to encrypt to a key taken from a file

Re: [Announce] GnuPG 2.2.10 released

On Thu, 30 Aug 2018 16:26, d...@fifthhorseman.net said: > I note that https://gnupg.org/ftp/gcrypt/gnupg/ does not list 2.2.10 > yet, though the file is already there. It is there. > Can you make refreshing that index a part of the standard release > process? it would help automated tools that

[Announce] GnuPG 2.2.10 released

we provide signature files for all tarballs and binary versions. The keys are also signed by the long term keys of their respective owners. Current releases are signed by one or more of these four keys: rsa2048 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3

Re: Communication with card reader encrypted?

On Sun, 26 Aug 2018 00:31, gnupg-users@gnupg.org said: > decrypted file itself could/would be read by a third party. The session > key is, in this moment, the least problematic thing on your system. Right. We assume physical security. The connection between the card reader and the host is not e

Re: gpg not able to find my secret key

On Thu, 23 Aug 2018 17:50, gnupg-users@gnupg.org said: > Related question: Do you have a file named "gpg-v21-migrated" in your > .gnupg directory? The file name is actually ".gpg-v21-migrated" (note the leading dot) and thus only listed by ls with the option -a. Shalom-Salam, Werner -- Di

Re: GPGME status callback not working for need entropy

On Wed, 1 Aug 2018 21:28, tookm...@gmail.com said: > generating a key without enough randomness, the whole application just > locks up with no indication of what is happening. Is there anything else > I could query to inform the user of what's occurring in this scenario? You need to install a pro

Re: ERR 167804929 Permission denied / No rule to make target 'audit-events.h'

On Sat, 11 Aug 2018 09:49, kar...@riseup.net said: > $ gpg --debug-level=guru --recv-key 74A941BA219EC810 Instead of using that debug level (in any case use "--debug help" for more specific levels) it would have been suffcient if you had used $ gpg --verbose --recv-key 74A941BA219EC810 which

Re: Problems interacting with keyserver on Linux

On Wed, 25 Jul 2018 11:00, hoelz...@mailbox.org said: > Yes, please excuse my confusion. Thanks. It turned out that printing a more visible warning will require quite some code changes but they are straightforward. Thus I can't promise that this will go into 2.2. Salam-Shalom, Werner --

Re: mute output of gpg2 -d

On Sat, 14 Jul 2018 14:09, heavyt...@hotmail.com said: >> Use --batch or --no-tty to suppress this output > > both options worked. So you mean it's a bug in gpg2? Yes. I created https://dev.gnupg.org/T4088 for this. Salam-Shalom, Werner -- # Please read: Daniel Ellsberg - The Doomsday

Re: Problems interacting with keyserver on Linux

On Tue, 24 Jul 2018 13:39, hoelz...@mailbox.org said: > Thank you very much for your help! That indeed pointed me to the right issue > (DNS resolver not running). > For reference attached the output of the command below. Can you you please post that attachment or send it by PM?. I will see whet

Re: Problems interacting with keyserver on Linux

Hi agains different subject so I didn't read that before replying to the other mail. > gpg: error searching keyserver: No such file or directory > gpg: keyserver search failed: No such file or directory Might be a DNS problem: Similar to the other report you mentioned, please run dirmngr -v -

Re: Problem refreshing keys on Linux

On Mon, 23 Jul 2018 18:33, hoelz...@mailbox.org said: > Please find attached the ouput of 'env LANG=en_US.UTF-8 gpg -vvv --debug-all > --search-keys Torvalds'. Missing. > The output of 'gpg-connect-agent --dirmngr 'KS_GET 0x4D1E900E14C1CC04' /bye' > is as follows: > ERR 167805009 No such file

Re: random seeds file hung on AIX 7.2

On Sun, 22 Jul 2018 07:36, chandra.velp...@in.ibm.com said: > AIX version: 7.2 > GPG version: gpg (GnuPG) 1.4.7 That version of GnuPG is more than 11 years old and should not be in use anymore. Anyway, if you need paid support please see https://gnupg.org/service.html for options. Shalom-Salam

Re: TLS 1.3 with ssh-like authentication

On Sun, 22 Jul 2018 02:46, sh...@git.icu said: > I really want the performance of single-route-trip handshakes, as this is > important for my use case (distcc), which makes alot of new connections (as I don't understand how this is related to GnuPG. Granted, we use TLS for keyserver access but c

Re: gpg-agent's SSH agent emulation: how to remove keys?

On Wed, 18 Jul 2018 06:37, benjamin.d@gmail.com said: > Practically, this means that once a key is added to gpg-agent it's unclear > as to how to remove it. ssh-add -d/-D doesn't work, and you can't simply > remove keys from ~/.ssh/ and restart the agent as gpg-agent's not referring Right, gp

Re: Using gnupg to crypt credentials used by application to access a database server

On Mon, 16 Jul 2018 09:51, w...@gnupg.org said: > If you use a smartcard there is a hack in scdaemon which allows to work > without a PIN. Here is what scdaemon's code has to say about this hack: GnuPG makes special use of the login-data DO, this function parses the login data to store th

Re: Using gnupg to crypt credentials used by application to access a database server

On Sat, 14 Jul 2018 15:15, g...@unixarea.de said: > Decrypting with GnuPG needs a passphrase, normally read from /dev/tty It only needs passphrase if you set a passphrase. For public key encryption it is perfectly fine not to set a passphrase because it is expected that there are no other users

Re: mute output of gpg2 -d

On Fri, 13 Jul 2018 20:27, heavyt...@hotmail.com said: > [user@linuxbox ~]$ gpg2 -d .my_pwds.gpg 2>/dev/null > > You need a passphrase to unlock the secret key for That output goes directly to the tty. Without a pinentry you will need to enter the passphrase also directly via the tyy (because we

[Announce] GnuPG 2.2.9 released

nt releases are signed by one or more of these four keys: rsa2048 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048 2014-10-29 [expires: 2019-12-31] Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437

Re: Verifying signatures with critical notations

On Wed, 4 Jul 2018 21:48, gnupg-users@gnupg.org said: > recognized but I don't see a function to mark > "t...@metacode.biz=node-1" as a recognized notation for verification > purposes. > > Is it possible? Yes. Please create a feature request at dev.gnupg.org Shalom-Salam, Werner -- # P

Re: Pinentry: Inappropriate ioctl for device when getting smartcard PIN

Hi! Are you setting the homedir in your code also for the Assuan context? That might explain the behaviour. Shalom-Salam, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpGNpv0Jj7Xp.pgp Description: PGP si

Re: Pinentry: Inappropriate ioctl for device when getting smartcard PIN

On Wed, 27 Jun 2018 22:50, tookm...@gmail.com said: > I have two gpgme contexts, one for openpgp and another for assuan > commands to the smartcard. Pinentry triggered by the openpgp context > works perfectly, but any pinentry launched in service of the assuan > context fails with the error in the

Re: dirmngr cygwin resolv.conf

On Wed, 4 Jul 2018 09:11, gni...@fsij.org said: > The patch is: Don't try to look the error code, but fallback TOR_PORT2 > always. I don't like this patch because it is not specific enough. If Cygwin really returns EPERM, than this is a bug in the Cygwin emulation because all Unix systems (and

Re: Generating NIST/Brainpool subkeys with GPGME

On Mon, 2 Jul 2018 18:03, tookm...@gmail.com said: > Should I file a bug against GPGME? GPG? Not really sure where the > problem is here. Against gpg. I won't assign it a high priority, though. Shalom-Salam, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedank

Re: gpg2 --refresh-keys does not talk to dirmngr?

On Mon, 2 Jul 2018 21:22, dirk.gottschalk1...@googlemail.com said: > localhost. This is not my intention. I have a running server in my > network which rund Suid/Provoxy/TOR. Is it possible to connect to this > tor server on the socks port for doing LDAP, WKD, or DANE Lookups? No, this is curren

Re: dirmngr cygwin resolv.conf

On Mon, 2 Jul 2018 20:46, johndoe65...@mail.com said: > It looks like the code that is responsible for falling back to port > 9150 when port 5090 is not available is somehow failing. ... on Windows. Actually I developed the fallback on Windows becuase there it is easier to install the Tor brows

Re: Choice of ECC curve on usb token

On Fri, 29 Jun 2018 18:07, dam...@cassou.me said: > Moreover, Nitrokey Storage only supports NIST and Brainpool, nothing > else. That is because the Nitrokey token includes a Zeitcontrol card which only implements the government approved curves. If that ever changes we can close the feature requ

Re: dirmngr cygwin resolv.conf

On Sat, 30 Jun 2018 21:26, johndoe65...@mail.com said: > How can I force dirmngr to use port "9150"? So Tor ports are fixed. As Niibe-san already explained Dirmngr will first try port 9050 and if it is not able to connect (ECONNREFUSED) it will try port 9150. This is implemented for Dirmngr in L

Re: gpg2 --refresh-keys does not talk to dirmngr?

On Fri, 29 Jun 2018 16:12, gnupg-users@gnupg.org said: > I have set up a local proxy server with a squid/privoxy/TOR chain and > set it up in dirmngr.conf. Now, after deleting the keyserver line from > gpg.conf, I found out that gpg2 seems not to talk to dirmngr when using > gpg2 --refresh keys. N

Re: Generating NIST/Brainpool subkeys with GPGME

On Fri, 29 Jun 2018 22:07, tookm...@gmail.com said: > It appears that one cannot currently generate NIST or Brainpool subkeys > with GPGME. Using GPG itself works fine with --expert, so am I missing > an option or is this simply not possible yet? That is likely a bug. However there is an easy wor

Re: dirmngr cygwin resolv.conf

On Thu, 28 Jun 2018 17:05, johndoe65...@mail.com said: > dirmngr.conf: > > use-tor > http-proxy socks5://localhost:9150 Nobody said that you should configure a proxy ;-) Dirmngr has integrated Tor support which will be used automatically when Tor or the Tor Browser is up and running. --use-tor

Re: dirmngr cygwin resolv.conf

On Thu, 28 Jun 2018 11:54, johndoe65...@mail.com said: > Can you elaborate on how I would let "Cygwin dirmngr" use "Tor Browser > for Windows"? I have not tested it but given that the Tor browser is listening on localhost, TCP port 9150, I see no reason why a native Windows Tor Browser can't work

Re: dirmngr cygwin resolv.conf

On Mon, 25 Jun 2018 10:50, johndoe65...@mail.com said: > On Cygwin '/etc/resolv.conf' is not needed, as ilustrated by the > below log dirmngr requires 'resolv.conf': Cygwin is Unix emulation on Windows and thus GnuPG considers the platform to be unix. In turn /etc/resolv.conf is required. > Co

Re: gpg show default / effective options

On Tue, 26 Jun 2018 12:31, gnupg-users@gnupg.org said: > Is it possible to print default or effective options used by GnuPG? You can run gpgconf --list-options gpg which prints the options and their current values in a format described in the gpgconf man page. Frontends like Kleopatra and GP

Re: uncompressing failed: Unknown compression algorithm

On Thu, 21 Jun 2018 11:40, lian.s...@virusbulletin.com said: > 1. Is it "normal" to hang like this or it is a bug ? No, that should not happen. Compression 42 is clearly an indication for a corrupt file. > 2. Is there any option I can pass to gnupg in command line so that it > goes on in case o

Re: Upgrading 2.0.20 to 2.2.24

On Tue, 19 Jun 2018 22:31, fe...@crowfix.com said: > I tried both these steps, and neither changed anything. Import said it > imported, but I have a saved copy of .gnupg, and there was no difference after Did it say that an secret key was imported? You check your secret keys using gpg -K [U

Re: git repo won't build for lack of source files?

On Wed, 20 Jun 2018 20:45, ps...@ubuntu.com said: > Apparently you have to configure with --enable-maintainer-mode to avoid > this. autogen.sh actually told you this .-) Shalom-Salam, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen r

Re: Upgrading 2.0.20 to 2.2.24

On Mon, 18 Jun 2018 07:44, skqu...@rushpost.com said: > The format secret keys are stored in changed between 2.0.x and 2.1.x. It > is possible that 2.2.x no longer has the code in it to migrate to the 2.2 still has the migration code. However, once a migration is done it will not be done again.

Re: Silencing MDC Warning with gnupg 2.2.8.

On Thu, 14 Jun 2018 13:56, ra...@inputplus.co.uk said: > I see that --ignore-mdc-error downgrades the error to a warning allowing Right, this is the suggest method to decrypt old mails. > --no-mdc-warning is now a no-op and so doesn't work in concert with Right, this is on purpose. The warning

[Announce] Libgcrypt 1.8.3 and 1.7.10 to fix CVE-2018-0495

es are signed by one or more of these four keys: rsa2048 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048 2014-10-29 [expires: 2019-12-31] Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E08

Re: Pinentry: Permission Denied

On Tue, 12 Jun 2018 19:03, tookm...@gmail.com said: > That seems to be it. I was overriding getty and launching my own service > as a non-root user and tty1 was still owned by root If you run gpg with -v with the next released pinentry you will see a line like this (wrapped) gpg: pinentry launch

Re: Problem refreshing keys

On Wed, 13 Jun 2018 00:23, je...@seibercom.net said: > gpg-connect-agent --dirmngr 'KEYSERVER --hosttable' /bye The common problem on Windows: You can't use ' to quote; we Unix folks always forget about that. Use gpg-connect-agent --dirmngr "KEYSERVER --hosttable" /bye Salam-Shalom, Wer

Re: Problem refreshing keys

On Tue, 12 Jun 2018 22:42, gnupg-us...@spodhuis.org said: > provide more information, and AFAICT the "-->" line is "the order we'll > try them in, with the currently active server marked with "*"; this They are not tried in this order but they are picked randomly until one worked. Shalom-Salam,

Re: [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

On Mon, 11 Jun 2018 10:06, marco.maggi-i...@poste.it said: > I fixed this by upgrading to the latest libgpg-error. This means the > gnupg package does not detect the installed libgpg-error version > correctly? Merge fault, sorry. See https://dev.gnupg.org/T4012 for a fix. Salam-Sha

Re: [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

On Mon, 11 Jun 2018 11:07, pe...@digitalbrains.com said: > attempt to decrypt the block in the first message by Werner, as soon as > it was part of a quote, starting with "> ", Enigmail will try to > process it. Type in the passphrase "abc" without quotes, and you'll I'd call that a TB bug. Th

Re: [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

On Fri, 8 Jun 2018 20:29, d...@fifthhorseman.net said: > I'm having the same problem. Werner, what is the passphrase for this > test example? abc Sorry. I guess i rushed this thing out a bit too fast. Salam-Shalom, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine #

[Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

balls and binary versions. The keys are also signed by the long term keys of their respective owners. Current releases are signed by one or more of these four keys: rsa2048 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dis

Re: efail is imho only a html rendering bug

Hi! Thanks for responding. However, my question was related to the claims in the paper about using CRL and OCSP as back channels. This created the impression that, for example, the certificates included in an encrypted CMS object could be modified in a way that, say, the DP could be change in th

Re: doc patches: spelling errors

Hi! Thanks for the fixes. I applied them to master and 2.2 > +++ gnupg.info-1 Sat May 19 19:02:04 2018 Noet that this is a generated file. The source is one of the *texi files. Shalom-Salam, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind fre

Re: efail is imho only a html rendering bug

On Mon, 21 May 2018 19:11, r...@sixdemonbag.org said: > Efail is not just an HTML rendering bug. It includes very real > attacks against S/MIME as it's used by thousands of corporations. I have not yet seen any hints on how a back-channel within the S/MIME protocol can work. There are claims th

Re: Breaking changes

On Wed, 23 May 2018 15:45, m16+gn...@monksofcool.net said: > 1. GPG is maintained by volunteers. If you have any complaint about how > this maintenance is progressing, get off your behind and be a volunteer That is fortunately not true. I work full time on GnuPG and related software, Gniibe is w

end-of-life announcements (was: Breaking changes)

On Wed, 23 May 2018 13:56, d...@kegel.com said: >> So when talking about EOL, gpg community should consider writing down a >> consistent EOL strategy, similar to those of Ubuntu, Linux kernel or others >> or something like I tried to argue for in the middle of >> https://lists.gnupg.org/piperma

Re: Forward gpg-agent to container

On Tue, 5 Jun 2018 08:56, andr...@andrewg.com said: > This sounds overly complicated. Once you have the extra socket visible > inside the container, it should be sufficient to set the environment > variable GPG_AGENT_SOCK. You don’t need to start an extra agent inside The envvar GPG_AGENT_INFO i

Re: Problem signing git commits with smartcard key

On Fri, 1 Jun 2018 00:04, koo...@spacekookie.de said: > ssb> rsa4096 2018-05-30 [SEA] Remove the S capability from that key. gpg prefers a signing subkey over the primary key but that happens to be an encryption key on the card. You should also be able to specify the key as signingkey = 5

Re: Problem signing git commits with smartcard key

On Thu, 31 May 2018 20:46, koo...@spacekookie.de said: > 2018-05-31 20:27:42 scdaemon[17755] DBG: chan_7 <- PKSIGN --hash=sha256 > OPENPGP.2 > 2018-05-31 20:27:42 scdaemon[17755] operation sign result: Invalid ID You are signing with the second key of the token. This is an encryption key and th

Re: Problem signing git commits with smartcard key

On Thu, 31 May 2018 16:12, koo...@spacekookie.de said: > [GNUPG:] FAILURE sign 100663414 > gpg: signing failed: Invalid ID $ gpg-error 100663414 100663414 = (6, 118) = (GPG_ERR_SOURCE_SCD, GPG_ERR_INV_ID) = (SCD, Invalid ID) This shows that the error originates from scdaemon. To look deeper int

Re: GPGME export secret subkeys

On Wed, 30 May 2018 17:22, tookm...@gmail.com said: > GPGME has export and import functions that work well as alternatives to > "gpg --import" and "gpg --export". However, looking through the > documentation I cannot find an equivalent to "gpg > --export-secret-subkeys". Have I missed something, or

Re: gpgme: environment variable not set

On Thu, 24 May 2018 21:46, trinh.ra...@gmail.com said: > I have recently cross compiled gpgme for a program I am working on but > gpgme fails to function as expected as I get an error saying an environment > variable cannot be found -- verbose in this case doesn't really elaborate > on what that mi

Re: A Solution for Sending Messages Safely from EFAIL-safe Senders to EFAIL-unsafe Receivers

On Thu, 24 May 2018 00:05, gnupg-us...@spodhuis.org said: > up at . Given that I see more and more mails with "Encrypted mail" as subject, this feature is getting more and more annoying. It will eventually not anymore possible to pre-sort mails as it is c

Re: Efail or OpenPGP is safer than S/MIME

On Fri, 18 May 2018 12:18, patr...@enigmail.net said: > How far back will that solution work? I.e. is this supported by all > 2.0.x and 2.2.x versions of gpg? 2.0.19 (2012) was the first to introduce DECRYPTION_INFO In any case 2.0 is end-of-life. In theory we could backport that to 1.4 but I d

Re: [GPGME] Repeated decrypt fails

On Thu, 17 May 2018 20:48, trinh.ra...@gmail.com said: > err = gpgme_op_decrypt_start(ctx, fileEncrypted, fileDecrypted); > ctx = gpgme_wait(ctx, &stat, 1); > > std::cout << "Decrypt Status: " << gpgme_strerror(err) << std::endl; Here you show the result of the start operation which is usuallay s

Re: AW: AW: AW: AW: Efail or OpenPGP is safer than S/MIME

On Thu, 17 May 2018 13:11, roman.fied...@ait.ac.at said: > How could that work together with the memory based "wipe" approach, you > envisioned in your message > https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060379.html , last > paragraph? Tha is a different layer. Basically a part o

Re: Efail or OpenPGP is safer than S/MIME

On Thu, 17 May 2018 11:21, luk...@gpgtools.org said: > Is there any particular reason why these have not been added to > doc/DETAILS? They don't make much sense. I can't remember why I added them. > If we check for DECRYPTION_INFO 0 X (0 being NO MDC) and the > BADMDC status line (in addition t

Re: Users GnuPG aims for?

On Thu, 17 May 2018 10:45, roman.fied...@ait.ac.at said: > encryption/decryption gateways. In my opinion gnupg development has a > strong motion towards client-only use-cases, thus I started like Huh? Didn't you noticed all the new features we implemented to make the scripting of key managment e

Re: Users GnuPG aims for?

On Thu, 17 May 2018 11:20, andr...@andrewg.com said: > More seriously though, properly marked-up text is demonstrably easier to > read. That's why people submit academic papers in Latex instead of Right. But there is nothing which inhibits a MUA to render a mail in a more appropriate way. But t

Re: Users GnuPG aims for? (Re: Breaking MIME concatenation)

On Thu, 17 May 2018 10:24, andr...@andrewg.com said: > Content-type: text/markdown ;-) Content-type: text/org-mode But we need to disable Babel processing. So better stick with Content-type: text/plain and remember that mail is serious work and not for amusement. Salam-Shalom, Werner -

Re: Users GnuPG aims for?

On Thu, 17 May 2018 10:11, bernh...@intevation.de said: > The technical and organisational difficulty is how to control backchannels It is not technical or organizational problem but a question on how to keep the marketing departments at bay. The need to avoid oracles is an old and standard topi

Re: Efail or OpenPGP is safer than S/MIME

On Thu, 17 May 2018 08:59, patr...@enigmail.net said: > Within 12 hours after the release I got 5 bug reports/support requests Kudos to Enigmail for acting as our guinea pig. I implemented the same thing in GPGME this morning (see my mail to enigmail users). What shall we do now? Provide a sep

Re: Breaking MIME concatenation

On Thu, 17 May 2018 01:48, r...@sixdemonbag.org said: > While y'all are having this discussion, remember that GnuPG's 95% use > case is verifying Linux packages, and that number isn't expected to > change a whole lot. I am pretty sure that there are more Windows GPG users than users who run Linux

Re: Breaking MIME concatenation

On Thu, 17 May 2018 01:39, miri...@riseup.net said: > However, I get that many users expect HTML, embedded images and links. Well they expect a bit of markup like *bold* or _underlined_ or /italics/ and links like https://gnupg.org but any decent MUA already supports this for plain text mails. P

Re: Vulnerable clients

On Wed, 16 May 2018 10:02, g...@unixarea.de said: > Most (if not even all) of the MUA which are noted for Linux do run on > nearly any other UNIX flavor, FreeBSD, OpenBSD, ... and mutt in addition I would have written Unix instead of mentioning one specific flavor of Unix kernel software ;-) Giv

Re: Efail or OpenPGP is safer than S/MIME

On Tue, 15 May 2018 11:56, andr...@andrewg.com said: > We should also be very careful to note that none of this discussion > thread applies to the MIME concatenation vulnerability, which is a > problem in Thunderbird and other mail clients, and which cannot be While we are at that point. Can we

Re: AW: AW: AW: Efail or OpenPGP is safer than S/MIME

On Wed, 16 May 2018 16:24, roman.fied...@ait.ac.at said: > In my opinion it is hard to find such a "one size fits all" > solution. Like Werner's example: disabling decryption streaming The goal of the MDC is to assure that the message has been received exactly as the sender set it. Thus there is

Re: Vulnerable clients

On Wed, 16 May 2018 10:48, o...@mat.ucm.es said: >> On Tue, 15 May 2018 03:31, je...@seibercom.net said: > >> My conclusion is that S/MIME is vulnerable in most clients with the >> exception of The Bat!, Kmail, Claws, Mutt and Horde IMP. I take the >> requirement for a user consen

Re: GPGME progress callback no current or total

On Tue, 15 May 2018 20:45, tookm...@gmail.com said: > PROGRESS UPDATE: what = primegen, type = 43, current = 0, total = 0 > > > Aren't current and total supposed to indicate progress? Why might they > be zero? Depends on the type of progress. For prime generation we can't do any estimation. f y

Re: Don't Panic.

On Tue, 15 May 2018 17:06, mw...@iupui.edu said: > Heh. "We've discovered that locks can be picked, so you should remove > all the locks from your doors right now." "There are lot of benefits for members of the Mechanical Frontdoor Foundation. Rely on us for your social engineering tasks. Bec

Re: Breaking MIME concatenation

On Tue, 15 May 2018 22:19, miri...@riseup.net said: > So why use HTML with gnupg? Even some of the journalist kicking that EFFective hype are using encrypted mails with HTML content. 's/ pgpaY0DPHbkw1.pgp Description: PGP signature ___ Gnupg-users mai

Re: AW: Efail or OpenPGP is safer than S/MIME

On Tue, 15 May 2018 11:44, roman.fied...@ait.ac.at said: > The status line format should be designed to support those variants to > allow a "logical consistency check" of the communication with GnuPG There is a DECRYPTION_FAILED and that is all what it takes. If the integrity check fails the

Vulnerable clients (was: US-CERT now issuing a warning for OpenPGP-SMIME-Mail-Client-Vulnerabilities)

On Tue, 15 May 2018 03:31, je...@seibercom.net said: > NCCIC encourages users and administrators to review CERT/CC’s Vulnerability > Note VU #122919. Doesn't CERT read the paper before produciong a report? The table of vulnerable MUAs is easy enough to read. To better see what we are discussing,

Re: Efail or OpenPGP is safer than S/MIME

On Mon, 14 May 2018 22:43, andr...@andrewg.com said: > If we believe that there will be more encrypted messages in the future than > there have been in the past, then protecting those future messages takes > priority, especially if an upgrade pathway exists. Unless you change the default optio

<    3   4   5   6   7   8   9   10   11   12   >