Re: mascot_p
On 17 Jun 2014, at 21:05, Erik Josefsson erik.hjalmar.josefs...@gmail.com wrote: On 06/17/2014 08:12 PM, Bob (Robert) Cavanaugh wrote: My Vote is for the armadillo, pangolin, or hedgehog. All cutecuddly until you try to look too close... Hedgehog is taken :-) http://sirireiter.dk/edge/ The turtle ( teenage mutant ninja ) is ok because it shows armour but also they are slow normally so probably making it look faster somehow would be a good thing, with wings ? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Order of keys attempted to decrypt
I have my private sub keys on a smart card, and up until recently decrypting was always fine. Then I found out that for signing other people's keys, I need to have the primary private key available. So I put it on a second smart card as described here: http://gnupg.10057.n7.nabble.com/Issues-with-primary-key-amp-subkeys-on-different-smartcards-td32228.html Now decryption still works, but with a small hiccup: $ gpg -d test.txt.gpg gpg: Anonymer Empfänger; Versuch mit geheimem Schlüssel 0AE275A9 … gpg: sending command `SCD PKDECRYPT' to agent failed: ec=6.91 gpg: Anonymer Empfänger; Versuch mit geheimem Schlüssel 8760DB3E … gpg: Alles klar, wir sind der ungenannte Empfänger. gpg: verschlüsselt mit RSA Schlüssel, ID It first tries to decrypt using the primary key. And since the card with the primary key is not plugged in, it outputs an error, before it tries the sub key that succeeds. I tried using the -r option to specify the key to use, but it was seemingly ignored. Is there a way to specify which key to try first? The problem I have at the moment ist that some scripts fail probably because the error that is output. For example, it never reaches line 43 of the following script since I have the stub for the primary key: https://github.com/ulrichard/locally_encrypted_remote_storage/blob/master/open_locally_encrypted_remote_storage.sh Rgds Richard PS: out of curiosity: What does the ID mean in the output from gpg : gpg: verschlüsselt mit RSA Schlüssel, ID signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: mascot_p
Assuming that there *should * be a mascot, the discussion seems to concentrate on the secrecy aspect of GnuPG. But what about the other aspect -- assertion of identity? Does that spark any ideas? What sort of mascot would combine the two aspects? -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
public key E6602099 is 131772146 seconds newer than the signature
As per my understanding of the gpg(1) manpage, '--ignore-time-conflicts' should supress messages such as the one in the subject. However, that doesn't seem to be the case: http://ae7.st/p/2u6. It appears that only when redirecting STDERR to /dev/null is it supressed. Is this expected behavior, or am I missing something? Thanks, -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpoJVaHoMQGA.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Order of keys attempted to decrypt
On 06/18/2014 04:46 AM, Richard Ulrich wrote: $ gpg -d test.txt.gpg gpg: Anonymer Empfänger; Versuch mit geheimem Schlüssel 0AE275A9 … gpg: sending command `SCD PKDECRYPT' to agent failed: ec=6.91 gpg: Anonymer Empfänger; Versuch mit geheimem Schlüssel 8760DB3E … gpg: Alles klar, wir sind der ungenannte Empfänger. gpg: verschlüsselt mit RSA Schlüssel, ID It first tries to decrypt using the primary key. And since the card with the primary key is not plugged in, it outputs an error, before it tries the sub key that succeeds. I tried using the -r option to specify the key to use, but it was seemingly ignored. Is there a way to specify which key to try first? see the --try-secret-key option or the --default-key option as described in gpg(1). PS: out of curiosity: What does the ID mean in the output from gpg : gpg: verschlüsselt mit RSA Schlüssel, ID This is a hidden recipient in the public key encrypted session key packet. from https://tools.ietf.org/html/rfc4880#section-5.1 : An implementation MAY accept or use a Key ID of zero as a wild card or speculative Key ID. In this case, the receiving implementation would try all available private keys, checking for a valid decrypted session key. This format helps reduce traffic analysis of messages. hth, --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: mascot_p
On Wed, 18 Jun 2014 08:45:26 -0400 Mark H. Wood mw...@iupui.edu wrote: Hello Mark, What sort of mascot would combine the two aspects? Racoon? Easily recognised so an allusion to identity there. Their face has a 'mask', alluding to privacy. -- Regards _ / ) The blindingly obvious is / _)radnever immediately apparent You're not so safe in the safety of your room Nasty - The Damned signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: public key E6602099 is 131772146 seconds newer than the signature
On Wed, Jun 18, 2014 at 07:28:32AM -0600, Aaron Toponce wrote: As per my understanding of the gpg(1) manpage, '--ignore-time-conflicts' should supress messages such as the one in the subject. Er, '--ignore-time-conflict'. Singular, not plural. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpmjklog_p4X.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: public key E6602099 is 131772146 seconds newer than the signature
On Wed, 18 Jun 2014 15:28, aaron.topo...@gmail.com said: As per my understanding of the gpg(1) manpage, '--ignore-time-conflicts' should supress messages such as the one in the subject. However, that doesn't seem to be the case: http://ae7.st/p/2u6. It appears that only when redirecting STDERR to /dev/null is it supressed. Is this expected behavior, or am I missing something? No, it continues checking even in the case of a time conflict. The diagnostic is always printed. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Order of keys attempted to decrypt
On 06/18/2014 09:43 AM, Daniel Kahn Gillmor wrote: On 06/18/2014 04:46 AM, Richard Ulrich wrote: $ gpg -d test.txt.gpg gpg: Anonymer Empfänger; Versuch mit geheimem Schlüssel 0AE275A9 … gpg: sending command `SCD PKDECRYPT' to agent failed: ec=6.91 gpg: Anonymer Empfänger; Versuch mit geheimem Schlüssel 8760DB3E … gpg: Alles klar, wir sind der ungenannte Empfänger. gpg: verschlüsselt mit RSA Schlüssel, ID It first tries to decrypt using the primary key. And since the card with the primary key is not plugged in, it outputs an error, before it tries the sub key that succeeds. I tried using the -r option to specify the key to use, but it was seemingly ignored. Is there a way to specify which key to try first? see the --try-secret-key option or the --default-key option as described in gpg(1). Sorry -- i think try-secret-key is only available in gnupg 2.1, but seems to have erroneously made it into the man pages for gpg 1.4 and 2.0 somehow. the thread from October 2013 with @ifset gpgtwoone macro not working in gpg.texi? on gnupg-devel suggests that this documentation issue was already fixed, but it looks to me like the documentation wasn't actually fixed. The fix appears to have been backported into the 2.0 branch in commit d03df688 earlier this month (not yet released) and doesn't seem to be applied to the 1.4 branch at all. Werner, are you ok with cherry-picking a15c35f into the 1.4 branch as well? --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
help needed getting gnupg to function correctly in linux
I can't send signed or encrypted emails in Thunderbird. I am using Thunderbird 24.5, enigmail 1.6, UbuntuStudio 14.04. Gnupg 1.4.16 was already installed in the linux distribution and I installed gnupg2 v2.0.22. I also installed Kleopatra and GPA because I am used to those gui's in Win7. I imported my public and secret keyrings from Win7 and also the trust database. All the keys are displayed correctly in enigmail, Kleo, GPA and Thunderbird indicates good signature for those emails received where I have the public key. I am in the process of moving everything I can off Windows7 onto UbuntuStudio. I have been using T'bird and enigmail for several years under windows so I know more or less how it works at user level. Currently, sending signed or encrypted mails fails with a 'bad passphrase message' without even having given me the opportunity to enter the passphrase. I am comparatively new to linux but turning to a terminal to try gpg leads to the following conclusions : using gpg : I can sign a test message. gpg warns that there is a problem with the agent and it has disabled it. But nevertheless it produces a test-message.gpg or test-message.asc depending on the command given. It requests and accepts my passphrase. gpg can verify the .gpg and the .asc files and gives 'good signature message' using gpg2 : I cannot sign a test message - gpg2 says that a passphrase is needed for my key but then aborts before I can enter anything and the following error is returned - gpg: problem with the agent: No PINentry gpg: no default secret key: Operation cancelled gpg: signing failed: Operation cancelled In /.gnupg/gpg.conf : default-key has been entered. gpg2 can and does verify the .gpg and .asc files produced by gpg returning a good signature message. Kleopatra cannot sign files. Returns 'bad passphrase' message without ever having asked for a passphrase. Kleopatra cannot verify the clearsigne .asc file produced on the cli bu gpg : returns message 'no signature found' Kleopatra cannot verify the .gpg file produced by gpg and returns message : 'could not open file for reading: Input/output error (218136625)' Note that it doesn't even have the name of the file. It appears to me (in all my ignorance) that there is a problem connected with gpg-agent and PINentry. The Synaptic Package Manager shows that I have gnupg-agent v.2.0.22-3ubuntu1 installed. I'd appreciate all and any help offered bearing in mind that I'm new to linux and command line stuff. Thanks. 0x23543A63.asc Description: application/pgp-keys 0x23543A63.asc Description: application/pgp-keys ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users