Re: Difference between clearsign and detached signatures?
On Sun, 31 Aug 2014 18:03, gn...@iam.tj said: to see how to do is set the keyring file to use. There doesn't appear to be any function that provides for setting an existing key ring; the best I could find is gpgme_op_import_keys() which talks about: The keyring is an internal propery of GnuPG and thus we can't provide an API in GPGME. What we do instead is to allow swicthing GnuPG's home directory via gpgme_set_engine_info. In my scenario I simply need to tell the crypto engine to use the /etc/apt/trusted.gpg Do you want to use gpgme as a API for gpgv ? It might be useful to consider a new gpgme_protocol for verifying keys using a redefined set of keys. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gnupg privicy assistant - card manager.
On Sun, 31 Aug 2014 16:00, paul.le...@quadensemble.com said: I'd like to use the card manager function, but whenever I invoke it the application returns the error Error accessing the card, and the status bar reports Checking for card .. I have actually thank you for raising this issue: gnome-keyring-daemon[5531]: unrecognized command: SCD The problem is that the gnome-keyring-dameon hijacks the inter process communication (IPC) between gpg and gpg-agent. It implements a very limited set of commands of gpg-agent but nothing more. Recent versions of GnuPG detect this and show a warning message or pop-up to tell you just this. Depending on the version of gnome-keyring-daemon, it is possible to disable the gpg-agent hijacking component. Unfortunately it is hard to convince the maintainer to disable this mis-features. Otherwise if I run gpg --card-status with a card in the USB card reader I get the following: You are using gpg 1.4.x which can directly talk to the card. However, latest card features are not supported by 1.4 but only by GnuPG 2.x. See the mail thread starting with this mail for details: http://lists.gnupg.org/pipermail/gnupg-devel/2014-August/028689.html I presume, the system is misconfigured is some way. Any one got any suggestions? You may want to bring this to the attention of your Linux distribution. The solution could be easy: The gpg-agent component needs to be disabled when build gnome-keyring-daemon: ./configure --disable-gpg-agent Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[Announce] GPA 0.9.5 released
Hello! I am pleased to announce GPA version 0.9.5. GPA is a graphical frontend for the GNU Privacy Guard (GnuPG). GPA can be used for most operations supported by GnuPG using either the OpenPGP or the S/MIME protocols. A smartcard manager and a generic user interface server features are included as well. You can find the release here: ftp://ftp.gnupg.org/gcrypt/gpa/gpa-0.9.5.tar.bz2 (716k) ftp://ftp.gnupg.org/gcrypt/gpa/gpa-0.9.5.tar.bz2.sig and soon on all ftp.gnupg.org mirrors. A binary version for Windows is currently not planned. The SHA1 checksum for this release is: ea53b934a7f5dd4e2dfb35dac2b35cafc7b54c90 gpa-0.9.5.tar.bz2 Noteworthy changes in version 0.9.5 --- * GPA now starts with the UI server enabled and tests on startup whether such a server is already running to open that one instead of launching a second instance. * GPA is now aware of ECC keys. * Improved detection of CMS objects (which are used by S/MIME) and detached OpenPGP signatures. * Allow import and export of X.509 certificates. Allow backup of X.509 keys. * The key creation date is now displayed in the key listing. * Armored detached signature files are now created with an .asc suffix and not with .sig. * The GnuPG home directory is now detected using the gpgconf tool. * Added launch-gpa wrapper for Windows. * Fixed several bugs leading to crashs. If you want to contribute to the development of GPA, please subscribe to the gnupg-devel mailing list [1] and read the file doc/HACKING. The driving force behind the development of GPA is my company g10 Code. Maintenance and improvement of GnuPG and related software, such as GPA, takes up most of our resources. To allow us to continue our work on free software, we ask to either purchase a support contract, engage us for custom enhancements, or to donate money: https://gnupg.org/donate/ Many thanks to all who contributed to GPA development, be it bug fixes, code, documentation, testing, and helping users. Shalom-Salam, Werner [1] See http://www.gnupg.org/documentation/mailing-lists.html . -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpI9nWTxreLT.pgp Description: PGP signature ___ Gnupg-announce mailing list gnupg-annou...@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Smart Card 4096 Key Question
On 01/09/14 08:16, Werner Koch wrote: On Sun, 31 Aug 2014 23:27, tristan.sant...@internexusconnect.net said: Yes the card can have a 4096bit Auth, Sign and Encryption key. You have Correct. to generate them on a machine though, not on card. The cards generate them just fine. Note that this is only true for the ZeitControl as currenty distributed. Thus the warning note you see if you use a different key size than 2048 bit. I tried to buy an SCT3512 usb key device from Amazon.de and also from SCM in Germany. Neither will ship to an address outside Germany' I tried the shop at kernelconcepts.de for the card but I can't get into their website with Firefox under linux nor under windows - I just get a weird error page : Fatal error: Call to a member function add_current_page() on a non-object in /var/www/osc/catalog/includes/application_top.php on line 318 It looks like security is alive and doing well in Germany. I though we had something going for us in Europe these days but apparently not. Can anyone suggest a supplier in Europe who will sell outside his frontier ? Philip signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Smart Card 4096 Key Question
On 01/09/14 15:18, Philip Jackson wrote: On 01/09/14 08:16, Werner Koch wrote: On Sun, 31 Aug 2014 23:27, tristan.sant...@internexusconnect.net said: Yes the card can have a 4096bit Auth, Sign and Encryption key. You have Correct. to generate them on a machine though, not on card. The cards generate them just fine. Note that this is only true for the ZeitControl as currenty distributed. Thus the warning note you see if you use a different key size than 2048 bit. I tried to buy an SCT3512 usb key device from Amazon.de and also from SCM in Germany. Neither will ship to an address outside Germany' I tried the shop at kernelconcepts.de for the card but I can't get into their website with Firefox under linux nor under windows - I just get a weird error page : Fatal error: Call to a member function add_current_page() on a non-object in /var/www/osc/catalog/includes/application_top.php on line 318 It looks like security is alive and doing well in Germany. I though we had something going for us in Europe these days but apparently not. Can anyone suggest a supplier in Europe who will sell outside his frontier ? Philip ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Johnathan, How far into the shopping process ? My cart fills fine here. That is regarding kernel concepts. Don'y they also do a card reader ? Anyway, I tried loads of places within the UK, not much luck, then just bought an Omnikey, but my pinpad never worked until somebody made a patch. Seems to work fine now. Although 2.0.19 broke it I think or fixed it. I cannot recall, which one broke and then which fixed it again. ;-D Maybe you could contact a supplier and ask them how much they would want, if they order one for you. However, then they will charge you RRP as a bare minimum, probably more, as you asked them for it. Regards, Tristan P.S: Maybe choose another model ? Which is more widely available ? -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Hal Finney
Hal Finney, one of the original PGP hackers and a pivotal figure in twenty-plus years of PGP development and evolution of the OpenPGP spec, died this past weekend of complications from amyotrophic lateral sclerosis (ALS, or Lou Gehrig's Disease). Although he had minimal involvement in the Free Software community, he was a pivotal figure within the larger PGP community. I knew Hal, though not well. In my brief experiences with him he was witty, funny, and unfailingly kind. My thoughts are with his family. The world is diminished with his absence. http://www.nytimes.com/2014/08/31/business/hal-finney-cryptographer-and-bitcoin-pioneer-dies-at-58.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Problems installing 2.0.26 on Mavericks
Hello, I’m running into problems compiling GnuPG on my mac running OS X 10.9.4. I have Google-ed at length and read the INSTALL and README files to no avail. I’m hoping to get some help on the install, and thankful in advance for any help. I have downloaded the current version (2.0.26) and verified the checksum. I used a standard configure: $ ./configure which results in: GnuPG v2.0.26 has been configured as follows: Revision: 5b2dcdd (23341) Platform: Darwin (x86_64-apple-darwin13.3.0) OpenPGP: yes S/MIME:yes Agent: yes Smartcard: yes (without internal CCID driver) Gpgtar:no Protect tool: (default) Default agent: (default) Default pinentry: (default) Default scdaemon: (default) Default dirmngr: (default) However, when I attempt to compile, I run into problems: $ sudo make In file included from ./stdint.h:66: /usr/include/inttypes.h:235:8: error: unknown type name 'intmax_t' extern intmax_t ^ /usr/include/inttypes.h:236:9: error: unknown type name 'intmax_t' imaxabs(intmax_t j); ^ /usr/include/inttypes.h:240:2: error: unknown type name 'intmax_t' intmax_t quot; ^ /usr/include/inttypes.h:241:2: error: unknown type name 'intmax_t' intmax_t rem; ^ /usr/include/inttypes.h:246:9: error: unknown type name 'intmax_t' imaxdiv(intmax_t __numer, intmax_t __denom); ^ /usr/include/inttypes.h:246:27: error: unknown type name 'intmax_t' imaxdiv(intmax_t __numer, intmax_t __denom); ^ /usr/include/inttypes.h:250:8: error: unknown type name 'intmax_t' extern intmax_t ^ /usr/include/inttypes.h:256:8: error: unknown type name 'uintmax_t'; did you mean 'uintptr_t'? extern uintmax_t ^ /usr/include/sys/_types/_uintptr_t.h:30:24: note: 'uintptr_t' declared here typedef unsigned long uintptr_t; ^ In file included from allocsa.c:21: In file included from ./allocsa.h:23: In file included from /usr/include/stdlib.h:65: In file included from /usr/include/sys/wait.h:110: In file included from /usr/include/sys/resource.h:72: In file included from ./stdint.h:66: /usr/include/inttypes.h:263:8: error: unknown type name 'intmax_t' extern intmax_t ^ /usr/include/inttypes.h:269:8: error: unknown type name 'uintmax_t'; did you mean 'uintptr_t'? extern uintmax_t ^ /usr/include/sys/_types/_uintptr_t.h:30:24: note: 'uintptr_t' declared here typedef unsigned long uintptr_t; ^ 10 errors generated. make[3]: *** [allocsa.o] Error 1 make[2]: *** [all] Error 2 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 GCC version: $ g++ --version Configured with: --prefix=/Applications/Xcode.app/Contents/Developer/usr --with-gxx-include-dir=/usr/include/c++/4.2.1 Apple LLVM version 5.1 (clang-503.0.40) (based on LLVM 3.4svn) Target: x86_64-apple-darwin13.3.0 Thread model: posix Many many thanks in advance for any help received, Travis Millburn travis.millb...@gmail.com signature.asc Description: Message signed with OpenPGP using GPGMail ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gnupg privicy assistant - card manager.
On 01/09/14 07:37:45, Werner Koch wrote: On Sun, 31 Aug 2014 16:00, paul.le...@quadensemble.com said: I'd like to use the card manager function, but whenever I invoke it the application returns the error Error accessing the card, and the status bar reports Checking for card .. I have actually thank you for raising this issue: My pleasure. The problem is that the gnome-keyring-dameon hijacks the inter process communication (IPC) between gpg and gpg-agent. It implements a very limited set of commands of gpg-agent but nothing more. Recent versions of GnuPG detect this and show a warning message or pop-up to tell you just this. Depending on the version of gnome-keyring-daemon, it is possible to disable the gpg-agent hijacking component. I would be interested in how to accomplish this. If you can point me to a thread or reference in the gnupg manual, that would be appreciated. Unfortunately it is hard to convince the maintainer to disable this mis-features. So Gnome breaks gnupg-agent and they will not fix it? See the mail thread starting with this mail for details: http://lists.gnupg.org/pipermail/gnupg-devel/2014-August/028689.html I presume, the system is misconfigured is some way. Any one got any suggestions? You may want to bring this to the attention of your Linux distribution. The solution could be easy: The gpg-agent component needs to be disabled when build gnome-keyring-daemon: ./configure --disable-gpg-agent I prefer the gpg-agent UI. Anyway, Seahorse doesn't seem to know about smart cards so the whole reason I posted, to see my smart card in the card display of gpa is defeated if I disable gpg-agent. Unless I have the wrong end of the stick? Regards ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problems installing 2.0.26 on Mavericks
Hi, If you don’t have a specific reason for compiling yourself I’d look into installing from Homebrew [1] or Macports [2] and possibly then adding GPG Suite [3] without MacGPG component. I happened to run through this myself just a couple weeks ago so I wrote it up on the list [4]. [1] http://brew.sh [2] https://www.macports.org [3] https://gpgtools.org [4] http://lists.gnupg.org/pipermail/gnupg-users/2014-August/050677.html -- Ville Määttä On 01 Sep 2014, at 21:33, Travis Millburn travis.millb...@gmail.com wrote: I’m running into problems compiling GnuPG on my mac running OS X 10.9.4. signature.asc Description: Message signed with OpenPGP using GPGMail ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Friday 29 August 2014 at 9:04:54 AM, in mid:54003426.4030...@signal100.com, Mark Rousell wrote: Social interaction inevitably involves some extent of information sharing, and always has, but that doesn't mean that privacy (and all the nuanced concepts that are contained within that word) has somehow evaporated the first time you communicate with someone, or travel somewhere, etc. I think one of the major problems with social networks is the published and permanent record left behind by interactions that are experienced in a similar way to casual conversations. - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net Why is the universe here? Well, where else would it be? -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlQE6UhXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pPFMD/1io/C/rW9dIqYoRCVXi58xV9XFyVnERs1BX DbBlga1W6QtTju48MllBrtBtDPCThpJjWNvDPX9VtCSPdjOA2BZ9FycMSwg5GJO4 UuzjK4SQ4d6XC1eZ1b66AquWLIGniO3NX0p9gZFLQvRqp+AVIO7dJZv7lJ2cY0qu wwVWH2SP =oHUw -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Smart Card 4096 Key Question
I bought my SCR3500 and SCR335 V2 from Identive / Chipdrive [1]. I had a problem adding VAT number to the order myself but at least they ship (and kindly handled fixing the bill afterwards). Though, they only seem to have an SCT3511 there, not a 3512. [1] http://www.chipdrive.de -- Ville Määttä On 01 Sep 2014, at 17:18, Philip Jackson philip.jack...@nordnet.fr wrote: I tried to buy an SCT3512 usb key device from Amazon.de and also from SCM in Germany. Neither will ship to an address outside Germany' signature.asc Description: Message signed with OpenPGP using GPGMail ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GPA 0.9.5 released
On 09/01/2014 04:07 AM, Werner Koch wrote: I am pleased to announce GPA version 0.9.5. Thanks for the updated release, Werner! I noticed a couple things from a brief review of 0.9.5: keyserver helpers and gpg 2.1 - GPA's configure.ac suggests that gpgkeys_ldap needs to exist. But in the gpg 2.1 branch, the keys helpers have all be removed in favor of dirmngr. Is gpa supposed to be compatible with the 2.1 branch of gpg? misbehavior when no gpg-agent is available -- As reported here: https://bugs.debian.org/760237#203 if no gpg-agent is available, i see the following two dialogs from a new account: -- The GPGME library returned an unexpected error. The error was: Unknown option This is probably a bug in GPA. GPA will now try to recover from this error. [ Close ] -- -- You do not have a private key yet. Do you want to generate one now (recommended) or do it later? [ Generate key now ] [ Do it later ] -- This last dialog box just stays up, no matter what buttons i click. I guess GPA should probably detect the absence of an agent, and either warn the user of its absence or start one up automatically. Regards, --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[PATCH] GPA: add a File|Close option to the card manager
All the other windows have a File|Close option, but the card manager only has File|Quit. As a result, a user who tries to close the card manager from the menubar will most likely shut down all of GPA, which may not be their intent. --- src/cardman.c | 12 1 file changed, 12 insertions(+) diff --git a/src/cardman.c b/src/cardman.c index c752442..844a44a 100644 --- a/src/cardman.c +++ b/src/cardman.c @@ -624,6 +624,15 @@ watcher_cb (void *opaque, const char *filename, const char *reason) } +/* Handle menu item File/Close. */ +static void +file_close (GtkAction *action, gpointer param) +{ + GpaCardManager *cardman = param; + gtk_widget_destroy (GTK_WIDGET (cardman)); +} + + /* Construct the card manager menu and toolbar widgets and return them. */ static void @@ -638,6 +647,8 @@ cardman_action_new (GpaCardManager *cardman, GtkWidget **menubar, { Card, NULL, N_(_Card), NULL }, /* File menu. */ + { FileClose, GTK_STOCK_CLOSE, NULL, NULL, + N_(Close the window), G_CALLBACK (file_close) }, { FileQuit, GTK_STOCK_QUIT, NULL, NULL, N_(Quit the program), G_CALLBACK (gtk_main_quit) }, @@ -652,6 +663,7 @@ cardman_action_new (GpaCardManager *cardman, GtkWidget **menubar, ui menubar name='MainMenu' menu action='File' + menuitem action='FileClose'/ menuitem action='FileQuit'/ /menu menu action='Edit' -- 2.1.0 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Hal Finney
On 9/1/2014 at 3:46 PM, Robert J. Hansen r...@sixdemonbag.org wrote: I knew Hal, though not well. In my brief experiences with him he was witty, funny, and unfailingly kind. = Back when I first started in PGP, and asked many silly questions that exposed my ignorance, Hal Finney was one of the few who answered me kindly and patiently. My thoughts are with his family. The world is diminished with his absence. = Appealing to the science-fiction tendencies latent in many of the cryptographic community, maybe the cryo-preservation will someday be found to work, and the world will have him back again ... with Profound Respect, vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users