Re: Subject: cannot build database in GPA in ubuntu and won't generate GPG key.
On Thu 2015-01-15 05:42:20 -0500, georgeorwellhardwi...@riseup.net wrote: > Every time I use GPA in ubuntu it says, when I start GPA: "GnuPG is > rebuilding the trust database. > This might take a few seconds." And I can wait for hours, while nothing > happens. I'm not seeing this with debian unstable, gpa version 0.9.5-2. what version of gpa are you using on what version of ubuntu? --dkg ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problems when encrypting to a group on MacGPG
On 01/14/2015 10:53 PM, Doug Barton wrote: > On 1/14/15 7:09 PM, Anthony Papillion wrote: >> "gpg: O g: can't encode a 256 bit key in a 0 bit frame" >> >> This happens after I tell the program to accept the final key in the >> group as valid. But it doesn't seem to be related to a key since I've >> deleted the final key and it still give me the error. > > You're on the right track delete some more keys, test again, repeat > till you find the key causing problems. Depending on the number of keys > it may be easier to add/delete a few at a time, do a binary search, etc. Thanks Doug! It looks like the problem is likely related to two of the keys in the users keyring containing ECC subkeys which, apparently, that version of MacGPG can't handle well. I'm going to connect with them again today and delete those keys and see what happens. Thanks again! Anthony ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Specifying passphrase for batch key generation
On 15.01.15 09:56, Werner Koch wrote: > On Wed, 14 Jan 2015 21:59, jose.casti...@gmail.com said: > >> Now that we cannot specify a passphrase in the batch parameters, what >> is the preferred method for batch key generation with a specified >> passphrase? > > Thanks for this question. The Enigmail folks also asked on how to do > this and my answer was to switch to pinentry-mode=loopback. Revisiting > the code, it seems that there could be an easier solution. I see no > reason why we should not allow passing a passphrase along with the > parameters for the key generation. After all if the user wants to work > around the Pinentry, they should be allowed to do that - at least for > the key generation. > > It requires a bit of code but I think it is worth to have it in 2.1.2. Even easier! Thanks a lot -Patrick ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpgsm: certificate is not usable for signing
Hi, I recently installed GnuPG 2.1 and successfully used gpgsm for about a week. This morning, signing messages with mutt failed, and the signature of received messages cannot be verified. Signing a test file reveals: lbox:~ jan$ gpgsm --verbose --sign testfile.txt gpgsm: certificate is not usable for signing gpgsm: certificate is not usable for signing gpgsm: failed to open '/Users/jan/.gnupg/policies.txt': No such file or directory gpgsm: Note: non-critical certificate policy not allowed gpgsm: certificate not found: Ambiguous name gpgsm: certificate [...] gpgsm: checking the CRL failed: Not found gpgsm: validation model used: shell gpgsm: error creating signature: Not found I already tried restoring ~/.gnupg from a backup, without success. It looks like gpgsm does not find some intermediate certificate. Thanks in advance for any help. - Jan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpgsm: certificate is not usable for signing
Hi, the problem might be related to issue 1644 (http://bugs.g10code.com/gnupg/issue1644), my cert is part of the DFN-PKI. - Jan On 2015-01-15 10:23, Jan Eden wrote: > Hi, > > I recently installed GnuPG 2.1 and successfully used gpgsm for about a > week. This morning, signing messages with mutt failed, and the signature > of received messages cannot be verified. Signing a test file reveals: > > lbox:~ jan$ gpgsm --verbose --sign testfile.txt > gpgsm: certificate is not usable for signing > gpgsm: certificate is not usable for signing > gpgsm: failed to open '/Users/jan/.gnupg/policies.txt': No such file or > directory > gpgsm: Note: non-critical certificate policy not allowed > gpgsm: certificate not found: Ambiguous name > gpgsm: certificate [...] > gpgsm: checking the CRL failed: Not found > gpgsm: validation model used: shell > gpgsm: error creating signature: Not found > > I already tried restoring ~/.gnupg from a backup, without success. It > looks like gpgsm does not find some intermediate certificate. > > Thanks in advance for any help. > > - Jan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Subject: cannot build database in GPA in ubuntu and won't generate GPG key.
Hey. Every time I use GPA in ubuntu it says, when I start GPA: "GnuPG is rebuilding the trust database. This might take a few seconds." And I can wait for hours, while nothing happens. And If I try to close the window and try to generate a GPG key, it will say: "The GPGME library returned an unexpected error. The error was:"General error." This is probably a bug in GPA. GPA will now try to recover from this error. Is there anyone that seen these errors before? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gnupg-users Digest, Vol 136, Issue 23
Subject: cannot build database in GPA in ubuntu and won't generate GPG key. Hey. Every time I use GPA in ubuntu it says, when I start GPA: "GnuPG is rebuilding the trust database. This might take a few seconds." And I can wait for hours, while nothing happens. And If I try to close the window and try to generate a GPG key, it will say: "The GPGME library returned an unexpected error. The error was:"General error." This is probably a bug in GPA. GPA will now try to recover from this error. Is there anyone that seen these errors before? On 2015-01-14 21:51, gnupg-users-requ...@gnupg.org wrote: Send Gnupg-users mailing list submissions to gnupg-users@gnupg.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.gnupg.org/mailman/listinfo/gnupg-users or, via email, send a message with subject or body 'help' to gnupg-users-requ...@gnupg.org You can reach the person managing the list at gnupg-users-ow...@gnupg.org When replying, please edit your Subject line so it is more specific than "Re: Contents of Gnupg-users digest..." Today's Topics: 1. Re: Are there cases where gpg --verify will exit 0, even if verification failed? (Sandeep Murthy) 2. Re: Are there cases where gpg --verify will exit 0, even if verification failed? (Daniel Kahn Gillmor) 3. Re: Are there cases where gpg --verify will exit 0, even if verification failed? (Kristian Fiskerstrand) 4. Re: Are there cases where gpg --verify will exit 0, even if verification failed? (Sandeep Murthy) 5. Re: Are there cases where gpg --verify will exit 0, even if verification failed? (Werner Koch) 6. Re: Are there cases where gpg --verify will exit 0, even if verification failed? (Patrick Schleizer) 7. Is there a shell script or bash library for parsing gpg's --status-fd output? (Patrick Schleizer) 8. Re: Vanity Keys (Johan Wevers) 9. Re: Are there cases where gpg --verify will exit 0, even if verification failed? (Werner Koch) 10. Specifying passphrase for batch key generation (Joey Castillo) -- Message: 1 Date: Wed, 14 Jan 2015 13:22:45 + From: Sandeep Murthy To: gnupg-users@gnupg.org Subject: Re: Are there cases where gpg --verify will exit 0, even if verification failed? Message-ID: <3b2d48c6-89bd-452e-b7c5-fed144e13...@mykolab.com> Content-Type: text/plain; charset="utf-8" Are there cases where gpg --verify will exit 0, even if verification failed? Verification could fail internally within the gpg program, or externally because the signature fie does not exist or is incorrectly named or maybe corrupt e.g. [srm@~]$ gpg --verify asig.sig; echo $? gpg: can't open `asig.sig': No such file or directory gpg: verify signatures failed: No such file or directory 2 Exit codes in shells indicate problems relating to completion or disruption of the child process invoked by a parent process. They will not record unsuccessful events inside the child process related to program functions, i.e. if you inside gpg editing a key and enter an incorrect subcommand or use it incorrectly then this will not affect the exit code, I don?t think. Sandeep Murthy s.mur...@mykolab.com On 14 Jan 2015, at 07:51, Dave Pawson wrote: In Unix terms, a program that has run successfully to completion exits with status zero, no 'extra' semantic attached? Dave On 13 January 2015 at 19:03, Patrick Schleizer wrote: In another thread... Werner Koch On Mon, 12 Jan 2015 19:52, patrick- When it exits 0, then this approach is sound, sane and fine? You better check the status lines; in particular watch out for [GNUPG:] VALIDSIG E4B868C8F90C. or use gpgv. Are there cases where gpg --verify will exit 0, even if verification failed? (Suppose one uses a separate --homedir where only legitimate signing keys are imported.) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Dave Pawson XSLT XSL-FO FAQ. Docbook FAQ. http://www.dpawson.co.uk ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- next part -- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 873 bytes Desc: Message signed with OpenPGP using GPGMail URL: -- Message: 2 Date: Wed, 14 Jan 2015 08:40:23 -0500 From: Daniel Kahn Gillmor To: Sandeep Murthy , gnupg-users@gnupg.org Subject: Re: Are there cases where gpg --verify will exit 0, even if verification failed? Message-ID: <878uh55vlk@alice.fifthhorseman.net> Content-Type: text/plain; charset=utf-8 On Wed 2015-01-14 08:22:45 -0500, Sandeep Murthy wrote: Exit codes in shells indicate problems relating to completion or dis
Re: Specifying passphrase for batch key generation
On Wed, 14 Jan 2015 21:59, jose.casti...@gmail.com said: > Now that we cannot specify a passphrase in the batch parameters, what > is the preferred method for batch key generation with a specified > passphrase? Thanks for this question. The Enigmail folks also asked on how to do this and my answer was to switch to pinentry-mode=loopback. Revisiting the code, it seems that there could be an easier solution. I see no reason why we should not allow passing a passphrase along with the parameters for the key generation. After all if the user wants to work around the Pinentry, they should be allowed to do that - at least for the key generation. It requires a bit of code but I think it is worth to have it in 2.1.2. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users