Declaration in France

2016-01-07 Thread Vatis, Michael 
Does anyone know whether a declaration has ever been filed by anyone with the 
French "L'Agence Nationale de la Sécurité des Systèmes d'information" (ANSSI) 
for GnuPG version 2.0.16 to allow import of the software into France?


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Obtaining SSH Key format from OpenPGP public certificate without gpgkey2ssh

2016-01-07 Thread Andre Heinecke 
Hi,

In a previous thread it was noted that gpgkey2ssh is deprecated and will 
likely be removed. 

Niibe pointed out how to add a key to GnuPG sshcontrol and obtain the SSH key 
format from ssh-add -L
https://lists.gnupg.org/pipermail/gnupg-users/2015-December/054871.html
This works for myself.

But I'm missing a way for someone that has only my public key to add this key 
to an SSH authorized_keys file without input from me.

E.g. Another person has verified / signed my PGP key that has an Authentication 
Subkey. How can this Person get the SSH Key representation without having to 
ask me to provide it? (Assuming the person has my public key and without 
gpgkey2ssh)

I think this use case is one of the nice features you get by associating an 
OpenPGP key with SSH Authentication and I would miss it if gpgkey2ssh is 
removed.

Regards,
Andre

-- 
Andre Heinecke |  ++49-541-335083-262  | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Obtaining SSH Key format from OpenPGP public certificate without gpgkey2ssh

2016-01-07 Thread NIIBE Yutaka 
On 01/07/2016 06:38 PM, Andre Heinecke wrote:
> E.g. Another person has verified / signed my PGP key that has an 
> Authentication 
> Subkey. How can this Person get the SSH Key representation without having to 
> ask me to provide it? (Assuming the person has my public key and without 
> gpgkey2ssh)
> 
> I think this use case is one of the nice features you get by associating an 
> OpenPGP key with SSH Authentication and I would miss it if gpgkey2ssh is 
> removed.

Exactly, this is very useful.  In the past, I wrote an article:

   http://www.gniibe.org/memo/software/ssh/using-gpgkey-for-ssh.html

Alternatively, we have openpgp2ssh utility in monkeysphere.

   http://web.monkeysphere.info/

I think that it's worth to keep gpgkey2ssh in GnuPG and to enhance it
to support ECC.
-- 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Creating encryption subkey with C25519 fails [gpg2 2.1.9, libgcrypt 1.6.4]

2016-01-07 Thread Thomas Hartmann 
Hi all,

probably a newbie question: I have just been trying to create a curve
25519 subkey for encryption (I have already a RSA key for
encryption-only and a c25519 for sign/auth). However, when going for the
ECC encryption only fails always for me due to an invalid flag [1]?
(gpg2 2.1.9, libgcrypt 1.6.4 on Fedora 23 on 4.2.8-300)

Actually, setting own capabilities for elliptic curves only offers
signing and authentification as switchable options but no encryption?

Maybe I did not get ECC correctly, but I assumed that ECC should in
general fit all three uses, or?

Cheers and thanks for ideas,
  Thomas

[1]
gpg2 --homedir=/FOOPATH/gnupg  --expert --edit-key 0xLONGMASTERID
gpg (GnuPG) 2.1.9; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  ed25519/0xLONGMASTERID
 created: 2016-01-07  expires: 2023-01-05  usage: SCA
 trust: ultimate  validity: ultimate
ssb  rsa4096/0xLONGSUBID
 created: 2016-01-07  expires: 2022-01-05  usage: E
ssb  ed25519/0xLONGSUBID2
 created: 2016-01-07  expires: 2022-01-05  usage: SA
[ultimate] (1). Thomas Hartmann 

gpg> addkey
Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
  (12) ECC (encrypt only)
  (13) Existing key
Your selection? 12
Please select which elliptic curve you want:
   (1) Curve 25519
   (2) NIST P-256
   (3) NIST P-384
   (4) NIST P-521
Your selection? 1
gpg: WARNING: Curve25519 is not yet part of the OpenPGP standard.
Use this curve anyway? (y/N) y
Please specify how long the key should be valid.
 0 = key does not expire
= key expires in n days
  w = key expires in n weeks
  m = key expires in n months
  y = key expires in n years
Key is valid for? (0) 6y
Key expires at Wed Jan  5 17:06:52 2022 CET
Is this correct? (y/N) y
Really create? (y/N) y
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: agent_genkey failed: Invalid flag
gpg: Key generation failed: Invalid flag

gpg> save
Key not changed so no update needed.




Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2



smime.p7s
Description: S/MIME Cryptographic Signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users