Question about getting started with PGP and smart cards

[Joshua Terrill]

Hello,

I am looking to play around/experiment with gnupg and smart cards. From
what little research I've done, I've read about OpenPGP smart cards don't
reveal private keys, and do all decrypting/signing on the device itself
after entering a PIN. Do I have a correct understanding of this, and if so,
is this the common/most secure way to use these cards? For simple
encrypting, decrypting, and signing what card and card reader would you
recommend? I have a windows environment and an ubuntu environment that I
can play with it on.

Thanks!
-Josh
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: A problem in the web of trust model or a gnupg bug?

[Tobias Mueller]

Hi.

On Do, 2016-02-25 at 08:24 +0100, Werner Koch wrote:
> Thus I am not convinced that the revocation reasons are useful for
> any automated evaluation.
Can I tell GnuPG that I, as a user, am convinced that the superseded
revocation reason is correct?

I've grepped through the gpg man page and only found "superseded" once,
not related to evaluating trust in a key.

Cheers,
  Tobi

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Help with FreePascal/Lazarus TProcess.

[keith]

Hi..

I've been looking at TProcess in FreePascal/Lazarus,

http://wiki.freepascal.org/Executing_External_Programs

and had some success using it to generate key/certificate pairs using
OpenSSL as the TProcess. I thought I would try it with GnuPG and used
the same program structure I had created for OpenSSL.

This thread more or less describes the problem,

http://forum.lazarus.freepascal.org/index.php/topic,31701.0.html

but unless you subscribe to the forum you will not see the picture so,

http://i.imgur.com/Bjkg88g.png

As suggested the TProcess as called form Lazurus stalls after "permitted
by law" and as a result my program does the same.

I'm sure someone on the FreePascal forums will provide some help
assuming they have experience but I kind of get the impression that
TProcess is a bit of a 'black art' so I thought I would ask here as
well.

Any Ideas?

Regards

Keith


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg-pkcs11 status & future

[NdK]

Il 26/02/2016 16:02, Peter Lebbing ha scritto:

>> Rotating does only make sense if you take the old key soon offline.
> Why is this the case? I must admit I'm fairly comfortable not rotating
> my keys (which are on OpenPGP smartcards). But I can think of lines of
> reasoning where it makes sense to rotate, but still keep the old
> decryption key available.
In my case: every year will have its own PIN, different from the one
used for signing, and *really* different from the one for certification.

> Think: "There's a non-zero chance that someone
> got my private key material, but at least they can only decrypt stuff
> encrypted in 2011, all other years use a different key".
Extreme case: a judge orders to hand over the key to a set of messages
('cause they won't trust your decryption). Rotating keys minimizes
exposure of other material.

> Note in this scenario it is nice if I can still easily access my
> 2011 material as well.
Exactly.

> I'm not saying this is a solid line of reasoning. I'm just curious why
> limiting access to the decryption key is the only thing that makes sense.
Well, everybody can have his own perfectly valid reasons... Why limit
keys on smartcards more than technically necessary? Years ago cards had
space only for 3 keys, but a 144K Javacard can handle many more!
And if PKCS#11 was useable, one could use as many keys as needed by his
policy.

Note that I really don't like PKCS#11, but it's the de-facto standard to
access nearly every crypto-capable device.

BYtE,
 Diego

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Specify UID for --sign-key

[Muri Nicanor]

hi,

On 02/26/2016 08:11 PM, Peter Lebbing wrote:
> On 26/02/16 19:23, Muri Nicanor wrote:
>> (is there a switch to see the expiry date of signatures?)
> 
> --list-options show-sig-expire

thanks!
and thanks to this option my other question about --default-cert-expire
1y is lapsed, because that output shows that it works!

cheers,
muri

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Are ZLIB and ZLIB2 no longer supported in GnuPG?

[Anthony Papillion]

I recently compiled the latest version of GnuPG 2 from source (.29, I
believe) and, when I tried to use it, was told that I had invalid
options in my .conf file. Specifically, it told me that ZLIB and ZLIB2
weren't supported as compression algos.

Are those two algos no longer supported by GnuPG or was this just a
compile flag that I didn't pass it? If they aren't supported, are there
any security or usability implications to only using ZIP for compression?

Thanks,
Anthony



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Specify UID for --sign-key

[Peter Lebbing]

On 26/02/16 19:23, Muri Nicanor wrote:
> (is there a switch to see the expiry date of signatures?)

--list-options show-sig-expire

Cheers,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ maintenance

[Doug Barton]

On 02/26/2016 07:29 AM, Robert J. Hansen wrote:

Why is it more resource intensive?


It's far more intensive of a much more limited resource: user happiness.
  Normal users tend to find hexadecimal frustrating:

"It's a *number*?  But it uses A through F."


This is something that only experience can fix.


"I don't understand.  Why do I need the long ID?"


This is something the FAQ should explain :)


"Wait, now I need to use the *entire* fingerprint?"


Ditto.


"You can't be serious: I need to give a 40-character serial number
whenever I need to identify a key?"


I'm not sure users care much how many characters they are copying and 
pasting.



"What do you *mean*, future keys will be expanding to 64 characters?!"


... In all this discussion about what's mathematically optimal, I'm
dejected to see how little we're talking about human factors.


... you might note that in my recent response I did mention a very 
important human factor. Consistent advice (always use the complete 
fingerprint to identify a key) is MUCH easier for users to remember than 
trying to teach them when they need it, and when they don't.


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Specify UID for --sign-key

[Muri Nicanor]

hi dkg and list,

On 02/26/2016 03:49 AM, Daniel Kahn Gillmor wrote:
[...]
> On Thu 2016-02-25 18:59:53 +0100, Muri Nicanor  
> wrote:
>> is it possible to specifiy the uid for --sign-key (so i don't have to go
>> through the gpg --edit dialog)? i tried using
[...]
> In GnuPG 2.1:
> 
>--quick-sign-key fpr [names]
> 
>--quick-lsign-key fpr [names]
>   Directly sign a key from the passphrase without any further user
>   interaction.  The fpr must be the verified  primary  fingerprint
>   of a key in the local keyring. If no names are given, all useful
>   user ids are signed; with given [names]  only  useful  user  ids
>   matching  one  of theses names are signed.  The command --quick-
>   lsign-key marks the signatures as  non-exportable.   If  such  a
>   non-exportable  signature  already  exists  the --quick-sign-key
>   turns it into a exportable signature.
> 
>   This command uses reasonable defaults and thus does not  provide
>   the  full  flexibility of the "sign" subcommand from --edit-key.
>   Its intended use is to help unattended key signing by  utilizing
>   a list of verified fingerprints.

thanks a lot!
are these reasonable defaults whats explained in the first paragraph or
is there more to it? in particular i'm interested in the cert-expire
option- i tried to use --quick-sign-key with --default-cert-expire 1y,
but then i didn't find a way to review the expiry date of the signature
(is there a switch to see the expiry date of signatures?)

thanks and cheers,
muri

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ maintenance

[Andrew Gallagher]

On 26/02/16 15:29, Robert J. Hansen wrote:
>
> "It's a *number*?  But it uses A through F."
> 
> "I don't understand.  Why do I need the long ID?"
> 
> "Wait, now I need to use the *entire* fingerprint?"
> 
> "You can't be serious: I need to give a 40-character serial number
> whenever I need to identify a key?"
> 
> "What do you *mean*, future keys will be expanding to 64 characters?!"
> 
> 
> ... In all this discussion about what's mathematically optimal, I'm
> dejected to see how little we're talking about human factors.

:-)

The fundamental problem here is that computers have become so powerful
that they can generate more data objects than human beings can ever give
distinct names(*) to. Hell, we can't even give *ourselves* unique names,
and there's a mere 7 billion of us.

A

(*) IDs, serial numbers, handles, identifiers...



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ maintenance

[Robert J. Hansen]

> Why is it more resource intensive?

It's far more intensive of a much more limited resource: user happiness.
 Normal users tend to find hexadecimal frustrating:

"It's a *number*?  But it uses A through F."

"I don't understand.  Why do I need the long ID?"

"Wait, now I need to use the *entire* fingerprint?"

"You can't be serious: I need to give a 40-character serial number
whenever I need to identify a key?"

"What do you *mean*, future keys will be expanding to 64 characters?!"


... In all this discussion about what's mathematically optimal, I'm
dejected to see how little we're talking about human factors.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: cipher used when both --encrypt and --symmetric is specified

[vedaal]

On 2/26/2016 at 5:48 AM, "Martin Ilchev"  wrote:

>I did set my key preferences a few months ago and made sure the 
>key had
>them as well. Here is the output of showperf:
>
> Cipher: AES256, AES192, AES, CAST5, 3DES
.

>> > 2. Symmetrically encrypt and also encrypt for my own public 
>key:
>> > gpg2 -vvv --symmetric --encrypt --sign -r 0x1234567890ABCDEF 

>> > decrypting the file shows that the cipher used is CAST5

=

0x1234567890ABCDEF is obviously not your real key id.

I suspect the key was generated some time ago, when the default cipher to 
protect one's secret key, was CAST5

GnuPG's default choice for the encryption algorithm for a symmetric cipher will 
be what the s2k-cipher-algo is.

In your case for that key, it is CAST 5


Try This:

gpg2  --s2k-cipher-algo AES256 --symmetric --encrypt --sign -r 
0x1234567890ABCDEF  filename

The encryptions should now be with AES256 for both the symmetric part and the 
part encrypted to your key.


vedaal


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg-pkcs11 status & future

[Peter Lebbing]

On 26/02/16 15:18, Werner Koch wrote:
> Rotating does only make sense if you take the old key soon offline.

Why is this the case? I must admit I'm fairly comfortable not rotating
my keys (which are on OpenPGP smartcards). But I can think of lines of
reasoning where it makes sense to rotate, but still keep the old
decryption key available. Think: "There's a non-zero chance that someone
got my private key material, but at least they can only decrypt stuff
encrypted in 2011, all other years use a different key". Note in this
scenario it is nice if I can still easily access my 2011 material as well.

I'm not saying this is a solid line of reasoning. I'm just curious why
limiting access to the decryption key is the only thing that makes sense.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg-pkcs11 status & future

[Werner Koch]

On Fri, 26 Feb 2016 14:31, ndk.cla...@gmail.com said:

> same) "problem" with having only 3 keypairs (for example I can't rotate
> encryption key every year unless I'm prepared to have a different card
> per year).

Wy do you want to rotate keys and still keep all the old keys on your
smartcard?  Rotating does only make sense if you take the old key
soon offline.  I can thus see the reason for one additional key on the
card so that it is possible to decrypt with the old or the new key for
some time.  Then delete the old key from the card.

In any case you need to load the keys onto the card and don't have the
card create the key.  Smartcards may break and then you would not be
able to decrypt anything if you don't have an offline backup the key.


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gnupg-pkcs11 status & future

[NdK]

Hello all.

Is gnupg-pkcs11 still maintained? Files on sourceforge are from 2011...

The idea of using a "standard" key container for GPG keys is appealing,
and it could solve my (very personal, I admit, but maybe others feel the
same) "problem" with having only 3 keypairs (for example I can't rotate
encryption key every year unless I'm prepared to have a different card
per year).
With nearly every card I could have a look at, I can keep at least a
dozen keypairs, so that would reduce to one smartcard every 10 years.

BYtE,
 Diego

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Single GPG key and multiple yubikeys

[Marko Božiković]

On 25/02/2016 14:58, Richard Genthner wrote:
> Yeah, what I'm hoping to do is be able to carry my card with me and jump on a
> terminal while traveling and sign and login to things.

Maybe keep two separate gpg home dirs, one for each yubikey?


-- 
Marko
ICQ: 5990814

I'm not under the alkafluence of inkahol
that some thinkle peep I am.
It's just the drunker I sit here the longer I get.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Single GPG key and multiple yubikeys

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 02/26/2016 12:31 PM, Martin Konold wrote:
> Am Donnerstag, 25. Februar 2016, 15:56:32 CET schrieb Peter
> Lebbing:
> 
> Hi,
> 
>> Note that it is very impractical to regularly use two smartcards
>> on the same computer because of all this. You should probably
>> stick to using a single smartcard on any single computer.
> 
> In case there is an urgent need to use two smartcards on the same
> computer and account I recommend to make use of scdaemon.conf and
> seperate GNUHOME directories. You may then differentiate between
> the two cards with the gpg -- homedir commandline option.

This sounds somewhat complex given that the it'd require duplication
of configuration and pubring and a separate private key store. A
workaround currently could be to remove the specific keygrip files
from private-keys-v1.d (for gnupg 2.1) for the known stubs and doing a
gpg-connect-agent learn /bye or gpg --card status during e.g smartcard
attachment in an udev rule etc, etc.

But see the thread "Re: stub-key migration from gpg 1.4/2.0 to 2.1"
where it is also discussed some options.

- -- 
- 
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
Aquila non capit muscas
The eagle does not hunt flies
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJW0Dp1AAoJECULev7WN52Fh+0H/Ruw6bBUfAXrwzqf2Z0hi1YB
E3Uuz6GD0U1/1x8C682VriZPoKrW7PYNCQnWHG3/+FV8QvUJoYvbyW0UYX9bjFVl
QFSgDVi7aSVNDoVnUpHpC92CBvm5p4VCcocki3a/5umsncT8ka2o9VoA8sPm9g/u
GGooX59Y9Dyd3K9PpHdn7oai2S9NeWoKsNxaPeIS4mFmtAikJ3e8yVZkJDSnr5x0
TB8s0cVWdc3+4y/FLR/9BtQRFoJ4HEeYjZQVadCB5U9xVtydiaPGE8Oc0xPgCUjW
x81pHi6/NCHKPBDoS5SNhUhIymiblmV9NJp1v4FEunHhHH5mlHo9Yt1XhlvwVis=
=dZCh
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Single GPG key and multiple yubikeys

[Martin Konold]

Am Donnerstag, 25. Februar 2016, 15:56:32 CET schrieb Peter Lebbing:

Hi,

> Note that it is very impractical to regularly use two smartcards on the
> same computer because of all this. You should probably stick to using a
> single smartcard on any single computer.

In case there is an urgent need to use two smartcards on the same computer and 
account I recommend to make use of scdaemon.conf and seperate GNUHOME 
directories. You may then differentiate between the two cards with the gpg --
homedir commandline option.

Kind Regards
--martin konold

-- 
Dipl.-Physiker Martin Konold

e r f r a k o n Partnerschaftsgesellschaft
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Registergericht: Amtsgericht Stuttgart PR 126
Firmensitz: Adolfstraße 23, 70469 Stuttgart
fon: 0711 67400963
fax: 0711 67400959
email: martin.kon...@erfrakon.de
http://www.erfrakon.com



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: cipher used when both --encrypt and --symmetric is specified

[Martin Ilchev]

Hi Peter,

Thanks for the reply.

I did browse the man pages quite a bit (I am a bit afraid I browsed too
much and touched stuff I should leave well alone :))

I did set my key preferences a few months ago and made sure the key had
them as well. Here is the output of showperf:

 Cipher: AES256, AES192, AES, CAST5, 3DES


 Digest: SHA512, SHA384, SHA256, SHA224, SHA1


 Compression: ZLIB, BZIP2, ZIP, Uncompressed
 Features: MDC, Keyserver no-modify

Also here is all the stuff I have in my gpg.conf:
```
personal-cipher-preferences AES256 TWOFISH CAMELLIA256 AES192
CAMELLIA192 AES CAST5 CAMELLIA128 BLOWFISH IDEA 3DES
personal-digest-preferences SHA512 SHA384 SHA256 SHA224 AES256 AES192
AES CAST5 ZLIB BZIP2 ZIP Uncompressed
s2k-digest-algo SHA512
keyserver hkps://hkps.pool.sks-keyservers.net
keyserver-options
ca-cert-file=/home/martin/.gnupg/sks-keyservers.netCA.pem
keyserver-options no-honor-keyserver-url
keyid-format 0xlong
with-fingerprint
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES
CAST5 ZLIB BZIP2 ZIP Uncompressed
use-agent
```

Let me know if you need more info.

Regards,
Martin

On Fri, 26 Feb 2016 at 09:55 Peter Lebbing  wrote:

> On 25/02/16 15:42, Martin Ilchev wrote:
> > I am looking for some help to figure out what cipher is used for
> > symmetric encryption when both pass phrase and public keys are used. I
> > have configured my gpg.conf with my preferred cipher algorithms as
> follows:
> > personal-cipher-preferences AES256 TWOFISH CAMELLIA256 AES192
> > CAMELLIA192 AES CAST5 CAMELLIA128 BLOWFISH IDEA 3DES
>
> Those preferences are not what is used when encrypting to your own key.
> To see those do:
>
> $ gpg2 --edit-key {KEYID}
> > showpref
>
> To change them do:
>
> > setpref 
>
> Note that this refers to all types of preferences, not just ciphers.
>
> To set a default preference list for setpref, include in your gpg.conf:
>
> default-preference-list 
>
> I'd suggest a bit of browsing through the man page with a search term of
> "preference" :). Note that these key preferences are part of your public
> key, and if you want others to respect them as well, they need to
> refresh your public key with the new preferences if you change them.
>
> > 2. Symmetrically encrypt and also encrypt for my own public key:
> > gpg2 -vvv --symmetric --encrypt --sign -r 0x1234567890ABCDEF somefile
> > decrypting the file shows that the cipher used is CAST5
>
> It would be helpful to know what your key preferences are, since it
> might just be the most preferred algorithm from the intersection of
> personal preferences and key preferences.
>
> HTH,
>
> Peter.
>
> --
> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at 
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Decrypt without importing key to keyring

[Martin Konold]

Am Donnerstag, 25. Februar 2016, 08:35:28 CET schrieb Werner Koch:

Hi,

> On Wed, 24 Feb 2016 11:34, thecisso...@hotmail.fr said:
> > Hi, is there a way to use a private key (PGP) to decrypt a message
> > without adding it to the keyring.

There is of course the option to leave the private key exclusivly on an 
OpenPGP Smartcard. This only requires a stub in the keyring which can be 
recreated on demand.

Kind Regards
--martin konold

-- 
Dipl.-Physiker Martin Konold

e r f r a k o n Partnerschaftsgesellschaft
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Registergericht: Amtsgericht Stuttgart PR 126
Firmensitz: Adolfstraße 23, 70469 Stuttgart
fon: 0711 67400963
fax: 0711 67400959
email: martin.kon...@erfrakon.de
http://www.erfrakon.com




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: cipher used when both --encrypt and --symmetric is specified

[Peter Lebbing]

On 25/02/16 15:42, Martin Ilchev wrote:
> I am looking for some help to figure out what cipher is used for
> symmetric encryption when both pass phrase and public keys are used. I
> have configured my gpg.conf with my preferred cipher algorithms as follows:
> personal-cipher-preferences AES256 TWOFISH CAMELLIA256 AES192
> CAMELLIA192 AES CAST5 CAMELLIA128 BLOWFISH IDEA 3DES

Those preferences are not what is used when encrypting to your own key.
To see those do:

$ gpg2 --edit-key {KEYID}
> showpref

To change them do:

> setpref 

Note that this refers to all types of preferences, not just ciphers.

To set a default preference list for setpref, include in your gpg.conf:

default-preference-list 

I'd suggest a bit of browsing through the man page with a search term of
"preference" :). Note that these key preferences are part of your public
key, and if you want others to respect them as well, they need to
refresh your public key with the new preferences if you change them.

> 2. Symmetrically encrypt and also encrypt for my own public key:
> gpg2 -vvv --symmetric --encrypt --sign -r 0x1234567890ABCDEF somefile
> decrypting the file shows that the cipher used is CAST5

It would be helpful to know what your key preferences are, since it
might just be the most preferred algorithm from the intersection of
personal preferences and key preferences.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What are key helpers?

[Daniel Kahn Gillmor]

On Thu 2016-02-25 09:21:45 +0100, Josef Carnap  wrote:

> In the option desription of --exec-path and in some descriptions of
> other options as well I can read of "Key helpers".
> What kind of program is a key helpers? Are key helpers part of the GnuPG
> suite oder are they external programs?

they're separate programs that operate over more-or-less well-defined
interfaces (stdin/stdout text-based interaction, usually), most of which
are shipped as part of the GnuPG suite.

> Does anybody know some examples and for wehat purposes one could use hey
> helpers?

take a look at the execpath in your installed system
(e.g. /usr/lib/gnupg/ or /usr/lib/gnupg2/ on debian systems) for
examples.  many of the helpers in gnupg 1.4.x are related to connections
to keyservers.  in 2.1.x all the network connections are handled by
dirmngr, so they aren't needed.

in 2.0.x and 2.1.x, gpg-check-pattern is an example -- its --help
output shows:

---
Syntax: gpg-check-pattern [options] patternfile
Check a passphrase given on stdin against the patternfile

Options:
 
 -v, --verbose   verbose
 --check run only a syntax check on the patternfile
 -0, --null  input is expected to be null delimited
---

hth,

--dkg

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users