Re: RSA pub-sec pri key pair + ELG enc + RSA sign subkeys + EDDSA/ECDH subkeys -> e-mail familiar RSA/ELG key recipient

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Friday 10 June 2016 at 2:11:30 PM, in
, Brian Minton
wrote:



> For signing, I like to put both key IDs (in my case,
> ed25519 and DSA) in
> my gnupg conf file, so signing automatically uses
> both keys.

I do that, and have had feedback from Enigmail users that they only
saw the verification report of one of the two signatures. Switching
the order of the "local-user" lines in my gpg.conf file toggled
whether Enigmail reported the signature to the recipient as Good,
or not.

This was before Christmas, so maybe the Enigmail people fixed it in the
meantime.

- --
Best regards

MFPA  

Roses smell better than onions but don't make such good soup
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJXWzRyXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwBN0H/ioFMGS1lvM/575G6wOkWG9o
Ry6180FO3cHuJnIOzyphgZFp1AsWkK7T57wk7BzalOKmzqShiCBEeAHO5kYdPSrl
7hVfmRuO2Tmgr4XAIwhv9goalFeAQUvbHun3k0PxvYMfDelYTIlNYJqW+8djZCDZ
j46mj19aZUcOFR7gkz/HHZfXocA2a+ILNW6sQplFeDt1lExeufX3pzUYZ+ct3qgC
/8L6gji8dYgXeVeOOKr5aRiQ2cvWVG0SlTZW9E1PHo+eeFlnHHiCPWkAzinSU6UJ
d/cUprpKdcxIApeQC6I68UETLlJTybKvc5wDssAwl3WKhBJTZlyLpLzDvk3rLqiI
vgQBFgoAZgUCV1s0cl8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45PpOAP47oOdnUoVUu5j9wVPhe88z41yK
m4HkTVcKPIXW3Fu7vQEAkPhTMpiBhKNarmNyUaM+e/9VsNbweIR4zOknevp8EQs=
=KDzz
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

AW: WINDOWS - Adding passphrase to gpg via command line

[Mike Kaufmann]

Hallo Herr Koch (Ich nehme jetzt mal an, dass sie deutsch sprechen...)

Besten Dank für Ihre Antwort! Ich benutze GnuGP das erste Mal und kenne mich 
deshalb nicht so gut aus ;)

Frage:
Gibt es eine Möglichkeit, den KeyGrip aus dem KeyRing z.B. via --homedir  zu ermitteln?

Oder noch besser den KeyGrip gleich dynamisch im dem von Ihnen vorgeschlagenen 
Befehl zu verwenden?

Unsere Anforderung ist es, Files aus einer .NET Applikation auf einem Windows 
Server zu signieren und zu verschlüsseln.
Da dies auf dem Server geschieht, darf es keine User Interaktion geben. Deshalb 
kein Passphrase Abfragedialog ;)


Herzlichen Dank für Ihre Hilfe!

Freundliche Grüsse
Mike Kaufmann

-Ursprüngliche Nachricht-
Von: Werner Koch [mailto:w...@gnupg.org] 
Gesendet: Freitag, 10. Juni 2016 09:51
An: Mike Kaufmann 
Cc: gnupg-users@gnupg.org
Betreff: Re: WINDOWS - Adding passphrase to gpg via command line

Hi!

On Thu,  9 Jun 2016 15:29, m.kaufm...@infotech.li said:

> Im am using GnuPG v2.1.11.59877 on Windows 10. The utility 
> gpg-preset-passphrase.exe is not available on my system. Is there a 
> location I can download this tool and install on my machine? I would 
> like to use the tool, to set the password on gpg-agent.

I think that gpg-preset-passpharse is not the right tool and you either should 
not set a passphrase for the key or use the gpg option 
--pinentry-mode=loopback.  However, I can distribute gpg-preset-passpharse with 
the next Windows installer (2.1.13) - hopefully next week.

There is a workaround, though:

  gpg-connect-agent 'PRESET_PASSPHRASE  -1 ' /bye

The  is what you would also use with gpg-preset-passphrase.
The  is, well, you passphrase which needs to be percent-escaped 
(e.g. "foo far" -> "foo%20bar").  If you do not want to type the passphrase, 
gpg-connect-agent has a simple script language which can help here.


Shalom-Salam,

   Werner


--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
/* EFH in Erkrath: https://alt-hochdahl.de/haus */


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: RSA pub-sec pri key pair + ELG enc + RSA sign subkeys + EDDSA/ECDH subkeys -> e-mail familiar RSA/ELG key recipient

[Brian Minton]

On Fri, Jun 10, 2016 at 11:19 AM, Fulano Diego Perez <
fulanope...@cryptolab.net> wrote:

>
> trade-off for larger signature for me worth it
>

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Ed25519 and DSA signatures are both small.  The resulting ascii
signature block with 2 keys is still smaller than most RSA ones seen
today.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EARYIAAYFAldbF/sACgkQN7lQes/yAW612wD9FpCk+5cwez9Ewr7G/CRd40Dd
OSiG+xOOkkQcNeTCC20A/1d1s9Sj+MkAsIIlxS1pT8hAca9Vg/2ExzTf9t7vKKAK
iF4EAREIAAYFAldbF/wACgkQa46zoGXPuqmsEwD/Q5z1Sf9xu/3iObpUIHPHMfKj
y45jPQE1du41Hcxr+04A/0b+IMlcWkCzAPBBo38rhJ+leTdGKzh99pt6CdeAjhdr
=Ty0P
-END PGP SIGNATURE-
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

AW: AW: WINDOWS - Adding passphrase to gpg via command line

[Mike Kaufmann]

Hi,

I'll try it in english again :)

To me as a beginner it's not very handy to use GnuPG. It's very complicated.

I've tried to use the following commands in Windows Command Line to set 
passphrase in gpg-agent.
gpg-agent --allow-preset-passphrase
gpg-connect-agent PRESET_PASSPHRASE "MyKeyGrip" -1 "MyPassphrase"

I always receive the error message:
ERR 67108924 Not supported  - no --allow-preset-passphrase

There are also many articles on the net that describe to add 
--allow-preset-passphrase to the file gpg-agent.conf. 
On my Windows 10 system I can't find such a file. Can I create an empty text 
file, change it's extension, add --allow-preset-passphrase to it and save it to 
the same location as the gpg.exe file?


You've mentioned the --pinentry-mode-lookback.
Could you give me some advice howto to use this option?
Whitch options do I have to set in gpg-agent?
Whitch commands do I have to execute in Windows Command Line to sign a file 
without pinentry dialog?

At the moment I use the following command:
gpg --homedir c:\PreProd\MyKeyRing --output C:\SignedFiles\temp.asc --armor -u 
i...@info.com --digest-algo SHA512 --sign c:\UnSignedFiles\temp.csv

What modifications do I have to made on my command to sign the file without 
passphrase dialog?

Kind Regards,
Mike

-Ursprüngliche Nachricht-
Von: Werner Koch [mailto:w...@gnupg.org] 
Gesendet: Freitag, 10. Juni 2016 13:46
An: Mike Kaufmann 
Cc: gnupg-users@gnupg.org
Betreff: Re: AW: WINDOWS - Adding passphrase to gpg via command line

On Fri, 10 Jun 2016 10:23, m.kaufm...@infotech.li said:

> Gibt es eine Möglichkeit, den KeyGrip aus dem KeyRing z.B. via 
> --homedir  zu ermitteln?

Example:

$ gpg --with-keygrip --with-fingerprint --with-colons -k 1e42b367
tru:o:1:1465230074:1:3:1:5
pub:f:2048:17:F2AD85AC1E42B367:1199118275:1546232400::f:::scESC:::
fpr:80615870F5BAD690333686D0F2AD85AC1E42B367:
grp:44B9E7E287B11C0E033A1A93ECCFDBC6AF7CCFAE:

> Oder noch besser den KeyGrip gleich dynamisch im dem von Ihnen 
> vorgeschlagenen Befehl zu verwenden?

No, that is not possible becuase gpg-agent does not know about the OpenPGP 
protocol.


Salam-Shalom,

   Werner

p.s
Please stick to English in this list ;-)
--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
/* EFH in Erkrath: https://alt-hochdahl.de/haus */

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: AW: AW: WINDOWS - Adding passphrase to gpg via command line

[Werner Koch]

On Fri, 10 Jun 2016 14:18, m.kaufm...@infotech.li said:

> There are also many articles on the net that describe to add 
> --allow-preset-passphrase to the file gpg-agent.conf. 
> On my Windows 10 system I can't find such a file. Can I create an

You need to create it in the homedir.  

  gpg --versions

shows the homedir, or use

  gpgconf --list-dirs

which also has a homedir line.  Then go to that directory, and put a
the lines

verbose
allow-preset-passphrase

into a file named gpg-agent.conf.  (verbose is not really needed but
might be helpful).  Then kill gpg-agent :

  gpgconf --kill gpg-agent

and things should work.

> You've mentioned the --pinentry-mode-lookback.
> Could you give me some advice howto to use this option?

I leave that to others ;-)


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
/* EFH in Erkrath: https://alt-hochdahl.de/haus */


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: RSA pub-sec pri key pair + ELG enc + RSA sign subkeys + EDDSA/ECDH subkeys -> e-mail familiar RSA/ELG key recipient

[Fulano Diego Perez]

> On Fri, Jun 10, 2016, 3:58 AM Fulano Diego Perez 
> <fulanope...@cryptolab.net> wrote:
> 
> will gnupg 2.1.x automatically select the senders' older _non
> expired_ RSA/ELG subkeys so the recipient can decrypt/verify
> signed/encrypted email ?
> 
> is the converse true for the sender for whatever software
> implementation they use (is this wishful thinking?) - in that their
> software will not fail after detecting newer incompatible subkeys,
> and then proceed to select the recipients' older but valid,
> compatible subkeys ?
> 
> in other words at this time can gnupg 2.1.x automatically,
> compatibly operate with both RSA and EDDSA/ECDH keys/subkeys ?
> 
> 
> This is exactly the situation I'm in with my public key,
> 0424DC19B678A1A9.
> 
> Here's what gpg2 -K shows:
> 
> sec   rsa4096/0424DC19B678A1A9 2014-10-08 [C] [expires: 2016-10-07] 
> uid [ultimate] Brian Minton 
> <br...@minton.name> uid
> [ultimate] Brian Minton 
> <bjmg...@gmail.com> uid
> [ultimate] Brian Minton 
> <bmin...@blinkenshell.org> uid
> [ultimate] [jpeg image of size 5202] uid [ultimate]
> Brian Minton <bmin...@freeshell.de> uid
> [ultimate] keybase.io/bjmgeek 
> mailto:bjmg...@keybase.io>> ssb
> nistp384/EA49CFDB55D113E9 2014-10-12 [E] [expires: 2016-10-11] ssb
> ed25519/37B9507ACFF2016E 2014-10-12 [S] [expires: 2016-10-11] ssb
> elg3200/28FA8B9659A70692 2016-03-07 [E] [expires: 2016-10-10] ssb
> elg2048/25353D56E26A744C 2014-10-09 [E] [expires: 2016-10-08] ssb
> elg2048/32483BAF5EA82613 2014-10-10 [E] [expires: 2016-10-09] ssb
> dsa2048/6B8EB3A065CFBAA9 2014-10-10 [S] [expires: 2016-10-09]
> 
> For encryption, people encrypting to you will use whatever key their 
> software can use. If the ECC key is newer, then senders that can use
> it will by default, while senders that can't will use your ELG key.
> So, keep both secret keys available and you'll be fine.  Note that I
> have a few extra ELG keys which I keep around just in case I need to
> decrypt a file that I encrypted with them.  There's nothing wrong
> with them, so I haven't revoked them.  However, gpg (and probably
> other PGP clients will use the newest usable key, so people
> encrypting to me with gpg2.1 will use EA49CFDB55D113E9 to encrypt,
> and people using gpg 2.0 and earlier will use 28FA8B9659A70692.
> 
> For signing, I like to put both key IDs (in my case, ed25519 and DSA)
> in my gnupg conf file, so signing automatically uses both keys. The
> trick is to use the key IDs of each subkey with an exclamation point
> so gnupg takes that specific key.

thanks so much for that tip
in the manual of course i missed it

> For instance, here are the relevant lines from my
> ~/.gnupg/gpg.conf-2 file (side note: if you use both gpg 1 and 2 you
> can use that kind of config file name to have different config files
> for each version):
> 
> *local-user 37B9507ACFF2016E! local-user 6B8EB3A065CFBAA9!*

good call

> 
> The nice thing about this setup is that I don't need to have any
> sender- or recipient-specific rules.

less headache than per-recipient i agree

trade-off for larger signature for me worth it



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Installing gnupg

[Ben McGinnes]

On Fri, Jun 10, 2016 at 02:44:49PM +0200, Werner Koch wrote:
> On Fri, 10 Jun 2016 11:38, b...@adversary.org said:
> 
>> bash-4.3$ port search gnupg2
>> gnupg2 @2.0.29 (mail, security)
>> GNU pretty-good-privacy package
> 
> I am a bit disapointed to read this name.  GnuPG is the GNU Privacy
> Guard and not a GNU PGP.  PGP and GnuPG implement the same protocol as
> do several other software does.  Tsss, strange Mac world.

I have a few gripes with them, including the default config that
results in things like:

1. Because GPG 2.0 and 2.1 conflict, GPGME and anything that
   subsequently depends on it cannot be installed without
   modification.
   
2. The incorrect names you mentioned.

3. While there are a couple of variations of config that can be
   chosen, the variation options do not include enabling support for
   increased secmem or larger RSA key sizes.
   
OTOH the packages are all sourced from the original projects, so the
source code is the tarball from gnupg.org.  Unlike, for instance,
Homebrew, which uses github as an ad-hoc package management repository
and while their GPG sources might not be modified in some dodgy way,
there is absolutely no way of knowing without comparing each file line
by line with the originals.

Since macports does let you modify the configuration parameters by
editing the portfile and compile from source, all those issues can be
fixed manually, but it's still a little irritating.  The obvious
"solution" is to skip it and compile GPG from source, but if macports
doesn't know about that it gets in the way of things like GMIME (which
then gets in the way of running Mutt and so on).

I think I might have to wander over to the bug tracker and raise a bug
on the names anyway.  As for the conflicts between 2.0 and 2.1, that
ought to get sorted out once 2.0 goes away, or at least gets EOL'd.


Regards,
Ben


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: RSA pub-sec pri key pair + ELG enc + RSA sign subkeys + EDDSA/ECDH subkeys -> e-mail familiar RSA/ELG key recipient

[Brian Minton]

On Fri, Jun 10, 2016, 3:58 AM Fulano Diego Perez
mailto:fulanope...@cryptolab.net>> wrote:

will gnupg 2.1.x automatically select the senders' older _non expired_
RSA/ELG subkeys so the recipient can decrypt/verify signed/encrypted
email ?

is the converse true for the sender for whatever software implementation
they use (is this wishful thinking?) - in that their software will not
fail after detecting newer incompatible subkeys, and then proceed to
select the recipients' older but valid, compatible subkeys ?

in other words at this time can gnupg 2.1.x automatically, compatibly
operate with both RSA and EDDSA/ECDH keys/subkeys ?


This is exactly the situation I'm in with my public key, 0424DC19B678A1A9.

Here's what gpg2 -K shows:

sec   rsa4096/0424DC19B678A1A9 2014-10-08 [C] [expires: 2016-10-07]
uid [ultimate] Brian Minton mailto:br...@minton.name>>
uid [ultimate] Brian Minton mailto:bjmg...@gmail.com>>
uid [ultimate] Brian Minton mailto:bmin...@blinkenshell.org>>
uid [ultimate] [jpeg image of size 5202]
uid [ultimate] Brian Minton mailto:bmin...@freeshell.de>>
uid [ultimate] keybase.io/bjmgeek
 mailto:bjmg...@keybase.io>>
ssb   nistp384/EA49CFDB55D113E9 2014-10-12 [E] [expires: 2016-10-11]
ssb   ed25519/37B9507ACFF2016E 2014-10-12 [S] [expires: 2016-10-11]
ssb   elg3200/28FA8B9659A70692 2016-03-07 [E] [expires: 2016-10-10]
ssb   elg2048/25353D56E26A744C 2014-10-09 [E] [expires: 2016-10-08]
ssb   elg2048/32483BAF5EA82613 2014-10-10 [E] [expires: 2016-10-09]
ssb   dsa2048/6B8EB3A065CFBAA9 2014-10-10 [S] [expires: 2016-10-09]

For encryption, people encrypting to you will use whatever key their
software can use. If the ECC key is newer, then senders that can use it
will by default, while senders that can't will use your ELG key. So,
keep both secret keys available and you'll be fine.  Note that I have a
few extra ELG keys which I keep around just in case I need to decrypt a
file that I encrypted with them.  There's nothing wrong with them, so I
haven't revoked them.  However, gpg (and probably other PGP clients will
use the newest usable key, so people encrypting to me with gpg2.1 will
use EA49CFDB55D113E9 to encrypt, and people using gpg 2.0 and earlier
will use 28FA8B9659A70692.

For signing, I like to put both key IDs (in my case, ed25519 and DSA) in
my gnupg conf file, so signing automatically uses both keys. The trick
is to use the key IDs of each subkey with an exclamation point so gnupg
takes that specific key.

For instance, here are the relevant lines from my ~/.gnupg/gpg.conf-2
file (side note: if you use both gpg 1 and 2 you can use that kind of
config file name to have different config files for each version):

*local-user 37B9507ACFF2016E!
local-user 6B8EB3A065CFBAA9!*

The nice thing about this setup is that I don't need to have any sender-
or recipient-specific rules.



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Installing gnupg

[Werner Koch]

On Fri, 10 Jun 2016 11:38, b...@adversary.org said:

> bash-4.3$ port search gnupg2
> gnupg2 @2.0.29 (mail, security)
> GNU pretty-good-privacy package

I am a bit disapointed to read this name.  GnuPG is the GNU Privacy
Guard and not a GNU PGP.  PGP and GnuPG implement the same protocol as
do several other software does.  Tsss, strange Mac world.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
/* EFH in Erkrath: https://alt-hochdahl.de/haus */


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: AW: WINDOWS - Adding passphrase to gpg via command line

[Werner Koch]

On Fri, 10 Jun 2016 10:23, m.kaufm...@infotech.li said:

> Gibt es eine Möglichkeit, den KeyGrip aus dem KeyRing z.B. via
> --homedir  zu ermitteln?

Example:

$ gpg --with-keygrip --with-fingerprint --with-colons -k 1e42b367
tru:o:1:1465230074:1:3:1:5
pub:f:2048:17:F2AD85AC1E42B367:1199118275:1546232400::f:::scESC:::
fpr:80615870F5BAD690333686D0F2AD85AC1E42B367:
grp:44B9E7E287B11C0E033A1A93ECCFDBC6AF7CCFAE:

> Oder noch besser den KeyGrip gleich dynamisch im dem von Ihnen
> vorgeschlagenen Befehl zu verwenden?

No, that is not possible becuase gpg-agent does not know about the
OpenPGP protocol.


Salam-Shalom,

   Werner

p.s
Please stick to English in this list ;-)
-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
/* EFH in Erkrath: https://alt-hochdahl.de/haus */


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Installing gnupg

[Ben McGinnes]

On Thu, Jun 09, 2016 at 11:11:13AM -0400, Robert J. Hansen wrote:
> > I have OSX El Capitan.
> 
> GPGOSX provides a newer version of GnuPG than GPGTools does:
> 
> https://sourceforge.net/projects/gpgosx/

MacPorts usually stays reasonably up to date:

bash-4.3$ port search gnupg2
gnupg2 @2.0.29 (mail, security)
GNU pretty-good-privacy package

gnupg21 @2.1.12 (mail, security)
GNU pretty-good-privacy package

Found 2 ports.
bash-4.3$

Although getting the modern branch (gnupg21) to play nicely with gpgme
(and thus gmime as well) requires editing the portfiles for the latter
packages to change the dependencies from gnupg2 to gnupg21.


Regards,
Ben


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: WINDOWS - Adding passphrase to gpg via command line

[Werner Koch]

Hi!

On Thu,  9 Jun 2016 15:29, m.kaufm...@infotech.li said:

> Im am using GnuPG v2.1.11.59877 on Windows 10. The utility
> gpg-preset-passphrase.exe is not available on my system. Is there a
> location I can download this tool and install on my machine? I would
> like to use the tool, to set the password on gpg-agent.

I think that gpg-preset-passpharse is not the right tool and you either
should not set a passphrase for the key or use the gpg option
--pinentry-mode=loopback.  However, I can distribute
gpg-preset-passpharse with the next Windows installer (2.1.13) -
hopefully next week.

There is a workaround, though:

  gpg-connect-agent 'PRESET_PASSPHRASE  -1 ' /bye

The  is what you would also use with gpg-preset-passphrase.
The  is, well, you passphrase which needs to be
percent-escaped (e.g. "foo far" -> "foo%20bar").  If you do not want to
type the passphrase, gpg-connect-agent has a simple script language
which can help here.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
/* EFH in Erkrath: https://alt-hochdahl.de/haus */


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RSA pub-sec pri key pair + ELG enc + RSA sign subkeys + EDDSA/ECDH subkeys -> e-mail familiar RSA/ELG key recipient

[Fulano Diego Perez]

sender:
RSA pub-sec pri key pair + ELG enc + RSA sign subkeys + EDDSA/ECDH subkeys

recipient:
RSA and/or ELG key recipient

sender e-mails recipient

sender has in addition to older _non expired_ RSA/ELG subkeys, newer
EDDSA/ECDH enc/sign subkeys

recipient has familiar RSA pri key and _may_ have newer RSA/ELG enc/sign
subkeys

recipient has no software support for EDDSA/ECDH

will gnupg 2.1.x automatically select the senders' older _non expired_
RSA/ELG subkeys so the recipient can decrypt/verify signed/encrypted email ?

is the converse true for the sender for whatever software implementation
they use (is this wishful thinking?) - in that their software will not
fail after detecting newer incompatible subkeys, and then proceed to
select the recipients' older but valid, compatible subkeys ?

in other words at this time can gnupg 2.1.x automatically, compatibly
operate with both RSA and EDDSA/ECDH keys/subkeys ?

is manual subkey override necessary per-recipient ?

is there a global default option to allow this scenario with mixed keys
without manual intervention ?

i did a few tests but not sure about this - the sender gnupg 2.1.12
libgcrypt 1.7.0-beta didnt use its older _non expired_ RSA/ELG subkeys
to sign/enc to the recipient with the familiar RSA keypair



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users