Re: GnuPG-card works in the Ubuntu smartphone
On Sun, Sep 24, 2017 at 05:55:28PM +, Matthias Apitz wrote: > > I'm not on Emacs, but vim. But, with the example you gave and > looking on some sources in the blog at gnupg.org I think I can do > it. Groff was more challenging in the past :-) You can always use the quick and dirty solution: write it in Markdown and then use pandoc to convert from that to Org-Mode. It might need a little tweaking or adjustment afterwards, but probably not much. Regards, Ben signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing failed -- "No secret key", even though I have the key
On 2017-09-24 at 17:34, azarus wrote: > This is what gpg -K lists: > > /home/azarus/.gnupg/pubring.kbx > --- > sec rsa4096 2016-12-20 [SC] > > uid [ultimate] > uid [ultimate] > ssb rsa4096 2016-12-20 [E] > ssb# rsa4096 2017-06-23 [SE] > You're missing the secret part of your subkey: > ssb# rsa4096 2017-06-23 [SE]) ... and, for at least GnuPG >= 2.1.0, GPGAgent most likely wants to use that subkey because it has been detected in the pubring.gpg or pubring.kbx keyring, but due to the missing secret part GPGAgent doesn't fallback to the master key with signing capabilities which you have its secret parts. -- Juan Miguel Navarro Martínez GPG Keyfingerprint: 5A91 90D4 CF27 9D52 D62A BC58 88E2 947F 9BC6 B3CF signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG-card works in the Ubuntu smartphone
El día domingo, septiembre 24, 2017 a las 05:31:56p. m. +0200, Werner Koch escribió: > On Sun, 24 Sep 2017 10:59, g...@unixarea.de said: > > > I would be happy to write something in this blog, but I never wrote > > something in 'org-mode' format, any pointer to some guide? I'm attaching > > If you are on Emacs it is already included and part of Emacs help > system. It's website is org-mode.org. The markup is easy: I'm not on Emacs, but vim. But, with the example you gave and looking on some sources in the blog at gnupg.org I think I can do it. Groff was more challenging in the past :-) I will look for some slot next week. I will have to send it to you as I don't see a way to create an account in the blog... matthias -- Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/ ☎ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub 8. Mai 1945: Wer nicht feiert hat den Krieg verloren. 8 de mayo de 1945: Quien no festeja perdió la Guerra. May 8, 1945: Who does not celebrate lost the War. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing failed -- "No secret key", even though I have the key
On 09/24/2017 05:34 PM, azarus wrote: > ssb# rsa4096 2017-06-23 [SE] > > Can somebody explain what I'm doing wrong? A combined sign and encrypt capable subkey would be wrong #1, you likely want to revoke this one and generate separate subkeys for the various options. Aditionally, they are stubs, as indicated by the "#"-sign, so not available on the computer you're executing the signature operation on. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Nomina stultorum scribuntur ubique locorum Fools have the habit of writing their names everywhere signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Signing failed -- "No secret key" even though I have it
Hello GPG users, I have a problem regarding signing data. Whenever I try clear-signing, this appears: gpg: writing to stdout -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 hello gpg: signing failed: No secret key gpg: [stdin]: clear-sign failed: No secret key I invoked clearsign like this: echo "hello" | gpg --sign-with --clearsign This is what gpg -K lists: /home/azarus/.gnupg/pubring.kbx --- sec rsa4096 2016-12-20 [SC] uid [ultimate] uid [ultimate] ssb rsa4096 2016-12-20 [E] ssb# rsa4096 2017-06-23 [SE] Can somebody explain what I'm doing wrong? This was working a couple of days ago, I even reset my .gnupg directory from a backup, with no success. Thanks for the help! All the best, azarus ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Signing failed -- "No secret key", even though I have the key
Hello GPG users, I have a problem regarding signing data. Whenever I try clear-signing, this appears: gpg: writing to stdout -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 hello gpg: signing failed: No secret key gpg: [stdin]: clear-sign failed: No secret key I invoked clearsign like this: echo "hello" | gpg --sign-with --clearsign This is what gpg -K lists: /home/azarus/.gnupg/pubring.kbx --- sec rsa4096 2016-12-20 [SC] uid [ultimate] uid [ultimate] ssb rsa4096 2016-12-20 [E] ssb# rsa4096 2017-06-23 [SE] Can somebody explain what I'm doing wrong? This was working a couple of days ago, I even reset my .gnupg directory from a backup, with no success. Thanks for the help! All the best, azarus ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG-card works in the Ubuntu smartphone
On Sun, 24 Sep 2017 10:59, g...@unixarea.de said: > I would be happy to write something in this blog, but I never wrote > something in 'org-mode' format, any pointer to some guide? I'm attaching If you are on Emacs it is already included and part of Emacs help system. It's website is org-mode.org. The markup is easy: --8<---cut here---start->8--- # Without a .org suffix this is useful: -*- org -*- #+TITLE: Sample Document * This is a level 1 header ** This is a level 2 header Here is some text with /italics/ or *bold* or _underscored_. - First list item - Second list item - Sublist item 1 - sublist iten 2 #+begin_src source code #+end_src This is [[https://example.org][an external link]] and there are a lot of other things one does not need to know to get started. # IMHO a major annoyance in Markdown the missing of source comments like # this one in org-mode --8<---cut here---end--->8--- If you go to a blog article on gnupg.org (or actually any page) you find a link to the source right down at the bottom of the page. > below a text version of the write-up. A photo is here: Shall I do a basic markup and send it to you? Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpdujBvRErfq.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG-card works in the Ubuntu smartphone
El día domingo, septiembre 24, 2017 a las 08:56:56a. m. +0200, Werner Koch escribió: > On Sat, 23 Sep 2017 10:47, g...@unixarea.de said: > > I have the GnuPG-card working in the Ubuntu smartphone BQ E4.5, details > > here: https://forums.ubports.com/topic/554/support-for-gnupg-smartcard/3 > > Cool. > > > I could post a small how-to to some place because due to the nature of > > Would you like to write a blog entry for gnupg.org? Needs to be done in > org-mode formaty but I can offer to copyedit it for you. One or two > picture would also be nice. I would be happy to write something in this blog, but I never wrote something in 'org-mode' format, any pointer to some guide? I'm attaching below a text version of the write-up. A photo is here: http://www.unixarea.de/UbuntuPhone-GnuPG-card.jpg If it should be og better quality, I have to look for some equipment. For the connection between the USB token and the phone, I used some OTG (USB On-The-Go) cable. I own as well a small connector receiving on one end the token and to be plugged in into the phones port, but this connection is very unstable, with the cable it's fine. matthias Using GnuPG-card in the UbuntuPhone BQ E4.5: phablet@ubuntu-phablet-bq:~$ phablet@ubuntu-phablet-bq:~$ sudo chroot myRoot/ ... root@ubuntu-phablet:/# apt-get install pinentry-curses root@ubuntu-phablet:/# apt-get install pass root@ubuntu-phablet:/# apt-get install libudev-dev Installing GnuPG 2.2.1 into the 'myRoot' system compile in ~phablet (in myRoot) the following pieces: libassuan-2.4.3 libgpg-error-1.27 libksba-1.3.5 npth-1.5 libgcrypt-1.8.1 gnupg-2.2.1 always with ./configure && make && sudo make install; the software ends up below /usr/local (i.e. /home/phablet/myRoot/usr/local when one looks from outside the chroot'ed phone system); note: 'gpg2' is /usr/local/bin/gpg Now from the phone system configure: $ mkdir ~/.gnupg $ cat .gnupg/gpg.conf # agent-program /home/phablet/myRoot/usr/local/bin/gpg-agent $ cat .gnupg/gpg-agent.conf pinentry-program /home/phablet/myRoot/usr/bin/pinentry-curses scdaemon-program /home/phablet/myRoot/usr/local/libexec/scdaemon log-file /home/phablet/gpg-agent.log log-file /dev/null debug-level guru Due to the nature of the installation in the chrooted system we need small wrapper scripts to set PATH, LD_LIBRARY_PATH, ... and other stuff; $ cat ~/gpg.sh #!/bin/sh LD_LIBRARY_PATH=/home/phablet/myRoot/usr/local/lib export LD_LIBRARY_PATH PATH=/home/phablet/myRoot/usr/local/bin:$PATH export PATH GNUPGHOME=/home/phablet/.gnupgexport GNUPGHOME GPG_TTY=$(tty)export GPG_TTY /home/phablet/myRoot/usr/local/bin/gpg-agent\ --homedir /home/phablet/.gnupg \ --daemon\ --pinentry-program /home/phablet/myRoot/usr/bin/pinentry-curses /home/phablet/myRoot/usr/local/bin/gpg-connect-agent /bye /home/phablet/myRoot/usr/local/bin/gpg $* run and create for test a keypair (later we want to use the GnuPG-card for this) $ ~/gpg.sh --full-generate-key gpg-agent[2973]: enabled debug flags: mpi crypto memory cache memstat hashing ipc gpg (GnuPG) 2.2.1; Copyright (C) 2017 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? ... This starts the gpg-agent as: $ ps ax | grep gpg-a 2974 ?Ss 0:00 /home/phablet/myRoot/usr/local/bin/gpg-agent --homedir /home/phablet/.gnupg --daemon --pinentry-program /home/phablet/myRoot/usr/bin/pinentry-curses Now we can use the the 'pass' command we installed in the chroot'es system with $ cat pass.sh #!/bin/sh LD_LIBRARY_PATH=/home/phablet/myRoot/usr/local/lib export LD_LIBRARY_PATH PATH=/home/phablet/myRoot/usr/local/bin:$PATH export PATH GNUPGHOME=/home/phablet/.gnupgexport GNUPGHOME GPG_TTY=$(tty)export GPG_TTY unset GPG_AGENT_INFO /home/phablet/myRoot/usr/bin/pass $* Init the pass storage as: $ ./pass.sh init Matthias ┌┐ │ Please enter the passphrase to unlock the OpenPGP secret key: │ │ "Matthias Apitz (test) " │ │ 2048-bit RSA key, ID 93A6FBF52FA76DB0, │ │ created 2017-09-22 (main key ID 3FECB79DDDA409E4). │ │ │ │ │ │ Passphrase: ***___ │ │ │ │
Re: GnuPG-card works in the Ubuntu smartphone
On Sat, 23 Sep 2017 10:47, g...@unixarea.de said: > I have the GnuPG-card working in the Ubuntu smartphone BQ E4.5, details > here: https://forums.ubports.com/topic/554/support-for-gnupg-smartcard/3 Cool. > I could post a small how-to to some place because due to the nature of Would you like to write a blog entry for gnupg.org? Needs to be done in org-mode formaty but I can offer to copyedit it for you. One or two picture would also be nice. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgp9MSbHlttUb.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users