Re: git commit signing: Asked for smartcard as it's plugged in

2018-03-27 Thread NIIBE Yutaka 
Gabriel Augendre  wrote:
> Whenever I need to sign a git commit, I need to plug my Yubikey in and
> type the pin code. That works perfectly just after logging into my
> session, but if the computer goes to sleep (that's my guess, not sure
> about that) and I wake it up and try to sign another commit, GPGTools
> pinentry keeps asking to plug the yubikey in even though it's already
> there.

I think that this is related to the bug report:

https://dev.gnupg.org/T3825

I found that there are (at least four) different issues; Device firmware
problem, GnuPG scdaemon problem, PC/SC problem for GNU/Linux, and Linux
kernel problem.

Since your case is on macOS, latter two are not relevant.

I think that Yubikey somehow doesn't work well for USB suspend.  For
this problem, please contact the manufacturer.

I fixed a problem of GnuPG scdaemon and implemented work around for
device problem.  It will be in 2.2.6.  With the fix and the work around,
scdaemon tries to reset device after such a failure.  So, you won't need
to manually re-plug your device, but PIN input will be required, since
the device will be reset.

For GNU/Linux, I'd recommend to use internal CCID driver, instead.  It
seems that PC/SC development doesn't have an interest for suspend/resume.

The kernel problem is here:

https://www.spinics.net/lists/kernel/msg2757378.html

Since it is a kind of corner case which has been there long time, I
could not expect fix will be included soonish (or even getting
attention).  Thus, I changed scdaemon using pipe instead of signal (in
forthcoming 2.2.6).
-- 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

git commit signing: Asked for smartcard as it's plugged in

2018-03-27 Thread Gabriel Augendre 
Hello,

This question has originally been posted to GPGTools support [1], who
redirected me there.

I'm trying to use GPGTools for git commit signing, using a MacBook Air
(macOS 10.13.3) and gpg version 2.2.3.

I used this tutorial [2] (I guess, it was a while ago) to generate a
key pair and add subkeys to my yubikey.

Whenever I need to sign a git commit, I need to plug my Yubikey in and
type the pin code. That works perfectly just after logging into my
session, but if the computer goes to sleep (that's my guess, not sure
about that) and I wake it up and try to sign another commit, GPGTools
pinentry keeps asking to plug the yubikey in even though it's already
there.

As a workaround, I'm forced to go to the terminal, killall gpg-agent
and then retry the operation, then it works. Do you have any idea why
that happens ?

Best regards,
Gabriel

[1] 
https://gpgtools.tenderapp.com/discussions/problems/69206-asked-for-smartcard-as-its-plugged-in
[2] 
https://www.yubico.com/support/knowledge-base/categories/articles/use-yubikey-openpgp/

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Features vs versions

2018-03-27 Thread Mike Inman 
Hi,

I'm working with libgcrypt in a CentOS 7 distribution that includes version
1.5.3... I'd like to use GCRY_CIPHER_MODE_CCM but this
https://markmail.org/message/pavkgenzrd4mmbpu makes me think that it isn't
available in 1.5.3?

Is there an easy table of what features became stable in libgcrypt vs when?

I see the old releases here: https://github.com/gpg/libgcrypt/releases but
it's a little cumbersome to download and search the source, and even then
that's not always a good way to judge stability.

Thanks,

Mike
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Is signing a file with multiple keys possible

2018-03-27 Thread Werner Koch 
On Sat, 24 Mar 2018 00:31, gnupg-users@gnupg.org said:

> For Example: John, Harry and Sally wrote a file, lets assume it is a
> text file. Now all of them want to sign this file, so that when
> verifying it, all three signatures are visible.

If you use binary detached signatures (-sb) this is pretty easy.  You
can simply concatenate the signature files.  We do this for gnupg
releases.  gnupg/build-auc/append-signature.sh is a script which helps
with this workflow.

If the messages are armored you need to de-armor (gpg --dearmor) them
first, concatenate and en-armor them.  Finnally fix up the armor lines.


Shalom-Salam,

   Werner


-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpkmMztVjDpt.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: compilation error for libgpg-error-1.28 on armhf

2018-03-27 Thread Werner Koch 
On Sat, 24 Mar 2018 23:26, mac3...@gmail.com said:

> it possible to easily make speedo use v1.27?

After the first attempt modify the downloaded swdb.lst file and add
  CUSTOM_SWDB=1
to the make -f ... line.  That should by pass the integrity check and
download the version you entered there.

I try to get a 1.29 out this week.


Salam-Shalom,

   Werner

-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpcrvyVwDOgn.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users