Re: add-photo continued ...

2019-09-04 Thread raf via Gnupg-users 
Stefan Claas via Gnupg-users wrote:

> Hi all,
> 
> some of you may remember the add-photo thread we had a while ago
> and I wondered why the max image size for a UAT packet is 16 MB.
> 
> Recently I saw a Twitter post explaining that a .jpeg image header
> can contain 16 MB of data.

That's just decadence. :-)
Just because it can, doesn't mean it should.
16MB is plenty. Use tinypng.com.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: add-photo continued ...

2019-09-04 Thread Stefan Claas via Gnupg-users 
Stefan Claas via Gnupg-users wrote:

> Recently I saw a Twitter post explaining that a .jpeg image header
> can contain 16 MB of data. I do not have the link currently handy,
> sorry!

I think I talked nonsense here about the 16 MB header size! Hopefully
I can find the authors technique again, because he posted the source
code too ...

Regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
  certified OpenPGP key blocks available on keybase.io/stefan_claas
   

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Forward entire gnupg $HOME

2019-09-04 Thread Andre Klärner 
Hi all,

is there a way to properly shared the entire keyring and trust settings
between two machines?

My use case is the following:

Mutt, my email client, runs on a containerized mailserver on another machine
right under my desk.

My GPG key is stored on a Yubikey attached to my workstation (another
physical machine compared to the mailserver's host system)

I usually use my workstation to do everything, but since I can't access my
mailbox via NFS anymore (different story), I resorted to sshing into my
email server, and doing all the mailing needs right there, locally.

My Yubikey also is used as the SSH key for everything, and hence plugged
into my workstation.

After following https://wiki.gnupg.org/AgentForwarding and batteling with
the autostarting gpg-agent (fixed with no-autostart in the remote system's
gpg.conf), masking all but the dirmngr systemd socket and service units, and
struggeling with the removal of /run/user/1000/gnupg on logout, I finally
got it to work. (Nice how the last one doesn't matter, if dirmngr.socket is
enabled.)

Now I have another problem: my main machine knows all my internet friend's
keys, my mailserver not. I can of cause gpg --export, scp and gpg --import,
but that is nothing scalable and needs to be repeated over and over again
when anything changes.

Do I expect to much, or is this simply and typically invalid usecase?
Is there a simpler way to configure a remote GPG just for a session, so
that it uses another socket to connect to the gpg-agent (I also sign git
commits, sometimes with etckeeper even on remote machines).

Thanks a lot for reading, and best regards,
Andre

-- 
Andre Klärner


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

add-photo continued ...

2019-09-04 Thread Stefan Claas via Gnupg-users 
Hi all,

some of you may remember the add-photo thread we had a while ago
and I wondered why the max image size for a UAT packet is 16 MB.

Recently I saw a Twitter post explaining that a .jpeg image header
can contain 16 MB of data. I do not have the link currently handy,
sorry!

So here is a little keyserver test showing data in a .jpeg header
of a UAT packet.

It is a zipped folder containing 10 little 'messages' created with
openssl.

As keyserver I used the Ubuntu keyserver because it is then easier
for users to extract the data. Simple right-click on the image and
then once saved as index.jpg do an 'unzip index.jpg' to obtain the
folder with the text files.



Regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
  certified OpenPGP key blocks available on keybase.io/stefan_claas
   

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fresh certificate marked as expired / messed-up certificate chain pulling expired root cert in gpgsm

2019-09-04 Thread Dr. Thomas Orgis 
Am Tue, 30 Jul 2019 13:28:32 +0200
schrieb "Dr. Thomas Orgis" :

> And even with it present, is it
> correct behaviour for gpgsm to consider the chain invalid instead of
> just the cross-signature? It _does_ trust the new root cert already …
> no need for any further signature.

Just now the third colleague (all people working at German
universities) contacted me about having even a more persisting variant
of this issue, with the old root cert cross-signature being re-imported
by gpgsm and thus practically permanently breaking the use of the new
certificate.

Can we consider this a bug in gpgsm's handling of signatures or is this
really working as designed?


Regards,

Thomas


> PS: Just for fun, I'm trying to sign this post now. Maybe it won't even
> be broken by the list?

The list does break the signature. I'm not adding one now …

-- 
Dr. Thomas Orgis
HPC @ Universität Hamburg

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users