Re: Slightly OT - mobile OpenPGP usage
Hi Chris, On 25.08.19 21:22, Chris Narkiewicz via Gnupg-users wrote: > Shortly, I know only one combination that provides reasonable > use experience on mobile. > > Android + K-9 Mail + OpenKeychain + YubiKey with NFC. Do you know a good guide for setting this up? Best wishes Michael signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: I deleted 80 % of my keyring, but my keybox file isn't shrinking
Hi all, On 18.07.19 12:19, ilf wrote: > Same on a different box with a different keyring. I trimmed it down from > ~1250 keys to ~350 keys, but the size of pubring.kbx remains 19M. > > Does --delete really mean *delete* with keybox? > > ilf: >> This got my keyring down from 4.600 to 1.000 keys: >> But the keybox file didn't get any smaller: You might try exporting your keys and importing them into a completely new pubring. Best Michael signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: wrong gpg-agent version running?
Hi Teemu, On 11.07.19 17:34, Teemu Likonen wrote: > Michael Kesper [2019-07-11T17:15:19+02] wrote: > >> I'd consider it a bug if updating a package does not trigger reloading >> all necessary services. > > We have not been discussing about Debian package upgrade. This message > thread is about additional local installation (/usr/local) which is > outside of Debian's package system. Oh, obviously! Sorry, did not see that. Bye Michael signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: wrong gpg-agent version running?
Hi Teemu, On 11.07.19 17:11, Teemu Likonen wrote: > Michael Kesper [2019-07-11T16:45:06+02] wrote: > >> Did anyone open a bug with Debian (best with proposing a fix)? > > What bug? We have not seen a bug in this message thread. I'd consider it a bug if updating a package does not trigger reloading all necessary services. Bye Michael signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: wrong gpg-agent version running?
Hi all, On 11.07.19 15:41, Teemu Likonen via Gnupg-users wrote: > Matthias Herrmann [2019-07-11T01:33:43+02] wrote: > >> I've recently upgraded to Debian buster, and then upgraded gpg by >> downloading and installing the new version 2.2.17. >> Now, I get this warning: >> >>> gpg: WARNING: server 'gpg-agent' is older than us (2.2.12 < 2.2.17) > >> I don't know why the "wrong" agent gets started, can you please help >> me? > > I believe it's because there is gpg-agent.socket unit which activates > gpg-agent.service which has the path /usr/bin/gpg-agent. To override > that create a unit "drop-in" file: > > # Filename: > # ~/.config/systemd/user/gpg-agent.service.d/my.conf > # or > # /etc/systemd/user/gpg-agent.service.d/my.conf > > [Service] > ExecStart=/usr/local/bin/gpg-agent --supervised > ExecReload=/usr/local/bin/gpgconf --reload gpg-agent Did anyone open a bug with Debian (best with proposing a fix)? Bye Michael signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New keyserver at keys.openpgp.org - what's your take?
Hi all, On 27.06.19 03:18, Vincent Breitmoser via Gnupg-users wrote: > The definition of personal data, Article 4: > >> (1) ‘personal data’ means any information relating to an identified or >> identifiable natural person (‘data subject’); an identifiable natural person >> is one who can be identified, directly or indirectly, in particular by >> reference to an identifier such as a name, (...), or an online identifier >> (...); > > Given that there is legal commentary that even IP addresses in logs already > count as personal data, I don't find it contestable that e-mail addresses do > constitute personal data. Definitely. If you can identify someone by data, it IS personal data. As many email addresses are firstname.lastname@ they are already directly identifiable. See also: https://www.gdpreu.org/the-regulation/key-concepts/personal-data/ Best Michael signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG and SSH_AUTH_SOCK value
Hi Daniel, On 28.06.19 10:23, Daniel Kahn Gillmor wrote: > On Fri 2019-06-28 10:04:44 +0200, Michael Kesper wrote: >> On 23.06.19 12:21, Matthias Apitz wrote: >>> I'm used to use 'startx' and ~/.xinitrc to bring up Xorg+KDE: >> >> This makes your setup depend on a suid binary. > > Can you give more details? I know that some older systems did rely on X > or startx or something being setuid, but i think more modern systems > don't require that. On a debian testing (buster) system, for example, i > don't believe that any of the binaries are suid. The setuid binary is called xserver-xorg-legacy and can be installed in buster (new installs don't get it afaik, but I'm not sure about upgrading): https://packages.debian.org/de/buster/xserver-xorg-legacy Matthias explicitly mentioned he used startx so I think this is relevant. Bye Michael signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG and SSH_AUTH_SOCK value
Hi Matthias, On 23.06.19 12:21, Matthias Apitz wrote: > I'm used to use 'startx' and ~/.xinitrc to bring up Xorg+KDE: This makes your setup depend on a suid binary. There have been some security issues about that, so maybe it's wise to revise that decision? For example: https://www.exploit-db.com/exploits/45908 Bye Michael signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [OT] Where can I find some papers to read on mail (and envelope) security?
Hi Stefan, On 30.01.19 16:33, Stefan Claas wrote: > Interesting topic, which i am interested in as well. I started, as German > citizen, to use also epost Brief and De-Mail a while ago, when > communicating sometimes with friends, because i like those paid > services much more than the classical email PGP combo. You know that you use snake oil then? These services decrypt your e-mails to "protect you against viruses" [0]. Best wishes Michael [0] https://www.deutschepost.de/de/e/epost/privatkunden/sicherheit.html signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using gnupg to crypt credentials used by application to access a database server
Hi all, Am Montag, den 16.07.2018, 09:29 +0200 schrieb Matthias Apitz: > Michael, I do use pass too for all my firefox credentials for access > of > webpages and services, i.e. I know how this works. I use for this > GnuPG > together with an OpenPGP card and to unlock the password storage I > have > to provide the 6 digit PIN of the card. The storage remains unlocked > until card removal. This works all fine. > > But, I do not see how this could fit into the scene I described. When > an > application server starts on the UNIX host, it needs the database > access > credentials and there is no human to key in any PIN, for example when > the server start at boot time ... Please have a look at Werner's answer. Best wishes Michael signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using gnupg to crypt credentials used by application to access a database server
Hi all, Am Samstag, den 14.07.2018, 15:15 +0200 schrieb Matthias Apitz: > We are looking for a way to change this situation and one of the > options > or ideas I have, is crypt the credentials with GnuPG in some file. I use pass [0] for this. It uses gnupg under the hood and also has ansible integration. Adding and removing users is a bit of hassle but it integrates much better with git than e.g. keepass or the like. Best wishes Michael [0] https://www.passwordstore.org/ signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Break backwards compatibility
Hi Mark, Am Dienstag, den 22.05.2018, 02:25 +0100 schrieb Mark Rousell: > On 21/05/2018 08:53, Michael Kesper wrote: > > I think it might be best to put that functionality into a separate > > GnuPG version called gpg-legacy. > > Make it clear in all man pages of this tool, the --version and -- > > help > > options that this only exists to decrypt existing but now obsolete > > encrypted material and that it can't be used to create such > > material > > anymore. > > Seems reasonable to me, although does GnuPG 1.x already effectively > fulfil that role? Yes, did read so after writing my mail. :) Michael -- Michael Kesper Supporter of FSFE https://fsfe.org/about GPG Fingerprint: F035 8BD9 D0C2 0E6A 85B5 6A60 4208 05C6 8907 4FAD signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Break backwards compatibility
Hi all, Am Montag, den 21.05.2018, 04:19 +0100 schrieb Mark Rousell: > On 21/05/2018 02:12, Jochen Schüttler wrote: > > I'm all for breaking backwards compatibility. > > > > What's the worst the haters can do? Turn their back on GnuPG? Shout > > out > > really loud once more? I think they should get a life! > > I rather suspect they do have a life supporting scenarios that they > cannot change that require legacy-decryption capability. > > If legacy-decryption was removed entirely from current versions of > GnuPG then they would simply have to continue using old, unsupported, > and potentially vulnerable versions. I do not think it is reasonable > to just cut them off entirely. I think it might be best to put that functionality into a separate GnuPG version called gpg-legacy. Make it clear in all man pages of this tool, the --version and --help options that this only exists to decrypt existing but now obsolete encrypted material and that it can't be used to create such material anymore. > As Philipp Klaus Krause [1] and Dirk Gottschalk [2] pointed out > above, breaking backward compatibility does not have to be (and > should not be in my opinion) absolute. The ability to decrypt old, > legacy-encrypted data is, like it or not, still present in the real > world and it is therefore surely proper for GnuPG to retain the > ability to decrypt such data in maintained code (albeit whilst > requiring users to take action to make changes to their configuration > to be able to continue decrypting such data using GnuPG). > > I agree with those who say that there is no need for mail clients to > be able to decrypt legacy-encrypted data. Dirk Gottschalk wrote in https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060474.html > I think the backwards compatiblity should be broken to improve > things. > It would be possible to implement something like --legacy to re- > enable > the old functionality. This could also be implemented in email > clients > and plug-ins like enigmail as a checkbox. No! Everybody will just turn on that checkbox then and be none the wiser. Regarding breaking changes: Please study carefully the Python2 -> Python3 transition. By keeping Python2 for 10 long years supported after deprecation, only the haters became louder and louder, "Success" stories of leaving the Python eco system exploded. Would they have integrated a non-GIL switch into that breaking change, the work for normal Python projects would not have been greater but the reason to switch would have been. Just 2 cents of a long-term GnuPG (and Python) user Michael -- Michael Kesper Supporter of FSFE https://fsfe.org/about GPG Fingerprint: F035 8BD9 D0C2 0E6A 85B5 6A60 4208 05C6 8907 4FAD signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help with error please
Hello Jonathan, On 15.11.2017 19:26, Jonathan wrote: > Just installed GPA/Kleopatra. Whenever I start up GPA I get 3 windows > pop-up: People can only help you if you provide all the necessary details. Most important: - Used Operating System (and version) - GPA/Kleopatra version (from where did you get it?) Best wishes Michael signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Smart card
Hi all, Am 08.04.2017 um 10:16 schrieb Wouter Verhelst: > Smartcards are useful. They ensure that the private half of your key is > never on any hard disk or other general storage device, and therefore > that it cannot possibly be stolen (because there's only one possible > copy of it). The kernelconcept cards at least can also be used with a key "backup". If you store that backup safely, you can still use your key when you put your smart card into washing mashine AND dryer (or it breaks for whatever reason) but you don't risk it being stolen with your laptop. Best Michael signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error on gpg encription using perl cgi
Hi, On Mon, Feb 23, 2009 at 11:33:02PM -0800, hxzeng wrote: But when I deployed first.cgi in apache and run it using: http://localhost/cgi-bin/test.cgi The file cannot be successfully encrypted and also in error.log there has such errors: [Tue Feb 24 15:01:40 2009] [error] [client 127.0.0.1] gpg: Henry: skipped: public key not found\r [Tue Feb 24 15:01:40 2009] [error] [client 127.0.0.1] gpg: C:\\apache\\cgi-bin\\451080.txt: encryption failed: public key not found\r Apache runs with a different user than you tested before. It has got to have access to that key and know where it can find it. Best wishes Michael -- Free Software Foundation Europe (FSFE) [] (http://fsfe.org) Treten Sie der Fellowship bei! [][][] (http://fellowship.fsfe.org/join?ref=mkesper) Ihre Spende ermöglicht unsere Arbeit! || (http://fsfe.org/donate) signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Hibernation and secret keys
Hi, On Thu, Feb 12, 2009 at 06:40:22PM +0100, Christoph Anton Mitterer wrote: On Thu, 2009-02-12 at 00:09 +0100, Ingo Klöcker wrote: USB stick and secure? :-) Of course. The idea is that you can encrypt everything but the kernel +initrd, which is needed in order to decrypt the partition (better said, to set up the dm-crypt mapping). And an USB stick could be always with you. What is the additional gain to having an unencrypted /boot partition on the same device? As I see it, only boring data gets ever written in cleartext to the harddrive then. And if the customs clone my harddrive, they can just try to bruteforce the passphrase, whether the boot partition is encrypted or not. Ah, wait, they can ask me to decrypt the data, so we have to upload those sensitive documents to Google Docs (!) [1]... Best wishes Michael [1] http://www.mobilecomputermag.co.uk/20080805775/how-to-prevent-us-customs-from-peeking-at-your-private-data.html signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fetch smartcard key from disk
Hi, * David Shaw [EMAIL PROTECTED] [2008-11-18 09:13:54 -0500]: The easiest way to tell if you have libcurl support is to try doing: gpg --fetch-keys file://C:\smartkey.asc What about simply using gpg --import filename ? Best wishes Michael -- Free Software Foundation Europe (FSFE) [] (http://fsfeurope.org) Treten Sie der Fellowship bei! [][][] (http://fsfe.org/join) Ihre Spende ermöglicht unsere Arbeit! || (http://fsfeurope.org/donate) signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Key ID format: short or long?
Hi, * Jens Peter Secher [EMAIL PROTECTED] [2008-10-26 15:05:51 +0100]: 2008/10/22 Michael Kesper [EMAIL PROTECTED]: what: There were collisions with other existing keys if you only would have looked at the last 8 chars of the fingerprint. That was quite unlucky, because there should be approximately 77000 people gathered together to get a probability of 50% of a collision, according to http://en.wikipedia.org/wiki/Birthday_attack. :-) I double-checked. There were no collisions among the participating people but some of the participating keys short IDs collided with other existing short IDs. So, to be sure, always use 16 digits. Best wishes Michael -- Free Software Foundation Europe (FSFE) [] (http://fsfeurope.org) Treten Sie der Fellowship bei! [][][] (http://fsfe.org/join) Ihre Spende ermöglicht unsere Arbeit! || (http://fsfeurope.org/donate) signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Key ID format: short or long?
Hi, * Faramir [EMAIL PROTECTED] [2008-10-21 22:58:47 -0300]: I had thought the long key ID, plus my email address, should be enough, since 8 characters hexadecimal numbers are unlikely to produce a collision, and even in case of a malicious attempt to replace my key, if 2 keys are found at the search, I would expect a contact to write and say which one is the good one? Well, keys cannot be identified by the 8 chars alone. I've once been to a key-signing-party with about 150 people and guess what: There were collisions with other existing keys if you only would have looked at the last 8 chars of the fingerprint. Best wishes Michael -- Free Software Foundation Europe (FSFE) [] (http://fsfeurope.org) Treten Sie der Fellowship bei! [][][] (http://fsfe.org/join) Ihre Spende ermöglicht unsere Arbeit! || (http://fsfeurope.org/donate) signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problems decrypting with multifile
Hi, * Ray Simard [EMAIL PROTECTED] [2008-09-16 20:23:06 -0700]: I haven't been able to find anything about this in the FAQs or a web search. The goal is to decrypt a large number of files using --multifile --decrypt (or --decrypt-files). When doing so, the first file in the list is decrypted normally, but thereafter the results are as below, and nothing further is decrypted. This was discussed not so long ago on this list. It does _not_ work. Split your file into the right parts and use gpg on them. Best wishes Michael -- Free Software Foundation Europe (FSFE) [] (http://fsfeurope.org) Join the Fellowship! [][][] (http://fsfe.org/join) Your donation powers our work ! || (http://fsfeurope.org/donate) signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: removing -----BEGIN PGP SIGNED MESSAGE----
Hi, * Kunal Shah [EMAIL PROTECTED] [2008-07-25 13:08:52 -0400]: On Fri, Jul 25, 2008 at 10:33 AM, Kara [EMAIL PROTECTED] wrote: Kunal Shah wrote: Is there any way to avoid that? Robert J. Hansen wrote: Sort of. PGP/MIME. [...] In that case, I will need to obtain private key with openssl package and send my pub key to CA to obtain certificate. However, if i go with that procedure, my friends who uses GNUPg or PGP will not be able to verify my signature. I guess I am running into cross platform issues. in fact, I need to sign the message using a. GNUPg private key for those who uses GNUPg and b. S/MIME for those who uses GPG/MIME or S/MIME. is that correct understanding? GPG/MIME and S/MIME are two different approaches. My advice would be to use GPG/MIME and to give friends the advice to use mail clients that understand them. Even outlook can be teached to understand it nowadays: http://www.g10code.de/p-gpgol.html Best wishes Michael signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Need Help
Hi, On Tue, Apr 15, 2008 at 12:06:44PM +0100, Debabrata Das wrote: Hi All, Currently we are using GnuPG 1.4.7 which is under GPL V2 on HP-UX ,but we came to know that there is a security vulnerability on GnuPG 1.4.8 earlier version.Since Gnupg 1.4.9 is under GPL V3 we don't want to move to product under GPL v3. I suppose that GnuPG did not move just for fun to GPLv3 but for a reason. So if you can't comply with GNU GPL v3, better be prepared to switch. Best wishes Michael -- Free Software Foundation Europe (FSFE) [] (http://fsfeurope.org) Join the Fellowship of FSFE! [][][] (http://fsfe.org/join) Your donation powers our work! [] (http://fsfeurope.org/donate) signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How trust works in gpg...
Hi, On Tue, Apr 15, 2008 at 12:42:43AM +0200, Herbert Furting wrote: On Mon, 2008-04-14 at 23:20 +0100, Peter Lewis wrote: Ah yes, thanks. So I have now set the owner-trust for his key to full, but still it says unknown for the other UIDs. So, I should manually set the trust for keys / UIDs that I think I trust based on who has signed them? Sorry,.. I haven't read your initial post correctly. As David said in the meantime new UIDs are of course _not_ recognised automatically (a user could simply add a completely wrong name). You have to sign the UID (better said, key+UID). You should only do so, if the name is the same (or if you know that the key holder goes by that name). If the new UID just contains a new email address, you should really check if the keyholder controlls that email address. You can do so, by sending him an encrypted challenge. I remember Werner saying that this was just nonsense. Werner, can you correct me if I'm wrong? Best wishes Michael -- Free Software Foundation Europe (FSFE) [] (http://fsfeurope.org) Join the Fellowship of FSFE! [][][] (http://fsfe.org/join) Your donation powers our work! [] (http://fsfeurope.org/donate) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Decyrption via scheduled task fails
Hi, On Wed, Mar 19, 2008 at 08:25:54AM -0700, bdorroh wrote: I'm using v1.4.8 for Windows. I've have a batch file setup to decrypt a file and then to move the decrypted file to another location for further processing. I can successfully decrypt the file by double-clicking my batch file. But when I setup a scheduled task to run it, the decryption fails. Did you let the task run with the right user credentials? (Task tab: Run as ...) Best wishes Michael -- Free Software Foundation Europe (FSFE) [] (http://fsfeurope.org) Join the Fellowship of FSFE! [][][] (http://fsfe.org/join) Your donation powers our work! [] (http://fsfeurope.org/donate) signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP card stopped working
Hi, * Sven Radde [EMAIL PROTECTED] [2008-03-09 19:40:32 +0100]: Same thing here, only that I have an SCM Microsystems SCR335 reader. Actually, I was somewhat surprised that I had to install PC/SC at all, since http://gnupg.org/howtos/card-howto/en/smartcard-howto-single.html says that is is supported by GnuPG directly. pcscd sometimes gives trouble, for example when you try to create keys on the card. For best effect try this howto: http://www.fsfe.org/en/card/howto/card_reader_howto_udev Best wishes Michael -- Free Software Foundation Europe (FSFE) [] (http://fsfeurope.org) Join the Fellowship of FSFE! [][][] (http://fsfe.org/join) Your donation powers our work! [] (http://fsfeurope.org/donate) signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ISO-8859-1 mails getting marked as UTF-8
* Martin Toft [EMAIL PROTECTED] [2008-02-27 20:06:57 +0100]: I use GnuPG together with mutt on Debian Etch. I prefer to use ISO-8859-1 Short question: Why? ISO-8859-1 is a hack and even so common alphabets like cyrillic break it. So, if you want to stay sane, switch to UTF-8. My 0,02 EUR Michael -- Free Software Foundation Europe (FSFE) [] (http://fsfeurope.org) Join the Fellowship of FSFE! [][][] (http://fsfe.org/join) Your donation powers our work! [] (http://fsfeurope.org/donate) signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how to use gpg with a smartcard, when there is no smartcard
Hi, On Fri, Nov 09, 2007 at 10:28:19AM +0100, Stephan Hermann wrote: Hi, I have a little problem with gnupg and smartcards. I added to my key a signing subkey for my smartcard. This works great when the smartcard reader is attached to my computer, which is my home workstation. Now I have a copy of my secret key etc. on my usb stick and want to use my key for signing at work, without having a smartcard reader attached. This is one of the use cases where the smart card would be extremely useful. Your secret key should never be used with a compromiseable system. And you have no control over what this computer does when you insert that usb stick. Best wishes Michael ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Broken pipe?
Hi, Werner Koch schrieb: On Fri, 29 Jun 2007 12:07, [EMAIL PROTECTED] said: I apologize for the weight of this message. As I alrady said: You have no permission to write to the USB device. This seems to be the result of several half-correct howtos for installing the cardreader. Recently I wanted to install it on a new machine but got the same result. For the instant, I solved it by installing pcscd and libpcsclite1. I think we need a better way for new users to install the reader, maybe a small installation package or something similar. Best wishes Michael -- Nobody can save your freedom but YOU - become a fellow of the FSFE! http://www.fsfe.org/en ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
