We have GOT TO make things simpler
Dear List, I explained a problem. I proposed a step forward towards a solution. There were 17 responses. So far, those responses either: - advised to no longer use GnuPG, or - denied or downplayed the problem (although I demonstrated the existence of the problem), or - argued against those who denied or downplayed the problem. No single response touched upon my proposal. This is very disappointing. Developers, please consider my proposition, and tell me what you like or dislike about it. Sincerely, Roland ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
We have GOT TO make things simpler
Dear GNUPG developers,
We have GOT TO make things simpler.
1/ I do have some years of experience with GnuPG. Especially with
convincing people to use it. It is not easy. But I do it because it is
in my interest to be able to communicate privately.
2/ My latest experience is with a person who sent me his entire keypair
per email. I had asked him to send me his public key only. I had
instructed him how to prepare that file ("export public key, do NOT
export the secret half of the keypair. Ensure this by ticking the right
boxes. If you use GPA do it like this, if you use Kleopatra, follow
those menu trails, if you use GPG Tools I do not know."). The person who
made the horror of sending his secret key over email is properly educated.
3/ Please do appreciate that the persons who we are convincing and
instructing are not particularly interested in privacy. They need simple
approaches.
4/ Here is my proposal:
4.1/ Stimulate that people use a GUI like GPA or Kleopatra. Not
Enigmail, although it offers the same, but it offers too much for
beginners. Email integration comes after people have a basic
understanding. Please do appreciate if people only want to be able to
prepare encrypted documents for sending them as attachments.
4.2/ Ensure that, when generating a keypair, GnuPG creates one directory
"Secretkeys", and one directory "Publickeys". Make GnuPG to store the
public part and the secret part separately in those directories. If
GnuPG needs also keypairs in a single file, store that under Secretkeys.
4.3/ Get rid of the confusing menu/Exportkeys/ vs menu/Exportsecretkey. etc.
4.5/ Get rid of the options to NOT publish keys on keyservers. Just work
the opt-in alternative: If you want to publish to keyservers, make that
a separate action that requires some effort.
Best regards,
Roland
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
We have GOT TO make things simpler
Dear
GNUPG developers,
We have GOT TO make things simpler.
1/ I do have some years of experience with GnuPG. Especially
with convincing people to use it. It is not easy. But I do it
because it is in my interest to be able to communicate
privately.
2/ My latest experience is with a person who sent me his
entire keypair per email. I had asked him to send me his
public key only. I had instructed him how to prepare that file
("export public key, do NOT export the secret half of the
keypair. Ensure this by ticking the right boxes. If you use
GPA do it like this, if you use Kleopatra, follow those menu
trails, if you use GPG Tools I do not know."). The person who
made the horror of sending his secret key over email is
properly educated.
3/ Please do appreciate that the persons who we are convincing
and instructing are not particularly interested in privacy.
They need simple approaches.
4/ Here is my proposal:
4.1/ Stimulate that people use a GUI like GPA or Kleopatra.
Not Enigmail, although it offers the same, but it offers too
much for beginners. Email integration comes after people have
a basic understanding. Please do appreciate if people only
want to be able to prepare encrypted documents for sending
them as attachments.
4.2/ Ensure that, when generating a keypair, GnuPG creates one
directory "Secretkeys", and one directory "Publickeys". Make
GnuPG to store the public part and the secret part separately
in those directories. If GnuPG needs also keypairs in a single
file, store that under Secretkeys.
4.3/ Get rid of the confusing menu/Exportkeys/ vs
menu/Exportsecretkey. etc.
4.5/ Get rid of the options to NOT publish keys on keyservers.
Just work the opt-in alternative: If you want to publish to
keyservers, make that a separate action that requires some
effort.
Best regards,
Roland
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Upgrading to GnuPG 2.2.17
Dear Developers, My OS is Linux Mint 19.1 Cinnamon. The automated software manager says that its GNUPG version is "2.2.4-1ubuntu1.2". For a transfer to GnuPG 2.2.17, what do you recommend?: - To wait for the Mint managers to update their repository - To uninstall GNUPG 2.2.4-1ubuntu1.2, and install v. 2.2.17 (However: for v. 2.2.4, software manager says: "cannot remove" !!! How then?) - Something else Please advise. Roland ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Local solutions: SKS Keyserver Network Under Attack
Thanks, Peter, for this confirmation. You give further detail to what I had guessed in the course of playing with the settings of GPA and Kleopatra. I conclude that there are at least two possible actions for those who want to protect there systems: In the GUIs of GPA or Kleopatra to fiddle the settings as I suggested earlier in this thread. And for Enigmail: your suggestion or In the terminal, to edit ~/.gnupg/dirmngr.conf so as to say "keyserver hkps://keys.openpgp.org/" or, if that file does not exist to create it as per your suggestion. This could be useful for some mere common GnuPG users, like me. Greetz Roland Some side thoughts: 1/ Perhaps the fear of compromised communication (including distributed software, private messages) can be mitigated by practicing short feed back lines: confirmations. Like "did you get my communication, what did it say?" 2/ Perhaps one should not give too much trust to a WoT at all. After all, a crook can pretend to be a friend, and thus yield the entire WoT untrustworthy. Sometimes a friend becomes an enemy at a later stage. As a very ordinary mere user, I do not really understand the trust levels that GnuPG asks me to consider. How can a WoT that is not 100% understood by absolutely all users be reliable? 3/ With these thoughts, I hope NOT to embarrass the developers. Forget it, if you consider it useless for your troubles. (Thanks for GnuPG!) On 03/07/2019 12:58, Peter Lebbing wrote: Hello Roland, Hansen's and DKG's blog are only partly helpful. For example my Linux system seems to *not* have a ~/.gnupg/dirmngr.conf file at all (one of those files recommended for editing). I.e. Nautilus cannot find it. The usual case on Linux systems is that if a configuration file would otherwise be empty or equal to the default (the two can be entirely different things in general!), the configuration file simply does not exist. So instead of modifying ~/.gnupg/dirmngr.conf, *create* one and put a single line in it saying keyserver hkps://keys.openpgp.org/ I encountered some strange behaviour here: I invoked $ gpgconf --reload dirmngr afterwards (otherwise dirmngr will not reconsider its now changed configuration), and it *did not work*. It was still using the default. It did work after I rebooted (I was not in the mood to fiddle more with it and did the most heavy-handed thing that would work). Also, Enigmail doesn't seem to use this configuration at all and instead it is configured at Enigmail -> Preferences -> Keyserver I did verify using systemd's journal that the gpgconf --reload command reached its intended goal: dirmngr said "re-reading config". It just didn't have an effect for some odd reason. For people thinking about this: no, I don't use Tor for keyservers, it's not related to dirmngr refusing to change keyservers when on Tor. HTH, Peter. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Local solutions: SKS Keyserver Network Under Attack [edited]
Dear Forum, GNUPG Users Digest is nearly flooding my mailbox with exchanges about the WoT and keyserver issues. A simple user (me) needs to know how one could make adaptations in the settings of GPA or Kleopatra. I would expect instructions here: https://kde.org/applications/utilities/org.kde.kleopatra www.gnupg.org/related_software/gpa/ or perhaps here: www.gpg4win.org/index.html www.enigmail.net/index.php/en/ *There are not.* Hansen's and DKG's blog are only partly helpful. For example my Linux system seems to *not* have a ~/.gnupg/dirmngr.conf file at all (one of those files recommended for editing). I.e. Nautilus cannot find it. So, I did adapt gpg.conf by outcommenting (#) any line starting with keyserver, but was not able to adapt the dirmngr.conf. Upon inspection, thereafter, my GPA and Kleopatra were NOT correctly configured. Trying to figure out how GPA and Kleopatra could be adapted, I found, for GPA: Menu > Edit > Backend preferences > Network > Configuration for Keyservers > Use custom value > adapt to hkps://keys.openpgp.org For Kleopatra: Menu > Settings > Configure Kleopatra > Directory Services > Open PGP Keyserver > adapt to hkps://keys.openpgp.org (I would have included an inline screenshot, but this list is allergic to html) Apparently these GUI manipulations generated the ~/.gnupg/dirmngr.conf file! (Only hereafter they existed). And that file indeed showed the new keyserver. GPG4Win and Enigmail need further research. (This is a suggestion. I cannot do it). And further, I would have expected a program update that sets the defaults to the ones suggested by Hansen and DKG. Or is the matter still under consideration, or is it not that important? (I personally cannot judge it). The only hint that I can give: The WoT nor keyservers are not very important in my case. I use GnuPG inside a small group of people who (for identity verification) can talk to each other, at least by telephone. I do not use Enigmail (since limited to few mail clients and not accepted by sufficient of my recipients), but just send encrypted messages as attachments. Best regards Roland ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Local solutions: SKS Keyserver Network Under Attack
Dear Forum, GNUPG Users Digest is nearly flooding my mailbox with exchanges about the WoT and keyserver issues. A simple user (me) needs to know how one could make adaptations in the settings of GPA or Kleopatra. I would expect instructions here: https://kde.org/applications/utilities/org.kde.kleopatra www.gnupg.org/related_software/gpa/ or perhaps here: www.gpg4win.org/index.html www.enigmail.net/index.php/en/ *There are not.* Hansen's and DKG's blog are only partly helpful. For example my Linux system seems to *not* have a ~/.gnupg/dirmngr.conf file at all (one of those files recommended for editing). I.e. Nautilus cannot find it. So, I did adapt gpg.conf by outcommenting (#) any line starting with keyserver, but was not able to adapt the dirmngr.conf. Upon inspection, thereafter, my GPA and Kleopatra were NOT correctly configured. Trying to figure out how GPA and Kleopatra could be adapted, I found, for GPA: Menu > Edit > Backend preferences > Network > Configuration for Keyservers > Use custom value > adapt to hkps://keys.openpgp.org For Kleopatra: Menu > Settings > Configure Kleopatra > Directory Services > Open PGP Keyserver > adapt to hkps://keys.openpgp.org (I would have included an inline screenshot, but this list is allergic to html) GPG4Win and Enigmail need further research. (This is a suggestion. I cannot do it). And further, I would have expected a program update that sets the defaults to the ones suggested by Hansen and DKG. Or is the matter still under consideration, or is it not that important? (I personally cannot judge it). The only hint that I can give: The WoT nor keyservers are not very important in my case. I use GnuPG inside a small group of people who (for identity verification) can talk to each other, at least by telephone. I do not use Enigmail (since limited to few mail clients and not accepted by sufficient of my recipients), but just send encrypted messages as attachments. Best regards Roland On 02/07/2019 05:48, gnupg-users-requ...@gnupg.org wrote: Send Gnupg-users mailing list submissions to gnupg-users@gnupg.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.gnupg.org/mailman/listinfo/gnupg-users or, via email, send a message with subject or body 'help' to gnupg-users-requ...@gnupg.org You can reach the person managing the list at gnupg-users-ow...@gnupg.org When replying, please edit your Subject line so it is more specific than "Re: Contents of Gnupg-users digest..." Today's Topics: 1. Re: Your Thoughts (Stefan Claas) 2. Re: SKS Keyserver Network Under Attack (Alyssa Ross) 3. Re: Your Thoughts (Alyssa Ross) 4. Re: New keyserver at keys.openpgp.org - what's your take? (Mirimir) 5. Re: Your Thoughts (Robert J. Hansen) -- Message: 1 Date: Tue, 2 Jul 2019 00:09:47 +0200 From: Stefan Claas To: gnupg-users@gnupg.org Subject: Re: Your Thoughts Message-ID: Content-Type: text/plain; charset=utf-8 Ryan McGinnis via Gnupg-users wrote: Null modem transfer of your messages? Yikes. To me that?s the issue with PGP in general as it relates to secure communications - the nerds and the criminals and the spies know how to work it, but your average end user doesn?t need their step one to be ?go to a Goodwill in a city you don?t live in wearing a disguise and buy a laptop with cash?, they need PGP to almost be automatic. Think of how easy it is to bootstrap Signal and how hard you?d have to try to accidentally send something cleartext over that application. Linking your key to a new device is as easy as scanning QR code. Perfect forward secrecy, rich media, voice and video synchronous communications upgrades, you name it. And my grandma could probably set it up without help. I guarantee most big data scooping intelligence services are a lot more worried about OpenWhisper protocol than PGP because *people actually use it*. Just being caught with WhatApp in China can get you sent to a camp, depending on your ethnicity. Not to be off-topic, but you gave me the keyword "China" ... I just recently found this and was wondering what purpose it serves? Are people in China also allowed to use GnuPG? pgp.ustc.edu.cn/ Regards Stefan -- Message: 2 Date: Mon, 1 Jul 2019 22:43:18 + From: Alyssa Ross To: Mirimir Cc: gnupg-users@gnupg.org Subject: Re: SKS Keyserver Network Under Attack Message-ID: <20190701224317.x3mffnm63klnx...@x220.qyliss.net> Content-Type: text/plain; charset="us-ascii" And yes, hkps://keys.openpgp.org would fall over and die if too many users started using it. So cert poisoning will be an issue until there's a secure alternative. Just as a point of interest, I've talked to the people running keys.openpgp.org about their capacity in #hagrid, when we were exploring w
Local solutions: SKS Keyserver Network Under Attack
Dear Forum, GNUPG Users Digest is nearly flooding my mailbox with exchanges about the WoT and keyserver issues. A simple user (me) needs to know how one could make adaptations in the settings of GPA or Kleopatra. I would expect instructions here: https://kde.org/applications/utilities/org.kde.kleopatra www.gnupg.org/related_software/gpa/ or perhaps here: www.gpg4win.org/index.html www.enigmail.net/index.php/en/ *There are not.* Hansen's and DKG's blog are only partly helpful. For example my Linux system seems to *not* have a ~/.gnupg/dirmngr.conf file at all (one of those files recommended for editing). I.e. Nautilus cannot find it. So, I did adapt gpg.conf by outcommenting (#) any line starting with keyserver, but was not able to adapt the dirmngr.conf. Upon inspection, thereafter, my GPA and Kleopatra were NOT correctly configured. Trying to figure out how GPA and Kleopatra could be adapted, I found, for GPA: Menu > Edit > Backend preferences > Network > Configuration for Keyservers > Use custom value > adapt to hkps://keys.openpgp.org For Kleopatra: Menu > Settings > Configure Kleopatra > Directory Services > Open PGP Keyserver > adapt to hkps://keys.openpgp.org (I would have included an inline screenshot, but this list is allergic to html) GPG4Win and Enigmail need further research. (This is a suggestion. I cannot do it). And further, I would have expected a program update that sets the defaults to the ones suggested by Hansen and DKG. Or is the matter still under consideration, or is it not that important? (I personally cannot judge it). The only hint that I can give: The WoT nor keyservers are not very important in my case. I use GnuPG inside a small group of people who (for identity verification) can talk to each other, at least by telephone. I do not use Enigmail (since limited to few mail clients and not accepted by sufficient of my recipients), but just send encrypted messages as attachments. Best regards Roland On 02/07/2019 05:48, gnupg-users-requ...@gnupg.org wrote: Send Gnupg-users mailing list submissions to gnupg-users@gnupg.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.gnupg.org/mailman/listinfo/gnupg-users or, via email, send a message with subject or body 'help' to gnupg-users-requ...@gnupg.org You can reach the person managing the list at gnupg-users-ow...@gnupg.org When replying, please edit your Subject line so it is more specific than "Re: Contents of Gnupg-users digest..." Today's Topics: 1. Re: Your Thoughts (Stefan Claas) 2. Re: SKS Keyserver Network Under Attack (Alyssa Ross) 3. Re: Your Thoughts (Alyssa Ross) 4. Re: New keyserver at keys.openpgp.org - what's your take? (Mirimir) 5. Re: Your Thoughts (Robert J. Hansen) -- Message: 1 Date: Tue, 2 Jul 2019 00:09:47 +0200 From: Stefan Claas To: gnupg-users@gnupg.org Subject: Re: Your Thoughts Message-ID: Content-Type: text/plain; charset=utf-8 Ryan McGinnis via Gnupg-users wrote: Null modem transfer of your messages? Yikes. To me that?s the issue with PGP in general as it relates to secure communications - the nerds and the criminals and the spies know how to work it, but your average end user doesn?t need their step one to be ?go to a Goodwill in a city you don?t live in wearing a disguise and buy a laptop with cash?, they need PGP to almost be automatic. Think of how easy it is to bootstrap Signal and how hard you?d have to try to accidentally send something cleartext over that application. Linking your key to a new device is as easy as scanning QR code. Perfect forward secrecy, rich media, voice and video synchronous communications upgrades, you name it. And my grandma could probably set it up without help. I guarantee most big data scooping intelligence services are a lot more worried about OpenWhisper protocol than PGP because *people actually use it*. Just being caught with WhatApp in China can get you sent to a camp, depending on your ethnicity. Not to be off-topic, but you gave me the keyword "China" ... I just recently found this and was wondering what purpose it serves? Are people in China also allowed to use GnuPG? pgp.ustc.edu.cn/ Regards Stefan -- Message: 2 Date: Mon, 1 Jul 2019 22:43:18 + From: Alyssa Ross To: Mirimir Cc: gnupg-users@gnupg.org Subject: Re: SKS Keyserver Network Under Attack Message-ID: <20190701224317.x3mffnm63klnx...@x220.qyliss.net> Content-Type: text/plain; charset="us-ascii" And yes, hkps://keys.openpgp.org would fall over and die if too many users started using it. So cert poisoning will be an issue until there's a secure alternative. Just as a point of interest, I've talked to the people running keys.openpgp.org about their capacity in #hagrid, when we were exploring w
Fwd: GPA errors when creating key pair
Further to same issue: GPA returns the same error on my own system. Otherwise, my Gnupg systems works perfect here (win7). I can create a new key under Kleopatra. Not under GPA. Something seems to be wrong with GPA. Forwarded Message Subject: GPA errors when creating key pair Date: Fri, 1 Feb 2019 09:03:54 +0100 From: Roland Siemons (P) To: gnupg-users@gnupg.org Dear List, I am trying to help somebody to set up GPG4Win. He uses Win10. Trying to create a new key pair using GPA, GPA returns: "The GPGME library returned an unexpected error at gpagenkeyadvop.c:163. The error was: Invalid argument" How can this be resolved? Greetz, -- Roland Siemons Haaksbergerstraat 205 ENSCHEDE t: O645616734 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GPA errors when creating key pair
Dear List, I am trying to help somebody to set up GPG4Win. He uses Win10. Trying to create a new key pair using GPA, GPA returns: "The GPGME library returned an unexpected error at gpagenkeyadvop.c:163. The error was: Invalid argument" How can this be resolved? Greetz, -- Roland Siemons Haaksbergerstraat 205 ENSCHEDE t: O645616734 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GPG on Android
Hello list, I share the wish for encrypted email on Android, but I am afraid of storing a secret key on my android phone. (theft, hacking, loss, etc) How do you feel about that? Could a pincard be connected via micro USB? And made to work? Greetz Roland -- Sent from my Android device with K-9 Mail. Please excuse my brevity.___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg troubles
Thanks Friedhelm, That is a lot to think about. I'll study .. Best regards, Roland On 31/10/2018 01:33, gnupg-users-requ...@gnupg.org wrote: > Date: Mon, 29 Oct 2018 04:18:31 +0100 > From: Friedhelm Waitzmann > To: gnupg-users@gnupg.org > Subject: Re: gpg troubles > Message-ID: <20181029031830.ga24...@kugelfisch.zuhause.test> > > Roland Siemons (P) at Fri., 2018-10-12: > >> 3/ Assisted remotely by some of you, I was able to sort out a very >> strange problem with decryption. The solution was found by manipulating >> my key from inside the gpg shell using the command line. I am not very >> experienced with the command line. A major difficulty for those for whom >> this is not daily bread and butter is that mistakes are easily made. >> Hence the great value of GUIs. >> 4/ I observed some unclarities in the GnuPG manual >> (www.gnupg.org/gph/en/manual.html), here below under A. > This is the GnuPG privacy handbook rather than the GnuPG manual. > I suggest that you read the GnuPG manual > (<https://www.gnupg.org/documentation/manuals/gnupg/>) also, as > it is the definitve instruction how to use GnuPG. > >> And perhaps also >> some bugs in gpg, here below under B (please consider). Here is my >> experience: >> A/ I tried to revoke some subkeys, following the said manual (heading >> "Revoking key components"). gpg pretended to do the job. Everything >> looked fine. But it did'nt! After several hours of analysis (up to >> checking if GnuPG was installed consistently on my system), I found the >> issue: After the revkey procedure it is necessary to command "quit". > A better way of committing the changes is typing in ?save?. > > Please see the GnuPG manual > (<https://www.gnupg.org/documentation/manuals/gnupg/OpenPGP-Key-Management.html#OpenPGP-Key-Management>). > > For the ?--edit-key? main command (given at the command line) it > lists the sub commands (to be typed into the edit key command > shell): > > save > > Save all changes to the keyrings and quit. > > quit > > Quit the program without updating the keyrings. > >> Instead of quitting, gpg then asks "do you want to save yr changes" (or >> something like that). > This is to remind you that you are about to discard your changes. > >> And only then the subkeys were revoked. The said >> manual does mention the command "quit" only once, and not even in a >> general place explaining the operations of gpg, and in fact without any >> explanation as to the impact of that command. > The GnuPG manual (not the privacy handbook) mentions both of > ?save? and ?quit? and explains the difference. > >> Of course I am happy to >> have found out, but let's hope that I remember when after perhaps 2 >> years time I have to use gpg shell again > Just remember to read the GnuPG manual also. > >> B/ It is not at all clear to me how to start the gpg shell. > This isn't a general (?the?) GnuPG shell for all GnuPG commands, > it is a shell for the limited set of ?--edit-key? sub commands. > That is, the ?--edit-key? specified at the GnuPG invocation > command line lets GnuPG run an interactive interpreter for the > ?--edit-key? subcommands that have to be typed in. > >> For example: >> 1/ if (under the CMD terminal) I command "gpg -K", the lists of private >> keys is returned, > Generating this list doesn't need to ask the user to type any sub > commands, so there is no ?--list-secret-keys? shell. > >> but I am also returned to CMD, that is, kicked out of >> the gpg shell. > If GnuPG has written this list into its standard output channel, > the job is done, thus GnuPG terminates, nobody is ?kicked out?. > >> 2/ if (CMD) I command "gpg --edit-key X" (where X is key identifier), I >> do indeed enter the gpg shell, the screen showing "gpg>". > You enter the shell that recognizes the limited set of the > ?--edit-key? sub commands. > >> That all may be allright, HOWEVER: >> 3/ if (CMD) I command "gpg", the return is: "gpg: WARNING: no command >> supplied.? Trying to guess what you mean ... gpg: Go ahead and >> type your message . > Please read the GnuPG manual > (<https://www.gnupg.org/documentation/manuals/gnupg/GPG-Commands.html#GPG-Commands>): > >?gpg may be run with no commands. In this case it will perform >a reasonable action depending on the type of file it is given >as input (an encrypted message is decrypted, a signature is >verified, a file containing keys is listed, etc.).? > > So GnuPG expects that you type in an encrypted me
gpg troubles
Dear GnuPG experts, 1/ Thanks and compliments to those who make GnuPG possible! 2/ I am a very ordinary end-user who unfortunately cannot fall back to computer experts easily in his vicinity. One of those for whom forum assistance and manuals are very important. 3/ Assisted remotely by some of you, I was able to sort out a very strange problem with decryption. The solution was found by manipulating my key from inside the gpg shell using the command line. I am not very experienced with the command line. A major difficulty for those for whom this is not daily bread and butter is that mistakes are easily made. Hence the great value of GUIs. 4/ I observed some unclarities in the GnuPG manual (www.gnupg.org/gph/en/manual.html), here below under A. And perhaps also some bugs in gpg, here below under B (please consider). Here is my experience: A/ I tried to revoke some subkeys, following the said manual (heading "Revoking key components"). gpg pretended to do the job. Everything looked fine. But it did'nt! After several hours of analysis (up to checking if GnuPG was installed consistently on my system), I found the issue: After the revkey procedure it is necessary to command "quit". Instead of quitting, gpg then asks "do you want to save yr changes" (or something like that). And only then the subkeys were revoked. The said manual does mention the command "quit" only once, and not even in a general place explaining the operations of gpg, and in fact without any explanation as to the impact of that command. Of course I am happy to have found out, but let's hope that I remember when after perhaps 2 years time I have to use gpg shell again B/ It is not at all clear to me how to start the gpg shell. For example: 1/ if (under the CMD terminal) I command "gpg -K", the lists of private keys is returned, but I am also returned to CMD, that is, kicked out of the gpg shell. 2/ if (CMD) I command "gpg --edit-key X" (where X is key identifier), I do indeed enter the gpg shell, the screen showing "gpg>". That all may be allright, HOWEVER: 3/ if (CMD) I command "gpg", the return is: "gpg: WARNING: no command supplied. Trying to guess what you mean ... gpg: Go ahead and type your message . Then if I type a gpg command, everything stalls. No results whatsoever. Even the command "quit" gives no results. So I force quit by Ctrl-C. So, in general, how to start the gpg shell? (FYI: the Windows Powershell ISE shows more weird behaviour than the CMD terminal) This is my system: Win7 gpg --version gpg (GnuPG) 2.2.10 libgcrypt 1.8.2 I hope that the above could be of some use to the developers. Best regards Roland ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Decryption troubles
Dear Werner, Thanks for yr advise. This is what I get, following yr suggestion: ## gpg : gpg: public key is 1594F1502D7EF3B9 At line:1 char:1 + gpg -vd -o C:\Users\Roland\Desktop\Bagger\1.pdf C:\Users\Roland\Desk ... + ~ + CategoryInfo : NotSpecified: (gpg: public key is 1594F1502D7EF3B9:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError gpg: using subkey 1594F1502D7EF3B9 instead of primary key AEEC5E2ED87628F5 gpg: encrypted with 2048-bit RSA key, ID 1594F1502D7EF3B9, created 2017-03-18 "Roland Siemons " gpg: decryption failed: No secret key # I do not know what to do with this information, and shall appreciate if you can get me out of this troubles. For your information, this is returned upon gpg -K: ### C:/Users/Roland/AppData/Roaming/gnupg/pubring.gpg - sec rsa2048 2009-09-27 [SCA] A5F3C219AB2601BEC1BCE4F2AEEC5E2ED87628F5 uid [ultimate] Roland Siemons uid [ultimate] Roland Siemons uid [ultimate] Roland Siemons uid [ultimate] Roland Siemons ssb rsa2048 2009-09-27 [E] ssb# rsa2048 2017-03-18 [E] ssb# rsa2048 2017-03-18 [S] sec> rsa2048 2017-03-18 [SC] FA8FD0825931914AD032F6A40E92D34261B68C62 Card serial no. = 0005 47CF uid [ unknown] Roland Siemons ssb> rsa2048 2017-03-18 [A] ssb> rsa2048 2017-03-18 [E] # Best regards, Roland On 10/10/2018 18:09, Werner Koch wrote: On Wed, 10 Oct 2018 14:02, siem...@cleanfuels.nl said: I am using GPA with GnuPG 2.2.10. IIRC, the latest released GPA version is way behind what we have in the repo. To figure out your problem, please run gpg on the command line: gpg -vd -o OUTPUTFILE ENCRYPTED_FILE check the error messages you see. Salam-Shalom, Werner -- Roland Siemons Haaksbergerstraat 205 ENSCHEDE t: O645616734 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Decryption troubles
Dear Werner, Thanks for yr advise. This is what I get, following yr suggestion: ## gpg : gpg: public key is 1594F1502D7EF3B9 At line:1 char:1 + gpg -vd -o C:\Users\Roland\Desktop\Bagger\1.pdf C:\Users\Roland\Desk ... + ~ + CategoryInfo : NotSpecified: (gpg: public key is 1594F1502D7EF3B9:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError gpg: using subkey 1594F1502D7EF3B9 instead of primary key AEEC5E2ED87628F5 gpg: encrypted with 2048-bit RSA key, ID 1594F1502D7EF3B9, created 2017-03-18 "Roland Siemons " gpg: decryption failed: No secret key # I do not know what to do with this information, and shall appreciate if you can get me out of this troubles. For your information, this is returned upon gpg -K: ### C:/Users/Roland/AppData/Roaming/gnupg/pubring.gpg - sec rsa2048 2009-09-27 [SCA] A5F3C219AB2601BEC1BCE4F2AEEC5E2ED87628F5 uid [ultimate] Roland Siemons uid [ultimate] Roland Siemons uid [ultimate] Roland Siemons uid [ultimate] Roland Siemons ssb rsa2048 2009-09-27 [E] ssb# rsa2048 2017-03-18 [E] ssb# rsa2048 2017-03-18 [S] sec> rsa2048 2017-03-18 [SC] FA8FD0825931914AD032F6A40E92D34261B68C62 Card serial no. = 0005 47CF uid [ unknown] Roland Siemons ssb> rsa2048 2017-03-18 [A] ssb> rsa2048 2017-03-18 [E] ##### Best regards, Roland On 10/10/2018 18:09, Werner Koch wrote: > On Wed, 10 Oct 2018 14:02, siem...@cleanfuels.nl said: > >> I am using GPA with GnuPG 2.2.10. > IIRC, the latest released GPA version is way behind what we have in the > repo. > > To figure out your problem, please run gpg on the command line: > > gpg -vd -o OUTPUTFILE ENCRYPTED_FILE > > check the error messages you see. > > > Salam-Shalom, > >Werner > -- Roland Siemons Haaksbergerstraat 205 ENSCHEDE t: O645616734 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Decryption troubles
Dear Werner, Thanks for yr advise. This is what I get, following yr suggestion: ## gpg : gpg: public key is 1594F1502D7EF3B9 At line:1 char:1 + gpg -vd -o C:\Users\Roland\Desktop\Bagger\1.pdf C:\Users\Roland\Desk ... + ~ + CategoryInfo : NotSpecified: (gpg: public key is 1594F1502D7EF3B9:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError gpg: using subkey 1594F1502D7EF3B9 instead of primary key AEEC5E2ED87628F5 gpg: encrypted with 2048-bit RSA key, ID 1594F1502D7EF3B9, created 2017-03-18 "Roland Siemons " gpg: decryption failed: No secret key # I do not know what to do with this information, and shall appreciate if you can get me out of this troubles. For your information, this is returned upon gpg -K: ### C:/Users/Roland/AppData/Roaming/gnupg/pubring.gpg - sec rsa2048 2009-09-27 [SCA] A5F3C219AB2601BEC1BCE4F2AEEC5E2ED87628F5 uid [ultimate] Roland Siemons uid [ultimate] Roland Siemons uid [ultimate] Roland Siemons uid [ultimate] Roland Siemons ssb rsa2048 2009-09-27 [E] ssb# rsa2048 2017-03-18 [E] ssb# rsa2048 2017-03-18 [S] sec> rsa2048 2017-03-18 [SC] FA8FD0825931914AD032F6A40E92D34261B68C62 Card serial no. = 0005 47CF uid [ unknown] Roland Siemons ssb> rsa2048 2017-03-18 [A] ssb> rsa2048 2017-03-18 [E] # Best regards, Roland On 10/10/2018 18:09, Werner Koch wrote: On Wed, 10 Oct 2018 14:02, siem...@cleanfuels.nl said: I am using GPA with GnuPG 2.2.10. IIRC, the latest released GPA version is way behind what we have in the repo. To figure out your problem, please run gpg on the command line: gpg -vd -o OUTPUTFILE ENCRYPTED_FILE check the error messages you see. Salam-Shalom, Werner -- Roland Siemons Haaksbergerstraat 205 ENSCHEDE t: O645616734 0xAEEC5E2ED87628F5.asc Description: application/pgp-keys ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Decryption troubles
Dear GNUPGs, I have strange troubles with my key. I DO can decrypt encrypted files that other people prepared for me, using the public part of my key for encryption. I canNOT decrypt files that were made by myself, using the same key. I receive this error message: "The GPGME library returned an unexpected error at gpafiledecryptop.c:540. The error was: No secret key." I am using GPA with GnuPG 2.2.10. Please advise! -- Roland Siemons Haaksbergerstraat 205 ENSCHEDE t: O645616734 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Help needed with key
Dear GNUPGs, I have strange troubles with my key. I DO can decrypt encrypted files that other people prepared for me, using the public part of my key for encryption. Public key attached to this message. I canNOT decrypt files that were made by myself, using the same key. I receive this error message: "The GPGME library returned an unexpected error at gpafiledecryptop.c:540. The error was: No secret key." I am using GPA with GnuPG 2.2.10. Please advise! -- Roland Siemons Haaksbergerstraat 205 ENSCHEDE t: O645616734 0xAEEC5E2ED87628F5.asc Description: application/pgp-keys ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Help needed with key
Dear GNUPGs, I have strange troubles with my key. I DO can decrypt encrypted files that other people prepared for me, using the public part of my key for encryption. Public key attached to this message. I canNOT decrypt files that were made by myself, using the same key. I receive this error message: "The GPGME library returned an unexpected error at gpafiledecryptop.c:540. The error was: No secret key." I am using GPA with GnuPG 2.2.10. Please advise! -- Roland Siemons Haaksbergerstraat 205 ENSCHEDE t: O645616734 0xAEEC5E2ED87628F5.asc Description: application/pgp-keys ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Subkeys
Dear GnuPG As a user of GPG4Win, is there any explanation in the compendium about the meaning and use of subkeys (I cannot find anything about that matter in the The Gpg4win Compendium 3.0.0) Best regards, -- Roland Siemons 0xAEEC5E2ED87628F5.asc Description: application/pgp-keys ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gnupg-users Digest, Vol 180, Issue 3
@ Dirk Gottschalk: Thanks for very effective response to my first question! Remains: How can I see what is on the smartcard? How can I copy files to the smartcard? I studied the GnuPG Smartcard How-To (www.gnupg.org/howtos/card-howto/en/smartcard-howto.html), but that is entirely linux oriented. Whereas I am working on a win7 system. HOWEVER, by trial and error, I found out that the same commands work on the command line terminal of Win7. I shall test it further. Best regards, Roland On 04/09/2018 09:52, gnupg-users-requ...@gnupg.org wrote: > Send Gnupg-users mailing list submissions to > gnupg-users@gnupg.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.gnupg.org/mailman/listinfo/gnupg-users > or, via email, send a message with subject or body 'help' to > gnupg-users-requ...@gnupg.org > > You can reach the person managing the list at > gnupg-users-ow...@gnupg.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Gnupg-users digest..." > > > Today's Topics: > >1. Re: revocation troubles & smartcard troubles (Dirk Gottschalk) >2. AW: How to fix "ERROR key_generate 3355453" / "GENKEY' > failed: IPC call has been cancelled" (Fiedler Roman) >3. Re: AW: How to fix "ERROR key_generate 3355453" / "GENKEY' > failed: IPC call has been cancelled" (Peter Lebbing) >4. Re: AW: How to fix "ERROR key_generate 3355453" / "GENKEY' > failed: IPC call has been cancelled" (Werner Koch) >5. AW: How to fix "ERROR key_generate 3355453" / "GENKEY' > failed: IPC call has been cancelled" (Fiedler Roman) > > > -- > > Message: 1 > Date: Mon, 03 Sep 2018 18:41:29 +0200 > From: Dirk Gottschalk > To: gnupg-users@gnupg.org > Subject: Re: revocation troubles & smartcard troubles > Message-ID: > Content-Type: text/plain; charset="utf-8" > > As long as you did not publish reports revocation, delete the key and > re-import it without the revocation cert. > > Am 3. September 2018 17:03:19 MESZ schrieb "Roland Siemons (P)" > : >> Dear GnuPG, >> >> I am already using GnuPG for a long time. But try to improve my >> understanding of and working with it. >> I became a member of Free Software Foundation Europe, and got a >> smartcard. I wanted to use it. >> >> And that is where the trouble started: >> I intended to copy all my personal keys to the smart card. >> In Kleopatra, I selected "Tools/Manage smartcards" >> Then I selected "Import a certificate from a file", and selected files > >from my laptop. >> I was under the impression that I was copying files to the smartcard. >> By doing so, I not only selected my private key but also my revocation >> key (because, why should I enable a thief of my laptop to revoke my >> key?). >> And then it appeared that I had revoked my entire key pair. Unintended! >> Apparently, under smartcard management, I was not at all copying files >> to the smartcard. Apparently, I was doing something else. Did I at all >> copy files to the smartcard? >> >> Questions: >> Can I UNrevoke that key? >> How can I see what is on the smartcard? >> How can I copy files to the smartcard? >> >> I studied the GnuPG Smartcard How-To >> (www.gnupg.org/howtos/card-howto/en/smartcard-howto.html), but that is >> entirely linux oriented. >> I am working on a win7 system. >> >> Can anyone help me further? >> >> Thanks! >> >> Roland > 0xAEEC5E2ED87628F5.asc Description: application/pgp-keys ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
revocation troubles & smartcard troubles
Dear GnuPG, I am already using GnuPG for a long time. But try to improve my understanding of and working with it. I became a member of Free Software Foundation Europe, and got a smartcard. I wanted to use it. And that is where the trouble started: I intended to copy all my personal keys to the smart card. In Kleopatra, I selected "Tools/Manage smartcards" Then I selected "Import a certificate from a file", and selected files from my laptop. I was under the impression that I was copying files to the smartcard. By doing so, I not only selected my private key but also my revocation key (because, why should I enable a thief of my laptop to revoke my key?). And then it appeared that I had revoked my entire key pair. Unintended! Apparently, under smartcard management, I was not at all copying files to the smartcard. Apparently, I was doing something else. Did I at all copy files to the smartcard? Questions: Can I UNrevoke that key? How can I see what is on the smartcard? How can I copy files to the smartcard? I studied the GnuPG Smartcard How-To (www.gnupg.org/howtos/card-howto/en/smartcard-howto.html), but that is entirely linux oriented. I am working on a win7 system. Can anyone help me further? Thanks! Roland 0xAEEC5E2ED87628F5.asc Description: application/pgp-keys ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Win7: Kleopatra does not open
Dear Forum, I recently installed GnuPG (Gpg4Win). My purpose is to be able to create encrypted files for exchange via email. No integration with an email client such as Thunderbird. Therefore I need to be able to execute Kleopatra or GPA. Unfortunately Kleopatra does not work. I tried both from a desktop shortcut, and the command prompt (terminal). Just no reaction at all. I tried several re-installs. On 2 occasions it got working, but gave up a day later. Reinstall some success, and then failure again ... Any suggestions? Best regards, Roland Siemons ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: BUG 1253 hace 8 horas *** No rule to make target `../cipher/libcipher.a', needed by `gpgsplit'. Stop chatting diegoas
Hi, I tried to build gnupg-1.4.11 on a local Solaris 10 zone and got the same error as described in bug 1253: make[1]: *** No rule to make target `../cipher/libcipher.a', needed by `gpgsplit'. Stop. I could not resolve the problem by using a current gnu make instead of the Solaris make. The problem is stated as solved in your tasklist, but unfortunately I cannot look into the solution. Please assist. Mit freundlichen Grüßen Roland Lorenz Commerzbank AG Group Information Technology GS-ITR 3.2.1 - SAP Technical Services Postanschrift: 60261 Frankfurt am Main Geschäftsräume: Mainzer Landstr. 155, 60327 Frankfurt am Main DLZ4 05.66.228 Tel.: +49 69 136 - 459 23 roland.lor...@commerzbank.com http://www.commerzbank.de Commerzbank Aktiengesellschaft, Frankfurt am Main Handelsregister/Commercial Register: Amtsgericht Frankfurt am Main, HRB 32000 Vorsitzender des Aufsichtsrates/Chairman of the Supervisory Board: Klaus-Peter Müller Vorstand/Board of Managing Directors: Martin Blessing (Vorsitzender/Chairman), Frank Annuscheit, Markus Beumer, Achim Kassow, Jochen Klösges, Michael Reuther, Stefan Schmittmann, Ulrich Sieber, Eric Strutz, Martin Zielke ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
