Re: New beta
On Sat, 27 Sep 2014 18:03, 2014-667rhzu3dc-lists-gro...@riseup.net said: But it would not import the ECC subkey, and the output simply told me skipped subkey. I suppose this would be because, as you said, the subkey binding signature could not be verified. Correct. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Thursday 25 September 2014 at 7:12:12 PM, in mid:54245afc.3030...@gmail.com, Murphy wrote: On 09/25/2014 01:06 PM, MFPA wrote: Other than whether GnuPG 1.x locks up on encountering the unrecognised key type when trying to encrypt, or whether it errors out, or just uses the next encryption-capable subkey. I think this can only be tested with the public key. Also here are the public keys for Grumpy from both gpg and gpg2.1 Thanks. Using GnuPG 1.4.18, I succcessfully signed with and encrypted to Grumpy's key. GnuPG output for signing:- C:\Documents and Settings\Administrator\Desktop\Scribble_Padgpg --local-user grumpy --clearsign test.txt gpg: using character set `utf-8' gpg: can't handle public key algorithm 19 gpg: no secret subkey for public subkey 0x4EB8453C635A015B - ignoring You need a passphrase to unlock the secret key foruser: Grumpy (RSA) g@g 2048-bit RSA key, ID 0x0C6C60ECF7CD83F4, created 2014-09-24 gpg: writing to `test.txt.asc' gpg: RSA/SHA512 signature from: 0x0C6C60ECF7CD83F4 Grumpy (RSA) g@g The file was signed with the main key after not recognising the secret subkey. Signature verified OK. GnuPG output for encryption(+signing):- C:\Documents and Settings\Administrator\Desktop\Scribble_Padgpg --local-user gr umpy --clearsign test.txt gpg: using character set `utf-8' gpg: can't handle public key algorithm 19 gpg: no secret subkey for public subkey 0x4EB8453C635A015B - ignoring You need a passphrase to unlock the secret key for user: Grumpy (RSA) g@g 2048-bit RSA key, ID 0x0C6C60ECF7CD83F4, created 2014-09-24 File `test.txt.asc' exists. Overwrite? (y/N) y gpg: writing to `test.txt.asc' gpg: RSA/SHA512 signature from: 0x0C6C60ECF7CD83F4 Grumpy (RSA) g@g File was encrypted to the older, encryption-capable, RSA subkey. Decrypted OK (and the signature was good). So, it would seem that adding ECC signing subkeys to an RSA key does not completely break compatibility with GnuPG 1.4.18: the 1.4.x user can still encrypt to the non-ecc subkey and can sign with the main key. Obviously ECC signatures could not be checked with 1.4.x. Presumably, it would still work if the ECC subkey were an encryption-capable subkey. But I have not seen this in action. And I wonder whether 1.4.x could cope with RSA subkeys on an ECC main key. - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net Learning without thought is naught; thought without learning is dangerous. -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlQmx+tXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5plNQD/39jYLv3f3TumrDZ0HFDpFXTLWEDI0tAVRpy DrYXdBl+4LUIaAajw6IKC14BssCCmkswhz2CHbSnzVRrly1kc1j/AZgKrhVNnptK UyE/FH1v8rps51fY2D6Fe4XLiEGHE5MgeET9KdqYyQ5WVSOBkDVYQOt3LixBb/eB HK+Yx4Jo =bush -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
On Sat, 27 Sep 2014 16:21, 2014-667rhzu3dc-lists-gro...@riseup.net said: And I wonder whether 1.4.x could cope with RSA subkeys on an ECC main key. No, it won't be able to handle such a key. It is not possible to verify the user-id and subkey binding signatures which are done by the primary key. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Saturday 27 September 2014 at 3:31:38 PM, in mid:87k34pi185@vigenere.g10code.de, Werner Koch wrote: On Sat, 27 Sep 2014 16:21, 2014-667rhzu3dc-lists-gro...@riseup.net said: And I wonder whether 1.4.x could cope with RSA subkeys on an ECC main key. No, it won't be able to handle such a key. It is not possible to verify the user-id and subkey binding signatures which are done by the primary key. I already tried to import an ECC key with 1.4.18, to see what would happen. This was an ECC main key with an ECC subkey. It imported the ECC main key, and warned me the user-id was non-selfsigned. But it would not import the ECC subkey, and the output simply told me skipped subkey. I suppose this would be because, as you said, the subkey binding signature could not be verified. - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net All generalisations are dangerous, even this one. -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlQm3+VXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pLb8EAL1dVRxvGOcu07oqGxP5ve4RigzBXiXkPmZk 3bk/ehg7UUgY4I3hfZrv7WauU0QKWufd8laaYJw1YLhLVD9tnq6HaxkJrC6jXEUs jK2LtE6YzpGp+Ak895qh4QVLrSFQR4Z69F9/CqXmHXbliL12ztYEeRPV8KBZ4Pen sBRLdly0 =OQ37 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
On 2014-09-25, Werner Koch wrote: On Wed, 24 Sep 2014 17:56, lech...@wi.uni-muenster.de said: This is what happens if I extract gnupg-2.1.0-beta834.tar.bz2 and execute that command on Ubuntu 10.04.4 LTS. Hmmm. The first call to gnupg's autogen.sh is ./autogen.sh --silent --print-build can you please run it to see whether you get the cross-compiler missing error No, I get this: i686-pc-linux-gnu Actually, with the wget workaround compilation starts and continues until the compilation error for oidtranstbl.h. If I fix that file, compilation succeeds. (Apparently, the stop message by autogen.sh is not important in my case.) Best wishes Jens ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
On Wed, 24 Sep 2014 17:56, lech...@wi.uni-muenster.de said: This is what happens if I extract gnupg-2.1.0-beta834.tar.bz2 and execute that command on Ubuntu 10.04.4 LTS. Hmmm. The first call to gnupg's autogen.sh is ./autogen.sh --silent --print-build can you please run it to see whether you get the cross-compiler missing error and if so run it as sh -x ./autogen.sh --silent --print-build GNU Wget 1.12, (C) 2009. If I change the urlbase in getswdb.sh to https://gnupg.org/, that version works, though. Mine is 1.13 - maybe there is a problem with SubjectAltName in that version. As a workaround I change the urlbase. make by mkoidtbl.awk. In my case, /etc/dumpasn1/dumpasn1.cfg is used as input, which is DOS encoded. Okay, I'll fix it. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
On Mon, 22 Sep 2014 21:12, robe...@broadcom.com said: This might be off topic, but the thread mentions Fedora. Can you please tell me how easy it would be to produce a GPG2 stable RPM for Fedora? Currently they only supply GPG1 as an option from Yum. I would really like to get them to produce a GPG-2 version. Fedora has a gnupg2 package. If you want to try out the new 2.1 beta, you may use the Speedo system. I am pretty sure that it will work on Fedora and any other Unix system with gmake and some basic tools installed. What may not work is building a Windows version of GnuPG on Fedora. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
On 2014-09-18, Werner Koch wrote: To quickly build all required software without installing it, the Speedo method may be used: make -f build-aux/speedo.mk native I get this: --8---cut here---start-8--- autogen.sh: cross compiler kit not installed autogen.sh: Stop. autogen.sh: cross compiler kit not installed autogen.sh: Stop. make -f /home/lechten/local/gnupg-2.1.0-beta834/build-aux/speedo.mk UPD_SWDB=1 TARGETOS=native WHAT=release WITH_GUI=0 all download of swdb.lst failed. make[1]: Betrete Verzeichnis '/home/lechten/local/gnupg-2.1.0-beta834' /home/lechten/local/gnupg-2.1.0-beta834/build-aux/speedo.mk:203: *** Error getting GnuPG software version database. Schluss. make[1]: Verlasse Verzeichnis '/home/lechten/local/gnupg-2.1.0-beta834' make: *** [native] Fehler 2 --8---cut here---end---8--- Wget fails in getswdb.sh. A manual call shows two things: First, the certificate’s Common Name »gnupg.org« does not match the contacted host »www.gnupg.org«. Second, it complains about a self-signed certificate (the issuer is unknown here). Wget’s output recommends the option »--no-check-certificate«. Also, compilation of libksba-1.3.1 fails. The following error occurs once for every entry of the struct oidtranstbl. --8---cut here---start-8--- oidtranstbl.h error: missing terminating character --8---cut here---end---8--- Somehow, the trailing Carriage Returns (0x0d) at the end of the oids in oidtranstbl.h confuse the compiler (gcc 4.4.3). If I remove them, compilation succeeds. Best wishes Jens ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: New beta
Hi Werner, OK, thanks. I was using the wrong yum search string gpg not gnupg. It showed up and I installed it. Looking forward to setting up the beta. Danke! Thanks, Bob Cavanaugh Broadcom Corporation 16340 West Bernardo Drive San Diego CA 92127 Work:858-521-5562 Fax: 858-385-8810 Cell:858-361-2068 -Original Message- From: Werner Koch [mailto:w...@gnupg.org] Sent: Tuesday, September 23, 2014 12:23 AM To: Bob (Robert) Cavanaugh Cc: Murphy; gnupg-users@gnupg.org Subject: Re: New beta On Mon, 22 Sep 2014 21:12, robe...@broadcom.com said: This might be off topic, but the thread mentions Fedora. Can you please tell me how easy it would be to produce a GPG2 stable RPM for Fedora? Currently they only supply GPG1 as an option from Yum. I would really like to get them to produce a GPG-2 version. Fedora has a gnupg2 package. If you want to try out the new 2.1 beta, you may use the Speedo system. I am pretty sure that it will work on Fedora and any other Unix system with gmake and some basic tools installed. What may not work is building a Windows version of GnuPG on Fedora. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
On Tue, 23 Sep 2014 17:29, lech...@wi.uni-muenster.de said: make -f build-aux/speedo.mk native I get this: autogen.sh: cross compiler kit not installed You seem to be building for Windows but I wonder how you did this given that TARGETOS=native WHAT=release WITH_GUI=0 all TARGETOS is not w32. Wget fails in getswdb.sh. A manual call shows two things: First, the certificate’s Common Name »gnupg.org« does not match the contacted host »www.gnupg.org«. That is strange. gnupg.org and www.gnupg.org are both certified: ID: 0x47DC00C7 S/N: 20FC49CE90861FC8DDB0D46275236F22 Issuer: /CN=Gandi Standard SSL CA/O=GANDI SAS/C=FR Subject: /CN=gnupg.org/OU=Gandi Standard SSL/OU=Domain Control Validated aka: (dns-name gnupg.org) aka: (dns-name www.gnupg.org) validity: 2014-03-18 00:00:00 through 2016-03-18 23:59:59 key type: 2048 bit RSA key usage: digitalSignature keyEncipherment ext key usage: serverAuth (suggested), clientAuth (suggested) policies: 1.3.6.1.4.1.6449.1.2.2.26:N:,2.23.140.1.2.1:N: fingerprint: 9E:71:3A:82:D8:87:E3:32:35:FB:62:07:59:86:7B:B6:47:DC:00:C7 May that be an old broen version of wget? Somehow, the trailing Carriage Returns (0x0d) at the end of the oids in oidtranstbl.h confuse the compiler (gcc 4.4.3). If I remove them, CR in a source file? Are you building on Windows? Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
On Sun, 21 Sep 2014 11:59, pe...@digitalbrains.com said: What is the net effect when GnuPG 1.4 encounters, for example, such a key: RSA pubkey with Certify and Sign capabilities RSA subkey with Encrypt capability, created 2014-04-01 ECC subkey with Encrypt capability, created 2014-09-21 Everything is non-expired. If I were to try to encrypt to it, would 1.4 pick the RSA subkey because it is valid and understandable to it, or would it fail to encrypt to this key because it can't parse ECC keys? I did some tests: $ gpg1 -k 9613A41C pub 1024R/9613A41C 2014-09-22 uid RSA+RSA key created by gpg1 (test) sub 1024R/0CA0BC98 2014-09-22 sub 0e/A519E3EC 2014-09-22 $ ../g10/gpg2 -k 9613A41C pub rsa1024/9613A41C 2014-09-22 uid [ultimate] RSA+RSA key created by gpg1 (test) sub rsa1024/0CA0BC98 2014-09-22 sub nistp256/A519E3EC 2014-09-22 nistp256 You can't see it in this output but the ECC keys has been created a minute or so after the standard key (with gpg2 of course). The initial keyring was created by gpg1 --export pubring.gpg and then gpg1 was used to create a new standard key. I redacted some diagnostics. $ fortune | ../g10/gpg2 -evar 9613A41C x gpg: using subkey A519E3EC instead of primary key 9613A41C gpg: using PGP trust model gpg: This key belongs to us gpg: reading from '[stdin]' gpg: writing to stdout gpg: ECDH/AES256 encrypted for: A519E3EC RSA+RSA key created by gpg1 (test) $ ../g10/gpg2 x gpg: encrypted with 256-bit ECDH key, ID A519E3EC, created 2014-09-22 RSA+RSA key created by gpg1 (test) I believe in an America where the separation of church and state is absolute -- where no Catholic prelate would tell the president (should he be Catholic) how to act, and no Protestant minister would tell his parishioners for whom to vote--where no church or church school is granted any public funds or political preference--and where no man is denied public office merely because his religion differs from the president who might appoint him or the people who might elect him. - from John F. Kennedy's address to the Greater Houston Ministerial Association September 12, 1960. As expected the ECC key was used. $ gpg1 x gpg: encrypted with 0-bit [?] key, ID A519E3EC, created 2014-09-22 RSA+RSA key created by gpg1 (test) gpg: public key decryption failed: unknown pubkey algorithm gpg: decryption failed: secret key not available and gpg1 is not able to decrypt it. $ fortune | gpg1 -evar 9613A41C x gpg: using subkey 0CA0BC98 instead of primary key 9613A41C gpg: using PGP trust model gpg: This key belongs to us gpg: reading from `[stdin]' gpg: writing to stdout gpg: RSA/AES256 encrypted for: 0CA0BC98 RSA+RSA key created by gpg1 (test) The RSA key was used. $ gpg1 x You need a passphrase to unlock the secret key for user: RSA+RSA key created by gpg1 (test) 1024-bit RSA key, ID 0CA0BC98, created 2014-09-22 (main key ID 9613A41C) gpg: encrypted with 1024-bit RSA key, ID 0CA0BC98, created 2014-09-22 RSA+RSA key created by gpg1 (test) ... eighty years later he could still recall with the young pang of his original joy his falling in love with Ada. -- Nabokov and gpg1 is able to decrypt it. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
Thank you for this clear example! Luckily, it behaves as you would hope, picking the valid subkey it can use and ignoring the one it can't. Cheers, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://digitalbrains.com/2012/openpgp-key-peter ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
On Sun, 21 Sep 2014 03:47, mac3...@gmail.com said: for me I cannot then get it to perform its duty. I execute the suggested command LD_LIBRARY_PATH=$(pwd)/PLAY/inst/lib typed exactly as written above, and then nothing happens. gpg2 continues to execute as the previously installed version. Any ideas? Weel the above is not a command but the way to set variables in the shell. Programs won't pick these variabales up unless you do either NAME=VALUE PROGRAM or for setting it for the entire session you need to mark the variable: NAME=VALUE export NAME after that all programs can access this variable. Now to run the actual binary you have to type the name of the program: PLAY/inst/bin/gpg2 assuming you are in the top build directory or you add it to your PATH PATH=$(pwd)/PLAY/inst/bin:$PATH (An export command for PATH has already been done by tye shell) admit, I am relatively new to Linux but can somebody give me a hint as to what is meant by ../? A simple command to create the required The parent directory. I suggest that you read up a bit on Unix shell use because all build instructions are written under the assumption that is is known. Yes, I know that this is the gnupg-isers mailing liste and we should not assume that all subscribers are Unix gurus. However, in the past that seems to have been the case. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: New beta
Hi Werner, This might be off topic, but the thread mentions Fedora. Can you please tell me how easy it would be to produce a GPG2 stable RPM for Fedora? Currently they only supply GPG1 as an option from Yum. I would really like to get them to produce a GPG-2 version. Thanks, Bob Cavanaugh Broadcom Corporation 16340 West Bernardo Drive San Diego CA 92127 Work:858-521-5562 Fax: 858-385-8810 Cell:858-361-2068 -Original Message- From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Werner Koch Sent: Monday, September 22, 2014 3:35 AM To: Murphy Cc: gnupg-users@gnupg.org Subject: Re: New beta On Sun, 21 Sep 2014 03:47, mac3...@gmail.com said: for me I cannot then get it to perform its duty. I execute the suggested command LD_LIBRARY_PATH=$(pwd)/PLAY/inst/lib typed exactly as written above, and then nothing happens. gpg2 continues to execute as the previously installed version. Any ideas? Weel the above is not a command but the way to set variables in the shell. Programs won't pick these variabales up unless you do either NAME=VALUE PROGRAM or for setting it for the entire session you need to mark the variable: NAME=VALUE export NAME after that all programs can access this variable. Now to run the actual binary you have to type the name of the program: PLAY/inst/bin/gpg2 assuming you are in the top build directory or you add it to your PATH PATH=$(pwd)/PLAY/inst/bin:$PATH (An export command for PATH has already been done by tye shell) admit, I am relatively new to Linux but can somebody give me a hint as to what is meant by ../? A simple command to create the required The parent directory. I suggest that you read up a bit on Unix shell use because all build instructions are written under the assumption that is is known. Yes, I know that this is the gnupg-isers mailing liste and we should not assume that all subscribers are Unix gurus. However, in the past that seems to have been the case. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
On 20/09/14 17:06, Werner Koch wrote: But given that 1.4 is not able to parse ECC keys the selection process can't consider an ECC key in the first place. What is the net effect when GnuPG 1.4 encounters, for example, such a key: RSA pubkey with Certify and Sign capabilities RSA subkey with Encrypt capability, created 2014-04-01 ECC subkey with Encrypt capability, created 2014-09-21 Everything is non-expired. If I were to try to encrypt to it, would 1.4 pick the RSA subkey because it is valid and understandable to it, or would it fail to encrypt to this key because it can't parse ECC keys? Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://digitalbrains.com/2012/openpgp-key-peter ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
On 20/09/14 16:23, Murphy wrote: What, please, is the reason for the step no. 2 in the above list ? This is a command to prevent gnome from hijacking pinentry. Without it or something like it error messages are generated during execution of the gpg2 command. I forget who suggested it but I remember that Werner endorsed it. What are the symptoms of gnome highjacking pinentry ? I'm using UbuntuStudio1404 - Enigmail (w.thunderbird) is working with gpg2. When I need to enter a passphrase for enigmail, it goes into the pinentry-gtk2 dialog box ok. The system monitor shows me that gnome-keyring-daemon process is running (but I don't think I'm actually doing anything with gnome keyrings) but it doesn't seem to interfere with encrypting/decrypting or signing emails or using gpg2 to verify signatures from the cli. Philip signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What are the symptoms of gnome highjacking pinentry ? Phillip, if you are encrypting/decrypting or signing emails with gpg2 and having no problems with error messages then you don't need to put in the command of step no. 2. The symptoms of a hijacking is that when gpg2 tries to put up a pinentry box gnome keyring hijacks the process and puts up its own box. Recent versions of gnupg-2.0.x will then display an error message in the terminal and bad things happen. Either you only get one attempt at changing passphrases or the whole process crashes. The process may succeed or not, it is unpredictable. If you wish to witness it first hand I recommend using virtualbox. Set up a fresh install of Ubuntu inside virtualbox (really easy and fun) and then install Gnupg-2.1.0 without the command in step 2. Then try to generate a key, if you can. The virtualbox environment is perfect for experimenting with new beta versions and playing with ECC keys and subkeys, without disturbing you regular production environment. Murphy -BEGIN PGP SIGNATURE- Version: GnuPG v1 iJwEAQECAAYFAlQfLbMACgkQUVKxkWZz2Q25uQP9GgJikeZPNYVBYQ2Gkzr4OP7r jFMhyQyfeut5RWgx6CPovH13nJXXR2tOnJnzkCAimZr07rIZh2WQbCKF8r5cFWFs yJGG2/en9xUeZiDOzvMT5oJ6WJdHJNJzf4hLZGF4pEzgHYC596z9L9u28S7dBRws f3rAdWupaWmKSuyXB6o= =0o7W -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
On Fri, 19 Sep 2014 22:15, r...@sixdemonbag.org said: It would be nice if it could also be checked with Fedora. CentOS/RHEL My idea was to check that the required software is available and not to check for a certain distribution. One major problem has always been that the mingw toolchain often has regressions which lead to subtle errors at runtime and sometimes even the build breaks. This is why I suggest Debian as the OS I use for development. However, I'm unaware of anyone who's calling this a blocker, so it's a pretty low priority. (See, folks? I apply the Note that low given that Debconf's BoF mentioned that they need to build gpg also for Windows - Fedora should have simalir requirements. GnuPG-1, though. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Saturday 20 September 2014 at 1:13:27 AM, in mid:541cc6a7.9040...@gmail.com, Murphy wrote: Of course your milage may vary, machine blow up and hard drive autowipe. But it works for me and it is definitely worth it to play with all the new elliptical curve modes: If you add an ECC subkey to an RSA or DSA mainkey, does GnuPG 1.4.x or 2.0.x ignore it and revert to the next newest subkey? Or does compatibility require the RSA or ElGamel subkey to be newer than the ECC subkey? - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net Dollar sign - An S that's been double crossed -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlQdXZdXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pL5EEAJ31z7VWceuK+GiRCvxmXZ0l/e2aLeobjTeF wviu9y4J7TR+ucNtnNS8YcVa1XjB1eptSAzmrOrtTrCw8UGMHdIPhc5aFptLPrTK rI7OGw7BsMbqr6aVUeUx69OR9OF19YGBvGt7ytqFoqRKfJz3vtndNPdoZiUjzb7A zk5z37qc =lMEz -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
On 20/09/14 02:13, Murphy wrote: For my Ubuntu machine hHere is a brief summary of the steps, in order 1. Install latest libraries: npth, libgpg-error, libgcrypt, libksba, libassuan 2. Execute the following command: sudo ln -sf /dev/null /etc/xdg/autostart/gnome-keyring-gpg.desktop 3. sudo apt-get install libdb-dev, libdb++-dev, libbz2-dev 4. Install Openldap-2.4.39 using ./configure, make depend, make, sudo make install 5. sudo apt-get install gtk+-2.0 6. Install pinentry, gnupg-2.1 What, please, is the reason for the step no. 2 in the above list ? Philip signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/09/14 10:20, Murphy wrote: What, please, is the reason for the step no. 2 in the above list ? This is a command to prevent gnome from hijacking pinentry. Without it or something like it error messages are generated during execution of the gpg2 command. I forget who suggested it but I remember that Werner endorsed it. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iJwEAQECAAYFAlQdje0ACgkQUVKxkWZz2Q2jXwP+L7HTEJW5NbV1LHDmTvHJTNTz kgo6jfR7uJ8XMTJQxABfTL4BydBZ81Nnq2FEgDQv4CT9Vxfq1JyKH5MtkLLEb5GW YHM5ONzeH/omYrxoKwdopstBWY5DnjJiQPFalS0Ra3RfbUFKSKwCoCnSpE7aIHcN 9RvzpIMAX1jmvOXpIEU= =wBsG -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
On Sat, 20 Sep 2014 12:57, 2014-667rhzu3dc-lists-gro...@riseup.net said: If you add an ECC subkey to an RSA or DSA mainkey, does GnuPG 1.4.x or 2.0.x ignore it and revert to the next newest subkey? Or does It should do so; if not it is a bug which needs to be fixed soon. But given that 1.4 is not able to parse ECC keys the selection process can't consider an ECC key in the first place. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am definitely having fun with Speedo. After playing around with it in a virtual box Ubuntu environment I can see the advantage. It immediately downloads and installs the required libraries as advertised and builds an executable gpg2 in PLAY/inst/. Unfortunately for me I cannot then get it to perform its duty. I execute the suggested command LD_LIBRARY_PATH=$(pwd)/PLAY/inst/lib typed exactly as written above, and then nothing happens. gpg2 continues to execute as the previously installed version. Any ideas? Ok, onward to the w32-installer. Immediately I am stumped by the simple requirement to put the source packages in ../tarballs. I admit, I am relatively new to Linux but can somebody give me a hint as to what is meant by ../? A simple command to create the required directory would be very helpful. Something I can copy and paste to make it happen. I am committed to making the w32-installer. It will happen. Thanks! -BEGIN PGP SIGNATURE- Version: GnuPG v1 iJwEAQECAAYFAlQeLiYACgkQUVKxkWZz2Q3frAP+PG9C0EktFZge+BXrhx2GxoXu yE1VqmPXjxnG833Brh078xhg026EmJKrtkf2MNmnugcKGvuXHQAcQwjhY/oj2Zzg Ij03Nif1yDfkA01f/Tl8TTF06Ji0nAJ4vA/8hJUZ3E3N1rQqyRJI1O38JsJuq/g5 007fn5JuzNoMQLMXcb8= =Vkjf -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Thursday 18 September 2014 at 5:41:21 PM, in mid:87r3z87ufi@vigenere.g10code.de, Werner Koch wrote: If you have all required tools and some extra source packages in ../tarballs, you may also build a Windows installer: make -f build-aux/speedo.mk w32-installer Does this have to be done under Linux, or can it be done under Windows with the aid of something like MinGW or CodeBlocks? - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net Gypsy Dwarf Escapes Prison: Small Medium at large -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlQcbXhXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5prMAD+wXCEv7vWpJpo/UVZa8c9htb3KT6JYpJfkFG asL0byfm5dcOZl1JSaZKhwNHYAVi2DgFafR7Ls5PWKTyYiEBndaWNCYUGQQKLKGE Dq6WrcC01MLiLkoRebypsoFTVhQw5Av2rIdH6AKaKPC4Ggtbi/kSHFNtjaLc+8qh 5E/FDNTr =0m/q -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
Does this have to be done under Linux, or can it be done under Windows with the aid of something like MinGW or CodeBlocks? Unfortunately, this is not something I'd recommend for anyone except a handful of MinGW experts. It's technically possible, but daunting. The approved way of building Win32 executables of GnuPG is to cross-compile from Linux. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
On 9/19/2014 at 2:18 PM, Robert J. Hansen r...@sixdemonbag.org wrote: Does this have to be done under Linux, or can it be done under Windows with the aid of something like MinGW or CodeBlocks? Unfortunately, this is not something I'd recommend for anyone except a handful of MinGW experts. It's technically possible, but daunting. The approved way of building Win32 executables of GnuPG is to cross-compile from Linux. = Can gnupg-2.1.0-beta834 be compiled on Cygwin ? I tried downloading it from the ftp link WK gave, and when trying to configure on Cygwin, got the following errors: configure: *** You need libgpg-error to build this program *** You need libassuan to build this program *** You need libska to build this program *** It is now required to build with support for the *** New Portable Threads Library (nPth). Please install *** this library first. configure: error: *** Required libraries not found. Please consult the above messages *** and install them before running configure again. Ok, Downloaded all the above libraries from the links provided, started with the first one mentioned, libgpg-error, and got as far as, config.status: creating po/Makefile libgpg-error-1.16 prepared for make Revision: 8f3187f (36657) Platform: i686-pc-cygwin Then after trying 'make', got the following: $ make make all-recursive make[1]: Entering directory `/cygdrive/c/gnupg-2.1.0-beta834/libgpg-error-1.16/l ibgpg-error-1.16' Making all in m4 make[2]: Entering directory `/cygdrive/c/gnupg-2.1.0-beta834/libgpg-error-1.16/l ibgpg-error-1.16/m4' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/cygdrive/c/gnupg-2.1.0-beta834/libgpg-error-1.16/li bgpg-error-1.16/m4' Making all in src make[2]: Entering directory `/cygdrive/c/gnupg-2.1.0-beta834/libgpg-error-1.16/l ibgpg-error-1.16/src' gawk -f ./mkerrnos.awk ./errnos.in code-to-errno.h gawk -f ./mkerrcodes1.awk ./errnos.in _mkerrcodes.h gcc -E _mkerrcodes.h | grep GPG_ERR_ | \ gawk -f ./mkerrcodes.awk mkerrcodes.h rm _mkerrcodes.h gcc -I. -I. -o mkerrcodes ./mkerrcodes.c ./mkerrcodes | gawk -f ./mkerrcodes2.awk code-from-errno.h gawk -f ./mkstrtable.awk -v textidx=2 -v nogettext=1 \ ./err-sources.h.in err-sources-sym.h gawk -f ./mkstrtable.awk -v textidx=2 -v nogettext=1 \ ./err-codes.h.in err-codes-sym.h gawk -f ./mkstrtable.awk -v textidx=2 -v nogettext=1 \ -v prefix=GPG_ERR_ -v namespace=errnos_ \ ./errnos.in errnos-sym.h gcc -g -O0 -I. -I. -o mkheader ./mkheader.c gcc -g -O2 -Wall -Wpointer-arithgen-posix-lock-obj.c -o gen-posix-lock-obj gen-posix-lock-obj.c:40:3: error: #error sizeof pthread_mutex_t is not known. gen-posix-lock-obj.c: In function ‘main’: gen-posix-lock-obj.c:69:21: error: ‘SIZEOF_PTHREAD_MUTEX_T’ undeclared (first use in this function) gen-posix-lock-obj.c:69:21: note: each undeclared identifier is reported only once for each function it appears in gen-posix-lock-obj.c:99:11: error: ‘HOST_TRIPLET_STRING’ undeclared (first use in this function) builtin: recipe for target `gen-posix-lock-obj' failed make[2]: *** [gen-posix-lock-obj] Error 1 make[2]: Leaving directory `/cygdrive/c/gnupg-2.1.0-beta834/libgpg-error-1.16/li bgpg-error-1.16/src' Makefile:402: recipe for target `all-recursive' failed make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/cygdrive/c/gnupg-2.1.0-beta834/libgpg-error-1.16/li bgpg-error-1.16' Makefile:333: recipe for target `all' failed make: *** [all] Error 2 So, can it be done on Cygwin, using other steps/commands first? (btw, have not had any problems compiling, making, and installing gnupg 1.4.x on Cygwin). TIA, vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
On Fri, 19 Sep 2014 20:14, r...@sixdemonbag.org said: The approved way of building Win32 executables of GnuPG is to cross-compile from Linux. and best on Debian Wheezy or Jessie. I plan to eventually add some checks into the Makefile to suggest what to install. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
and best on Debian Wheezy or Jessie. I plan to eventually add some checks into the Makefile to suggest what to install. It would be nice if it could also be checked with Fedora. CentOS/RHEL is really big in the business world, and I know a couple of shops that would like to be able to cross-compile their Windows GnuPG builds from their CentOS/RHEL boxen. However, I'm unaware of anyone who's calling this a blocker, so it's a pretty low priority. (See, folks? I apply the six-real-users-with-real-problems test even to my own requests. ;) ) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In response to vedaal's question - installation of gnupg v2.1 is significantly different from v1.x and even v2.0. For my Ubuntu machine hHere is a brief summary of the steps, in order 1. Install latest libraries: npth, libgpg-error, libgcrypt, libksba, libassuan 2. Execute the following command: sudo ln -sf /dev/null /etc/xdg/autostart/gnome-keyring-gpg.desktop 3. sudo apt-get install libdb-dev, libdb++-dev, libbz2-dev 4. Install Openldap-2.4.39 using ./configure, make depend, make, sudo make install 5. sudo apt-get install gtk+-2.0 6. Install pinentry, gnupg-2.1 Of course your milage may vary, machine blow up and hard drive autowipe. But it works for me and it is definitely worth it to play with all the new elliptical curve modes: me@me:~$ gpg2 --expert --gen-key gpg (GnuPG) 2.1.0-beta834; Copyright (C) 2014 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (7) DSA (set your own capabilities) (8) RSA (set your own capabilities) (9) ECC (10) ECC (sign only) (11) ECC (set your own capabilities) Your selection? 9 Please select which elliptic curve you want: (2) NIST P-256 (3) NIST P-384 (4) NIST P-521 (5) Brainpool P-256 (6) Brainpool P-384 (7) Brainpool P-512 Your selection? -BEGIN PGP SIGNATURE- Version: GnuPG v1 iJwEAQECAAYFAlQcxqcACgkQUVKxkWZz2Q0UlAP+IRkpjRoJ8qwaQmExBU8DUG1+ KNRi5SXTAwdDj/EEmEoSQR54s1GLv7wxEp+Rs4idQMn/Z6titfJRv0KdeBSOG3Te V6KKqX8F2n9tB0DZucXXjzpejHEt1TcXT11c97BV6k5BhUBZ5zVcm8DWa1GhO5r6 8SszspcbBjz+xn95rLs= =ttmO -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
New beta
Hi, I just uploaded a new beta: ftp://ftp.gnupg.org/gcrypt/gnupg/unstable/gnupg-2.1.0-beta834.tar.bz2 ftp://ftp.gnupg.org/gcrypt/gnupg/unstable/gnupg-2.1.0-beta834.tar.bz2.sig Noteworthy changes in version 2.1.0-beta834 (2014-09-18) * gpg: Improved passphrase caching. * gpg: Switched to algorithm number 22 for EdDSA. * gpg: Removed CAST5 from the default preferences. * gpg: Order SHA-1 last in the hash preferences. * gpg: Changed default cipher for --symmetric to AES-128. * gpg: Fixed export of ECC keys and import of EdDSA keys. * dirmngr: Fixed the KS_FETCH command. * speedo: Downloads related packages and works for non-Windows. To quickly build all required software without installing it, the Speedo method may be used: make -f build-aux/speedo.mk native This method downloads all required libraries and does a native build of GnuPG to PLAY/inst/. GNU make is required and you need to set LD_LIBRARY_PATH to $(pwd)/PLAY/inst/lib. If you have all required tools and some extra source packages in ../tarballs, you may also build a Windows installer: make -f build-aux/speedo.mk w32-installer Here is the list of those extra packages atk-1.32.0.tar.bz2 cairo-1.12.16.tar.xz cairo-1.12.16.tar.xz.sha1.asc gdk-pixbuf-2.26.5.tar.xz gettext-0.18.2.1.tar.gz glib-2.34.3.tar.xz gtk+-2.24.17.tar.xz libffi-3.0.13.tar.gz libiconv-1.14.tar.gz libpng-1.4.12.tar.bz2 pango-1.29.4.tar.bz2 pixman-0.32.4.tar.gz pixman-0.32.4.tar.gz.sha1.asc pkg-config-0.23.tar.gz Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] A new Beta of GnuPG 2.1 is now available
On Friday 06 June 2014 at 17:39:44, Werner Koch wrote: On Fri, 6 Jun 2014 13:22, bernh...@intevation.de said: Seriously for Werner (and some others) it is hard to know at what point information is missing where by whom. Actually I know the problem. GnuPG-2 requires a lot of libraries and they all need to be build and installed in a certain order. A dependency diagram would be cool to have! :) This far more labor intensive that ./configure make install. speedo.mk has been written to make building more convenient. Bernhard -- www.intevation.de/~bernhard (CEO)www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] A new Beta of GnuPG 2.1 is now available
On Tue, 10 Jun 2014 16:31, bernh...@intevation.de said: A dependency diagram would be cool to have! :) That is easy. Build in this order: speedo_spkgs = \ libgpg-error npth libgcrypt \ zlib libiconv gettext \ libassuan libksba gnupg \ libffi glib pkg-config \ gpgme \ libpng \ gdk-pixbuf atk pixman cairo pango gtk+ \ pinentry gpa For just gnupg this is sufficient: speedo_spkgs = \ libgpg-error npth libgcrypt \ zlib libiconv gettext \ libassuan libksba gnupg If you need gpgme with glib support you need to install a glib-dev package first or build everything up to gpgme. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] A new Beta of GnuPG 2.1 is now available
Thanks Werner. This is very exciting. This new version already works on ArchLinux via AUR. Now where can we can find this mysterious patch for libgcrypt mentioned in the announcement for enabling encryption with Curve255519 ? I looked at libgcrypt development repository and don't find it. I'm about to release libgcrypt-git and libgcrypt-error-git to AUR as well and wanted to take an opportunity to add that extra support as well. Thank you in advance Alphazo On Thu, Jun 5, 2014 at 5:55 PM, Werner Koch w...@gnupg.org wrote: Hello! I just released the fourth *beta version* of GnuPG 2.1. It has been released to give you the opportunity to check out new features and a new beta was due anyway after 30 months. If you need a stable and fully maintained version of GnuPG, you should use version 2.0.23 or 1.4.16. This versions is marked as BETA and as such it should in general not be used for real work. However, the core functionality is solid enough for a long time and I am using this code base for a couple of years now. What's new in 2.1.0-beta442 since beta3 === * gpg: Add experimental signature support using curve Ed25519 and with a patched Libgcrypt also encryption support with Curve25519. * gpg: Allow use of Brainpool curves. * gpg: Accepts a space separated fingerprint as user ID. This allows to copy and paste the fingerprint from the key listing. * gpg: The hash algorithm is now printed for signature records in key listings. * gpg: Reject signatures made using the MD5 hash algorithm unless the new option --allow-weak-digest-algos or --pgp2 are given. * gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the communication with the gpg-agent. * gpg: Changed the format of key listings. To revert to the old format the option --legacy-list-mode is available. * gpg: New option --pinentry-mode. * gpg: Fixed decryption using an OpenPGP card. * gpg: Fixed bug with deeply nested compressed packets. * gpg: Only the major version number is by default included in the armored output. * gpg: Do not create a trustdb file if --trust-model=always is used. * gpg: Protect against rogue keyservers sending secret keys. * gpg: The format of the fallback key listing (gpg KEYFILE) is now more aligned to the regular key listing (gpg -k). * gpg: The option--show-session-key prints its output now before the decryption of the bulk message starts. * gpg: New %U expando for the photo viewer. * gpg,gpgsm: New option --with-secret. * gpgsm: By default the users are now asked via the Pinentry whether they trust an X.509 root key. To prohibit interactive marking of such keys, the new option --no-allow-mark-trusted may be used. * gpgsm: New commands to export a secret RSA key in PKCS#1 or PKCS#8 format. * gpgsm: Improved handling of re-issued CA certificates. * agent: The included ssh agent does now support ECDSA keys. * agent: New option --enable-putty-support to allow gpg-agent on Windows to act as a Pageant replacement with full smartcard support. * scdaemon: New option --enable-pinpad-varlen. * scdaemon: Various fixes for pinpad equipped card readers. * scdaemon: Rename option --disable-pinpad (was --disable-keypad). * scdaemon: Better support fo CCID readers. Now, internal CCID driver supports readers with no auto configuration feature. * dirmngr: Removed support for the original HKP keyserver which is not anymore used by any site. * dirmngr: Improved support for keyserver pools. * tools: New option --dirmngr for gpg-connect-agent. * The GNU Pth library has been replaced by the new nPth library. * Support installation as portable application under Windows. * All kind of other improvements - see the git log. Getting the Software GnuPG 2.1-beta442 is available at ftp://ftp.gnupg.org/gcrypt/gnupg/unstable/gnupg-2.1.0-beta442.tar.bz2 ftp://ftp.gnupg.org/gcrypt/gnupg/unstable/gnupg-2.1.0-beta442.tar.bz2.sig and soon on all mirrors http://www.gnupg.org/mirrors.html. Please read the README file ! Checking the Integrity == In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-2.0.23.tar.bz2 you would use this command: gpg --verify gnupg-2.1.0-beta442.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed
Re: [Announce] A new Beta of GnuPG 2.1 is now available
On Fri, 6 Jun 2014 00:49, kristian.fiskerstr...@sumptuouscapital.com said: Congratulations on the beta release, it is good to see this development continuing steadily and I can confirm that it is working rather nicely. Well, LDAP keyserver support has not yet been implemented. But that is minor thing just some hours works. A trivial issue with this beta release is the naming; which at least for me gives gpg (GnuPG) 2.1.0-betabeta442 currently :) Ooops. How does that come? My test build shows 2.1.0-beta442 as to be expected. Did you really run just ./configure and make? I just tested it with running ./autogen.sh on the extracted tarball but the error is a different one. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] A new Beta of GnuPG 2.1 is now available
On Fri, 6 Jun 2014 08:18, w...@gnupg.org said: Ooops. How does that come? My test build shows 2.1.0-beta442 as to be Never mind. I just replicated it while hacking on the new Windows installer. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] A new Beta of GnuPG 2.1 is now available
On Thu, Jun 5, 2014 at 4:55 PM, Werner Koch w...@gnupg.org wrote: Hello! I just released the fourth *beta version* of GnuPG 2.1. It has been released to give you the opportunity to check out new features and a new beta was due anyway after 30 months. Dear Werner, Congratulations on this. I just wonder if anyone would have time to put together a HOW-TO for people building GnuPG 2.1 and all of its associated libraries from source. For those of us who don't do this often, this is currently a rather frustrating process, and a mini-how-to explaining what all the pieces are and which order to build them would be really welcome. Best wishes, N. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] A new Beta of GnuPG 2.1 is now available
On Fri, 6 Jun 2014 10:13, nicholas.c...@gmail.com said: I just wonder if anyone would have time to put together a HOW-TO for people building GnuPG 2.1 and all of its associated libraries from source. For those of us who don't do this often, this is currently a I know. That is my Marcus once wrote the speedo.mk script: make -f build-aux/speedo.mk However, I fear that it is currently not in the best shape. The reason for this is that I am currently integrating code to build a complete Windows installer including GPA etc. Once this is finished it will be distributed with GnuPG. As of now it is only in the repo. I attach it for reference. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. # speedo.mk - Speedo rebuilds speedily. # Copyright (C) 2008, 2014 g10 Code GmbH # # speedo is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # speedo is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see http://www.gnu.org/licenses/. # speedo builds gnupg-related packages from GIT and installs them in a # user directory, thereby providing a non-obstrusive test environment. # speedo does only work with GNU make. The build system is similar to # that of gpg4win. The following commands are supported: # # make -f speedo.mk all # or # make -f speedo.mk # # Builds all packages and installs them under play/inst. At the end, # speedo prints commands that can be executed in the local shell to # make use of the installed packages. # # make -f speedo.mk clean # or # make -f speedo.mk clean-PACKAGE # # Removes all packages or the package PACKAGE from the installation # and build tree. A subsequent make will rebuild these (and only # these) packages. # # make -f speedo.mk report # or # make -f speedo.mk report-PACKAGE # # Lists packages and versions. # # Set this to git or release. WHAT=release # Set target to native or w32 TARGETOS=native # Number of parallel make jobs MAKE_J=3 # The packages that should be built. The order is also the build order. speedo_spkgs = libgpg-error npth libgcrypt libassuan libksba gnupg gpgme ifneq ($(TARGETOS),w32) speedo_spkgs += gpa endif ifeq ($(TARGETOS),w32) speedo_spkgs += gpgex endif # Version numbers of the released packages # Fixme: Take the version numbers from gnupg-doc/web/swdb.mac libgpg_error_ver = 1.12 npth_ver = 0.91 libgcrypt_ver = 1.6.0 libassuan_ver = 2.1.1 libksba_ver = 1.3.0 gnupg_ver = 2.0.22 gpgme_ver = 1.5.0 gpa_ver = 0.9.5 gpgex_ver = 1.0.0 # The GIT repository. Using a local repo is much faster. #gitrep = git://git.gnupg.org gitrep = ${HOME}/s # The tarball directory pkgrep = ftp://ftp.gnupg.org/gcrypt # For each package, the following variables can be defined: # # speedo_pkg_PACKAGE_git: The GIT repository that should be built. # speedo_pkg_PACKAGE_gitref: The GIT revision to checkout # # speedo_pkg_PACKAGE_tar: URL to the tar file that should be built. # # Exactly one of the above variables is required. Note that this # version of speedo does not cache repositories or tar files, and does # not test the integrity of the downloaded software. If you care # about this, you can also specify filenames to locally verified files. # Filenames are differentiated from URLs by starting with a slash '/'. # # speedo_pkg_PACKAGE_configure: Extra arguments to configure. # # speedo_pkg_PACKAGE_make_args: Extra arguments to make. # # speedo_pkg_PACKAGE_make_args_inst: Extra arguments to make install. # # Note that you can override the defaults in this file in a local file # config.mk ifeq ($(WHAT),git) speedo_pkg_libgpg_error_git = $(gitrep)/libgpg-error speedo_pkg_libgpg_error_gitref = master speedo_pkg_npth_git = $(gitrep)/npth speedo_pkg_npth_gitref = master speedo_pkg_libassuan_git = $(gitrep)/libassuan speedo_pkg_libassuan_gitref = master speedo_pkg_libgcrypt_git = $(gitrep)/libgcrypt speedo_pkg_libgcrypt_gitref = LIBGCRYPT-1-6-BRANCH speedo_pkg_libksba_git = $(gitrep)/libksba speedo_pkg_libksba_gitref = master speedo_pkg_gnupg_git = $(gitrep)/gnupg speedo_pkg_gnupg_gitref = master speedo_pkg_gpgme_git = $(gitrep)/gpgme speedo_pkg_gpgme_gitref = master speedo_pkg_gpa_git = $(gitrep)/gpa speedo_pkg_gpa_gitref = master speedo_pkg_gpgex_git = $(gitrep)/gpgex speedo_pkg_gpgex_gitref = master else speedo_pkg_libgpg_error_tar = \ $(pkgrep)/libgpg-error/libgpg-error-$(libgpg_error_ver).tar.bz2 speedo_pkg_npth_tar = \ $(pkgrep)/npth/npth-$(npth_ver).tar.bz2 speedo_pkg_libassuan_tar = \
Re: [Announce] A new Beta of GnuPG 2.1 is now available
On Friday 06 June 2014 at 10:13:23, Nicholas Cole wrote: I just wonder if anyone would have time to put together a HOW-TO for people building GnuPG 2.1 and all of its associated libraries from source. The tarball already has the documentation. Maybe we should place more hints in the wiki.gnupg.org? For the hottest development version there alreadys: http://wiki.gnupg.org/BuildingFromGIT Seriously for Werner (and some others) it is hard to know at what point information is missing where by whom. Best Regards, Bernhard -- www.intevation.de/~bernhard (CEO)www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] A new Beta of GnuPG 2.1 is now available
On Fri, 6 Jun 2014 13:22, bernh...@intevation.de said: Seriously for Werner (and some others) it is hard to know at what point information is missing where by whom. Actually I know the problem. GnuPG-2 requires a lot of libraries and they all need to be build and installed in a certain order. This far more labor intensive that ./configure make install. speedo.mk has been written to make building more convenient. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] A new Beta of GnuPG 2.1 is now available
After working with GnuPG 2.1 for over a year now, its great to see it in beta! Let's try to sync up the Android build with the official 2.1 release, so the 2.1 final release can include new support for a very popular platform :) That should be pretty straightforward since it has been building fine on our jenkins server. So it will hopefully mostly about communicating the timing so I can get an official Android build out. .hc -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[Announce] A new Beta of GnuPG 2.1 is now available
Hello! I just released the fourth *beta version* of GnuPG 2.1. It has been released to give you the opportunity to check out new features and a new beta was due anyway after 30 months. If you need a stable and fully maintained version of GnuPG, you should use version 2.0.23 or 1.4.16. This versions is marked as BETA and as such it should in general not be used for real work. However, the core functionality is solid enough for a long time and I am using this code base for a couple of years now. What's new in 2.1.0-beta442 since beta3 === * gpg: Add experimental signature support using curve Ed25519 and with a patched Libgcrypt also encryption support with Curve25519. * gpg: Allow use of Brainpool curves. * gpg: Accepts a space separated fingerprint as user ID. This allows to copy and paste the fingerprint from the key listing. * gpg: The hash algorithm is now printed for signature records in key listings. * gpg: Reject signatures made using the MD5 hash algorithm unless the new option --allow-weak-digest-algos or --pgp2 are given. * gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the communication with the gpg-agent. * gpg: Changed the format of key listings. To revert to the old format the option --legacy-list-mode is available. * gpg: New option --pinentry-mode. * gpg: Fixed decryption using an OpenPGP card. * gpg: Fixed bug with deeply nested compressed packets. * gpg: Only the major version number is by default included in the armored output. * gpg: Do not create a trustdb file if --trust-model=always is used. * gpg: Protect against rogue keyservers sending secret keys. * gpg: The format of the fallback key listing (gpg KEYFILE) is now more aligned to the regular key listing (gpg -k). * gpg: The option--show-session-key prints its output now before the decryption of the bulk message starts. * gpg: New %U expando for the photo viewer. * gpg,gpgsm: New option --with-secret. * gpgsm: By default the users are now asked via the Pinentry whether they trust an X.509 root key. To prohibit interactive marking of such keys, the new option --no-allow-mark-trusted may be used. * gpgsm: New commands to export a secret RSA key in PKCS#1 or PKCS#8 format. * gpgsm: Improved handling of re-issued CA certificates. * agent: The included ssh agent does now support ECDSA keys. * agent: New option --enable-putty-support to allow gpg-agent on Windows to act as a Pageant replacement with full smartcard support. * scdaemon: New option --enable-pinpad-varlen. * scdaemon: Various fixes for pinpad equipped card readers. * scdaemon: Rename option --disable-pinpad (was --disable-keypad). * scdaemon: Better support fo CCID readers. Now, internal CCID driver supports readers with no auto configuration feature. * dirmngr: Removed support for the original HKP keyserver which is not anymore used by any site. * dirmngr: Improved support for keyserver pools. * tools: New option --dirmngr for gpg-connect-agent. * The GNU Pth library has been replaced by the new nPth library. * Support installation as portable application under Windows. * All kind of other improvements - see the git log. Getting the Software GnuPG 2.1-beta442 is available at ftp://ftp.gnupg.org/gcrypt/gnupg/unstable/gnupg-2.1.0-beta442.tar.bz2 ftp://ftp.gnupg.org/gcrypt/gnupg/unstable/gnupg-2.1.0-beta442.tar.bz2.sig and soon on all mirrors http://www.gnupg.org/mirrors.html. Please read the README file ! Checking the Integrity == In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-2.0.23.tar.bz2 you would use this command: gpg --verify gnupg-2.1.0-beta442.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using the command finger wk ,at' g10code.com or using a keyserver like gpg --keyserver keys.gnupg.net --recv-key 4F25E3B6 The distribution key 4F25E3B6 is signed by the well known key 1E42B367. NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION! * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-2.0.23.tar.bz2, you would run the sha1sum
Re: [Announce] A new Beta of GnuPG 2.1 is now available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 06/05/2014 05:55 PM, Werner Koch wrote: Hello! I just released the fourth *beta version* of GnuPG 2.1. It has been released to give you the opportunity to check out new features and a new beta was due anyway after 30 months. If you need a stable and fully maintained version of GnuPG, you should use version 2.0.23 or 1.4.16. This versions is marked as BETA and as such it should in general not be used for real work. However, the core functionality is solid enough for a long time and I am using this code base for a couple of years now. Congratulations on the beta release, it is good to see this development continuing steadily and I can confirm that it is working rather nicely. A trivial issue with this beta release is the naming; which at least for me gives gpg (GnuPG) 2.1.0-betabeta442 currently :) Anyways; If anyone using gentoo wants to try out 2.1, there is a live ebuild app-crypt/gnupg- in my overlay accessible through layman[mercurial] titled k_f. - -- - Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - Potius sero quam numquam Better late then never -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJTkPP3AAoJEPw7F94F4TagabYP/Ri7eXrPyHk1cVzBje4aqeks lTgtLfC4r3ElNXUR3CDQjDgxINPTAt2uOtdM219OFuNQZ3RE2dzhA4y7pFPPXcYx UXhArVtiv48Ynq2dAD2VoqyB4GVi5rp1dDZrV7Vm6XkqKPmcqC8LdwajyweBLz63 i4A9Qj7uzlUKCiKvgM6AyMCNZh8K+0OBaodR4srnS/5OB/vH3alz32lU3TKPDJre bWd3Cz42dNdGYNvAFuSplikGjWb61dD3zMsUiskUE+X9ZOMSBeM9AMex51owlHLd XRQDSYojniKy5wq1rRCmdwMY1YTZFbkkVkTLSaHuGTSo/zf8FhD33QC54tRFoQVE /dAQ6rTQ4LndGus6nYIo1oCb6GBBtCqMWH7q5nZlWnpdrYuITpY7H/8/gYBH1zLW qedkm5yoemUP81WtzJ6Fc0D83lyqi/bH0AG6kn0b2p9rfavsBUFzfJbDxHE+dVH4 LvC3PL2JdeT1WiQLVmPCDuFM4p/5gca+voTiKswcnckPELd5wvEwpOKPl38dYapB py6zg3oh1WTnSfdyWgNMwMeFCtS5Qs+LzutgtfPfvbZAG+Gt6LWcD0tie1J6nTUy ANhMxsnyQ/CtA/ngvOraiIcC6BIOY8hYTjqxYlovYseLd3CgxIkCqab9a8j2kJGX HTDuhb0sc3au6mbTCqG0 =xcCU -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users