Re: New beta

[Werner Koch]

On Sat, 27 Sep 2014 18:03, 2014-667rhzu3dc-lists-gro...@riseup.net said:

> But it would not import the ECC subkey, and the output simply told me
> "skipped subkey". I suppose this would be because, as you said, the
> subkey binding signature could not be verified.

Correct.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Saturday 27 September 2014 at 3:31:38 PM, in
, Werner Koch wrote:


> On Sat, 27 Sep 2014 16:21,
> 2014-667rhzu3dc-lists-gro...@riseup.net said:

>> And I wonder whether 1.4.x could cope with RSA subkeys
>> on an ECC main key.

> No, it won't be able to handle such a key.  It is not
> possible to verify the user-id and subkey binding
> signatures which are done by the primary key.

I already tried to import an ECC key with 1.4.18, to see what would
happen. This was an ECC main key with an ECC subkey.

It imported the ECC main key, and warned me the user-id was
non-selfsigned.

But it would not import the ECC subkey, and the output simply told me
"skipped subkey". I suppose this would be because, as you said, the
subkey binding signature could not be verified.


- --
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

All generalisations are dangerous, even this one.
-BEGIN PGP SIGNATURE-

iPQEAQEKAF4FAlQm3+VXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5pLb8EAL1dVRxvGOcu07oqGxP5ve4RigzBXiXkPmZk
3bk/ehg7UUgY4I3hfZrv7WauU0QKWufd8laaYJw1YLhLVD9tnq6HaxkJrC6jXEUs
jK2LtE6YzpGp+Ak895qh4QVLrSFQR4Z69F9/CqXmHXbliL12ztYEeRPV8KBZ4Pen
sBRLdly0
=OQ37
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[Werner Koch]

On Sat, 27 Sep 2014 16:21, 2014-667rhzu3dc-lists-gro...@riseup.net said:

> And I wonder whether 1.4.x could cope with RSA subkeys on an ECC main
> key.

No, it won't be able to handle such a key.  It is not possible to verify
the user-id and subkey binding signatures which are done by the primary
key.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Thursday 25 September 2014 at 7:12:12 PM, in
, Murphy wrote:


> On 09/25/2014 01:06 PM, MFPA wrote:
>> Other than whether GnuPG 1.x locks up on encountering
>> the unrecognised key type when trying to encrypt, or
>> whether it errors out, or just uses the next
>> encryption-capable subkey. I think this can only be
>> tested with the public key.

> Also here are the public keys for Grumpy from both gpg
> and gpg2.1

Thanks.

Using GnuPG 1.4.18, I succcessfully signed with and encrypted to
Grumpy's key.


GnuPG output for signing:-


  C:\Documents and Settings\Administrator\Desktop\Scribble_Pad>gpg
   --local-user grumpy --clearsign test.txt

  gpg: using character set `utf-8'
  gpg: can't handle public key algorithm 19
  gpg: no secret subkey for public subkey 0x4EB8453C635A015B -
  ignoring

  You need a passphrase to unlock the secret key foruser: "Grumpy
  (RSA) "

  2048-bit RSA key, ID 0x0C6C60ECF7CD83F4, created 2014-09-24

  gpg: writing to `test.txt.asc'

  gpg: RSA/SHA512 signature from: "0x0C6C60ECF7CD83F4 Grumpy (RSA)
  "

The file was signed with the main key after not recognising the secret
subkey. Signature verified OK.



GnuPG output for encryption(+signing):-


  C:\Documents and Settings\Administrator\Desktop\Scribble_Pad>gpg
  --local-user gr umpy --clearsign test.txt

  gpg: using character set `utf-8'
  gpg: can't handle public key algorithm 19
  gpg: no secret subkey for public subkey 0x4EB8453C635A015B -
  ignoring


  You need a passphrase to unlock the secret key for user: "Grumpy
  (RSA) "
  2048-bit RSA key, ID 0x0C6C60ECF7CD83F4, created 2014-09-24

  File `test.txt.asc' exists. Overwrite? (y/N) y
  gpg: writing to `test.txt.asc'
  gpg: RSA/SHA512 signature from: "0x0C6C60ECF7CD83F4 Grumpy (RSA)
  "

File was encrypted to the older, encryption-capable, RSA subkey.
Decrypted OK (and the signature was good).

So, it would seem that adding ECC signing subkeys to an RSA key does
not completely break compatibility with GnuPG 1.4.18: the 1.4.x user
can still encrypt to the non-ecc subkey and can sign with the main
key. Obviously ECC signatures could not be checked with 1.4.x.

Presumably, it would still work if the ECC subkey were an
encryption-capable subkey. But I have not seen this in action.

And I wonder whether 1.4.x could cope with RSA subkeys on an ECC main
key.


- --
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

Learning without thought is naught;
 thought without learning is dangerous.
-BEGIN PGP SIGNATURE-

iPQEAQEKAF4FAlQmx+tXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5plNQD/39jYLv3f3TumrDZ0HFDpFXTLWEDI0tAVRpy
DrYXdBl+4LUIaAajw6IKC14BssCCmkswhz2CHbSnzVRrly1kc1j/AZgKrhVNnptK
UyE/FH1v8rps51fY2D6Fe4XLiEGHE5MgeET9KdqYyQ5WVSOBkDVYQOt3LixBb/eB
HK+Yx4Jo
=bush
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[Jens Lechtenboerger]

On 2014-09-25, Werner Koch wrote:

> On Wed, 24 Sep 2014 17:56, lech...@wi.uni-muenster.de said:
>
>> This is what happens if I extract gnupg-2.1.0-beta834.tar.bz2 and
>> execute that command on Ubuntu 10.04.4 LTS.
>
> Hmmm.  The first call to gnupg's autogen.sh is
>
>  ./autogen.sh --silent --print-build
>
> can you please run it to see whether you get the cross-compiler missing
> error

No, I get this: i686-pc-linux-gnu

Actually, with the wget workaround compilation starts and continues
until the compilation error for oidtranstbl.h.  If I fix that file,
compilation succeeds.  (Apparently, the stop message by autogen.sh
is not important in my case.)

Best wishes
Jens


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[Werner Koch]

On Wed, 24 Sep 2014 17:56, lech...@wi.uni-muenster.de said:

> This is what happens if I extract gnupg-2.1.0-beta834.tar.bz2 and
> execute that command on Ubuntu 10.04.4 LTS.

Hmmm.  The first call to gnupg's autogen.sh is

 ./autogen.sh --silent --print-build

can you please run it to see whether you get the cross-compiler missing
error and if so run it as

 sh -x  ./autogen.sh --silent --print-build

> GNU Wget 1.12, (C) 2009.  If I change the urlbase in getswdb.sh to
> https://gnupg.org/, that version works, though.

Mine is 1.13 - maybe there is a problem with SubjectAltName  in that
version.  As a workaround I change the urlbase.

> make by mkoidtbl.awk.  In my case, /etc/dumpasn1/dumpasn1.cfg is
> used as input, which is DOS encoded.

Okay, I'll fix it.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[Jens Lechtenboerger]

On 2014-09-23, Werner Koch wrote:

> On Tue, 23 Sep 2014 17:29, lech...@wi.uni-muenster.de said:
>
>>>   make -f build-aux/speedo.mk  native
>>
>> I get this:
>> autogen.sh: cross compiler kit not installed
>
> You seem to be building for Windows but I wonder how you did this given that
>
>  TARGETOS=native WHAT=release WITH_GUI=0 all
>
> TARGETOS is not w32.

This is what happens if I extract gnupg-2.1.0-beta834.tar.bz2 and
execute that command on Ubuntu 10.04.4 LTS.

>> Wget fails in getswdb.sh.  A manual call shows two things:
>> First, the certificate’s Common Name »gnupg.org« does not match the
>> contacted host »www.gnupg.org«.
>
> That is strange.  gnupg.org and www.gnupg.org are both certified:
>
> May that be an old broen version of wget?

GNU Wget 1.12, (C) 2009.  If I change the urlbase in getswdb.sh to
https://gnupg.org/, that version works, though.

(The missing certificate was due to a configuration problem.)

>> Somehow, the trailing Carriage Returns (0x0d) at the end of the oids
>> in oidtranstbl.h confuse the compiler (gcc 4.4.3).  If I remove them,
>
> CR in a source file?  Are you building on Windows?

No, libksba-1.3.1 on Ubuntu 10.04.4 LTS.  The file is created during
make by mkoidtbl.awk.  In my case, /etc/dumpasn1/dumpasn1.cfg is
used as input, which is DOS encoded.
Once make has failed:
--8<---cut here---start->8---
$ grep $'\r"' tests/oidtranstbl.h | wc -l
1620
--8<---cut here---end--->8---

Best wishes
Jens


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[Werner Koch]

On Tue, 23 Sep 2014 17:29, lech...@wi.uni-muenster.de said:

>>   make -f build-aux/speedo.mk  native
>
> I get this:
> autogen.sh: cross compiler kit not installed

You seem to be building for Windows but I wonder how you did this given that

 TARGETOS=native WHAT=release WITH_GUI=0 all

TARGETOS is not w32.

> Wget fails in getswdb.sh.  A manual call shows two things:
> First, the certificate’s Common Name »gnupg.org« does not match the
> contacted host »www.gnupg.org«.

That is strange.  gnupg.org and www.gnupg.org are both certified:

   ID: 0x47DC00C7
  S/N: 20FC49CE90861FC8DDB0D46275236F22
   Issuer: /CN=Gandi Standard SSL CA/O=GANDI SAS/C=FR
  Subject: /CN=gnupg.org/OU=Gandi Standard SSL/OU=Domain Control Validated
  aka: (dns-name gnupg.org)
  aka: (dns-name www.gnupg.org)
 validity: 2014-03-18 00:00:00 through 2016-03-18 23:59:59
 key type: 2048 bit RSA
key usage: digitalSignature keyEncipherment
ext key usage: serverAuth (suggested), clientAuth (suggested)
 policies: 1.3.6.1.4.1.6449.1.2.2.26:N:,2.23.140.1.2.1:N:
  fingerprint: 9E:71:3A:82:D8:87:E3:32:35:FB:62:07:59:86:7B:B6:47:DC:00:C7

May that be an old broen version of wget?

> Somehow, the trailing Carriage Returns (0x0d) at the end of the oids
> in oidtranstbl.h confuse the compiler (gcc 4.4.3).  If I remove them,

CR in a source file?  Are you building on Windows?


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: New beta

[Bob (Robert) Cavanaugh]

Hi Werner,
OK, thanks. I was using the wrong yum search string "gpg" not "gnupg". It 
showed up and I installed it. Looking forward to setting up the beta. Danke!

Thanks,
 
Bob Cavanaugh
Broadcom Corporation
16340 West Bernardo Drive
San Diego CA 92127
Work:858-521-5562
Fax: 858-385-8810
Cell:858-361-2068
 

-Original Message-
From: Werner Koch [mailto:w...@gnupg.org] 
Sent: Tuesday, September 23, 2014 12:23 AM
To: Bob (Robert) Cavanaugh
Cc: Murphy; gnupg-users@gnupg.org
Subject: Re: New beta

On Mon, 22 Sep 2014 21:12, robe...@broadcom.com said:

> This might be off topic, but the thread mentions Fedora. Can you
> please tell me how easy it would be to produce a GPG2 stable RPM for
> Fedora? Currently they only supply GPG1 as an option from Yum. I would
> really like to get them to produce a GPG-2 version.

Fedora has a gnupg2 package.

If you want to try out the new 2.1 beta, you may use the Speedo system.
I am pretty sure that it will work on Fedora and any other Unix system
with gmake and some basic tools installed.  What may not work is
building a Windows version of GnuPG on Fedora.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[Jens Lechtenboerger]

On 2014-09-18, Werner Koch wrote:

> To quickly build all required software without installing it, the
> Speedo method may be used:
>
>   make -f build-aux/speedo.mk  native

I get this:
--8<---cut here---start->8---
autogen.sh: cross compiler kit not installed
autogen.sh: Stop.
autogen.sh: cross compiler kit not installed
autogen.sh: Stop.
make -f /home/lechten/local/gnupg-2.1.0-beta834/build-aux/speedo.mk UPD_SWDB=1 
TARGETOS=native WHAT=release WITH_GUI=0 all
download of swdb.lst failed.
make[1]: Betrete Verzeichnis '/home/lechten/local/gnupg-2.1.0-beta834'
/home/lechten/local/gnupg-2.1.0-beta834/build-aux/speedo.mk:203: *** Error 
getting GnuPG software version database.  Schluss.
make[1]: Verlasse Verzeichnis '/home/lechten/local/gnupg-2.1.0-beta834'
make: *** [native] Fehler 2
--8<---cut here---end--->8---

Wget fails in getswdb.sh.  A manual call shows two things:
First, the certificate’s Common Name »gnupg.org« does not match the
contacted host »www.gnupg.org«.
Second, it complains about a self-signed certificate (the issuer is
unknown here).
Wget’s output recommends the option »--no-check-certificate«.

Also, compilation of libksba-1.3.1 fails.  The following error
occurs once for every entry of the struct oidtranstbl.
--8<---cut here---start->8---
oidtranstbl.h error: missing terminating " character
--8<---cut here---end--->8---

Somehow, the trailing Carriage Returns (0x0d) at the end of the oids
in oidtranstbl.h confuse the compiler (gcc 4.4.3).  If I remove them,
compilation succeeds.

Best wishes
Jens


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[Werner Koch]

On Mon, 22 Sep 2014 21:12, robe...@broadcom.com said:

> This might be off topic, but the thread mentions Fedora. Can you
> please tell me how easy it would be to produce a GPG2 stable RPM for
> Fedora? Currently they only supply GPG1 as an option from Yum. I would
> really like to get them to produce a GPG-2 version.

Fedora has a gnupg2 package.

If you want to try out the new 2.1 beta, you may use the Speedo system.
I am pretty sure that it will work on Fedora and any other Unix system
with gmake and some basic tools installed.  What may not work is
building a Windows version of GnuPG on Fedora.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: New beta

[Bob (Robert) Cavanaugh]

Hi Werner,
This might be off topic, but the thread mentions Fedora. Can you please tell me 
how easy it would be to produce a GPG2 stable RPM for Fedora? Currently they 
only supply GPG1 as an option from Yum. I would really like to get them to 
produce a GPG-2 version.

Thanks,
 
Bob Cavanaugh
Broadcom Corporation
16340 West Bernardo Drive
San Diego CA 92127
Work:858-521-5562
Fax: 858-385-8810
Cell:858-361-2068
 

-Original Message-
From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Werner 
Koch
Sent: Monday, September 22, 2014 3:35 AM
To: Murphy
Cc: gnupg-users@gnupg.org
Subject: Re: New beta

On Sun, 21 Sep 2014 03:47, mac3...@gmail.com said:

> for me I cannot then get it to perform its duty.  I execute the
> suggested command
> LD_LIBRARY_PATH=$(pwd)/PLAY/inst/lib
> typed exactly as written above, and then nothing happens.  gpg2
> continues to execute as the previously installed version.  Any ideas?

Weel the above is not a command but the way to set variables in the
shell.  Programs won't pick these variabales up unless you do either

  NAME=VALUE PROGRAM

or for setting it for the entire session you need to mark the variable:

  NAME=VALUE
  export NAME

after that all programs can access this variable.  Now to run the actual
binary you have to type the name of the program:

  PLAY/inst/bin/gpg2 

assuming you are in the top build directory or you add it to your PATH

  PATH="$(pwd)/PLAY/inst/bin:$PATH"

(An "export" command for PATH has already been done by tye shell)

> admit, I am relatively new to Linux but can somebody give me a hint as
> to what is meant by ../?  A simple command to create the required

The parent directory.  I suggest that you read up a bit on Unix shell
use because all build instructions are written under the assumption that
is is known.

Yes, I know that this is the gnupg-isers mailing liste and we should not
assume that all subscribers are Unix gurus.  However, in the past that
seems to have been the case. 


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[Werner Koch]

On Sun, 21 Sep 2014 03:47, mac3...@gmail.com said:

> for me I cannot then get it to perform its duty.  I execute the
> suggested command
> LD_LIBRARY_PATH=$(pwd)/PLAY/inst/lib
> typed exactly as written above, and then nothing happens.  gpg2
> continues to execute as the previously installed version.  Any ideas?

Weel the above is not a command but the way to set variables in the
shell.  Programs won't pick these variabales up unless you do either

  NAME=VALUE PROGRAM

or for setting it for the entire session you need to mark the variable:

  NAME=VALUE
  export NAME

after that all programs can access this variable.  Now to run the actual
binary you have to type the name of the program:

  PLAY/inst/bin/gpg2 

assuming you are in the top build directory or you add it to your PATH

  PATH="$(pwd)/PLAY/inst/bin:$PATH"

(An "export" command for PATH has already been done by tye shell)

> admit, I am relatively new to Linux but can somebody give me a hint as
> to what is meant by ../?  A simple command to create the required

The parent directory.  I suggest that you read up a bit on Unix shell
use because all build instructions are written under the assumption that
is is known.

Yes, I know that this is the gnupg-isers mailing liste and we should not
assume that all subscribers are Unix gurus.  However, in the past that
seems to have been the case. 


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[Peter Lebbing]

Thank you for this clear example!

Luckily, it behaves as you would hope, picking the valid subkey it can
use and ignoring the one it can't.

Cheers,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[Werner Koch]

On Sun, 21 Sep 2014 11:59, pe...@digitalbrains.com said:

> What is the net effect when GnuPG 1.4 encounters, for example, such a key:
>
> RSA pubkey with Certify and Sign capabilities
> RSA subkey with Encrypt capability, created 2014-04-01
> ECC subkey with Encrypt capability, created 2014-09-21
>
> Everything is non-expired. If I were to try to encrypt to it, would 1.4 pick 
> the
> RSA subkey because it is valid and understandable to it, or would it fail to
> encrypt to this key because it can't parse ECC keys?

I did some tests:

  $ gpg1 -k 9613A41C
  pub   1024R/9613A41C 2014-09-22
  uid  RSA+RSA key created by gpg1 (test)
  sub   1024R/0CA0BC98 2014-09-22
  sub  0e/A519E3EC 2014-09-22
  
  $ ../g10/gpg2 -k 9613A41C
  pub   rsa1024/9613A41C 2014-09-22
  uid   [ultimate] RSA+RSA key created by gpg1 (test)
  sub   rsa1024/0CA0BC98 2014-09-22
  sub   nistp256/A519E3EC 2014-09-22 nistp256

You can't see it in this output but the ECC keys has been created a
minute or so after the standard key (with gpg2 of course).  The initial
keyring was created by "gpg1 --export >pubring.gpg" and then gpg1 was
used to create a new standard key.  I redacted some diagnostics.

  $ fortune | ../g10/gpg2 -evar 9613A41C >x
  gpg: using subkey A519E3EC instead of primary key 9613A41C
  gpg: using PGP trust model
  gpg: This key belongs to us
  gpg: reading from '[stdin]'
  gpg: writing to stdout
  gpg: ECDH/AES256 encrypted for: "A519E3EC RSA+RSA key created by gpg1 (test)"

  $ ../g10/gpg2 x
  gpg: using subkey 0CA0BC98 instead of primary key 9613A41C
  gpg: using PGP trust model
  gpg: This key belongs to us
  gpg: reading from `[stdin]'
  gpg: writing to stdout
  gpg: RSA/AES256 encrypted for: "0CA0BC98 RSA+RSA key created by gpg1 (test)"

The RSA key was used.

  $ gpg1 http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[Murphy]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

> What are the symptoms of gnome highjacking pinentry ?

Phillip, if you are encrypting/decrypting or signing emails with gpg2
and having no problems with error messages then you don't need to put
in the command of step no. 2.  The symptoms of a hijacking is that
when gpg2 tries to put up a pinentry box gnome keyring hijacks the
process and puts up its own box.  Recent versions of gnupg-2.0.x will
then display an error message in the terminal and bad things happen.
Either you only get one attempt at changing passphrases or the whole
process crashes.  The process may succeed or not, it is unpredictable.

If you wish to witness it first hand I recommend using virtualbox.
Set up a fresh install of Ubuntu inside virtualbox (really easy and
fun) and then install Gnupg-2.1.0 without the command in step 2.  Then
try to generate a key, if you can.  The virtualbox environment is
perfect for experimenting with new beta versions and playing with ECC
keys and subkeys, without disturbing you regular production environment.

Murphy
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iJwEAQECAAYFAlQfLbMACgkQUVKxkWZz2Q25uQP9GgJikeZPNYVBYQ2Gkzr4OP7r
jFMhyQyfeut5RWgx6CPovH13nJXXR2tOnJnzkCAimZr07rIZh2WQbCKF8r5cFWFs
yJGG2/en9xUeZiDOzvMT5oJ6WJdHJNJzf4hLZGF4pEzgHYC596z9L9u28S7dBRws
f3rAdWupaWmKSuyXB6o=
=0o7W
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[Philip Jackson]

On 20/09/14 16:23, Murphy wrote:
>> What, please, is the reason for the step no. 2 in the above list ?
> This is a command to prevent gnome from hijacking pinentry.  Without
> it or something like it error messages are generated during execution
> of the gpg2 command.  I forget who suggested it but I remember that
> Werner endorsed it.

What are the symptoms of gnome highjacking pinentry ?

I'm using UbuntuStudio1404 - Enigmail (w.thunderbird) is working with gpg2.
When I need to enter a passphrase for enigmail, it goes into the pinentry-gtk2
dialog box ok.

The system monitor shows me that gnome-keyring-daemon process is running (but I
don't think I'm actually doing anything with gnome keyrings) but it doesn't seem
to interfere with encrypting/decrypting or signing emails or using gpg2 to
verify signatures from the cli.

Philip



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[Peter Lebbing]

On 20/09/14 17:06, Werner Koch wrote:
> But given that 1.4 is not able to parse ECC keys the selection process can't 
> consider an ECC key in the first place.

What is the net effect when GnuPG 1.4 encounters, for example, such a key:

RSA pubkey with Certify and Sign capabilities
RSA subkey with Encrypt capability, created 2014-04-01
ECC subkey with Encrypt capability, created 2014-09-21

Everything is non-expired. If I were to try to encrypt to it, would 1.4 pick the
RSA subkey because it is valid and understandable to it, or would it fail to
encrypt to this key because it can't parse ECC keys?

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[Murphy]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I am definitely having fun with Speedo.  After playing around with it
in a virtual box Ubuntu environment I can see the advantage.  It
immediately downloads and installs the required libraries as
advertised and builds an executable gpg2 in PLAY/inst/.  Unfortunately
for me I cannot then get it to perform its duty.  I execute the
suggested command
LD_LIBRARY_PATH=$(pwd)/PLAY/inst/lib
typed exactly as written above, and then nothing happens.  gpg2
continues to execute as the previously installed version.  Any ideas?

Ok, onward to the w32-installer.  Immediately I am stumped by the
simple requirement to put the source packages in ../tarballs.  I
admit, I am relatively new to Linux but can somebody give me a hint as
to what is meant by ../?  A simple command to create the required
directory would be very helpful.  Something I can copy and paste to
make it happen.  I am committed to making the w32-installer.  It will
happen.

Thanks!
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iJwEAQECAAYFAlQeLiYACgkQUVKxkWZz2Q3frAP+PG9C0EktFZge+BXrhx2GxoXu
yE1VqmPXjxnG833Brh078xhg026EmJKrtkf2MNmnugcKGvuXHQAcQwjhY/oj2Zzg
Ij03Nif1yDfkA01f/Tl8TTF06Ji0nAJ4vA/8hJUZ3E3N1rQqyRJI1O38JsJuq/g5
007fn5JuzNoMQLMXcb8=
=Vkjf
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[Werner Koch]

On Sat, 20 Sep 2014 12:57, 2014-667rhzu3dc-lists-gro...@riseup.net said:

> If you add an ECC subkey to an RSA or DSA mainkey, does GnuPG 1.4.x or
> 2.0.x ignore it and revert to the next newest subkey? Or does

It should do so; if not it is a bug which needs to be fixed soon.  But
given that 1.4 is not able to parse ECC keys the selection process can't
consider an ECC key in the first place.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[Murphy]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 20/09/14 10:20, Murphy wrote:

> What, please, is the reason for the step no. 2 in the above list ?

This is a command to prevent gnome from hijacking pinentry.  Without
it or something like it error messages are generated during execution
of the gpg2 command.  I forget who suggested it but I remember that
Werner endorsed it.


-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iJwEAQECAAYFAlQdje0ACgkQUVKxkWZz2Q2jXwP+L7HTEJW5NbV1LHDmTvHJTNTz
kgo6jfR7uJ8XMTJQxABfTL4BydBZ81Nnq2FEgDQv4CT9Vxfq1JyKH5MtkLLEb5GW
YHM5ONzeH/omYrxoKwdopstBWY5DnjJiQPFalS0Ra3RfbUFKSKwCoCnSpE7aIHcN
9RvzpIMAX1jmvOXpIEU=
=wBsG
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[Philip Jackson]

On 20/09/14 02:13, Murphy wrote:
>  For my Ubuntu
> machine hHere is a brief summary of the steps, in order
> 
> 1. Install latest libraries: npth, libgpg-error, libgcrypt, libksba,
> libassuan
> 2. Execute the following command: sudo ln -sf /dev/null
> /etc/xdg/autostart/gnome-keyring-gpg.desktop
> 3. sudo apt-get install libdb-dev, libdb++-dev, libbz2-dev
> 4. Install Openldap-2.4.39 using ./configure, make depend, make, sudo
> make install
> 5. sudo apt-get install gtk+-2.0
> 6. Install pinentry, gnupg-2.1

What, please, is the reason for the step no. 2 in the above list ?

Philip



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[Werner Koch]

On Fri, 19 Sep 2014 22:15, r...@sixdemonbag.org said:

> It would be nice if it could also be checked with Fedora.  CentOS/RHEL

My idea was to check that the required software is available and not to
check for a certain distribution.  One major problem has always been
that the mingw toolchain often has regressions which lead to subtle
errors at runtime and sometimes even the build breaks.  This is why I
suggest Debian as the OS I use for development.

> However, I'm unaware of anyone who's calling this a blocker, so it's a
> pretty low priority.  (See, folks?  I apply the

Note that low given that Debconf's BoF mentioned that they need to build
gpg also for Windows - Fedora should have simalir requirements.
GnuPG-1, though.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Saturday 20 September 2014 at 1:13:27 AM, in
, Murphy wrote:


> Of course your milage may vary, machine blow up and
> hard drive autowipe.  But it works for me and it is
> definitely worth it to play with all the new elliptical
> curve modes:

If you add an ECC subkey to an RSA or DSA mainkey, does GnuPG 1.4.x or
2.0.x ignore it and revert to the next newest subkey? Or does
compatibility require the RSA or ElGamel subkey to be newer than the
ECC subkey?


- --
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

Dollar sign - An S that's been double crossed
-BEGIN PGP SIGNATURE-

iPQEAQEKAF4FAlQdXZdXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5pL5EEAJ31z7VWceuK+GiRCvxmXZ0l/e2aLeobjTeF
wviu9y4J7TR+ucNtnNS8YcVa1XjB1eptSAzmrOrtTrCw8UGMHdIPhc5aFptLPrTK
rI7OGw7BsMbqr6aVUeUx69OR9OF19YGBvGt7ytqFoqRKfJz3vtndNPdoZiUjzb7A
zk5z37qc
=lMEz
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[Murphy]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

In response to vedaal's question - installation of gnupg v2.1 is
significantly different from v1.x and even v2.0.  For my Ubuntu
machine hHere is a brief summary of the steps, in order

1. Install latest libraries: npth, libgpg-error, libgcrypt, libksba,
libassuan
2. Execute the following command: sudo ln -sf /dev/null
/etc/xdg/autostart/gnome-keyring-gpg.desktop
3. sudo apt-get install libdb-dev, libdb++-dev, libbz2-dev
4. Install Openldap-2.4.39 using ./configure, make depend, make, sudo
make install
5. sudo apt-get install gtk+-2.0
6. Install pinentry, gnupg-2.1

Of course your milage may vary, machine blow up and hard drive
autowipe.  But it works for me and it is definitely worth it to play
with all the new elliptical curve modes:

me@me:~$ gpg2 --expert --gen-key
gpg (GnuPG) 2.1.0-beta834; Copyright (C) 2014 Free Software
Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
   (9) ECC
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
Your selection? 9
Please select which elliptic curve you want:
   (2) NIST P-256
   (3) NIST P-384
   (4) NIST P-521
   (5) Brainpool P-256
   (6) Brainpool P-384
   (7) Brainpool P-512
Your selection?
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iJwEAQECAAYFAlQcxqcACgkQUVKxkWZz2Q0UlAP+IRkpjRoJ8qwaQmExBU8DUG1+
KNRi5SXTAwdDj/EEmEoSQR54s1GLv7wxEp+Rs4idQMn/Z6titfJRv0KdeBSOG3Te
V6KKqX8F2n9tB0DZucXXjzpejHEt1TcXT11c97BV6k5BhUBZ5zVcm8DWa1GhO5r6
8SszspcbBjz+xn95rLs=
=ttmO
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[Robert J. Hansen]

> and best on Debian Wheezy or Jessie.  I plan to eventually add some 
> checks into the Makefile to suggest what to install.

It would be nice if it could also be checked with Fedora.  CentOS/RHEL
is really big in the business world, and I know a couple of shops that
would like to be able to cross-compile their Windows GnuPG builds from
their CentOS/RHEL boxen.

However, I'm unaware of anyone who's calling this a blocker, so it's a
pretty low priority.  (See, folks?  I apply the
six-real-users-with-real-problems test even to my own requests.  ;) )


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[Werner Koch]

On Fri, 19 Sep 2014 20:14, r...@sixdemonbag.org said:

> The approved way of building Win32 executables of GnuPG is to
> cross-compile from Linux.

and best on Debian Wheezy or Jessie.  I plan to eventually add some
checks into the Makefile to suggest what to install.

Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[vedaal]

On 9/19/2014 at 2:18 PM, "Robert J. Hansen"  wrote:
>
>> Does this have to be done under Linux, or can it be done under 
>> Windows with the aid of something like MinGW or CodeBlocks?
>
>Unfortunately, this is not something I'd recommend for anyone 
>except a
>handful of MinGW experts.  It's technically possible, but daunting.
>
>The approved way of building Win32 executables of GnuPG is to
>cross-compile from Linux.

=

Can gnupg-2.1.0-beta834 be compiled on Cygwin ?


I tried downloading it from the ftp link WK gave, and when trying to configure 
on Cygwin, got the following errors:

configure:

*** You need libgpg-error to build this program

*** You need libassuan to build this program

*** You need libska to build this program

*** It is now required to build with support for the
*** New Portable Threads Library (nPth). Please install
*** this library first.

configure: error:

*** Required libraries not found. Please consult the above messages
*** and install them before running configure again.


Ok,

Downloaded all the above libraries from the links provided,
started with the first one mentioned, libgpg-error,
and got as far as,

config.status: creating po/Makefile

libgpg-error-1.16 prepared for make

Revision: 8f3187f  (36657)
Platform: i686-pc-cygwin

Then after trying 'make',
got the following:

$ make
make  all-recursive
make[1]: Entering directory 
`/cygdrive/c/gnupg-2.1.0-beta834/libgpg-error-1.16/l

ibgpg-error-1.16'
Making all in m4
make[2]: Entering directory 
`/cygdrive/c/gnupg-2.1.0-beta834/libgpg-error-1.16/l

ibgpg-error-1.16/m4'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory 
`/cygdrive/c/gnupg-2.1.0-beta834/libgpg-error-1.16/li   
 
bgpg-error-1.16/m4'
Making all in src
make[2]: Entering directory 
`/cygdrive/c/gnupg-2.1.0-beta834/libgpg-error-1.16/l

ibgpg-error-1.16/src'
gawk -f ./mkerrnos.awk ./errnos.in >code-to-errno.h
gawk -f ./mkerrcodes1.awk ./errnos.in >_mkerrcodes.h
gcc -E   _mkerrcodes.h | grep GPG_ERR_ | \
   gawk -f ./mkerrcodes.awk >mkerrcodes.h
rm _mkerrcodes.h
gcc -I. -I. -o mkerrcodes ./mkerrcodes.c
./mkerrcodes | gawk -f ./mkerrcodes2.awk >code-from-errno.h
gawk -f ./mkstrtable.awk -v textidx=2 -v nogettext=1 \
./err-sources.h.in >err-sources-sym.h
gawk -f ./mkstrtable.awk -v textidx=2 -v nogettext=1 \
./err-codes.h.in >err-codes-sym.h
gawk -f ./mkstrtable.awk -v textidx=2 -v nogettext=1 \
-v prefix=GPG_ERR_ -v namespace=errnos_ \
./errnos.in >errnos-sym.h
gcc -g -O0 -I. -I. -o mkheader ./mkheader.c
gcc -g -O2 -Wall -Wpointer-arithgen-posix-lock-obj.c   -o gen-posix-lock-obj
gen-posix-lock-obj.c:40:3: error: #error sizeof pthread_mutex_t is not known.
gen-posix-lock-obj.c: In function ‘main’:
gen-posix-lock-obj.c:69:21: error: ‘SIZEOF_PTHREAD_MUTEX_T’ undeclared 
(first use in this function)
gen-posix-lock-obj.c:69:21: note: each undeclared identifier is reported only 
once for each function it appears in
gen-posix-lock-obj.c:99:11: error: ‘HOST_TRIPLET_STRING’ undeclared 
(first use in this function)
 
: recipe for target `gen-posix-lock-obj' failed
make[2]: *** [gen-posix-lock-obj] Error 1
make[2]: Leaving directory 
`/cygdrive/c/gnupg-2.1.0-beta834/libgpg-error-1.16/li   
 
bgpg-error-1.16/src'
Makefile:402: recipe for target `all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory 
`/cygdrive/c/gnupg-2.1.0-beta834/libgpg-error-1.16/li   
 
bgpg-error-1.16'
Makefile:333: recipe for target `all' failed
make: *** [all] Error 2


So,
can it be done on Cygwin, using other steps/commands first?

(btw, have not had any problems compiling, making, and installing gnupg 1.4.x 
on Cygwin).

TIA,

vedaal


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[Robert J. Hansen]

> Does this have to be done under Linux, or can it be done under 
> Windows with the aid of something like MinGW or CodeBlocks?

Unfortunately, this is not something I'd recommend for anyone except a
handful of MinGW experts.  It's technically possible, but daunting.

The approved way of building Win32 executables of GnuPG is to
cross-compile from Linux.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Thursday 18 September 2014 at 5:41:21 PM, in
, Werner Koch wrote:


> If you have all required tools and some extra source
> packages in ../tarballs, you may also build a Windows
> installer:

>   make -f build-aux/speedo.mk  w32-installer


Does this have to be done under Linux, or can it be done under
Windows with the aid of something like MinGW or CodeBlocks?


- --
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

Gypsy Dwarf Escapes Prison: Small Medium at large
-BEGIN PGP SIGNATURE-

iPQEAQEKAF4FAlQcbXhXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5prMAD+wXCEv7vWpJpo/UVZa8c9htb3KT6JYpJfkFG
asL0byfm5dcOZl1JSaZKhwNHYAVi2DgFafR7Ls5PWKTyYiEBndaWNCYUGQQKLKGE
Dq6WrcC01MLiLkoRebypsoFTVhQw5Av2rIdH6AKaKPC4Ggtbi/kSHFNtjaLc+8qh
5E/FDNTr
=0m/q
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users