Hi!
On Fri, 15 Dec 2023 09:22, NIIBE Yutaka said:
> is created. Note that keyboxd just works with systemd by socket
> activation.
Why do you think so. keyboxd is started on demand by gpg or gpgsm.
There is no --supervised option as we still have for dirmngr and
gpg-agent.
In case Debian
Hi Thorsten,
> distracted by being asked a question, and it had terminated the
> pinentry and agent, asking me for a password on stderr/tty without
> pinentry, but as soon as I went to type it there, it ended up with:
The second one is the usual ssh prompt in a failed ssh-agent.
> IMHO the
Hi!
On Thu, 27 Jul 2023 15:24, NIIBE Yutaka said:
> - ... and default keyserver choice:
> debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch
FWIW, if you need to change the default, the proper location is
/etc/gnupg/dirmngr.conf and not a source code patch.
> - And for
On Mon, 31 Jan 2022 09:52, Christian Weiske said:
> Jan 30 07:39:51 dojo systemd[1076614]: gpgconf: Fehler bei Ausführung
> von `/usr/lib/gnupg/scdaemon': wahrscheinlich nicht installiert
Put
disable-scdaemon
into gpg-agent.conf
Salam-Shalom,
Werner
--
Die Gedanken sind frei.
On Tue, 21 Dec 2021 15:17, NIIBE Yutaka said:
>> gpg2 and gpg-agent (used by gnupg (1.x) as well) now uses
>> GPG_AGENT_INFO=/run/user/2339/gnupg/S.gpg-agent:0:1 but
>> the directory /run/user/2339 is removed on logout by elogind
>> even if processes are still running.
>
> I happened to find a
Hi!
> I cannot stop using as I do not know of a publicly supported interface
> to inspect a (detached) signature to get its issuer fingerprint or
> keyid.
You can do this:
gpg --verify --status-fd 1 x.asc /dev/null 2>/dev/null \
| awk '$1=="[GNUPG:]" && $2=="BADSIG" { print $3}'
which
On Sun, 14 Mar 2021 14:32, Christoph Biedl said:
> Point is, the legacy file ~/.gnupg/options is still being used in
> surprisingly many applications, also in documentation:
Then please file a bug against such documentation. And maybe even
against any application which read the option filre
On Sat, 13 Mar 2021 20:40, Kurt Roeckx said:
> It seems that the config file ~/.gnupg/options is no longer read,
> and it's now reading (among others) ~/.gnupg/gpg.conf
Oops. I totally forgot about this this legacy file. The reason for this
is that we switched to a new option parser which also
> * libcurl4-gnutls-dev is unused. While curl is mentioned in source
>comments and checked for in configure, it is never actually used.
You mean GnuPG's configure? I can't find it. It was tested for in
GnuPG 1 and 2.0 but not anymore since 2.1. I am just a curious
upstream.
FWIW, that was fixed 11 years ago in upstream
(commit 971962116fba3769d8260b5016f93c6f9ebf083f)
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
It gets cached if it has been checked. There are some pre-conditions
for this for example the existance of the corresponding public key.
Hi!
gpg caches key signature verification results. Use --no-sig-cache to
disable this cache.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
On Tue, 22 Dec 2020 22:41, Ansgar said:
> The warning is incorrect as GnuPG was told that the key is trusted.
The warning is there for a reasons and it will not be changed.
>> I am not sure what python3-gpg is.
>
> The official Python bindings for GPGME.
Sorry, I did not knew Debian's package
> The output then contains:
>
> | gpg: WARNING: Using untrusted key!
Look here:
if (opt.trust_model == TM_ALWAYS)
{
if (!opt.quiet)
log_info(_("WARNING: Using untrusted key!\n"));
It is just a warning - use --quiet to silence this warning.
> If I try to use python3-gpg to
> my passphrase on my desktop XFCE session. However, I am not at that
> computer, so I cannot provide it with a passphrase.
After having logged into the other box with ssh -X, run in that ssh
session:
gpg-connect-agent updatestartuptty /bye
This tells gpg-agent on which DISPLAY or tty it
On Fri, 22 Nov 2019 11:36, Hans-Christoph Steiner said:
> It should create a zero length file, as recommended in the draft: "it
> is sufficient if that file has a zero length".
Good idea. Tracked upstream as https://dev.gnupg.org/T4753
Shalom-Salam,
Werner
--
Die Gedanken sind frei.
On Tue, 19 Nov 2019 14:50, Bernhard Übelacker said:
> Maybe it is of some help, following seem to be locations with the
> missing symbols:
> ...
> #8 0xb6441a7a in __fdelt_chk (d=194142480) at fdelt_chk.c:25
> #9 0xb27e5281 in () at libgpgme.so.11, in _gpgme_io_select at
This is the
On Thu, 10 Oct 2019 18:42, Steve McIntyre said:
> Looks like a simple cut and paste / completion error.
Now fixed upstream. Thanks for reporting.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
On Thu, 5 Sep 2019 13:05, robert.grizz...@quoininc.com said:
> I am attempting to use both the gpg and PIV functionaity of a Yubikey 5
> device, but scdaemon takes exclusive access. This is the intended behavior
FWIW: GnuPG master has dedicated support for Yubikeys and since today
allows
On Tue, 2 Jul 2019 15:55, guil...@debian.org said:
> According to the dirmngr(8) man page, the default built-in server is
> «hkps://hkps.pool.sks-keyservers.net». Given the recent attacks, and
Not from upstream. We have a default keyserver because that is (or
better was) a pool of keyservers
Hi,
this bug was reported on Monday as
https://dev.gnupg.org/T4600
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
On Sun, 24 Feb 2019 16:56, joshud...@gmail.com said:
> gpg-agent --server or directly from .profile (ssh sessions) by
> gpg-agent --daemon.
FWIW, actually gpg-agent is started on-demand from all tools requiring
it. To explicitly start it "gpgconf --launch agent" can and should be
used.
On Sun, 25 Nov 2018 22:22, csm...@debian.org said:
> It seems it needs the SRV record and fails wrong without it.
> Checking on the same system looking up that SRV record I get the
> expected NXDOMAIN error.
That seems to be a Debian specific problem; with a dirmngr started by
the gpg command, I
On Fri, 23 Nov 2018 00:23, csm...@debian.org said:
> It appears dirmngr tries to lookup a SRV record and that's the no route to
> host error.
Please put this into ~/.gnupg/dirmngr.conf
--8<---cut here---start->8---
log-file /whatever
verbose
debug
On Tue, 13 Nov 2018 16:19, tia...@debian.org said:
> Even for something that shouldn't have a reason to prompt, like
> "--recv-keys" with a full fingerprint?
You are right, this should not be needed. I recall that we recently
fixed a similar case where we accidentally printed to the tty.
In
On Tue, 13 Nov 2018 14:18, be...@debian.org said:
> Passing "--no-tty" to gpg works around this issue.
For any script use you should anyway use --batch which disables the use
of the tty as a side-effect.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
On Tue, 16 Oct 2018 09:51, s...@debian.org said:
> However, none of this solves co-installability in Debian:
> libgpg-error-dev:amd64 and libgpg-error-dev:armhf can't be
> installed at the same time, because they have different content in
> /usr/bin/gpg-error-config, and that will be a problem
On Fri, 28 Sep 2018 00:57, invernom...@paranoici.org said:
> It's clear that the CRL revocation check is the step that takes a long
> time.
Right. And it depends on the certificate issuer and how they maintain
CRLs. If they release CRLs only once a week, things should be okay
becuase GnuPG
On Wed, 26 Sep 2018 22:44, invernom...@paranoici.org said:
> While verifying an OpenPGP signature with gpg is definitely fast,
> verifying a pkcs7-signature with gpgsm is super slow.
Sure that it is the verification and not the CRL or OCSP revocation
check? It dependes on the issuer of the
On Mon, 3 Sep 2018 12:52, vinc...@vinc17.net said:
> So, do you mean that it is a bug in Mutt, which doesn't filter them
> out?
Yes, if you don't want to see them. IIRC, tlr once used a wrapper
process to invoke the actual tool. I have not used the direct
invocation for 15 years.
Anyway it
On Sun, 2 Sep 2018 15:18, vinc...@vinc17.net said:
> outputs many [GNUPG:] debugging messages, partly hiding useful output.
These ain't no debugging messages but the required information for any
program or script to interact with gpg. You have requested them using
the --status-fd option.
pg.org/T4012
Salam-Shalom,
Werner
--
# Please read: Daniel Ellsberg - The Doomsday Machine #
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From 18274db32b5dea7fe8db67043a787578c975de4d Mon Sep 17 00:00:00 2001
From: Werner Koch
Date: Fri, 8 Jun 2018 22:01:10 +0200
Subject:
Hi!
The man pages for gnupg are generated from texinfo source using the
yat2m tool. This is part of GnuPG but we are in the progress of moving
it to libgpg-error (which is a common dependency of all GnuPG stuff).
Thus it would would be better to assign this bug to libgpg-error and
bonus points
On Thu, 5 Apr 2018 22:49, car...@debian.org said:
> CVE-2018-9234[0]:
> | GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key
> | certification requires an offline master Certify key, which results in
> | apparently valid certifications that occurred only with access to a
> |
On Sun, 4 Mar 2018 16:23, d...@fifthhorseman.net said:
> the binary, "gnupg" refer to "gpg" plus the traditional "gpg-agent" and
> "dirmngr", and then some complete "gnupg-all" wihch depends on
You need to include at least gpgconf because this is an important tool.
Not only for gpgme (which
On Mon, 5 Feb 2018 13:48, ijack...@chiark.greenend.org.uk said:
> gnupg2's agent startup code is full of races. Probably, the new
I have seen no such bug report yet in upstream. Please submit one but
use the upstream version and not the heavily patched Debian version.
First try with the the
On Sat, 16 Dec 2017 09:34, ber...@debian.org said:
> passphrase by default. I didn't find any rationale behind this change. See:
> https://github.com/gpg/gnupg/commit/3d78ae4d3de08398fabae5821045a3a1da6dadbe
[ Please dont reference an arbirary repo mirror of gnupg. Either use
the Debian repo
On Wed, 29 Nov 2017 23:56, d...@fifthhorseman.net said:
> libgpgme provides *no functionality* whatsoever if gpg is not installed.
That is not fully correct. For example in the Outlook plugin we used to
use gpgme just to provide data objects with callback functionality and
to connect to the
On Tue, 28 Nov 2017 12:08, amul.s...@fisglobal.com said:
> libgcrypt 1.8.1 contains the needed fixes and is compatile with GnuPG
Actually libgcrypt 1.8.2 will contain those fixes. Right now they are
only in the Git repo. I can release 1.8.2 on short notice.
Salam-Shalom,
Werner
--
Die
On Tue, 28 Nov 2017 00:49, d...@fifthhorseman.net said:
> The fact is, libgpgme explicitly fails in many use cases if gpg-agent or
> dirmngr are not available. This partial, unpredictable failure is not
It should return an error like No Agent, No Dirmngr, or No Pinentry. If
not that is a bug
On Mon, 27 Nov 2017 18:24, ans...@debian.org said:
>> this is a deliberate choice by upstream.
>
> Yes, I saw it in the source :-/
There is a clear reason for this. In the past we had lot of troubles
with too freely configurable socket names and file systems which don't
support local sockets.
On Thu, 23 Nov 2017 13:48, linkfa...@yahoo.fr said:
> Many mutt users do not do any secret key operation. I think those who
> do need to create or setup a private key first - and probably put some
To foster the use of end to end encryption we should get away from the
need to install plugins.
On Tue, 19 Sep 2017 00:52, d...@fifthhorseman.net said:
> If other members of pkg-gnupg-maint could follow up on this bug to
> state intent to participate, that would be great.
The mix of Debian bugs related to gnupg and discussion on the packing or
use is for me, as upstream author, not perfect
> With gnupg 1.4 the corresponding option --quick-random had the desidered
> effect, but since the move gnupg 2.1 this seems to be ignored, to the
Your problem is that the keys are generated by gpg-agent. Thus you
would need to use --debug-quick-random in gpg-agent.conf. However, this
is not
On Wed, 6 Sep 2017 22:21, invernom...@paranoici.org said:
> In the meantime, dear Werner, is there any additional information
> I could provide to help you in pinpointing the bug?
No, this is pretty obvious. Although I would not call it a bug ;-)
Salam-Shalom,
Werner
--
Die Gedanken
> but I get the same ultra-lengthy output.
Okay, so the issue is a different one. I did not replicate it but
looked for chnages which could have introduced it.
> Once again, the --no-verbose option does not seem to help, while the -q
> option seems to only suppress the old (useful) output,
On Mon, 4 Sep 2017 22:34, invernom...@paranoici.org said:
> The output seems to be (more or less) the old output of
> "gpg --refresh-keys $KEYID", combined with the output of
> "gpg --check-sigs $KEYID".
That is likley due to
* gpg: By default try to repair keys during import. New
On Thu, 24 Aug 2017 22:08, ijack...@chiark.greenend.org.uk said:
> I have a log generated by this
> log-file /home/ian/things/Dgit/dgit/tests/tmp/gnupg/gnupg/AGENT.log
> in gpg-agent.conf but due to an infelicitly in my arrangments all of
Use
log-file
On Wed, 5 Jul 2017 12:43, he...@debian.org said:
> and I actually wants to make sure that gnupg is using dns over tor.
FWIW, --use-tor forces the use of Tor for DNS lookups. This does not
use the limited Tor features for DNS but by default uses the DNS server
8.8.8.8. If you want to use
On Tue, 4 Jul 2017 03:05, gni...@fsij.org said:
> Yes. While the patch is right, I followed the suggestion for less
> surprise.
The reason why it was falsely allocated as nlimbs is likely to save on
secure memory. Now that we auto-grow the secure memory this is not
needed and thus this simple
On Tue, 20 Jun 2017 07:09, raphael.d...@gmail.com said:
> $ eval $(gpg-agent --enable-ssh-support)
Please don't do that anymore.
SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
export SSH_AUTH_SOCK
is the way to go.
> automatically provides two of my keys. ssh-add -D does not seem
On Thu, 15 Jun 2017 17:43, d...@fifthhorseman.net said:
> I believe that killing gpg-agent kills scdaemon, which de-initializes
> the smartcard on shutdown, which takes it out of authenticated mode.
Right the smartcard is power-cycled and thus it clears all its transient
state.
> on whether
Okay froods,
https://dev.gnupg.org/rGb5f356e9fba2d99909f8f54d7b7e6836bed87b68
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpkuq5DgyTJT.pgp
Description: PGP signature
On Wed, 24 May 2017 23:36, d...@fifthhorseman.net said:
> full dirmngr flush on every network change -- in particular, that would
> mean that every time we join the network, we would be more likely to
> announce to the network about the various CRLs and keyservers that we're
Good point. That
Hi!
When you switch the laptop connection you should flush dirmngr anyway
and thus I do not consider the need to do this just for the resolver.
gpgconf --reload dirmngr
in the ifup script should do that job. Note that gpgconf won't start a
component on --reload or --kill if it is not yet
On Tue, 25 Apr 2017 22:31, d...@fifthhorseman.net said:
> Do you recommend terminating all per-user gpg-agent and dirmngr
> instances upon package upgrade? This would be a significant change from
I can't decide this. What I do if something goes wrong after an update
is to look into the
On Sun, 23 Apr 2017 11:09, enr...@debian.org said:
> Technically it sounds like the right thing. I had no idea I could get
> hints with --verbose, though, so I wouldn't have seen it.
Isn't it the first thing with Unix tools to add -v when you wonder what
is going on ;-).
> Could gpg tell
On Wed, 19 Apr 2017 18:53, d...@fifthhorseman.net said:
> I wouldn't want to encourage people to restart the daemons -- i'd rather
> encourage them to terminate them and let the new versions be restarted
Right.
> gpg: WARNING: server 'dirmngr' is older than us (2.1.17 < 2.1.18). Run
>
On Wed, 15 Feb 2017 20:52, d...@fifthhorseman.net said:
> However, this will cause problems for people dealing with a smartcard
> with a PGPv3 key on it.
I doubt that you can put a PGP-2 key on an OpenPGP smartcard. We
require a SHA-1 fingerprint.
> hm, bummer. a configure option to keep the
On Wed, 15 Feb 2017 16:23, d...@fifthhorseman.net said:
> should we adjust the build of 1.4 in debian to patch out the direct
> access of smartcards? if we use --disable-card-support during
> ./configure will that disable use of the agent for smartcards as well,
> or will it just remove the
On Tue, 14 Feb 2017 00:55, d...@fifthhorseman.net said:
> * gpg 1.4 expects to connect directly to the active smartcard. 2.1
>expects access to the smartcard to be mediated by the scdaemon
>process. I don't know what happens if both of these systems try to
>access a single
On Tue, 14 Feb 2017 06:47, gni...@fsij.org said:
> If you still have the device, please let me know if it works. I'm
I have a device but no pcmcia/pc-card slot on regular used machines.
> afraid it's too old to support current version of OpenPGP card with
> RSA key length >= 2048.
Yep, that
On Mon, 6 Feb 2017 07:04, gni...@fsij.org said:
> simultaneously/interchangeably on a system. scdaemon is not a system-
> wide service for all smartcards, but it's specific to OpenPGP card and
> it's per user service for gpg-agent.
FWIW: Scdaemon supports several smartcards and certain other
On Fri, 3 Feb 2017 11:47, ktns...@gmail.com said:
> gpg(1) reads that `--sender' option can be used to suppress some uids
> printed by TOFU code when verifying messages, but the option seems to
> have no effect.
It does not do much right now but we have it here so that GPGME can
provide it.
mit b0e0bdeac5d40ca645afc9017778b39a26303523
Author: Werner Koch <w...@gnupg.org>
Date: Wed Jan 11 18:40:17 2017 +0100
gtk2: Fix a problem with fvwm
* gtk+-2/pinentry-gtk-2.c (grab_pointer): Take care of
GDK_GRAB_ALREADY_GRABBED.
--
Debian-bug-id: 850708
Co-authored-by
On Tue, 24 Jan 2017 01:45, d...@fifthhorseman.net said:
> to drive gpg, though. I think we do still need that test in gpgme, just
> like we'd need a higher-level test for a mail user agent that was
Agreed. Upstream commit
a98951a * tests: Use --debug-quick-random for tests
will go into
On Thu, 2 Feb 2017 11:37, a...@debian.org said:
> Trying to use it on Sid or Stretch causes one pinentry window popup per
> guessed try (i.e. potentially thousands). And since pinentry usually
I don't know rephase but according to the description it should not use
gpg to test the passphrase.
On Fri, 13 Jan 2017 20:02, wea...@debian.org said:
> I suspect the callback shouldn't try to sleep if the entropy is being
> read from a non-blocking source, or maybe the callback shouldn't be
The sleeping is done to reqlinguish control to other threads. Libgcrypt
1.7 unfortunately needs to
1d8770 Mon Sep 17 00:00:00 2001
From: Werner Koch <w...@gnupg.org>
Date: Wed, 11 Jan 2017 18:40:17 +0100
Subject: [PATCH] gtk2: Fix a problem with fvwm
* gtk+-2/pinentry-gtk-2.c (grab_pointer): Take care of
GDK_GRAB_ALREADY_GRABBED.
--
Debian-bug-id: 850708
Co-authored-by: Vincent L
On Tue, 10 Jan 2017 22:16, d...@fifthhorseman.net said:
> If two struct ARGPARSE_OPTS share a prefix in their long_opt name, but
> have the exact same short_opt and flags, they are aliases and not
Smart. Please push with the usual two dashes before the free form
text.
Salam-Shalom,
Werner
On Sun, 8 Jan 2017 23:32, ijack...@chiark.greenend.org.uk said:
> dgit test suite. But I have to jump through hoops to do so: I end up
> putting a stunt gpg program on the PATH so that I can pass
> --agent-program.
Obviously we had the same problem in the test suite and thus we
implemented an
On Sun, 8 Jan 2017 18:47, ijack...@chiark.greenend.org.uk said:
> follow, but I am still stumped as to get debugging output from
> gpg-agent. I tried making a stunt shell script to pass --debug-all
The best way to debug the system is to
--8<---cut
On Sun, 8 Jan 2017 23:46, ijack...@chiark.greenend.org.uk said:
> gpg-agent is AIUI the main program which handles key material. We
> cannot afford for it to be afflicted by threading bugs.
Please point out a single threading bug in gpg-agent or any other part
of GnuPG. But before you point
Hi!
I have no insight on why pinentry fails for you. As a workaround you
may try "no-grab" in gpg-agent.conf
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpUjYl93f_Mz.pgp
Description: PGP signature
On Fri, 6 Jan 2017 21:54, wea...@debian.org said:
> So for decades "gpg --clear" has worked as shorthand for "gpg
> --clearsign".
Same for --edit, which is now --edit-key or --edit-card. The
abbreviated commands are convenience for interactive use and not
expected to be used in scripts etc.
On Thu, 5 Jan 2017 18:25, ijack...@chiark.greenend.org.uk said:
> I also tried to look at the gnupg2 source code. After reading it I
> was not surprised the agent startup is racy, and I was very
> discouraged from trying to debug it. Is there a design document or
> comment somewhere which I
On Mon, 2 Jan 2017 13:46, intrig...@debian.org said:
> ... which is expected if querying 127.0.0.1, that doesn't support
> SRV records.
The question is whether we should gracefully handle this failure and
return 0 records found (as done < 2.1.17)?
> Jan 02 13:37:57 dirmngr[8281]: DBG: dns:
Hi!
The attached patch fixes this problem.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From b200e636ab20d2aa93d9f71f3789db5a04af0a56 Mon Sep 17 00:00:00 2001
From: Werner Koch <w...@gnupg.org>
Date: Mon, 2 Jan 2017 10:00:33 +0100
Subject:
On Wed, 21 Dec 2016 17:47, witold.bary...@gmail.com said:
> Everybody know CTR is easy to parallelize and easy to understand implement,
CTR is a reincarnation of RC4 - bug wise. Nobody with a sane mind wants
a counter mode. It is also not an AE mode and thus nothing to be used
for new
On Wed, 21 Dec 2016 14:33, boyan.pen...@gmail.com said:
> Is this straighforward? What changes should I make to gpg.conf to give
> this a shot?
You need to convince the OpenPGP WG that OCB is the way forward. The
prefer other and slower modes due to patents on PCB. However, these
patents are
On Wed, 21 Dec 2016 06:57, witold.bary...@gmail.com said:
> Using cipher and compression algorithms that can utilize multiple cores
It is not possible to parallelize encryption using the CFB mode as
required by OpenPGP. In theory it would be possible to run the hashing
(which is also run on the
On Sun, 18 Dec 2016 19:34, vinc...@vinc17.net said:
> Couldn't it cache the RNG status on disk?
That is whqt random_seed is used for. However we need to get a few
extra bytes.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpypmNt6hVtW.pgp
On Sun, 18 Dec 2016 17:00, jspri...@debian.org said:
> which led me to this patch:
This is
agent: Kludge to mitigate blocking calls in Libgcrypt.
* agent/gpg-agent.c (agent_libgcrypt_progress_cb): Sleep for 100ms on
"need_entropy".
--
During key generation Libgrypt
On Fri, 9 Dec 2016 13:04, vinc...@vinc17.net said:
> $ gpg -d note.gpg
> gpg: AES encrypted data
> gpg: cancelled by user
"cancelled" was unfortunately a catch-all error of pinentries.
> Note: I got this error immediately, and no windows are opened.
>
> A few minutes later, everything was
Can you please try to switch to pinentry-gtk-2 to see whether this makes
a difference? Either change the symlink or put
pinentry-program /usr/bin/pinentry-gtk-2
into gpg-agent.conf and gpgconf --reload gpg-agent
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein
On Tue, 6 Dec 2016 19:07, d...@fifthhorseman.net said:
> You could work around it by creating a gnupg_home dir for your tests at
> the top level of your build tree, and it would fit within the requisite
Sandro: Assuming 2.1, you can also do this:
GNUPGHOME=
export GNUPGHOME
gpgconf
bly the
fastest fix. I also pushed a commit with the real fix:
commit ef10c348bffc7dad19e1832bebc453755d209420
Author: Werner Koch <w...@gnupg.org>
Date: Sat Dec 3 21:35:45 2016 +0100
gpg: Fix error code arg in ERRSIG status line.
* g10/mainproc.c (check_sig_and_print): Use gpg
On Tue, 29 Nov 2016 14:49, matth...@urlichs.de said:
> When in doubt, do both?
No. As I explained the key might be in use by other tools not just
ssh. Tracking which key has been ssh-add'ed which has been taken from a
different source would be pretty complicated.
> In any case, if it's been
On Tue, 29 Nov 2016 00:20, matth...@urlichs.de said:
> I can't delete them; "ssh-add -d path/to/file-pub" silently fails.
> So does "ssh-add -D".
gpg-agent does not support this because it stores the key in its own
database. As you may have noticed ss-add is only required once to tell
gpg-agent
On Wed, 23 Nov 2016 18:19, d...@fifthhorseman.net said:
> 0) turn off CRL updates entirely during s/mime signature verification
The gpgsm option is --disable-crl-checks.
> 1) do s/mime signature verification without CRL updates, but schedule
> CRL checks to happen in the background for
On Sun, 20 Nov 2016 10:03, a...@sigxcpu.org said:
> libadns1 has limited security support in Debian so I wonder if this is a
> good choice for dirmngr. Please consider using another resolver by
Due to the unresponsive ADNS upstream maintainer, we are evaluating
other options than ADNS. We have
On Sat, 12 Nov 2016 17:45, ijack...@chiark.greenend.org.uk said:
> I just tried to use caff. I found that it seemed to hang, every
> time. I tried debugging it with strace.
Put
--8<---cut here---start->8---
log-file /wherever/dirmngr.log
verbose
debug ipc
Hi,
that was already fixed in the repo by Ineiev and committed in September.
Will go into 2.1.16.
Thanks,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpSWVoU0Icly.pgp
Description: PGP signature
On Wed, 9 Nov 2016 14:48, d...@fifthhorseman.net said:
> So looking at get_pwdir in common/stringhelp.c, all of those calls are
> inside the get_pwdir function, wrapped in an #ifdef HAVE_PWD_H. This
> code is used for tilde(~) expansion inside do_make_filename(), which
> itself is a helper
On Wed, 9 Nov 2016 00:41, d...@fifthhorseman.net said:
> dbus-user-session is also very much in line with gpg-agent's
> --standard-socket option (which is now the default): both of them have
> the concept of a single session running for any given user on the
> machine.
In GnuPG that depends on
On Wed, 9 Nov 2016 13:43, gni...@fsij.org said:
> I think that it is OK for gpgv-static not supporting tilda expansion.
Agreed.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpyjV3tDXiuv.pgp
Description: PGP signature
>> It would be great to get better error messages in the hands of users.
>> Anything in that direction is welcome.
>
> I'll look into this.
Done. If you run gpg with -v you now get this:
gpg: pinentry launched (pid 23496, flavor gtk2, version 0.9.8-beta32)
and if the curses fallback is used
On Thu, 3 Nov 2016 18:51, vinc...@vinc17.net said:
> The fallback to Curses is actually a bug when --no-tty is provided
> as a gpg option, because this is documented as:
I agree.
> So, the terminal can't be used to output the prompt for the
> passphrase. I suppose that applications that do not
On Thu, 3 Nov 2016 17:25, d...@fifthhorseman.net said:
> Could you please also include some feedback on the actual code provided?
Looks fine. I have no way to test it right now, though.
> It would make the orthographic nit-pickery a little easier to stomach.
>
> --dkg, frustrated, and
On Thu, 3 Nov 2016 16:13, d...@fifthhorseman.net said:
> i do not either, but i will work on a patch that provides something
> approximating this approach today.
Thanks.
> I'm not sure why you prefer it that way. If pinentry is used as a
Because the pinentry code makes assumptions on how it
1 - 100 of 417 matches
Mail list logo
