Re: EasyGnuPG

On 22.03.2016 23:10, Dashamir Hoxha wrote: > You got this wrong. It does not enforce 1 month expiry. Right after > creating the key you can change its expiry to 10y, if you wish. But if > you say nothing, after 1m you will have to renew it (if you still > remember the passphrase). This is like a

AES-GCM and AEAD Protected Data Packet (IETF draft)

Hi, I’ve implemented initial support for AES-GCM in OpenPGP.js using the IETF draft for authenticated encryption: https://tools.ietf.org/html/draft-ford-openpgp-format-00 I’ve created a pull request on GitHub for the implementation. The specification leaves quite a bit of wiggle room and I’ve

Re: EasyGnuPG

On Tue, Mar 22, 2016 at 11:25 PM, Peter Lebbing wrote: > > > What is wrong with that? As long as there is a subkey for encryption, > > gpg will use the subkey for encryption, even if the primary key is > > capable of encryption. > > That is not up to you! It's up to your

Re: EasyGnuPG

On 22 Mar 2016, at 22:10, Dashamir Hoxha wrote: >> On Tue, Mar 22, 2016 at 10:21 PM, Peter Lebbing >> wrote: >> And why is your primary key capable of encryption? One of the reasons for >> subkeys is so you don't have to use the same key material

Re: EasyGnuPG

On 22/03/16 15:31, Ben McGinnes wrote: > What, you mean like "gpg2 --use-embedded-filename"? No, I meant what it already does, I had it wrong in my head and should have tried it. I mean that it would be nice if the following were equivalent: $ gpg2 -r de500b3e -e file.ext $ gpg2 -o file.ext.gpg

Re: EasyGnuPG

On 22/03/16 23:10, Dashamir Hoxha wrote: > You got this wrong. It does not enforce 1 month expiry. Right after > creating the key you can change its expiry to 10y, if you wish. But if > you say nothing, after 1m you will have to renew it (if you still > remember the passphrase). This is like a

Re: EasyGnuPG

Sorry to butt in here but in my first post to the list I mentioned that I was attempting to use FreePascal/Lazarus to interface with GPG via the command line but whilst I had managed to get it working with OpenSSL attempting the same methodology on GPG resulted in a 'hang'. Now I realise I am a

Re: EasyGnuPG

On Tue, Mar 22, 2016 at 10:21 PM, Peter Lebbing wrote: > > Your one month expiry thing is not well thought through. Not only will the > owner > need to re-sign and redistribute every damn month, but all his contacts > will > pretty much always need tor refresh the key

Re: EasyGnuPG

First of all, let me say that I regret that I didn't start my mail with feedback on your project on a positive note. I think it's good that people spend effort trying to make things more usable, and I applaud you for it. It would have been a lot nicer of me to start out with that. There's no

Re: EasyGnuPG

On Tue, Mar 22, 2016 at 3:41 PM, Ben McGinnes wrote: > > You might try experimenting with gpgme-tool then, it's one of the > undocumented/self-documented extras which comes with GPGME. It > provides a socket interface with which you can interact with portions > of the GPGME

Re: EasyGnuPG

On Tue, Mar 22, 2016 at 10:54 AM, Paolo Bolzoni < paolo.bolzoni.br...@gmail.com> wrote: > I totally agree, Dashamir I really think you should focus on what you > think is hard in gnupg? And why? > Are you sure a new program (and not a simple patch) is the best answer? > > At the moment you are

Re: EasyGnuPG

On Tue, Mar 22, 2016 at 2:28 PM, Werner Koch wrote: > > There are two simple things you need to remember when using gpg in a > script: > > 1. --batch to avoid all interaction. > > 2. --with-colons to get a well defined output format. That format is > not good for

Re: EasyGnuPG

On Tue, Mar 22, 2016 at 4:29 PM, Werner Koch wrote: > On Tue, 22 Mar 2016 15:41, b...@adversary.org said: > > > provides a socket interface with which you can interact with portions > > of the GPGME functions, including most of the most common functions. > > FWIW: We even

Re: Verification via the web of trust

On 22/03/16 18:30, Peter Lebbing wrote: > On 22/03/16 19:14, Andrew Gallagher wrote: >> All this is true. But this does not help *me* one iota. > > It sounds to me like you're not looking for the Web of Trust, which is indeed > very limited in its options. Instead, you are probably looking for

Re: Verification via the web of trust

On 22/03/16 19:14, Andrew Gallagher wrote: > Real world example. I wanted to install the latest copy of Apache for > windows. It is signed by one William A Rowe Jr. I do not know William A > Rowe Jr, nor do I know any of the people who have signed his key, nor am > I ever likely to meet them, let

Re: Verification via the web of trust

On 22/03/16 19:14, Andrew Gallagher wrote: > All this is true. But this does not help *me* one iota. It sounds to me like you're not looking for the Web of Trust, which is indeed very limited in its options. Instead, you are probably looking for something more like TOFU, in the sense that this

Re: Verification via the web of trust

On 22/03/16 17:11, Peter Lebbing wrote: > > That trust is not transitive is not some quirk of the web of trust: it > is fundamental. I might trust Carl, and Carl might trust Jenny, but if I > don't know Jenny, I would not trust her, despite the fact that I trust > someone who trusts her. Trust is

Re: Verification via the web of trust

On 22/03/16 13:21, Lachlan Gunn wrote: > All the pathfinders I've seen have been full-on HTML websites, is there > anything out there more suitable for scripting? This doesn't help you one iota. The simple reason: trust is not transitive. If you want key A, which is 4 hops away from you, to

Re: EasyGnuPG

On Tue, Mar 22, 2016 at 04:29:42PM +0100, Werner Koch wrote: > On Tue, 22 Mar 2016 15:41, b...@adversary.org said: > > > provides a socket interface with which you can interact with > > portions of the GPGME functions, including most of the most common > > functions. > > FWIW: We even consider

Re: Verification via the web of trust

One idea I've been tossing about: import the whole dump. I read that gpg 2.1 uses a new efficient key database called keybox. It would be interesting to see if it could handle that much data, and if so, gpg could do the WoT calculations directly. On Tue, Mar 22, 2016, 9:33 AM Lachlan Gunn

Re: A better interface to the GnuPG-Framework (Re: EasyGnuPG)

On Tue, Mar 22, 2016 at 3:53 PM, Paolo Bolzoni < paolo.bolzoni.br...@gmail.com> wrote: > I guess we should start from the desired use case. > We want a GUI for what? Encrypting? Signing? Managing the web of > trust? SSH login? Everything? I think that deciding the desired use case(s) is

Re: A better interface to the GnuPG-Framework (Re: EasyGnuPG)

On Tue, Mar 22, 2016 at 03:45:09PM +0100, Bernhard Reiter wrote: > On Tuesday 22 March 2016 at 15:14:41, Ben McGinnes wrote: > > You know what might, though, if someone were to take up the old GPA > > project perhaps ... maybe port it to GTK 3 or implement a Qt version. > > We have just cleanup

Re: EasyGnuPG

On Tue, 22 Mar 2016 15:41, b...@adversary.org said: > provides a socket interface with which you can interact with portions > of the GPGME functions, including most of the most common functions. FWIW: We even consider to extend gpgme-tool to be a Native Messaging Server for Browsers.

Re: A better interface to the GnuPG-Framework (Re: EasyGnuPG)

I guess we should start from the desired use case. We want a GUI for what? Encrypting? Signing? Managing the web of trust? SSH login? Everything? On Tue, Mar 22, 2016 at 3:45 PM, Bernhard Reiter wrote: > On Tuesday 22 March 2016 at 15:14:41, Ben McGinnes wrote: >> You

Re: EasyGnuPG

On Tue, Mar 22, 2016 at 11:20:40AM +0100, Dashamir Hoxha wrote: > On Tue, Mar 22, 2016 at 9:56 AM, Bernhard Reiter > wrote: > > > > Any cross plattform approach would work. Python has the advantage > > that the source code can be changed by an editor an immedeately run > >

A better interface to the GnuPG-Framework (Re: EasyGnuPG)

On Tuesday 22 March 2016 at 15:14:41, Ben McGinnes wrote: > You know what might, though, if someone were to take up the old GPA > project perhaps ... maybe port it to GTK 3 or implement a Qt version. We have just cleanup and simplified the structure of Kleopatra, so that is making steps into the

Re: EasyGnuPG

On Mon, Mar 21, 2016 at 06:38:31PM +0100, Peter Lebbing wrote: > On 21/03/16 16:49, Dashamir Hoxha wrote: > > Yes, but the overall number of commands and options supported > > is 10 times smaller than those of gpg2. Tutorials about egpg are also > > much shorter. > > These things can simply be

Re: EasyGnuPG

On Mon, Mar 21, 2016 at 03:05:05PM +0100, Bernhard Reiter wrote: > Hi Dashamir, > > On Friday 18 March 2016 at 09:49:16, Dashamir Hoxha wrote: > > I am writting some shell scripts for making GnuPG more accessible and > > easier to use: > > - https://github.com/dashohoxha/egpg > > I like the

Re: more files in private-keys-v1.d than shown with 'gpg --with-keygrip -K'

On Tue, 22 Mar 2016 10:12:36 +0100 Viktor Dick wrote: Hello Viktor, >Thanks, I found it myself but since the sender of a mail to the list >does not get a copy of it, It's a gmail-ism; Most people get their list messages sent back to them, but not gmail users. It's a

Re: EasyGnuPG

> On 22 Mar 2016, at 10:40, Paolo Bolzoni wrote: > > And besides, it's much easier to build a GUI app in front of a C API > than a command line application. This is undeniably true. Unfortunately you first need to learn the API, which can be a barrier to someone

Re: Where is /usr/local/gnupg-2.1?

On Mon, Mar 21, 2016 at 11:31:56PM -0400, Robert J. Hansen wrote: > > There are two other possible explanations: MacPorts (see macports.org) > > and Home Brew. > > And Fink, and... etc. However, I'm omitting the ... let's call them > "comprehensive" solutions that allow you to install all manner

Verification via the web of trust

Hello, Apologies if this is an excessively newbie question, but is there any reasonably automated way to do verification via the web-of-trust when you don't have all the intermediate steps in the keyring already? All the pathfinders I've seen have been full-on HTML websites, is there anything

Re: EasyGnuPG

On Tue, 22 Mar 2016 11:20, dashoho...@gmail.com said: > scripts is terribly difficult. I don't understand why `gpg` does not follow > the unix philosophy of being easily used in scripts and cooperating easily > with other commands. It actually does. There are just two things which differ: -

Re: EasyGnuPG

My real question is: what do you think in gpg is not easy enough? On Tue, Mar 22, 2016 at 11:53 AM, Dashamir Hoxha wrote: > On Tue, Mar 22, 2016 at 11:40 AM, Paolo Bolzoni > wrote: >> >> And besides, it's much easier to build a GUI app in

Re: EasyGnuPG

I totally agree, Dashamir I really think you should focus on what you think is hard in gnupg? And why? Are you sure a new program (and not a simple patch) is the best answer? At the moment you are showing us strange defaults, an implementation that can break at any time, and I am not really sure

Re: EasyGnuPG

On Tue, Mar 22, 2016 at 11:40 AM, Paolo Bolzoni < paolo.bolzoni.br...@gmail.com> wrote: > And besides, it's much easier to build a GUI app in front of a C API > than a command line application. By no means I want to prevent anybody from starting to build a GUI app...

Re: EasyGnuPG

> This is an important point (using the API), because trying to use `gpg` > in scripts is terribly difficult. I don't understand why `gpg` does not > follow the unix philosophy of being easily used in scripts and > cooperating easily with other commands. GnuPG is, believe it or not, a lot more

Re: EasyGnuPG

And besides, it's much easier to build a GUI app in front of a C API than a command line application. On Tue, Mar 22, 2016 at 11:35 AM, Robert J. Hansen wrote: >> And then, it is not difficult to build a GUI app on top of a >> command-line tool that works properly. I cannot

Re: EasyGnuPG

> And then, it is not difficult to build a GUI app on top of a > command-line tool that works properly. I cannot do it, but somebody > maybe can do it easily. Oh, it's *hard*. Look at how long it took Enigmail to get into a state where it wasn't painful to use -- and there are still, today,

Re: EasyGnuPG

On Tue, Mar 22, 2016 at 10:46 AM, Robert J. Hansen wrote: > > I don't think the EasyGnuPG authors have thought through their target > market. It targets users who are comfortable enough to say "oh, I > should use the terminal for this!", but not comfortable enough to read a

Re: EasyGnuPG

On Tue, Mar 22, 2016 at 9:56 AM, Bernhard Reiter wrote: > > Any cross plattform approach would work. Python has the advantage > that the source code can be changed by an editor an immedeately run > and that it works fairly well cross-plattform. > > What is even more

Re: more files in private-keys-v1.d than shown with 'gpg --with-keygrip -K'

Thanks, I found it myself but since the sender of a mail to the list does not get a copy of it, I could not simply reply. If I use '--list-options show-unusable-subkeys', I see the missing keys, they are simply expired. Sorry to disrupt. Regards, Viktor signature.asc Description: OpenPGP

Re: EasyGnuPG

> Just like Peter wrote I think that a user would usually not > encounter all bells and wistles. I think it's rather a bit more extreme than that. I think if a user has to fire GnuPG up from the command line *for anything*, something's gone terribly wrong and we're in danger of losing a user.

Re: Using gpg for ssh access

On Thursday 17 March 2016 at 10:40:27, Damien Goutte-Gattat wrote: > If I may, I wrote two blog posts on this subject: > > * http://www.incenp.org/notes/2014/gnupg-for-ssh-authentication.html > (for GnuPG 2.0) > > * http://www.incenp.org/notes/2015/gnupg-for-ssh-authentication.html > (for GnuPG

Re: EasyGnuPG

Hi Dashamir, On Monday 21 March 2016 at 16:49:41, Dashamir Hoxha wrote: > Hi Bernhard, thanks for having a look at it. you are welcome! I appreciate all efforts to make GnuPG more accessible, this is why I am taking a little bit of time to write up some feedback. > On Mon, Mar 21, 2016 at

Re: more files in private-keys-v1.d than shown with 'gpg --with-keygrip -K'

On Mon, 21 Mar 2016 21:05, viktordic...@gmail.com said: > key and not present in the folder). I guess these are expired subkeys > which I somehow deleted from my keyring, but why would the private keys Or keys used by SSh or X.509. Use gpg-connect-agent and then: > help keyinfo # KEYINFO

Re: Where is /usr/local/gnupg-2.1?

On Mon, Mar 21, 2016 at 06:39:33PM -0400, Robert J. Hansen wrote: > Edgar reached out to me earlier, and I directed him here to this list in > the hopes that someone with more clue than me would be able to help. > > Edgar, I'm not particularly up on GPG for OS X. However: > > > So, I went to