Hi Ahmed--
On Sun 2017-08-13 00:45:28 +, أحمد المحمودي wrote:
> I have gnupg 1.4 installed on my system. I am trying to edit my key in batch
> mode using the following command:
>
> gpg --edit-key --command-fd 0 --status-fd=2 < scr
>
> the contents of 'scr' file is:
> =
> adduid
> أحمد ا
On Thu 2017-08-17 22:39:21 -0300, Duane Whitty wrote:
> Sounds like a good approach but for someone who has more public keys
> stored than me. I only exchange encrypted email with a very, very
> small group of people and I am in regular voice communication with
> them.
If you're going to manage a
On Thu 2017-08-17 19:47:16 -0500, Mario Castelán Castro wrote:
> I have chosen RSA as a “known good” algorithm for the primary key
> because if I chose a different curve or algorithm for elliptic key once
> I have the required knowledge to make an informed decision it will be
> more convenient to c
On Thu 2017-08-17 22:48:36 -0300, Duane Whitty wrote:
> Well, I'm not familiar enough with the arcana to say whether it should
> be done away with or not but, I am a big believer in software not
> trying to guess what I want. As you said, in version 2.1 GnuPG would
> have complained that I hadn't
On 17/08/17 18:49, Daniel Kahn Gillmor wrote:
> aiui, your main goal was because the certifications are smaller, but
> you're still requiring people to fetch your larger primary key. if you
> want to really minimize the size, just make a new OpenPGP key that is
> ECDSA-only.
I have chosen RSA as
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 17-08-17 09:20 PM, Daniel Kahn Gillmor wrote:
> On Mon 2017-08-14 22:12:18 -0300, Duane Whitty wrote:
>> Actually one suggestion, the way options and commands are
>> specified look the same. It might make things clearer if there
>> was a differ
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 17-08-17 09:18 PM, Daniel Kahn Gillmor wrote:
> On Mon 2017-08-14 21:50:13 -0300, Duane Whitty wrote:
>> I perceive keys in my keyring as being ones I trust because of
>> out-of-band confirmation and used for two-way communications.
>
> You're
On Mon 2017-08-14 22:12:18 -0300, Duane Whitty wrote:
> Actually one suggestion, the way options and commands are specified
> look the same. It might make things clearer if there was a difference
> in the way they are expressed on the command line. Perhaps keep the
> "--" for options and enter co
On Mon 2017-08-14 21:50:13 -0300, Duane Whitty wrote:
> I perceive keys in my keyring as being ones I trust because of
> out-of-band confirmation and used for two-way communications.
You're not the only person with this perception. But i'm afraid i think
it's a mistake, unfortunately.
Actually s
On Thu 2017-08-17 07:42:06 -0500, Mario Castelán Castro wrote:
> No, it does not have the certify capability. How can I enable this
> capability?
I recommend re-considering this approach, because there is likely to be
software out there that:
(a) doesn't expect to see certifications from subkeys
It is my understanding that --export-secret-subkeys outputs a *dummy*
(not the actual key) for the private part of the primary key, hence the
output of --list-packets.
The “gpg” man page says “The second form of the command [i.e.:
--export-secret-subkeys] has the special property to render the sec
No, it does not have the certify capability. How can I enable this
capability?
If I add a subkey with “--expert --edit-key” no option is given to
enable certify capability (as mentioned in my previous message), only
sign and authenticate in the case of ECC keys and sign, authenticate and
encrypt
> On 17 Aug 2017, at 16:06, Peter Lebbing wrote:
>
> On 17/08/17 15:39, Dirk-Willem van Gulik wrote:
>> # off=0 ctb=95 tag=5 hlen=3 plen=533
>> :secret key packet:
>> version 4, algo 1, created 1502976628, expires 0
>> pkey[0]: [4096 bits]
>> pkey[1]: [17 bits]
>> gnu-dummy S
On 17/08/17 15:39, Dirk-Willem van Gulik wrote:
> # off=0 ctb=95 tag=5 hlen=3 plen=533
> :secret key packet:
> version 4, algo 1, created 1502976628, expires 0
> pkey[0]: [4096 bits]
> pkey[1]: [17 bits]
> gnu-dummy S2K, algo: 0, simple checksum, hash: 0
> protect IV:
On 08/17/2017 03:39 PM, Dirk-Willem van Gulik wrote:
This had me believe that export-secret-subkeys would just export a
subkey.
Instead the output of --list-packets (and the file size) suggests
that both the master and the subkey are exported.
Seemingly, yes. But actually, when using --export-
I am trying to understand the man page with regards to secret subkey exports.
--export-secret-subkeys
Same as --export, but exports the secret keys instead. The
exported keys are written to STDOUT or to the file given with option --output.
This command is often
Hi list,
# Context
I connect to an OS X machine either locally or via SSH.
When local, I use pinentry-mac and forward my SSH agent to gpg-agent.
When remote, I use $SSH_AUTH_SOCK from the forwarded connection (I'm
also trying to forward the gpg-agent socket, but it doesn't work
reliably due to
17 matches
Mail list logo
