Re: Problems with ESTEID and gpgsm

On Wed, 23 Dec 2015 00:00, mailingli...@vanwingerde.net said: > gnupg-pkcs11-scd[22387.3394275072]: version: 0.7.3 You are using some modified version of GnuPG's scdaemon. Please ask the author of that version for help. The parts of GnuPG all belong together and it is in general not a good idea

Re: keysearch fails

On Wed, 23 Dec 2015 09:23, g...@unixarea.de said: > gpg: DBG: chan_3 <- OK Dirmngr 2.1.6 at your service Please first update to gnupg 2.1.10. > Dec 23 09:15:09 c720-r285885-amd64 kernel: pid 2809 (dirmngr), uid 1001: > exited on signal 6 Which probably is SIGABRT which in in turn may indicate

Re: pubring.kbx, no secring?

On Tue, 22 Dec 2015 15:08, g...@unixarea.de said: > why the new keys of v2 are stored in a dir private-keys-v1.d and not in > a dir for example private-keys-v2.d; don't you think that such name *v1.d* > confuses > people (like me)? You are the first one to comment on this ;-) The new format is a

[Announce] GnuPG 1.4.20 released

e also signed by the long term keys of their respective owners. Current releases are signed by one or more of these four keys: 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048/E0856959 2014-10-

Re: end-of-life for libgcrypt 1.5.x

On Wed, 16 Dec 2015 05:53, erka...@gmail.com said: > is this info (1), from 2014 August, still valid ? > (1) "Declare 2016-12-31 as end-of-life for 1.5." Sure. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. __

Re: Tor Support for SKSkeyservers in 2.1

On Mon, 14 Dec 2015 06:20, bober_...@riseup.net said: > keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050 A http proxy is not a socks proxy. These are different concepts. Tor is implemented as a socks proxy and GnuPG before version 2.1.10 has no support for this. See Malte's mails

Re: Please consider joining Bountysource Salt to collect recurring donations

On Fri, 11 Dec 2015 10:40, pe...@digitalbrains.com said: > While I think it's a good idea to include an alias, I think you should > do that consistently for all the menus, otherwise "Documentation" and > "Related software" are going to end up even more hidden ;). Frankly, I think we should change

Re: Please consider joining Bountysource Salt to collect recurring donations

On Thu, 10 Dec 2015 02:22, andrey.od.ut...@gmail.com said: > Wow, actual Donate page turned out to be a secret area, not obvious to > get to it (it looks like a menu header, not a menu entry). Thanks for telling. This is the first time I heard about this but I can imagine the problem. I just mo

Re: [Announce] GnuPG 2.1.10 released

On Mon, 7 Dec 2015 01:05, 2014-667rhzu3dc-lists-gro...@riseup.net said: > Should these be available in the Windows version? I get:- > > gpg: unknown trust model 'tofu+pgp' > gpg: unknown TOFU policy 'ask' Have a look into the announcement: The source used to build the Windows installe

[Announce] GnuPG 2.1.10 released

ed by one or more of these four keys: 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048/E0856959 2014-10-29 [expires: 2019-12-31] Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E

Re: problems decrypting ASCII-armored file

On Tue, 1 Dec 2015 09:41, andr...@andrewg.com said: > point is identical no matter which encoding is being used. The only > time you would see the raw utf-8 bytes would be if the software was > Unicode-incapable or if the locale was set incorrectly, leading it to > be interpreted as a sequence of

Re: GnuPG 2.1: --auto-key-locate dane

in one of the last OpenPGP drafts. Use "gpg --print-dane-records -k m...@dabpunkt.ue" to output a suitbale DANE record. Here is a working example: $ gpg --auto-key-locate clear,dane,local -v --locate-key w...@gnupg.org [...] gpg: pub dsa2048/F2AD85AC1E42B367 2007-12-31 Werner

Re: Generating 4096 bit key fails – why?

On Tue, 17 Nov 2015 10:12, felix.k...@inka.de said: > Any idea when the next release is scheduled to be available? We encountered some regression right before the usual monthly release date and thus we postponed that release. We now plan for some time in the next week. Salam-Shalom, Werner

Re: Generating 4096 bit key fails – why?

On Tue, 27 Oct 2015 20:47, m...@dabpunkt.eu said: > AFAIK the card doesn’t support 4096 bit keys. The webpage given by you > says the same AFAIS: The ZeitControl v2 OpenPGP cards have always supported 4096 bit RSA. However we only stated 3072 because back then GnuPG was not able to handle keys la

Re: TOFU for GnuPG

On Thu, 29 Oct 2015 17:23, m...@dabpunkt.eu said: > isn’t it a little bit problematic that GPG now logs how often I received > emails by someone else? Well, you MUA does it already. The IMAP server of your provider also has this information, and, worst of all, your responsible surveillance agenc

Re: Generating 4096 bit key fails – why?

On Tue, 27 Oct 2015 11:11, felix.k...@inka.de said: > gpg: error changing size of key 1 to 4096 bits: Invalid data Please add --8<---cut here---start->8--- debug 1024 debug 2048 log-file /this/is/my/scdaemon.log --8<---cut here---

Re: libgrypt in Wikipedia? (help wanted)

On Fri, 23 Oct 2015 16:55, bernh...@intevation.de said: > https://en.wikipedia.org/wiki/Comparison_of_Cryptography_Libraries > is not well linked yet, but maybe it will be at some point! Although, I posted some data last night and Martin quickly updated the page, I am not sure whether that listin

Re: libgrypt in Wikipedia? (help wanted)

On Thu, 22 Oct 2015 19:03, martin-gnupg-us...@dkyb.de said: > So please put in the missing information yourself, or someone or post > them on my discussion page or via e-mail (I would appreciate an easy The license is GNU LGPL v2.1+. Only the manual is under the GPL v2+. The current released ver

Duplicated keys in pubring.gpg (was: Problems with gnupg-2.1.9)

On Wed, 14 Oct 2015 00:00, birc...@gmail.com said: > No, only with pubring.gpg. Interesting. Never seen that before. I guess is that there is another problem related to skipping of PGP-2 keys. We need to be able to replicate the problem first. Shalom-Salam, Werner -- Die Gedanken sind

Re: Problems with gnupg-2.1.9 (and gpgme-1.6.0)

On Tue, 13 Oct 2015 18:30, birc...@gmail.com said: > I updated to gnupg-2.1.9 from 2.0.x on both my desktop and laptop > and now I have big problems. My OS is Gentoo Linux. > > 1. gpgme is now broken. This is more a likely a problem with Sylpheed (can you test with Claws-Mail instead?). > libass

[Announce] GnuPG 2.1.9 released

ns. The keys are also signed by the long term keys of their respective owners. Current releases are signed by one or more of these four keys: 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rs

Re: Sign/verify openssl RSA signatures

On Mon, 5 Oct 2015 01:43, the...@otpme.org said: > Is it possible to create (and verify) PKCS1_PSS signatures with gpg > that are compatible with openssl? No. Using gpgsm would be closer but I am not sure whether PSS is supported. Libgcrypt however supports this and you could write your own to

Re: Is there a better way to change out of sync expiration dates?

On Mon, 5 Oct 2015 00:40, anth...@cajuntechie.org said: > But I'm wondering if there's a more 'standard' way to do this. You may enter the expiration date directly: 20151231T12 to expire it on New Year's Eve at noon. The 'T' is required. You may also use this seconds=1451563200 if y

Re: AW: Seperate Session Key and Encrypted Data

On Sat, 3 Oct 2015 18:16, d...@fifthhorseman.net said: > Do you mean "more generalized" than generate-pkesk-with-session-key? Do > you have a spec for what you want this command to be? Can we open a - Add new PKESK packets to an encrypted message - Add new SKESK packets to an encrypted message

Re: AW: Seperate Session Key and Encrypted Data

On Thu, 1 Oct 2015 19:29, d...@fifthhorseman.net said: > So the only functionality GnuPG is missing to assemble the workflow > you're describing would be a new GnuPG command named something like > --generate-pkesk-with-session-key. If that command was available, the A more generalized version w

Re: GnuPG User ID expiry

date is taken from the primary user id and the "expire" command only works on that user id. For easier debugging I just checked in a feature to show only self signatures: $ ../g10/gpg2 --edit-key 5DE249965B0358A2 [...] gpg> check selfsig uid Werner Koch sig-35DE249

Re: Should I be using gpg or gpg2?

On Mon, 28 Sep 2015 13:23, listofac...@mail.ru said: > Unless you have specific reasons for transitioning to gpg2, stick > with gpg (GnuPG) 1.4.16. It is just as secure, and much easier ^^ That is definitely not the case. All improvements go into 2.1

Re: Problem with unix socket forwarding

On Wed, 23 Sep 2015 11:30, andr...@andrewg.com said: > gpg: DBG: /home/andrewg/.gnupg/secring.gpg: close fd 4 You are using 2.0 and not 2.1. 2.0 does not support the socket forwarding. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _

Re: Keyserver lookup failure, redux

On Tue, 22 Sep 2015 23:38, r...@sixdemonbag.org said: > Back in February I reported a bug that was preventing GnuPG 2.1.2 from > being able to look up certificates on the keyservers: Sorry, this got lost. Your mail back then was: Is there any explanation for this behavior, or is this a 2.1.2 b

Re: gpg agent forwarding (via ssh) totally broken with 2.1 and NFS-mounted $HOME

On Tue, 22 Sep 2015 20:06, n...@esperi.org.uk said: > btw, because I can't figure out how to add comments to bugs I didn't > open: I can confirm issue 2053. Without --disable-ccid, or with an Let me know your user name and I give you full access. We usually do this after the first bug report. S

Re: Decryption fails with 4096bit key on SmartCard

On Tue, 22 Sep 2015 08:51, marcus.ilg...@gmail.com said: > gpg: public key decryption failed: Missing item in object > gpg: decryption failed: No secret key This is probably in scdaemon. Thus you should add --8<---cut here---start->8--- log-file SOMEFILE verb

Re: gpg agent forwarding (via ssh) totally broken with 2.1 and NFS-mounted $HOME

On Mon, 21 Sep 2015 18:49, n...@esperi.org.uk said: > (It's not that the fs doesn't allow for special files -- it's that it's > distributed, but the semantics of AF_UNIX socket creation assume that it > isn't.) Depends on the file system. At least some NFS versions don't allow special files at a

Re: MD5 BAD Expected : extended by two extra zeros

On Tue, 22 Sep 2015 03:39, edivya.v...@gmail.com said: > root@host:~# rpm -K -v pth-2.0.7-r3.1.x86_64.rpm > pth-2.0.7-r3.1.x86_64.rpm: > Header V4 RSA/SHA1 signature: OK, key ID 8b5cccb3 > Header SHA1 digest: OK (c326a31810f026daac89aa4fd7928c3b574671ea) > MD5 digest: BAD Expected(bdae

Re: gpg agent forwarding (via ssh) totally broken with 2.1 and NFS-mounted $HOME

On Tue, 22 Sep 2015 06:33, ndk.cla...@gmail.com said: > Why isn't the hostname included in file name? This way shared > filesystems would have no problems.. To include the hostname, see my other reply or check out the wiki. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt

Re: gpg agent forwarding (via ssh) totally broken with 2.1 and NFS-mounted $HOME

Hi just for reference, this is the original report: https://bugs.gnupg.org/gnupg/issue1752 Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.g

Re: gpg agent forwarding (via ssh) totally broken with 2.1 and NFS-mounted $HOME

On Mon, 21 Sep 2015 13:44, n...@esperi.org.uk said: > catastrophically bad effects on agent forwarding when used in > conjunction with an NFS-mounted $HOME. I know that it is not yet well documented, but thre is a solution for remote file systems which do not allow for special files. You create

Re: [HowTo] use gpg2.1 with an onion service

On Thu, 17 Sep 2015 17:32, d...@fifthhorseman.net said: > to be clear, i think you want A lookups, lookups, and SRV lookups, > right? Or do we want even more than that, for example CERT records, Right. And yes, I expect CERT or OPENPGPKEY records to becode important soon. PTR lookups are

Re: [HowTo] use gpg2.1 with an onion service

On Thu, 17 Sep 2015 05:25, d...@fifthhorseman.net said: > We may at some point get a --use-tor flag for dirmngr, which should > simplify things further. To add this flag I need to find documentation on how to route DNS requests via tor. A simple record lookup is not sufficient. Hint on whe

Re: "g13" tool in GnuPG 2.1

On Thu, 2 Apr 2015 18:35, pe...@digitalbrains.com said: > So is G13 ready for use? Not really. For example the management features are missing: Adding another key, adding an symmetric key, removing a key, and so on. And well, encfs itself has show some problems and I am not sure whether encfs

GnuPG News for Summer 2015

Hi, Neal posted a new blog entry https://gnupg.org/blog/20150911-gnupg-this-summer.html below is the plain text version in case you want to comment on it: 1 GnuPG News for Summer 2015 It's been a few months since the last posting. Our most visible activity

Re: Temporary lock files?

On Wed, 9 Sep 2015 23:24, as...@mythicflow.com said: > That was the only time I ever saw the lock files, so this is likely not > an issue. FWIW, the .#* files are not the lock files but temporary files used to create the lock files. In case you terminate a process while it is waiting for the lo

Re: Temporary lock files?

On Tue, 8 Sep 2015 20:19, d...@fifthhorseman.net said: > I don't know of any such cronjob in debian. Would you expect this to be > something system-wide, or run on a per-user basis? This used to be a system wide policy on old Unix installations. This is the reasons why you create tempfiles wit

Re: plaintext non-ssl distribution - who things this is a good idea?

On Fri, 11 Sep 2015 00:05, r...@sixdemonbag.org said: > (Getting an Authenticode certificate, for instance.) FWIW, the Gpg4win installer is code signed. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gn

Re: plaintext non-ssl distribution - who things this is a good idea?

Hi, The OP is continuing to "spam" the bug tracker . For the record: OP: [Claims of linking FTP mirrors which are not secure and to the known problem of the non-https gpg4win site.] me: This has nothing to do with gnupg.org. And if you have follo

Re: plaintext non-ssl distribution - who things this is a good idea?

On Fri, 11 Sep 2015 00:05, r...@sixdemonbag.org said: > (Getting an Authenticode certificate, for instance.) Yeah, when testing the installer I always see that annoying "unknown issuer" warning. Thus it is probably a good idea to silence this warning by signing the installer. I need to see how

[Announce] GnuPG 2.1.8 released

011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048/E0856959 2014-10-29 [expires: 2019-12-31] Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959 David Shaw (GnuPG Release Signing Key) rsa

Re: Scdaemon log

On Thu, 10 Sep 2015 04:01, gni...@fsij.org said: > This is correct. I think that you also need to add a line of: > > disable-application openpgp nks This should not be required unless the card also has an OpenPGP or NKS application which come first in the order of card applications scdaemon tr

[Announce] GPA 0.9.9 released (fixing 0.9.8)

Hello! We are pleased to announce GPA version 0.9.9. GPA is a graphical frontend for the GNU Privacy Guard (GnuPG). GPA can be used for most operations supported by GnuPG using either the OpenPGP or the S/MIME protocols. A smartcard manager and a generic user interface server are included as we

[Announce] GPA 0.9.8 released

Hello! We are pleased to announce GPA version 0.9.8. GPA is a graphical frontend for the GNU Privacy Guard (GnuPG). GPA can be used for most operations supported by GnuPG using either the OpenPGP or the S/MIME protocols. A smartcard manager and a generic user interface server are included as we

Re: Temporary lock files?

On Wed, 12 Aug 2015 19:57, as...@mythicflow.com said: > My ~/.gnupg directory is getting filled with files named like > ".#lk0x7feb6a637540..26914". > > Shouldn't these get deleted automagically? It used to be common prectise to have a cron job deleting ".#" prefixed files after a few days. I do

[Announce] GnuPG 2.0.29 (stable) released

The keys are also signed by the long term keys of their respective owners. Current releases are signed by one or more of these four keys: 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048/

[Announce] Libgcrypt 1.6.4 released

Hello! The GNU project is pleased to announce the availability of Libgcrypt version 1.6.4. This is a maintenance release with a minor security fix. Libgcrypt is a general purpose library of cryptographic building blocks. It does not provide any implementation of OpenPGP or other protocols. Thoro

Re: GnuPG modern can't genereate keys on my Windows

On Sun, 6 Sep 2015 10:11, dongsheng.s...@gmail.com said: > In theory, you are right. But ALL Windows kernel object include HANDLE > lower than 2^24. I have seen kernel objects with a higher value. Not necessary HANDLE, though. > Then if these cast is safe for 64 bit Linux, then safe for Window

Re: GnuPG modern can't genereate keys on my Windows

On Sun, 6 Sep 2015 16:29, joh...@vulcan.xs4all.nl said: > Perhaps they accept larger files or can use more memory? I do remember Should all be the same. I see no practical reason for using a 64 bit binary. I even doubt that it will be faster because gpg does no allocate large memory blocks.

Re: GnuPG modern can't genereate keys on my Windows

On Sat, 5 Sep 2015 04:23, dongsheng.s...@gmail.com said: > It's really works, you can check my building results: No, it can't work: - The random number generator may not produce random output. - GnuPG casts pointers to integers which does not work on 64 bit Windows where a pointer (and th

Re: uploading subkeys

On Fri, 4 Sep 2015 15:44, marko.bauha...@mailbox.org said: > As far as i know it is possible to upload a sub key via the id of the sub key > ending with the exclamation mark `!`. You may use this notation to force the use of this subkey. However, an OpenPGP key(block) always consists of a prim

Re: FAQ: drop mention of 1.4?

On Fri, 4 Sep 2015 09:54, joh...@vulcan.xs4all.nl said: > Never IMO. This attitude leads to data being lost forever because new > software can't read it anymore while the cost of adding read-only > support is small. No, that is entirely wrong. The whole PGP-2 stuff has been removed and thus mos

Re: FAQ: drop mention of 1.4?

On Fri, 4 Sep 2015 00:46, r...@sixdemonbag.org said: > For me, the answer is -- "Today. We've supported it for sixteen years. > That's long enough." Agreed for the current version (GnuPG 2.x) For the records: We have promised to maintain GnuPG 1.4 which does and will continue to support PGP-2

Re: GnuPG modern can't genereate keys on my Windows

On Wed, 2 Sep 2015 18:30, t...@riseup.net said: > Sounds almost reasonable. But why then GnuPG shows Ed25519 keys as eg. > 'ed25519/52275F7A'? When someone trying to generate 'Curve25519-signing > key' they'll get ed25519 key. "Maybe I've done something wrong? I should Well, given that you used

Re: GnuPG modern can't genereate keys on my Windows

On Wed, 2 Sep 2015 11:17, dongsheng.s...@gmail.com said: > Yes, I build gnupg 2.1.7 for 32 bit and 64 bit Windows with the latest > libgcrypt and pinentry. Funny, 64 bit Windows is not supported by GnuPG. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Re: FAQ: drop mention of 1.4?

On Mon, 31 Aug 2015 19:45, joh...@vulcan.xs4all.nl said: > Less complex by introducing communication issues between all separate > parts? We clearly have a different idea of complexity. Separartion of So be it. > tasks does not automatically mean separate binaries. That used to be the > Unix phi

Re: GnuPG modern can't genereate keys on my Windows

On Wed, 2 Sep 2015 03:37, t...@riseup.net said: > I'm also not able to generate keys in 2.1.7 on my Gentoo machine. It > generates Ed25519 without errors (a typo: GnuPG says that it would use > Curve25519 for signature not Ed25519). Because there is no option to That is actually on purpose. Both

Re: GnuPG modern can't genereate keys on my Windows

On Mon, 31 Aug 2015 21:01, aheine...@intevation.de said: > I think you can't. I've already complained to Werner several times > that I find the aspect that only "Developers" or the original reporter > can add information to a bug report hurts bugs.g10code.com This is done for a reason: In the pas

Re: FAQ: drop mention of 1.4?

On Fri, 28 Aug 2015 22:41, listofac...@mail.ru said: > have no problem with TSR ("terminate-but-stay-resident" :) components > and the fallacy of "always on-line and trusted" computer. Those that > use GPG because they need to, depend on 1.4. Sorry, I do not understand what you are saying. Sha

Re: FAQ: drop mention of 1.4?

On Fri, 28 Aug 2015 19:14, joh...@vulcan.xs4all.nl said: > It's starting to feel a little bit with ECC not coming to 1.4 (missing > function required to exchange messages with 2.1 users) and v3 key If we would add ECC support to 1.4, it would end up as a rewrite of 2.1 with the only difference th

[Announce] Libassuan 2.3.0 released

Hello! The GnuPG Project is pleased to announce the availability of Libassuan 2.3.0. Libassuan is a generic IPC library used by GnuPG, GPGME, and a few other packages. This release fixes two bugs and introduces new support functions for the socket wrappers. Noteworthy changes in version 2.3.0

Re: FAQ: drop mention of 1.4?

On Thu, 27 Aug 2015 23:37, r...@sixdemonbag.org said: > The 2.x branch is the future of GnuPG development, has been for some > years now, and is what the GnuPG developers recommend for new users. > Further, a good part of the GnuPG ecosystem is moving to 2.0-only (e.g., FWIW: 2.1 even made it int

Re: The FAQ's 4GiB recommendation

On Thu, 27 Aug 2015 23:11, r...@sixdemonbag.org said: > But what happens if two identical ciphertext blocks are found? Since > the cipher is deterministic, the cipher will begin repeating its output. What do you thing of But what happens if two identical ciphertext blocks are found in the s

Re: FAQ: drop mention of 1.4?

On Thu, 27 Aug 2015 20:41, r...@sixdemonbag.org said: > I, personally, don't think it's a big deal to drop mention of 1.4 except > to talk about "it's for system administrators, not regular users". > However, I'd really like to hear your feedback on this. Should we make > this change? Yes or no?

[Announce] Libgpg-error 1.20 released

Hello! We are pleased to announce version 1.20 of Libgpg-error. Libgpg-error is a C language library to provides common error codes and a set useful functions. It is mainly used by GnuPG related software like GnuPG, GPGME, GPA, and Libgcrypt. * Noteworthy changes in version 1.20 - N

[Announce] GPGME 1.6.0 released

Hello! We are pleased to announce version 1.6.0 of GPGME. GnuPG Made Easy (GPGME) is a C language library that allows to add support for cryptography to a program. It is designed to make access to public key crypto engines as included in GnuPG easier for applications. GPGME provides a h

Re: Silent re-encryption of private keys by gpg-agent: expected behaviour?

On Sun, 23 Aug 2015 23:42, bapti...@bitsofnetworks.org said: > keys had suddenly changed. More precisely, the file holding the private > key (~/.gnupg/private-keys-v1.d/${keygrip}.key) had changed, without any > obvious reason. Note that I am using gnupg 2.1.6, so this is the new > private key f

Re: signing failed with master key when I have stronger subkeys

On Fri, 14 Aug 2015 10:15, dongsheng.s...@gmail.com said: > sec rsa2048/46D397FF 2008-02-02 > ssb rsa2048/7547A8A9 2008-02-02 > ssb# brainpoolP512r1/DD1C5659 2015-06-24 > ssb# brainpoolP512r1/24BEAC25 2015-06-24 > ssb# rsa4096/F7BC1BF1 2015-06-24 > > Then I can not signi

Re: [Announce] GnuPG 2.1.7 released

On Thu, 13 Aug 2015 07:35, dongsheng.s...@gmail.com said: > Any news on pinentry ? pinentry-0.9.4 (pinentry-w32.exe) works good on > windows, but both pinentry-0.9.5 and pinentry-0.9.5-13-g1532bf3 broken > on 32bit or 64 bit Windows. Right, I only noticed while testing the installer and had to go

Re: Inability to export and then import my secret key

On Wed, 12 Aug 2015 13:01, pe...@digitalbrains.com said: > Anyway, on-topic: don't copy random_seed though. And be aware that some > options It would not be a catastrophically failure, though. Here is a comment from the function reading random_seed: Note: Multiple instances of applications

Re: Inability to export and then import my secret key

On Wed, 12 Aug 2015 12:25, miri...@riseup.net said: > Well, GnuPG 1.4 _definitely_ doesn't support importing secret keys. But That is not correct. All version support import of secret keys. What versions < 2.1 don't allow is merging (updating) a secret key. This can be problematic in some case

[Announce] GnuPG 2.1.7 released

t a downloaded GnuPG version has not been tampered by malicious entities we provide signature files for all tarballs and binary versions. The keys are also signed by the long term keys of their respective owners. Current releases are signed by one or more of these four keys: 2048R/4F25E3B6 2011-0

Re: {gnupg 2.1.6} Howto change s2k cipher from AES -> AES256?

On Wed, 5 Aug 2015 15:02, diea...@googlemail.com said: > Ok, but the secret Keys in "private-keys-v1.d" are > encrypted with (symmetric) AES128. [...] > My question is, why securing the private key's with sha1? I am not sure whether I understand your question. If you mean the SHA-1 as mentioned

Re: make check fails for gnupg-2.0.28

On Mon, 3 Aug 2015 20:51, trendelk...@zedat.fu-berlin.de said: > Should I be worried? I hope I am posting this at the right spot, Sure. Your build is not working. > FAIL: decrypt.test There is a file tests/openpgp/decrypt.test.log with details of the test run. Please show us the content of t

Re: Proposal of OpenPGP Email Validation

On Wed, 29 Jul 2015 17:49, patr...@enigmail.net said: > The whole point of this exercise is to verify that the key and the email > address(es) belong _together_. I don't see how PoW could do this, or I > didn't understand it well enough. The idea with a regular PoW is that an attacker (well, scri

Re: Is there a way to comment a key locally?

On Wed, 29 Jul 2015 18:34, d...@fifthhorseman.net said: > note that this has the side effect of marking every lsigned key+user id > as valid (since i'm certifying it with my own key). It would be possible to add a notation in the unhashed area so that it can be added to the self-signature(s). We

Re: Proposal of OpenPGP Email Validation

On Wed, 29 Jul 2015 12:38, kloec...@kde.org said: > I personally chose to ignore the stupid editorial. IMHO it does not deserve > more attention than any other rant written by a random troll. OTOH, the The publication came to a surprise to me given that we had a mail Q+A in the week before to e

Re: Proposal of OpenPGP Email Validation

On Tue, 28 Jul 2015 20:46, 2014-667rhzu3dc-lists-gro...@riseup.net said: > Unless at least some of the major email providers were to provide a > means for these DNS entries to be added, any DNS-based approach has > very limited potential. Right, but is the only solid way of doing it. The provide

Re: Proposal of OpenPGP Email Validation

On Tue, 28 Jul 2015 19:57, 2014-667rhzu3dc-lists-gro...@riseup.net said: > Couldn't human-readable data with a suitable field delimiter (such as > generated by GnuPG's "--with-colons" option) be interpreted by a > parser? OpenPGP allows to indicate whether a notation data item is human readable.

Re: gpg 2.1.6 toggle doesn't

unknown validity: expired [ expired] (1). Werner Koch (dist sig) (That is the old distribution signing key). The toggle comment is more or less a NOP now but does a "list" as before. You will see "sec" or "sbb" is the corresponding secret key is available or a c

Re: gpg 2.1.6 toggle doesn't

On Tue, 28 Jul 2015 21:13, 2014-667rhzu3dc-lists-gro...@riseup.net said: > My point was that when I list the public keys, the listing for each > key starts with "Keyring: C:/PATH/TO/pubring.kbx". When listing the > private keys, I would expect to instead be given the path to > private-keys-v1.d.

Re: gpg 2.1.6 toggle doesn't

On Tue, 28 Jul 2015 15:58, bo...@kset.org said: > When we're talking about private keys "not being there", is there a difference > between a private key that has been deleted from your own keypair and a > private key that's never been there (i.e. you only have someone else's public You can't know

Re: gpg 2.1.6 toggle doesn't

On Mon, 27 Jul 2015 12:46, bo...@kset.org said: > I know that, and I'm using 2.1 exclusively... Still, it would be nice to be > able to see the state of private keys (e.g. primary key not present in the > keyring, private keys are on the card, etc) while editing keys. It seems Right, that makes s

Re: Proposal of OpenPGP Email Validation

On Mon, 27 Jul 2015 19:54, kristian.fiskerstr...@sumptuouscapital.com said: > The way I read this proposal isn't about keyservers per se, but the > individual validation servers publishing a chained list (like a Right. I assume that these validation servers still work like the the regualr keyser

Re: Proposal of OpenPGP Email Validation

On Mon, 27 Jul 2015 14:15, n...@walfield.org said: > The approach also has another problem: which key servers are going to > do this? There are 100s of key servers. I'm not going to reply to > mails from each one, sorry. As Nico described, PGP used a very simlar system to validate keys and expi

Re: Archaic PGP usage

On Fri, 24 Jul 2015 17:49, ved...@nym.hush.com said: > PGP 2.x can be used as a uuencode, and automatically split a signed > and encrypted armored file into 100 smaller files ready to be emailed > and reconstitued by the receiver. OpenPGP also defines such an armor option but it is not implemente

Re: Proposal of OpenPGP Email Validation

On Mon, 27 Jul 2015 07:55, n...@enigmail.net said: > Thus, I am happy for any feedback > (details and general remarks) Plain text would be appreciated. I accidentally accepted that 280k PDF but sending such files to 2600 subscribes should be the exception. Salam-Shalom, Werner -- Die Ged

Re: Gnupg Decryption Question

On Thu, 23 Jul 2015 19:11, sbut...@fchn.com said: > This is a snippet of the script I use to decrypt any file coming to me that > has my private key (or my companies private key) > > $DFLT gpg_pass2 \ > | gpg --homedir $homedir --quiet --passphrase-fd 0 --no-tty --skip-verify \ > --no-

Re: Archaic PGP usage

On Thu, 23 Jul 2015 23:13, r...@sixdemonbag.org said: > 1. PGP 2.6 is *small*. The original PGP specification (RFC1991) is a > small fraction of the size of the modern OpenPGP specification > (RFC4880). When it comes to trustworthy code, small is beautiful. FWIW, RFC-1991 is not a complete spe

Re: GnuPG 2.1

On Tue, 21 Jul 2015 19:31, r...@sixdemonbag.org said: > Right now, I wouldn't recommend ECC for production use. We're still > getting the kinks worked out of it, and it isn't beyond the realm of > possibility to think we might see significant changes by GnuPG 2.2. Nope, you won't see changes her

Re: Really weird behavior with fresh install

On Mon, 20 Jul 2015 19:33, r...@sixdemonbag.org said: > So, in the interests of further checking this out, I figured I'd start > from a fresh slate: gpg --version ? gpg2 --version ? > [rjh@localhost ~]$ killall gpg-agent > gpg-agent: no process found [Better use /pkill/ than /killall/ so

Re: Peculiar behavior of --list-secret-keys

On Mon, 20 Jul 2015 19:02, r...@sixdemonbag.org said: > Also, why is it trying to read secret keys from my public keybox? See > below. > >> [rjh@localhost ~]$ gpg2 --list-secret-keys >> /home/rjh/.gnupg/pubring.kbx --list-secret-key is actually --list-keys with a filter to check whether the agent

Re: Peculiar behavior of --list-secret-keys

On Mon, 20 Jul 2015 19:01, r...@sixdemonbag.org said: > [rjh@localhost ~]$ gpg --list-secret-key b44427c7 > sec 3072R/1DCBDC01B44427C7 2015-07-16 > uid Robert J. Hansen You created it with gpg 1.x or 2.0 and thus they are stored in pubring.gpg . > [rjh@localhost ~]$ g

Re: gpa and gpgex in gpg 2.1.x releases for windows.

On Mon, 20 Jul 2015 18:32, r...@sixdemonbag.org said: > If your objection to MSI is on purely libre grounds, this may change > things. If your objection is that it's an awful packaging standard, well... Neither of them. MSI is a very good packaging system but to make good use of it you need to

Re: {gnupg 2.1.6} Howto change s2k cipher from AES -> AES256?

On Sun, 12 Jul 2015 20:46, diea...@googlemail.com said: > Is there a way to change the encryption-cipher for the > secret Keys in "private-keys-v1.d" ? No. There is decryption support for AES256 and we may eventually enable AES256 for encryption. Right now that is not possible because it would

<    9   10   11   12   13   14   15   16   17   18   >