On Mon, 23 Nov 2020 18:03, gnupgpacker said:
> After further investigation about html mailing with Claws Mail:
> 'Dillo HTML viewer' project has been updated Jun-2015, not available for
> Windows.
Mature software does not always need updates. Nevertheless the plugin
code was recently updated to
ls and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2021-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (
On Sun, 22 Nov 2020 10:02, gnupgpacker said:
> Claws Mail is an useful alternative, but please keep aware it does not
> support html mail, text only!
> https://www.claws-mail.org/manual/de/claws-mail-manual.html#AEN955
Just load one of the HTML viewer plugins. Note that most plugins are an
integ
On Mon, 23 Nov 2020 07:22, cqcallaw said:
> At my job, I frequently send out summary charts and graphs surrounded by text.
> Attachments simply do not work; my audience cannot spend the mental energy to
Proper MUAs display inline images without problems. I recall that even
exmh did this ~25 year
On Fri, 20 Nov 2020 10:23, Daniel Bossert said:
> How secure is it to use Thundebrird with Autocrypt? I use Sylpheed at
> the moment, but it is not that comfortable to use as Thunderbird.
Checkout Claws-mail which was forked from Sylpheed many years ago. The
OpenPGP and S/MIME integration of bot
On Fri, 20 Nov 2020 19:13, cqcallaw said:
> change the behavior. Is there some implementation issue with running
> multiple gpg signing operations in parallel?
This is all serialized because the gpg-agent does the actual signing.
There is one gpg-agent per GNUPGHOME. Thus the easiest solution fo
On Wed, 18 Nov 2020 11:51, Sirisha Gopigiri said:
> But after debugging a little we found that we are running into this
> issue only if we use gpg 2.2.4 version. We tested the same code with
You are really using a 3 year old version which was followed by 20 more
releases. You also missed 2.2.8
On Tue, 17 Nov 2020 02:28, Gao Xiaohui said:
> conf.conf". At present, the "--s2k-count" option can be used in both
> gpg.exe and gpg-agent.exe.Thank you.
In gpg.conf this is used for deriving a passphrase for symmetric
encryption.
In gpg-agent.conf it is used to override the calibrated iteratio
s not been tampered by
malicious entities we provide signature files for all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2021-12-31]
Key fingerpr
On Sat, 14 Nov 2020 21:28, 22h39 said:
> The problem lies in Pinentry which for some reason can't hande ccid
> pin requests on the contactless interface, after this fix the
Which reader and which ccid driver are you using? I assume that you are
running pcscd, right?
Salam-Shalom,
Werner
-
On Sat, 14 Nov 2020 11:22, Juergen Bruckner said:
> As far as I know the OpenPGP function of the OpenPGP-Card cannot be
> used via NFC / RFID. You need to use the on card chip and a card
In fact GnuPG does not support secure messaging and thus using the
contactless interface iwould be a security
On Thu, 12 Nov 2020 09:27, A NiceBoy said:
> 1. The solution is also in this report. Just install gpg version 2.0.x,
Don't!
2.0 reached end-of-life 3 years ago - there are no security fixes etc.
You shall not use that version anymore.
> Then you can see the algo changed to AES256 and digest cha
1b4049695
Author: Werner Koch
Date: Mon Nov 2 13:39:58 2020 +0100
gpg: Do not use weak digest algos if selected by recipient prefs.
* g10/misc.c (is_weak_digest): New.
(print_digest_algo_note): Use it here.
* g10/sig-check.c (check_signature_end_simple): Use it.
* g
On Wed, 21 Oct 2020 18:59, Mike said:
> I had to recover gnupg file from a corrupted os. The contents of the gnupg
> file are encrypted and are not in openpgp data. So when I try to import my
> keys from 'private-keys-v1.d' nothing happens. Output says no openpgp data
> found and 0 items processed.
On Wed, 21 Oct 2020 23:52, Ludovic Courtès said:
> For some reason (perhaps a bug in a previous version of GnuPG I used
> long ago?), my public key ring had come to contain my own public key
> twice, with the same fingerprint and all.
Should not happen because we use on Unix a copy-to-temp/update
On Sat, 10 Oct 2020 03:00, Dieter Frye said:
> I've been using Blowfish on older machines for years now without issue and
> I always wondered if this is one of those things that could possibly
> benefit from an update.
Nope. I used Blowfish back then because it was the only free and modern
algor
On Mon, 27 Jul 2020 03:02, Dmitry Alexandrov said:
> it would really help those, who do not use Emacs (itʼs odd, but there
> are such people!), if there would be single-page version of the manual
> (makeinfo --html --no-split ...) — just like all software on gnu.org
Please use the PDF version ins
On Sun, 4 Oct 2020 18:28, Werner Koch said:
> On Tue, 23 Jun 2020 14:21, Brian L. Matthews said:
>
>> $ ./configure --prefix=$HOME/gnu
>> $ make
>>
>> successfully. However, on make check I found that it doesn't work if I
>> have a space in PATH. I do b
On Tue, 23 Jun 2020 14:21, Brian L. Matthews said:
> $ ./configure --prefix=$HOME/gnu
> $ make
>
> successfully. However, on make check I found that it doesn't work if I
> have a space in PATH. I do because VMWare Fusion adds
Sure. That can't work. You need to quote the envvar:
./configure -
On Mon, 28 Sep 2020 23:54, Pankaj Jangid said:
> debug3: sign_and_send_pubkey: signing using rsa-sha2-512
> sign_and_send_pubkey: signing failed: agent refused operation
Algorithm looks okay. You need to look at the gpg-agent log. Put
log-file /somewhere/gpg-agent.log
verbose
into ~/.gnupg/gpg
On Mon, 21 Sep 2020 12:58, Andrew Engelbrecht said:
> private keys, and were merely left behind. If there is a way to check
> the fingerprint of the keys they belong to, and to import them, that
> would be super helpful. Is there a way to do that?
Unfortunately this is not instantly possible beca
On Thu, 17 Sep 2020 11:27, Alan Bram said:
> configuration, there was an already-running agent that I had to kill first
> in order to get it to reread the config.
Just for the reecords:
gpgconf --reload gpg-agent
would have been sufficent but "gpgconf --kill gpg-agent: works of course
also.
On Wed, 16 Sep 2020 15:03, Alan Bram said:
> I have been using gnupg for a few years now, with no change in the way I
> invoke it. Recently (I guess my package manager updated to a new version:
> 2.2.23) it started injecting a warning about "insecure passphrase" and
> suggesting that I ought to inc
On Thu, 10 Sep 2020 10:34, Martin Pätzold said:
> the keys, therefore we had to extend the permissions for the
> "private-keys-v1.d" directory to group access.
I see. Just a hint: You may use the remote socket feature to run
gpg-agent under a different account. It might take a bit of effort to
On Wed, 9 Sep 2020 19:37, Werner Koch said:
> I looked at the history and the reason for the described behaviour is
> documented at https://dev.gnupg.org/T2312. I re-opened that bug.
Fixed in master and 2.2 see the ticket above for the patch.
Salam-Shalom,
Werner
--
Die Gedanke
Hi,
I looked at the history and the reason for the described behaviour is
documented at https://dev.gnupg.org/T2312. I re-opened that bug.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
___
On Wed, 9 Sep 2020 15:22, Martin Pätzold said:
> And if the setting is not what I need, how can I prevent the
> permissions for "private-keys-v1.d" from changing?
The --preserve-permissions is a gpg option and not one of gpg-agent. In
fact gpg does not known anything about private-keys-v1.d. A
On Sun, 6 Sep 2020 01:24, Olav Seyfarth said:
> private_stub.gpg, pubkey.gpg and sk_xxx.gpg.
The pubkey and the sk_KEYID.gpg is all you need but unfortunately there
is no tool support to create a file from it. It would require a little
bit of hacking to do this with the current code base.
The
ng term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2021-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048 2014-10-29 [expires: 2020-10-30]
Key fin
On Tue, 1 Sep 2020 14:27, Björn Jacke said:
> I talked with Wiktor about the http 1.0 issue in gpg and he also
> mentioned that a number of weird problems that people have reported with
> WKD in the past might be related to gpg talking http 1.0 only.
And what are with those servers which don't s
On Mon, 31 Aug 2020 02:48, Ángel said:
> HTTP/1.1 would require support for things that currently may not be
> present, such as chunked transfer encodings, whereas HTTP/1.0 is
That is for the server site but not for the client. IIRC, the only
mandatory request header for a client has is "Host:".
Hi!
As a workaround please run --gpg --card-status after plugging in a Gnuk
token. We are working on a fix; see https://dev.gnupg.org/T5039
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
__
On Sun, 30 Aug 2020 00:50, Johan Wevers said:
> Sorry, I see from Vincent's mail that GnuPG already does this but it
> might be the keycard that is causing this.
Right, smartcards are pretty strict in what they accept as input. Thus
you can't use certain keys on a smartcard for different purpos
On Fri, 28 Aug 2020 21:39, mlnl said:
> For Claws i had compiled and installed gpgme-1.12.1. I'm using a Yubikey
> for key storage & usage. Works flawless with GnuPG 2.2.21.
Please run this command:
gpg-connect-agent 'scd getinfo version' /bye
and check that the returned version is 2.2.22. A
ers. Current releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2021-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048 2014-10-29 [expires: 2020-10-30]
Key fingerprint = 031E C253 6E58 0D8E A286 A9F2
Hi!
it works for me:
$ ~/b/gnupg-2.2/g10/gpg -k \&E9CAF66DDA858EE60D654C864BB8E12E41C78242
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
pub rsa4096 2011-05-16 [C] [expires: 2
On Tue, 11 Aug 2020 14:56, Brian Minton said:
> Why does gpg -k need to write to the tofu db? I should mention that gpg
> is running at 100% cpu in the R state. Before starting the gpg -k
I was not able to replicate it but I must say that I don't have a large
useful tofu.db. AFAICS, gpg someti
ION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
pub ed25519 2020-08-24 [SC] [expires: 2030-06-30]
6DAA6E64A76D2840571B4902528897B826403ADA
uid [ultimate] Werner Koch (dist signing 2020)
usi
On Thu, 20 Aug 2020 00:36, Johan Wevers said:
> You mean like the conspiracy myth that the NSA was eavesdropping on
> everyone, whether they were allowed to or not? Yes, that was not
> supported by facts (before the Snowden revelations) so it must have been
There have been technical facts around
Hi!
On Wed, 19 Aug 2020 23:19, Ben Fiedler said:
> % gpgconf --dry-run --create-socketdir
> gpgconf: socketdir is '/run/user/1000/gnupg/d.6oynbz4mc38pz8n5gyedka7a'
> gpgconf: non-default homedir
>
> This is pretty unexpected to me, why is this the case? And is there a
> way to mitigate this
On Sun, 16 Aug 2020 04:33, renws said:
> And I don't have any backup of my public key, so I would like to know
> whether it's possible to decrypt my files (I've still got
> ~/.gnupg/private-keys-v1.d, which I think stores my private key?).
If you just want to decrypt your files, you can do this:
On Mon, 27 Jul 2020 15:01, Phil Pennock said:
> My understanding is that for .onion hostname services they already have
> security equivalent to TLS providing privacy in their direct links onto
Yes, privacy. But that is just a welcome side-effect. What we need is
that the domain is authenticate
On Sun, 2 Aug 2020 07:38, Dmitry Alexandrov said:
> I dunno why @w...@gnupg.org did that, but whatever his reasons were, the
> fact that he was _able_ to do that, is exactly the key reason why
I have a post-it on my CA laptop to add a signing subkey to my new key,
I should really do that soon.
On Mon, 27 Jul 2020 15:52, Ayoub Misherghi said:
> ayoub@vboxpwfl:~/testdir$ gpg -r sentry -e textfile
>
> gpg: sentry: skipped: Unusable public key
> gpg: textfile: encryption failed: Unusable public key
There is no key with a user id "sentry" which has a key capable of
encryption ([E]). I agre
On Fri, 24 Jul 2020 19:30, Semih Ozlem said:
> when I run the command
>
> gpg --verify SHAxSUM.sign SHAxSUM
>
> I get the following message
>
> gpgv: unknown type of key resource 'trustedkeys.kbx'
As you can see by the error message ("gpgv:...") you invoked the gpgv
tool and not the gpg tool as y
On Sun, 26 Jul 2020 13:25, Ayoub Misherghi said:
> I am not asked for pass phrase.
Right; that is because:
> # Lines uncommented in $HOME/.gnupg/gpg-agent.conf
> log-file $HOME/gpg-log.txt
> # The same thing happens when I comment this line out
> allow-loopback-pinentry
>
> batch
of the "batch"
On Mon, 27 Jul 2020 02:41, Dmitry Alexandrov said:
> GnuPG version 3 does not exist yet. The stable release is 2.2.21.
The OP probably meant Gpg4win 3.1.12 which is our Windows installer
featuring GnuPG 2.2.21, Kleoptra, and our Outlook plugin.
Shalom-Salam,
Werner
--
Die Gedanken sind f
On Sun, 26 Jul 2020 12:59, Ayoub Misherghi said:
> The moderators on this list (I do not know who they are) have been
> tyrannical excluding some of my posts; I am not bitter or resentful. I
This mailing list is not moderated and thus your post are not excluded
by any moderated. The only automat
On Fri, 17 Jul 2020 09:17, Ayoub Misherghi said:
> Is this supposed to happen?
Yes.
As almost all Unix tools, gpg defaults to take input from stdin and
writes output to stdout. Because you did not use --armor the output is
binary and messes up your tty. The reason why already get some output
de
On Thu, 16 Jul 2020 20:52, Ayoub Misherghi said:
> Is it possible to add content to a detached signature file?
You may add other detached signatures (for the same file) by simply
concatenating them. See the attached script for an example.
In case you meant whether you can add meta data, see the
On Wed, 15 Jul 2020 11:03, Ingo Klöcker said:
> But it will create problems for people who want to send you encrypted
> messages
> because there's no way for them to know which of the encryption subkeys to
> use. You may work around this by making sure that the non-personal encryption
BTW, I
On Sat, 11 Jul 2020 13:33, MFPA said:
> If the OP just wants to decrypt previously encrypted data, wouldn't
> the options --try-secret-key or --try-all-secrets work in this
> situation?
Yes, I think this should work. Have not looked into it, though.
Salam-Shalom,
Werner
--
Die Gedanken
are signed by one or more
of these three keys:
rsa2048 2011-01-12 [expires: 2021-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048 2014-10-29 [expires: 2020-10-30]
Key fingerprint = 031E C253 6E58 0D8E A286 A9F2 2071 B08A 33BD 3F06
On Tue, 7 Jul 2020 18:05, Andrew Pennebaker said:
> I am seeing some strange behavior with gpg --decrypt . I had to
> lookup a password recently, and so naturally pressed Control+C to cancel
> the prompt. However, when gpg terminated, it did not fully cleanup the
This will terminate gpg and thus
On Tue, 7 Jul 2020 22:22, Stefan Claas said:
> Mmmhhh, I was under the impression when he still has the secret key that
> he exports his secret-key (makes a back-up, just in case) re-imports
The gpg-agent does not store the OpenPGP secret keyblock. It fact that
is only created when you run a gp
On Mon, 6 Jul 2020 09:11, Jerry said:
> gpg2 --refresh-keys
> gpg: enabled debug flags: memstat
> gpg: refreshing 168 keys from hkp://pool.sks-keyservers.net
> gpg: keyserver refresh failed: No keyserver available
Please add in the error case always the --verbose option which may yield
more diag
On Mon, 6 Jul 2020 09:58, renws said:
> Thanks for your reply. However I've never uploaded the public key to
> any keyservers, is it possible to recover the public key from the
> private key (I still have ~/.gnupg/private-keys-v1.d)?
If you really can't find a backup of the public key you can cr
res: 2021-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048 2014-10-29 [expires: 2020-10-30]
Key fingerprint = 031E C253 6E58 0D8E A286 A9F2 2071 B08A 33BD 3F06
NIIBE Yutaka (GnuPG Release Key)
rsa3072 2017-03-17 [expires: 2027-
On Tue, 30 Jun 2020 00:55, Johan Wevers said:
>> Do not use 1.4 unless you have to decrypt old non-MDC protected data or
>> data encrypted to a legacy v3 key.
>
> Do not break backwards compatibility if you want all people to upgrade.
Do not update so that the bad guys can exploit your legacy sof
On Mon, 29 Jun 2020 13:07, vedaal said:
> otherwise , just use GnuPG 1.4.x , and unless you ever need an
Do not use 1.4 unless you have to decrypt old non-MDC protected data or
data encrypted to a legacy v3 key.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesg
On Sun, 28 Jun 2020 16:24, Robert J. Hansen said:
> GnuPG sees the symmetrically encrypted message and knows it needs to
> recover/derive a key. It calls gpg-agent, which in turn calls pinentry.
In addition gpg-agent also takes care of caching passphrases which makes
even symmetrically encryptio
On Fri, 26 Jun 2020 09:33, Fourhundred Thecat said:
> How can I decrypt it without using gpg agent ?
You can't the agent is a cornerstone of gpg and is thus required.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signa
On Fri, 19 Jun 2020 13:43, Илья Пирогов said:
> I am interested in the question of where to find the files
> pubring.gpg, secring.gpg and randseed.bin in GnuPG for WIndows.
Those files are not anymore used (see the otehr replies). However to
figure out GnuPG's home directory you use the command
Hi!
On Mon, 15 Jun 2020 12:36, Justin Steven said:
> GPG_ERR_NO_ERROR but for gpgme_op_verify_result() to return a list of zero
> signatures. This feels like an erroneous condition to me, and with libgpgme
We already explained that this is a requirement for OpenPGP because
OpenPGP allows to embe
On Tue, 9 Jun 2020 09:47, Bernhard Reiter said:
> GNUPGHOME=~/dot-gnupg-test2/ gpg -vvv --debug-all --quick-generate-key
Pretty please do not use --debug-all. It is better to use dedicated
debug flags to get useful logs and avoid leaking secrets. All GnuPG
components support symbolic debug co
On Fri, 5 Jun 2020 14:14, Denis BEURIVE said:
> *Is it possible to generate this kind of signature with GPG ?*
No.
> *What is this signature used for ?*
I can't remember. I am pretty sure this has been discussed in the WG
back in 1998 or so. If you are really interested you could dive into
t
On Tue, 2 Jun 2020 13:59, Williams, Chad L said:
> [cid:image002.jpg@01D638BC.16B954A0]
[Which is a screenshot of the curses pinentry waiting for input.]
If you want the volunteers here to help you, it is important that you
write a proper bug report. This includes telling us the version of
GnuP
On Fri, 29 May 2020 15:39, LisToFacTor said:
> vaguely as "group policies". Other than that, the only substantial
> change is the replacement of pgp 2.6.3ia-multi06 with gpg 1.4.10
You should not propose the use of 1.4 for any other use than decrypting
old data. In particular not in a guide whic
On Sat, 30 May 2020 14:51, Williams, Chad L said:
> Attempting to generate a key on Solaris 10 server using the below command
>
> gpg --full-generate-key --pinentry-mode=loopback
Do not use loopback unless you know what you are doing. Adding
--verbose should give you some insight what goes wrong.
On Sun, 31 May 2020 12:35, Patrick Brunschwig said:
> Let's first define Standard users. The majority of users who use
> smartcards that *I* know are expert or power users. They can handle this.
I have a different experience here and we are actually promoting the use
of smartcards because they be
On Sun, 31 May 2020 11:10, David Flory said:
> How does one identify a v3 key?
By trying to import it with gpg; you should get a hint that v3 keys are
not anymore supported.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PG
On Fri, 29 May 2020 14:43, karel-v_g--- said:
> But it's a pity that Thunderbird developed its own solution because of
> licensing issues while we have a proven working solution with GnuPG...
For the records: There is no licensing issue; it is just a Mozilla
policy issue not to use or depend on s
On Fri, 29 May 2020 17:54, Steffen Nurpmeso said:
> Looking at the source it seems libgcrypt knows about the Linux
> getrandom systemcall. Yet it does not seem to know about glibc's
> getrandom library function.
Which was not available back then when I implemented support for
getrandom. Further
On Tue, 26 May 2020 12:27, karel-v_g--- said:
> Because of this I have been using a combination of Thunderbird,
> Enigmail and Gpg4Win, as the latter one is certified by German BSI.
Well, it is not certified but approved to handle data at the EU
RESTRICTED level (BSI-VSA-10400 and 10412). There
On Thu, 28 May 2020 14:43, Steffen Nurpmeso said:
> ./configure \
> --prefix=/usr \
> --disable-padlock-support \
> --enable-static=yes
> make
> make DESTDIR=$PKG install
That is pretty standard except for the --disable-padlock-support - why
do you use this? P
On Tue, 26 May 2020 15:35, Steffen Nurpmeso said:
> Fatal: no entropy gathering module detected
Which version of libgcrypt is that and what build options were used?
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signa
On Fri, 22 May 2020 15:08, MFPA said:
> How would it be used only with ECC keys? The MUA doesn't know the
> flavour of key/subkey.
For sure the MUA knows your own key.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP sign
On Wed, 20 May 2020 15:16, Mark said:
> It must be... With all the talk of "anonymous" keys I wanted to see if I
> could create one with Kleopatra, especially since it says optional for
> name.
The name should indeed be optiona; If that has not been fixed in the
latest version, please file a bug.
On Wed, 20 May 2020 19:11, Stefan Claas said:
> Curious as I am, did Mr Schönbohm never asked you why your public
> keyblock is not signed by Governikus?
I don't know a Mr. Schönbohm. I know Governikus and recently noticed
that their software does not even support the recommended set of
algorith
On Wed, 20 May 2020 18:06, MFPA said:
> Does (or will) --include-key-block have an argument that can be set to
> tell it to only include ECC keyblocks, or to set a maximum keyblock
No, it is better to let the caller (ee.g. the MUA) pass this option than
to have it in a config file. (I initially
On Fri, 22 May 2020 03:18, Ángel said:
> how this AF_UNIX socket is actually implemented on Gpg4win (as a named
> pipe, perhaps?), but your issues might be related to having it on a
It is a regular file with a nonce and a port. The server listens on
localhost:THATPORT for connections and checks
On Tue, 19 May 2020 10:29, Robert J. Hansen said:
> * PII-free UIDs are possible today
Well, according to European law this is not that easy because a public
key is in most cases an attribute which identifies a natural person.
This is the same as with phone numbers and mail addresses. In Germany
On Mon, 18 May 2020 12:16, Robert J. Hansen said:
> Centralized key management schemes are sometimes very useful.
I fully agree and I personally known that this is a common use case.
However, people requiring such a use case do not talk in the public
about their specific infrastructure and are a
On Sat, 16 May 2020 23:24, John Scott said:
> Looking up recipients with both dirmngr-client and
> gpgsm --verbose --list-external-keys [recipient]
> are fruitless whether I drop the ads\ from my username or not. I've bumped
> the
> ldaptimeout to 25. Still both commands finish instantaneous
On Sun, 17 May 2020 04:33, Ángel said:
> In both cases, most of the signature space is taken by a hashed
> subpacket of type 38. This value is not assigned, but looking at
You are using --include-key-block; this is intended to be used by MUAs
to send the encryption key along with a signature to a
On Sun, 17 May 2020 10:48, Vincent Breitmoser said:
> 1. Without consent, we don't distribute email addresses.
And by that changing the distributed system of keyservers into a
centralized key database like PGP tried this with their Universal
Server. Which unavoidable will change OpenPGP to a cen
On Fri, 15 May 2020 14:35, Ingo Klöcker said:
> UIDs. No UID -> invalid key. Why do you want to be able to import a key in
> GnuPG that would be utterly unusable?
FWIW, the expiration time of a key is also bound to the user-id as well
as key preferences and all kind of other possiblke gadgets.
On Thu, 14 May 2020 23:01, Stefan Claas said:
> you would consider including it in GnuPG too and reflecting it in the
> respective RFC?
The User-IDs are an integral part of OpenPGP and at the core of its
design. All kind of important information is bound to the user ids and
thus a key w/o a user
On Wed, 13 May 2020 15:09, Stefan Claas said:
> defaults to cv25519... (and does not need to generate a UID for privacy
> reasons, simply fantastic!)
And willfully violating the the standard. Not requiring a user id was
bug in PGP 2 and fixed more than 25 years about with PGP 2.6.3in.
Shalom-S
On Wed, 13 May 2020 10:54, Damien Goutte-Gattat said:
> Not yet. Officially, only the NIST P-256, P-384, and P-521 curves are
> part of the standard (since RFC 6637). The first mention of Curve
RFC-6637 allows for arbitrary curves because curves are specified using
an ASN.1 OID. So for example t
On Tue, 5 May 2020 12:09, Kent A. Larsen said:
> needed). Does gpg-agent auto-terminate after a certain period of
> inactivity?
No. Fruther, gpg-agent and all other background processes are always
started on demand.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein B
On Thu, 26 Mar 2020 17:55, gus said:
> gpg: error retrieving 'torbrow...@torproject.org' via WKD: Ricevuto
> un
> messaggio di avviso fatale
> gpg: error reading key: Ricevuto un messaggio di avviso fatale
That is: "Fatal alert message received" which comes from the TLS
layer. To see the
On Mon, 23 Mar 2020 10:16, john doe said:
> Thank you Werner, I wrapped the above as an one liner:
This is even easier.
$ mkdir -p /etc/gcrypt && echo only-urandom>/etc/gcrypt/random.conf
The '#' lines are merely comments to show which other options are
available.
Shalom-Salam,
Werner
--
On Sun, 22 Mar 2020 12:36, Andrew Gallagher said:
> On 22/03/2020 05:38, john doe wrote:
>> Do you have enough entropy on the VM?
>
> Argh, thank you. I thought I had enough entropy because monkeysphere
> created its trust root without issue, but installing haveged did fix the
> problem.
You might
s are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these three keys:
rsa2048 2011-01-12 [expires: 2021-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048 2014-10-29 [exp
On Fri, 20 Mar 2020 14:22, Andrew Gallagher said:
> Even for keys with verified user-ids?
I have no idea because I do not have such a key.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
___
On Fri, 20 Mar 2020 11:35, Andrew Gallagher said:
> CentOS 7* uses gnupg v2.022, and it appears to be unusable with Hagrid.
> Does anyone know what's going on here?
GnuPG 2.0.22 was released in fall 2013(!) has since then received 8
updates and reached end-of-life at thend of 2017. The question
On Wed, 11 Mar 2020 10:07, Andrew Gallagher said:
> The evidence would suggest that pinentry-gnome3 v1.1.0-2 on Debian
> blindly uses `:0` no matter what parameters are passed.
Oh pinentry-gnome - it is intertwined with the gnome-keyring stuff and
does all kind of surprings things. Indeed, the G
On Wed, 11 Mar 2020 13:30, Jonathan Cross said:
> How will older clients deal with a certification signature from this
> unrecognized algorithm?
They want use them and print a '?' with --check-sigs.
> Yes, I intend to do this with the subkeys (Curve25519)
> Only the primary (certification key) w
On Tue, 10 Mar 2020 15:59, Andrew Gallagher said:
> reprepro uses gpgme, so it doesn't support `pinentry-mode loopback` (it
> crashes if I try). And since I am normally logged in to my home machine,
GPGME supports pinentry modes since 1.4.0 (release early 2013):
7.4.7 Pinentry Mode
-
401 - 500 of 4125 matches
Mail list logo