On Mon, 8 Jul 2019 18:45, gnupg-users@gnupg.org said:
> Is there a way to create a "Third-Party Confirmation signature"[1]
> using the gnupg command line interface?
No. You need to add code for this which also requires that you have a
way to specify another signature packet.
Are you considerin
On Mon, 8 Jul 2019 16:17, gnupg-users@gnupg.org said:
> false negatives. It only supports the 'direct' method, where the key
> has to be hosted on `example.org` instead of `openpgpkey.example.org`.
BTW, the openpgpkey subdomain method was accidently not available in
2.2. This will be fixed wit
Hi!
Due to the SKS keyserver problems we are planning a new release for the
next week. That release will have some changes related to keyserver.
See below for details.
In general we do not provide release candidates because experience
showed that they are more or less ignored. However, this tim
On Wed, 3 Jul 2019 17:08, stef...@sdaoden.eu said:
> I (still user of GPG1, it is only your newer key which this cannot
Just don't use it unless you need to decrypt very old mails. In
particular not with keyservers or cards. The next maintenance release
will anyway remove all keyserver and car
On Wed, 3 Jul 2019 15:42, pe...@digitalbrains.com said:
> --keyserver-options self-sigs-only,import-minimal
>
> as I propose, why would it take longer than 0.2 s?
Indeed, we could change the code for import-minimal so that it first
does the same what self-sigs-only does. Then it should be very
On Wed, 3 Jul 2019 13:50, pe...@digitalbrains.com said:
> Is there a good use-case for the former? If the latter also filtered out
Yes, as I wrote: 0.2s compared to 50s.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP s
On Wed, 3 Jul 2019 12:58, pe...@digitalbrains.com said:
> reached its intended goal: dirmngr said "re-reading config". It just
> didn't have an effect for some odd reason. For people thinking about
Check that you do not have a keyserver entry in your gpg.conf or
Enigmail is calling gpg with that
On Wed, 3 Jul 2019 12:29, pe...@digitalbrains.com said:
> Ah, based on a new message I just read the penny dropped. self-sigs-only
> can be made a default because it only applies to keyservers.
> import-minimal cannot be made a default because it affects all other
Not quite. When importing from
On Wed, 3 Jul 2019 10:38, tliko...@iki.fi said:
>> import-clean does this:
>>
>>After import, compact (remove all signatures except the
>>self-signature)
>
> ...here you and the manual say that "first import [to local keyring]
> then clean".
>
> So there are conflicting messages. Which of
On Wed, 3 Jul 2019 05:06, r...@sixdemonbag.org said:
> As I understand it the current list of targeted keys is myself, dkg,
> Werner, Patrick, and Kristian. It is clear the attacker's goal is to
I am not yet affected except for these few thousand old xmas fun
signatures.
> Werner will no doubt
On Tue, 2 Jul 2019 15:40, konstan...@linuxfoundation.org said:
> When this happens, a maintainer who tries to verify a signed pull
> request will have the operation fail, so they need to have a way to
> force-refresh the developer's key. I would say this is the #1 workflow
Agreed. A signature c
On Wed, 3 Jul 2019 12:35, gnupg-users@gnupg.org said:
> problem but I have read RJH's article). It sounds like SKS servers can
> handle these poisoned keys but GPG can't. That suggests that maybe GPG's
I think here is a misunderstanding. Sure, processing 150k signatures
takes quite some time an
On Tue, 2 Jul 2019 11:00, d...@fifthhorseman.net said:
> It sounds like you are saying that the order of operations --
> import-then-clean vs. clean-then-import is part of the API spec that
> GnuPG is committed to.
No. What I say is that if we want to clean the keys from bogus
signatures we nee
On Tue, 2 Jul 2019 20:41, an...@pgp.16bits.net said:
> attachments that you need to extract, then open with a special program
> to decrypt.
> (In fact, many people _currently_ use OpenPGP in that stony age way)
From my experience many people use ZIP or PDF encryption here and not
OpenPGP. But a
On Tue, 2 Jul 2019 16:03, gnupg-users@gnupg.org said:
> With "big boys" I meaned the German Government, German BSI and Facebook.
I, or well my company g10 Code GmbH, has currently no contracts with the
German government or the BSI. We had projects with the BSI but no
funding whatsoever. These
On Tue, 2 Jul 2019 13:47, look@my.amazin.horse said:
> Huh, that's interesting. I was not aware of this issue, and wish you had
> reached
> out to me, or to supp...@keys.openpgp.org, or filed an issue on Hagrid.
I assumed that newly launched server software with the goal to take over
all existi
On Tue, 2 Jul 2019 10:01, gnupg-users@gnupg.org said:
> No such issues on keys.openpgp.org, gpg --send-key and the new updated
> key is immediately available with no time outs or delays.
Unless you are on Windows where the server can't be accessed because it
uses a pretty limited set of TLS ciph
On Tue, 2 Jul 2019 10:23, gnupg-users@gnupg.org said:
> Why not make "import-clean" and "import-minimal" strip key signatures
> before importing a key? That would make "import-minimal" behave like
Because that contradicts what import-clean is supposed to do:
After import, compact (remove all
On Mon, 1 Jul 2019 23:47, r...@sixdemonbag.org said:
> for development. My donation capped at $500. For several of those
> years, I was one of the largest individual contributors to GnuPG.
Right, your donation encouraged me to keep on working on this set of
tool which is used at many more plac
On Mon, 1 Jul 2019 22:58, h...@alyssa.is said:
> For example, why isn't ask-cert-level a default? I'm guessing it's just
> because at some point it didn't exist, and the developers didn't want to
Because we have good defaults and options to chnage them in the config.
We do not want to expose all
On Mon, 1 Jul 2019 10:27, konstan...@linuxfoundation.org said:
> - subkey changes
An expired key triggers a reload of the key via WKD or DANE. Modulo the
problems I mentioned in the former mail. For new subkeys we have a
problem unless we do a regular refresh similar to what should be done
for
On Mon, 1 Jul 2019 15:13, gnupg-users@gnupg.org said:
> distribution keys in Gentoo. However, the main problem with WKD right
> now is that AFAIK GnuPG doesn't support refreshing existing keys via WKD
Actually gpg updates expired keys via WKD. However, to not break things
and not to go out and
On Mon, 1 Jul 2019 14:55, andr...@andrewg.com said:
> Yes, which is why we've informally had "let the owner choose whether to
> publish her incoming certifications" as best practice for a long time.
Actually gpg has always set the /Key Server Preferences/ to
First octet: 0x80 = No-modify
On Tue, 25 Jun 2019 17:54, gnupg-users@gnupg.org said:
>> Theres simply one point: "If you do not want your email to be public, don't
>> upload your key to a server."
>
> What if I upload your key to a server though? Keep in mind this is not just
> a "nice to have", it is a legal requirement.
For
On Fri, 21 Jun 2019 16:39, g...@unixarea.de said:
> Thanks for the explanation. But why GNUPGHOME is not also used for the
> place where the sockets should be created when X11/KDE is up?
That seems to be deep in the innards of KDE's X startup or Wayland or
Systemd configuration. I try to avoid a
On Fri, 21 Jun 2019 18:42, gnupg-users@gnupg.org said:
> Even though I have had GPG and YubiKey running a few times on CentOS7
Which GnuPG version does it come with: "gpg --version". Does it install
gpg under the name gpg2 and provides the legacy GnuPG 1.4 under the name
gpg ?
> [p42547@cswks20
On Fri, 21 Jun 2019 12:03, gnupg-users@gnupg.org said:
> here is a article (only in german) from Heise:
By the very same guy who showed in the past that he has no clue about
keyservers and their goals and ignored all comments gathered about this
before writing an article [1].
That new thing now
On Fri, 21 Jun 2019 11:20, g...@unixarea.de said:
> What I do not understand is, why this value without the KDE5 environment
> is
>
> $ gpgconf --list-dirs agent-ssh-socket
> /home/guru/.gnupg-ccid/S.gpg-agent.ssh
That is because you have a
GNUPGHOME=/home/guru/.gnupg-ccid
and /var/run/users/100
Hi!
On Wed, 12 Jun 2019 10:08, hassan.mostaf...@gmail.com said:
> # include
>
> # define AM_PATH_LIBGCRYPT
What purpose has this macro? Did you mized something up with a
configure macro. Anyway, it is not a problem.
> /* intialization success check */
>
> gcry_error_t e1 = gcry_control (GCRYC
On Sat, 1 Jun 2019 14:49, o...@mat.ucm.es said:
> Well but if I import the key, then I don't need to add it to the
> trustedlist file
The trustlist.txt list those certificates which are valid as root
certificates. Importing a certificate does not add it to this list for
obvious reasons: All kin
On Sun, 26 May 2019 22:11, gnupg-users@gnupg.org said:
> the new design you're working on. By the way, could you describe that
> in more detail? What new capabilities will it offer (or what new
gpg-card supports all smartcards which are supported by scdaemon and not
just the OpenPGP card. It has
iles for all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
On Wed, 22 May 2019 00:21, gnupg-users@gnupg.org said:
> work without requring removal/re-insertion of the card, but presumably
> such a change has security implications or the original developers
> would not have used PCSC_SHARE_EXCLUSIVE. So... I don't know if such a
> change is advisable. Any f
On Tue, 30 Apr 2019 06:55, david.mi...@gmail.com said:
> We’re considering rolling out GnuPG at work for developers to sign git
> commits.
> How can we prevent developers from choosing a trivial password?
You can't but it is not a problem. The passphrase is used to protect
the private key in ca
On Thu, 4 Apr 2019 14:16, jennifer.m...@pacificorp.com said:
> I got a yubikey 5 working with Gnupg agent by writing the key direct
> to the card on CentOS 7. Then I was tasked with writing documentation
FWIW, GnuPG 2.3 will have full support for Yubikey 4 and 5 which
includes support for the P
On Thu, 28 Mar 2019 18:08, telegr...@gmx.net said:
> is it possible to configure gpg-agent to cache the passphrase
> for different OpenPGP keys for a different length of time? if
No, that is currently not possible.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bun
signature files for all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39
gnature files for all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4
On Mon, 25 Mar 2019 16:02, pe...@digitalbrains.com said:
> But something more user friendly to match SSH fingerprint and keygrip
> could be beneficial. I'm not sure what that would look like and neither
You can build a script based on this:
$ gpg-connect-agent 'keyinfo --ssh-list --ssh-fpr' /b
On Fri, 22 Mar 2019 23:46, ggroenh...@ggf-controls.de said:
> with gpg2 symmetric encrypted file. I allways get
> "gpg: packet(3) with unknown version 7".
That is garbled data because a version 7 of the session key packet (tag
3) is not defined. Please check the error messages again or provide a
On Sat, 23 Mar 2019 16:19, pe...@digitalbrains.com said:
> because ssh-add -d doesn't work with gpg-agent. Well, not with the
> version in Debian stretch anyway, I reserve the right to be ignorant
That is on purpose: gpg-agent stores the key permanently and thus it
makes no sense to add and remov
On Tue, 19 Mar 2019 12:42, gnupg-users@gnupg.org said:
> I do understand why someone decided to delegate keys.gnupg.net to someone
> else, but is that healthy for GnuPG?
gnupg.{net,com,org,de} and gpg4win.{org,de} are all owned by my company
g10 Code GmbH. whois unfortunately does not show that
s entities we provide signature files for all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5D
On Mon, 18 Mar 2019 23:09, ml-gnupg-xix@linuxwan.net said:
> keys.gnupg.net is just a CNAME for hkps.pool.sks-keyservers.net. This
> host appears to be the default for GNUpg configs.
FWIW, keys.gnupg.net is a hardcoded alias in dirmngr since 2.2.7 and
thus the CNAME is not used since that ver
On Wed, 13 Mar 2019 03:03, dkbry...@gmail.com said:
> $ echo hi | gpgsm --sign --armor --default-key 0x64208E9A
> --disable-crl-checks --disable-policy-checks
> gpgsm: error creating signature: No value
Please always add -v or --verbose to the invocation if you run into
problems. This gives mor
On Mon, 11 Mar 2019 12:43, johndoe65...@mail.com said:
> Just to be clear, you Werner will sign everything that needs to be
> signed for a release with your personal key.
In practise that is the case. However, anyone of our small group can
sign releases and also update the online list of current
On Fri, 8 Mar 2019 20:05, johndoe65...@mail.com said:
> What is the best way forward?
> - One signing key accessible on the release system
I'd say depends on the release system. In most cases this is a
networked box and I would hesitate to do this. Using gpg --with a
remote gpg-agent would be
On Fri, 8 Mar 2019 20:21, tliko...@iki.fi said:
> have plans for that, to set the default trust model to "tofu" or
> "tofu+pgp"?
I am still not convinced that the UI as implemented on the command line
is better that what we have now. It looks more complicated than what
one would expect under TO
On Fri, 8 Mar 2019 22:00, ab...@monksofcool.net said:
> a) We're moving ever further off topic in terms of GnuPG.
FWIW, given the low traffic on gnupg-users, I would consider this still
to on topic.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
sig
On Sun, 10 Mar 2019 14:51, 2017-r3sgs86x8e-lists-gro...@riseup.net said:
> Is "nerdy" good or bad in this context?
That is really up to you. Often it is fun to be a nerd.
To the OP: I have done keysigning for about 25 years but meanwhile I
don't think that the Web of Trust is a good idea to mak
On Sun, 10 Mar 2019 15:54, claudio.flore...@gmail.com said:
> After signing a file with my sign subkey I noticed that the private key
> file of the sign subkey was modified. Why? What happens?
To speed up the migration and to not annoy you by asking for your
passphrase for each private key, GnuPG
On Sat, 9 Mar 2019 17:52, mattia.cod...@poste.it said:
> I noticed that the gpg -d [filename] command works out without asking
> me for the passphrase, so after a brief search i became aware of the
> fact that gpg uses public/private keys encrypting, combined with a
Right public key cryptography
On Sun, 24 Feb 2019 10:09, johndoe65...@mail.com said:
> What I understand is that there is no clear convention.
Meanwhile I would suggest to only use the mail address, that is
j...@example.org
and leave out all other parts. There are even mail providers which
demand this for data privacy re
On Wed, 6 Mar 2019 21:58, gnupg-users@gnupg.org said:
> 2019-03-06 21:25:50 dirmngr[2855.6] DBG: chan_6 -> OK Dirmngr 2.2.4 at
> your service
Between 2.2.4 and 2.2.10 we fixed a couple of bugs in the DNS resolver.
This should explain why it works on macOS, where you use 2.2.10.
Salam-Shalom,
On Tue, 5 Mar 2019 23:43, gnupg-users@gnupg.org said:
> gpg: error retrieving 'i...@rfechner.de' via DANE: Not found
> gpg: error retrieving 'i...@rfechner.de' via Local: No public key
Okay, you need to look into the actual DNS requests. Please add
--8<---cut here---sta
On Tue, 5 Mar 2019 10:05, gpir...@manymore.fr said:
> In the previous version the parameter -passphrase did the trick (although
> not the most secured) but it isn't working anymore.
Given that it is an unattended environment, a passphrase to protect the
private key does not make any sense (in mo
On Mon, 4 Mar 2019 13:41, gnupg-users@gnupg.org said:
> --auto-key-loacate clear, dane, local --locate-key -v em...@adress.com
Do not put spaces between the a-k-l parameters. "dane' would be
considered as first argeument and gpg tries to do something with that.
There should be a warning.
gpg -
On Sun, 3 Mar 2019 21:51, gnupg-users@gnupg.org said:
> $ echo test | gpg -a --sign
> gpg: signing failed: Invalid IPC response
Please run
$ echo test | gpg -a --sign --verbose --debug ipc
to see the communication with the gpg-agent. The rrror message reminds
me of the time when gnome-keyr
On Wed, 20 Feb 2019 12:15, am...@riseup.net said:
> (1)
> keyserver-options ca-cert-file=../keyserversCA.pem
I recently asked whether you got a warning regarding this option. Would
you mind to look again at the output and, more important, tell us what
version of gpg you are using (gpg --version)
On Sat, 16 Feb 2019 19:25, mgo...@gentoo.org said:
> of the key with subkey revoked, and use that for the purpose. However,
> I think it would be much more convenient if had an option to generate
> the revocation signature separately.
Can you please enter a feature request at dev.gnupg.org?
Sa
On Sun, 17 Feb 2019 20:08, aaj...@gmail.com said:
> GnuPG version in swdb.lst is less than this version!
> This version: 2.2.13
> SWDB version: 2.2.12
Something went wrong uploading the version file. I just repeated it and
it wortks now (try: "build-aux/getswdb.sh").
Thanks for reporting,
> gpg-wks-client: Warning: policy requires 'mailbox-only' - adding user
> id 'wolfgang.tray...@posteo.de'
> Or do I even need my secret primary key?
Right. The primary key is required to create a new user id. gpg tries
to be helpful there but it can't work for high security environments
with a
On Thu, 14 Feb 2019 10:52, m...@mailbox.org said:
> you should add it in the man page, because it's a FAQ:
> cert-digest-algo !< SHA512 ing gpg.conf for ECC >= 512-bit
Sorry, I can't parse that. Please also note that --cert-digest-algo
should not be used because it viloates the OpenPGP preferenc
On Sat, 9 Feb 2019 11:20, wolfgang.tray...@posteo.de said:
> I am looking for a simple solution just like `gpg --send-keys`, but for WKD.
Locate the gpg-wks-client binary. On Windows it should be found via
$PATH but on Unix it is installed at one of this locations
/usr/local/libexec/gpg-wks-
On Wed, 13 Feb 2019 17:27, am...@riseup.net said:
> keyserver-options ca-cert-file=~/keyserverCA.pem
Didn't you got the warning that this option is obsolete. Certifciates
are configured in dirmngr.conf. In case you are using a 2.0 version of
GnuPG, please note that this branch reached EOL
On Wed, 13 Feb 2019 20:11, vojtas...@gmail.com said:
> and in syslog I have found this
gpg-agent writes to syslog - that's new to me (with the exception of
certain diagnositics from Libgcrypt).
> gpg-agent[pid]: a 256 bit hash is not valid for a 512 bit ECC key
> gpg-agent[pid]:command '
a2048 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048 2014-10-29 [expires: 2019-12-31]
Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959
David Shaw (GnuPG Release Signing Key)
rsa2048
Hi!
On Mon, 11 Feb 2019 14:04, ves...@tana.it said:
> I just saw version -07 today. The advanced method:
>
> WELLKNOWN := https://openpgpkey.example.org/.well-known/example.org/openpgpkey
>
> doesn't seem to make much sense to me. I tried it with posteo.de, and got:
The two parts were accident
[Please don't cross-post!]
On Tue, 5 Feb 2019 12:47, gnupg-users@gnupg.org said:
> THE DATE PROBLEM. Only the body of the email is signed, not the
> envelope headers, namely the subject and intended recipients, and
Sure, mail headers are subject to changes. For example by mailing list
software
On Wed, 30 Jan 2019 20:44, s...@300baud.de said:
> On the other side i wish PGPfone would have been further developed.
> I found it, way back then, pretty cool and super easy to use, compared
> to PGP or GnuPG.
Please don't compare an online protocol with an offline (store+forward)
protocol - the
On Thu, 24 Jan 2019 10:45, m.vet...@infotech.li said:
> 2. Which version of libgpgme-xx.dll is compatible to version 2.1.1.18
> of GnuPG tool suite? Is this version 1.9.0 or version 1.7.0 according
> to the release news on page https://www.gnupg.org/news.html?
The name of the DLL only reflects th
On Tue, 8 Jan 2019 13:28, jc.gnupg...@unser.net said:
> I beg to differ. Given the classic Unix philosophy of chaining small tools
> which do their job well, GnuPG is already way too complex, especially for
> casual users. I generally prefer the ImageMagick concept of small tools
I would have se
On Tue, 1 Jan 2019 08:36, g...@unixarea.de said:
> with the OpenPGP card (HID Global OMNIKEY 6121 Smart Card Reader) after
Take care: Usual Omnikey problems with creating and using large keys
apply.
> How can I meanwhile 'reset' the OpenPGP card so that on next request for
> the secrets (decryp
On Fri, 14 Dec 2018 16:41, phoeny...@gmail.com said:
> I was wondering if the pdf is going to be updated anytime soon? It's
> title page still says it's for version 2.2.7?
Done that.
>
> Also availabale should be available.
I use always the last announcement as a template. I see how I can
reme
igned by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048 2014-10-29 [expires: 2019-12-31]
Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959
Da
On Tue, 11 Dec 2018 19:27, art...@ulfeldt.com said:
> using openkeychain with a yubikey nfc is totally solid, and convenient.
> I've been using them for years. they also plug into the bottom of the
> phones which some people prefer.
You should keep in mind that you can eavesdrop on NFC communicati
On Thu, 13 Dec 2018 00:00, t...@pobox.com said:
> /usr/bin/gpg1 for users who want to keep using it. Dropping
> the keyserver and photoviewer helpers is part of the next
> planned release from the 1.4.x branch, which is being
> tracked in https://dev.gnupg.org/T3443.
Right. Given that gpg1 is a
On Tue, 11 Dec 2018 22:24, p...@sys4.de said:
> Is there any other infrastructure/tool I need to setup and configure to sign
> and encrypt messages in mutt?
set crypt_use_gpgme
and then use the S/MIME options in Mutt's menu: hit 'p', 'b' and 'm' to
encrypt and sign with S/MIME. ('m' switches to
On Tue, 11 Dec 2018 09:28, fka...@posteo.net said:
> from September 2017 for configure.ac that allows to circumvent a
> huge performance regression with gnupg v2 keys in some contexts.
>
> This commit is not in stable though.
Right. The bug was closed so we forgot about it. Thanks for the
remin
On Fri, 7 Dec 2018 14:51, per.tore.johan...@ecp.no said:
> Installed GnuPG from : gnupg-i5pase-1.4.10b.tar.Z on Power for I. OS
> release V7R3
That looks like a modified version of an old GnuPG 1 version from 2009.
Please do not use such an old version. The current 1.4 version 1.4.23
From t
On Thu, 6 Dec 2018 14:05, stefan.cl...@posteo.de said:
> Understood. Please check this example, a key with with plenty of data,
> which only needs to be extracted.
>
> https://pgp.circl.lu/pks/lookup?op=get&search=0x73253A1F090C53B6
Surely you can put arbitrary data into into a user-id.
> That
On Wed, 5 Dec 2018 19:56, stefan.cl...@posteo.de said:
> Well, my understanding would be that a least one (search) criteria
> would be needed to fetch a key, right? And if so i could also imagine
Right, the fingerprint. And maybe the long keyid for a transitional
period because not all software
On Wed, 5 Dec 2018 17:34, stefan.cl...@posteo.de said:
> Can you give more details about the security aspect?
People believe that the keyservers magically return a matching key for a
mail address. There is no guarantee for this. In fact all people from
the strong had meanwhile expired faked ke
On Wed, 5 Dec 2018 10:31, c...@cod-web.net said:
> On pool.sks-keyservers.net eveything works well while on other
> keyservers I get 47Mb of garbled data from Yegor Timoshenko key, which I
> never signed and I don't know exactly why it's included in search
There are several problem with the keys
Hello!
On Thu, 29 Nov 2018 02:06, smck...@titaniummirror.com said:
> Today we set up a new Yubikey from a Windows 7 system running GnuPG
> 2.2.10. Its generate command did not ask us for key size, and the
With version 2.2.6 we had to introduce a new command to be more flexible
with chnaging attr
Hi!
Here is my reply to the Enigmail list which explains why this is indeed
not just a problem of gpg and that we can't have a perfect solution.
For security reasons Windows has strict rules on which process can put
itself into the focus. Enigmail needs to tell Pinentry, via gpg, that
it may tak
On Fri, 23 Nov 2018 15:18, gnupg-users@gnupg.org said:
> gcry_version_check(1.8.4)
gcry_check_version requires a string with the version number or NULL.
Thus
--8<---cut here---start->8---
const char *s;
if ((s=gcry_version_check ("1.8.4")))
printf ("V
Hi,
if you can compile a not too old gpg version, you might be able to apply
this patch. It should show you the fingerprint of the cuplrit.
--8<---cut here---start->8---
diff --git a/g10/keyid.c b/g10/keyid.c
index a9034ee46..3694c26cc 100644
--- a/g10/keyid.c
On Fri, 23 Nov 2018 18:56, dirk.gottschalk1...@googlemail.com said:
> I saw the Listing in the debugging log. I tried this also.
> gpg -k does not show this message, but two messages regarding two keys,
Hmmm, not easy to debug by mail.
> gpg: bad data signature from key 2894CD20EE47166D: Wrong k
On Thu, 22 Nov 2018 16:38, gnupg-users@gnupg.org said:
> After listing the keys, gpg reports: gpg: error computing keygrip
Looks like you have a garbled key or one with an unknown encryption
algorithm. Not easy to pinpoint because that diagnostics comes from the
deep innards of gpg.
Do you see
On Wed, 14 Nov 2018 16:45, 2017-r3sgs86x8e-lists-gro...@riseup.net said:
> http://sites.inka.de/tesla/gpgrelay.html. A possible working link is
> https://sourceforge.net/projects/gpgrelay/.
Thanks, I fixed it.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesges
On Thu, 8 Nov 2018 18:34, stefan.cl...@posteo.de said:
> apartment and accidentally threw away the box
> in which the revocation cert was stored... :-(
:-(
> How would you procede now?
Fetch your backup which for you will have stored at a different
venue .-)
Call the locksmith to open the loc
On Thu, 8 Nov 2018 07:50, em...@andrewnesbit.org said:
> - Enigmail and GPGTools are orthogonal components re: Thunderbird.
> Enigmail is something like the interface to the underlying GPG
> implementation. In many cases on Mac OS X, including mine, this
> underlying implementation is indeed G
On Tue, 6 Nov 2018 06:55, kaushalshri...@gmail.com said:
> I am using CentOS 7.5 Linux OS in my setup. I have compressed a folder
> using tar utility tar czvf backupfolder.tar.gz backupfolder. Is there a way
> to encrypt backupfolder.tar.gz using gpg? Are there any best practices to
Sure:
tar
ry versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
Hi!
Please do not post commercial advertisements to a gnupg mailing list.
There is no problem to _mention_ proprietary software on the GnuPG lists
if that mentioning is related to technical questions. But sales pitch
or ads are unwanted.
Thanks,
Werner
ps.
I removed the openssl list from t
On Sun, 4 Nov 2018 23:20, juer...@bruckner.tk said:
> I for myself did configure MailDroid that way, that for each
> crypto-operation, decrypt, sign, encrypt I have to enter my passwort
> each time.
That does not help. A bugged phone will for sure employ a keylogger and
thus you can also work w
On Wed, 31 Oct 2018 01:33, alvaro@gmail.com said:
> It seems I was not looking at the right keywords when I searched, because I
> couldn't find that option before.
Note that the filename stored with the encrypted or signed data is not
even convered by the signature. Thus it is possible to an
On Tue, 30 Oct 2018 15:13, zer...@gmail.com said:
> If I do a gpg --list-keys my keys all show up just fine.
Run
gpg-connect-agent 'keyinfo --ssl-list' /bye
to see the keys gpg-agent is aware of. See also
gpg-connect-agent 'help keyinfo' /bye
and as Gniibe wrote, you need to put a key i
ignature files for all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
rsa2048 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F2
601 - 700 of 4125 matches
Mail list logo
