El día martes, junio 18, 2024 a las 05:00:06p. m. +0200, Matthias Apitz
escribió:
> El día martes, junio 18, 2024 a las 02:51:36 +0200, Matthias Apitz escribió:
>
> > You remember correctly, but the size in the L5 is smaller (nano, I
> > think).
> >
>
> I used the easy way to check if the culp
El día martes, junio 18, 2024 a las 02:51:36 +0200, Matthias Apitz escribió:
> You remember correctly, but the size in the L5 is smaller (nano, I
> think).
>
I used the easy way to check if the culprit is the card or the token: I
ordered a new card :-)
matthias
--
Matthias Apitz, ✉ g...@u
El día martes, junio 18, 2024 a las 08:34:36 -0400, Henning Follmann escribió:
> On Tue, Jun 18, 2024 at 01:30:13PM +0200, Matthias Apitz wrote:
> >
> > ...
> >
> > How can I detect if the problem is the SIM-card or the USB dongle? The
> > problem is in both USB ports of my laptop, that's why I
On Tue, Jun 18, 2024 at 01:30:13PM +0200, Matthias Apitz wrote:
>
> Hello,
>
> I do use since "ages" an OpenPGP card in an USB dongle "uTrust 3512"
> with GnuPG, mostly for the password-store. Today, from one minute to the
> other it stopped working. On att
Hello,
I do use since "ages" an OpenPGP card in an USB dongle "uTrust 3512"
with GnuPG, mostly for the password-store. Today, from one minute to the
other it stopped working. On attach the uTrust shows up fine in
/var/log/messages with:
Jun 18 13:08:52 c720-1400094 kernel:
El día viernes, mayo 17, 2024 a las 01:39:55 +0900, NIIBE Yutaka escribió:
> Hello,
>
> Matthias Apitz wrote:
> > This isn't that easy. The pcscd is running (when needed) as:
> >
> > purism@pureos:~$ ps ax | grep pcscd
> >2151 ?Ssl0:00 /usr/sbin/pcscd --foreground --auto-exit
> >
=
Kill pcscd by systemctl, if any.
Kill the scdaemon by:
$ gpgconf --kill scdaemon
And then, when you try to access OpenPGP card by SSH or GnuPG, gpg-agent
invokes scdaemon, scdaemon tries to access PC/SC service, pcscd is
invoked by socket activation with systemd. You c
El día jueves, mayo 16, 2024 a las 04:09:44 +0900, NIIBE Yutaka escribió:
> Hello,
>
> Matthias Apitz wrote:
> > It seems that the first time is longer. I will increase the debug-level
> > for scdaemon.
>
> Thank you for the information. I think that it's better to debug how
> PC/SC goes.
>
>
Hello,
Matthias Apitz wrote:
> It seems that the first time is longer. I will increase the debug-level
> for scdaemon.
Thank you for the information. I think that it's better to debug how
PC/SC goes.
To get full debug log in lower level, you can invoke pcscd manually with
root:
# LIBCCID_
Hello,
I wonder if it taks always 8-9 secs, or it's only for the first time.
Matthias Apitz wrote:
> /tmp/scdaemon-debug.log:
[...]
> 2024-05-15 11:07:58 scdaemon[16983] DBG: chan_7 <- SERIALNO
>
> It takes 8 secs until scdaemon detects the reader, waht does this maen?
>
> 2024-05-15 11:08:06 sc
El día jueves, mayo 16, 2024 a las 03:00:52 +0900, NIIBE Yutaka escribió:
> Hello,
>
> I wonder if it taks always 8-9 secs, or it's only for the first time.
>
> Matthias Apitz wrote:
> > /tmp/scdaemon-debug.log:
> [...]
> > 2024-05-15 11:07:58 scdaemon[16983] DBG: chan_7 <- SERIALNO
> >
> > It
Hello,
I'm using an OpenPGP card in my cellphone Puris L5 for GnuPG
actions (password-store, SSH, ...). It mostly takes some 8-9 seconds
until the PIN entry dialog pops up. I enabled debug log for the
gpg-agent and the scdaemon, see below, and the time is consumed
by the scdaemon waitinn
On Sun, 12 May 2024 15:22, Matthias Apitz said:
> I did a factory reset and changed the keylength with the subcommand
> 'key-attr' to 4096. All fine and one must be patient as the key
> 'generate' takes significantly longer.
That's why I always suggest to use ECC instead of RSA on smartcards.
Sa
I did a factory reset and changed the keylength with the subcommand
'key-attr' to 4096. All fine and one must be patient as the key
'generate' takes significantly longer.
matthias
--
Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixa
Hello,
I'm setting up a new OpenPGP card I've got from Purism for my second
mobile L5. During the key generation it is not asking for the length of
the key 2024 or 4096 bits. The status is:
purism@pureos:~$ gpg --card-status
Reader ...: L5 built-in SmartCard Reader 00 00
Appl
On Tue, Apr 09, 2024 at 12:11:31PM +0200, Werner Koch wrote:
> By default we are not using PC/SC on Linux but direct access to the
> reader via USB. Now if pcscd is already running and has access to the
> reader scdaemon won't be able to access the reader via USB.
>
> 2.2 falls back to PC/SC if i
Running "gpg --card-status" with a configured Yubikey plugged in on an x86_64
Linux machine just gives me these errors when running 2.4.5:
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
However, leaving everything else the same and just runn
On Mon, 8 Apr 2024 21:50, Dan Fandrich said:
> Running "echo SERIALNO | scd/scdaemon --server" is enough. I've tried both
> pcsc-lite 1.9.9 and 2.0.3 without a difference. I'm not sure how to drill
By default we are not using PC/SC on Linux but direct access to the
reader via USB. Now if pcsc
Running "gpg --card-status" with a configured Yubikey plugged in on an x86_64
Linux machine just gives me these errors when running 2.4.5:
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
However, leaving everything else the same and just runn
On Fri, 1 Mar 2024 21:56, Daniel Kahn Gillmor said:
> For example, GnuPG could instead offer an interface with explicit
> options to allow the user to choose to match certificates by
> fingerprint, or by e-mail address, or by name, or by full User ID, but
Simply prefix the fingerprint with 0x an
On Fri, Mar 1, 2024 at 8:57 PM Daniel Kahn Gillmor via Gnupg-users
wrote:
> I agree with you that it's nice to refer to people by human-memorable
> names. I just wish it was safe to do so.
I would consider it is safe to do so. It is in fact mostly the entire purpose
of GPG to identify the corr
On Fri 2024-03-01 17:06:09 +0100, Ingo Klöcker wrote:
> On Donnerstag, 29. Februar 2024 21:21:42 CET Daniel Kahn Gillmor wrote:
>> human-readable names for certificates. But i don't see how to use that
>> safely while dealing with GnuPG's risky implementation choices here.
>
> Allowing recipients
On Donnerstag, 29. Februar 2024 21:21:42 CET Daniel Kahn Gillmor wrote:
> human-readable names for certificates. But i don't see how to use that
> safely while dealing with GnuPG's risky implementation choices here.
Allowing recipients to be specified by email address (or some other part of a
us
El día jueves, febrero 29, 2024 a las 01:40:53 +0100, Ingo Klöcker escribió:
> "CCID L5" doesn't strike me as a sufficiently unique identifier for a key. If
> I
> add a (secondary) user ID "CCID L5" to my key and trick Matthias into
> importing it won't pass start encrypting their passwords for
On Mittwoch, 28. Februar 2024 17:30:21 CET Werner Koch via Gnupg-users wrote:
> On Wed, 28 Feb 2024 10:55, Matthias Apitz said:
> > purism@pureos:~$ cat .password-store/.gpg-id
> > CCID L5
>
> Which means that it encrypts to "CCID L5". pass parses this using
>
> while read -r gpg_id; do
On Wed, 28 Feb 2024 17:41, Jacob Bachmeyer said:
> As Werner mentioned, you can also have different .gpg-id files for
> different parts of your password store, if you wanted some passwords
> to only be available with certain smartcards.
FWIW: The C3S uses pass for their teams and meik wrote a scr
On Wed, 28 Feb 2024 17:40, Jacob Bachmeyer said:
> Or even Windows, which remains disturbingly common in applications
> that probably need far less attack surface, like industrial control
> systems... (Is the stupidity of management a main driver of Shamir's
> law?)
Often true but the real probl
Matthias Apitz wrote:
El día miércoles, febrero 28, 2024 a las 10:32:43 +0100, Werner Koch via
Gnupg-users escribió:
On Tue, 27 Feb 2024 20:52, Jacob Bachmeyer said:
Therefore, pass(1) almost certainly has its own list of keys stored
pass stores the fingerprints of the keys in
Werner Koch wrote:
On Tue, 27 Feb 2024 20:52, Jacob Bachmeyer said:
[...]
logarithm problem and /vice versa/. Accordingly, RSA1024 is now
considered sufficiently dubious that some implementations no longer
support it, such as the go-crypto/openpgp library used by the newer
Which is a
On Wed, 28 Feb 2024 10:55, Matthias Apitz said:
> purism@pureos:~$ cat .password-store/.gpg-id
> CCID L5
Which means that it encrypts to "CCID L5". pass parses this using
while read -r gpg_id; do
gpg_id="${gpg_id%%#*}" # strip comment
[[ -n $gpg_id ]] || c
El día miércoles, febrero 28, 2024 a las 10:32:43 +0100, Werner Koch via
Gnupg-users escribió:
> On Tue, 27 Feb 2024 20:52, Jacob Bachmeyer said:
>
> > Therefore, pass(1) almost certainly has its own list of keys stored
>
> pass stores the fingerprints of the keys in a .gpg-id file and allows t
On Tue, 27 Feb 2024 20:52, Jacob Bachmeyer said:
> Therefore, pass(1) almost certainly has its own list of keys stored
pass stores the fingerprints of the keys in a .gpg-id file and allows to
set different ones per directories.
> logarithm problem and /vice versa/. Accordingly, RSA1024 is now
>
eval set -- "$opts"
while true; do case $1 in
-f|--force) force=1; shift ;;
--) shift; break ;;
esac done
[[ $# -ne 2 ]] && die "Usage: $PROGRAM $COMMAND [--force,-f] old-path
new-path"
check_sneaky_paths "$@"
Matthias Apitz wrote:
El día lunes, febrero 26, 2024 a las 06:40:26 -0600, Jacob Bachmeyer via
Gnupg-users escribió:
Matthias Apitz wrote:
[...]
Said/showed that, I can't imagine that, when I SCP the file
.password-store/test.gpg to another mobile with another OpenPGP card,
that
On Tue, 27 Feb 2024 10:07, Matthias Apitz said:
> I've never done anything with this and expected it also at date
> 2021-10-30 (when I initialized the OpenPGP card in the mobile L5).
The pubring.kbx is used for various things. For example we also store
"ephemeral keys"
El día lunes, febrero 26, 2024 a las 06:40:26 -0600, Jacob Bachmeyer via
Gnupg-users escribió:
> Matthias Apitz wrote:
> > [...]
> > Said/showed that, I can't imagine that, when I SCP the file
> > .password-store/test.gpg to another mobile with another OpenPGP card,
>
Matthias Apitz wrote:
[...]
Said/showed that, I can't imagine that, when I SCP the file
.password-store/test.gpg to another mobile with another OpenPGP card,
that this system would be able to decrypt the file and reencrypt it
again with the new card.
Correct. You must first copy the
El día martes, febrero 13, 2024 a las 11:04:31a. m. +0100, Werner Koch via
Gnupg-users escribió:
> On Fri, 9 Feb 2024 15:36, Matthias Apitz said:
>
> > So, can I buy this card here in Europe or even in Germany?
>
> floss-shop.de
Only for the record:
Meanwhile I bought th
Some Javacards are available in at least larger SIM form factors. IIRC
the NXP J3H145 was available SIM-cut from Smartcard Focus at some
point, but it has been a while since I ordered one.
If it's an option for you to install an OpenPGP applet such as
SmartPGP (https://github.com/github-af/SmartPG
Am 20.02.24 um 17:20 schrieb Jakob Bohm via Gnupg-users:
On 2024-02-17 12:37, Juergen BRUCKNER via Gnupg-users wrote:
Hello Jacob,
Am 17.02.24 um 12:04 schrieb Jakob Bohm via Gnupg-users:
[...]
I don't know exactly how the situation about this is in Germany. But
here in Austria many mobile p
On 2024-02-17 12:37, Juergen BRUCKNER via Gnupg-users wrote:
Hello Jacob,
Am 17.02.24 um 12:04 schrieb Jakob Bohm via Gnupg-users:
[...]
I don't know exactly how the situation about this is in Germany. But
here in Austria many mobile phone shops have a SIM card punch with
which you can punch o
Hello Jacob,
Am 17.02.24 um 12:04 schrieb Jakob Bohm via Gnupg-users:
[...]
I don't know exactly how the situation about this is in Germany. But
here in Austria many mobile phone shops have a SIM card punch with
which you can punch out a micro-SIM or nano-SIM from a standard-SIM.
In some oth
On 2024-02-15 18:42, Juergen BRUCKNER via Gnupg-users wrote:
Hello Matthias,
Am 13.02.24 um 17:32 schrieb Matthias Apitz:
We need here 'Microm SIM'. And I talked to the owner of floss-shop. They
do not offer a way to pop out Micro SIM.
I don't know exactly how the situation about this is in G
Hello Matthias,
Am 13.02.24 um 17:32 schrieb Matthias Apitz:
We need here 'Microm SIM'. And I talked to the owner of floss-shop. They
do not offer a way to pop out Micro SIM.
I don't know exactly how the situation about this is in Germany. But
here in Austria many mobile phone shops have a SI
On Tue, 13 Feb 2024 17:32, Matthias Apitz said:
> We need here 'Microm SIM'. And I talked to the owner of floss-shop. They
> do not offer a way to pop out Micro SIM.
I simply uses scissors to cut them out and those cards work. Granted I
don't use the Librem regulary (if at all), but the card was
erent keys).
Hi Klaus,
I do not fully understand the procedure.
Actually the .password-store/ is encrypted with the gpg-key-A on the
phone L5, number 1.
When I now create on the phone number 2 with the other OpenPGP card a
gpg-key-B, and transfer the .password-store/ by SCP to this phone
number 2
> On 13 Feb 2024, at 17:32, Matthias Apitz wrote:
>
> El día martes, febrero 13, 2024 a las 09:57:17a. m. -0500, Henning Follmann
> escribió:
>
>> On Tue, Feb 13, 2024 at 02:32:04PM +0100, Matthias Apitz wrote:
>>> El día martes, febrero 13, 2024 a las 11:04:31a. m. +0100, Werner Koch via
>>
El día martes, febrero 13, 2024 a las 09:57:17a. m. -0500, Henning Follmann
escribió:
> On Tue, Feb 13, 2024 at 02:32:04PM +0100, Matthias Apitz wrote:
> > El día martes, febrero 13, 2024 a las 11:04:31a. m. +0100, Werner Koch via
> > Gnupg-users escribió:
> >
> > > On Fri, 9 Feb 2024 15:36, M
On Tue, Feb 13, 2024 at 02:32:04PM +0100, Matthias Apitz wrote:
> El día martes, febrero 13, 2024 a las 11:04:31a. m. +0100, Werner Koch via
> Gnupg-users escribió:
>
> > On Fri, 9 Feb 2024 15:36, Matthias Apitz said:
> >
> > > So, can I buy this card here in Europe or even in Germany?
> >
> >
El día martes, febrero 13, 2024 a las 03:40:12p. m. +0100, Jakob Bohm via
Gnupg-users escribió:
> On 2024-02-13 14:32, Matthias Apitz wrote:
> > El día martes, febrero 13, 2024 a las 11:04:31a. m. +0100, Werner Koch via
> > Gnupg-users escribió:
> >
> > > On Fri, 9 Feb 2024 15:36, Matthias Api
On 2024-02-13 14:32, Matthias Apitz wrote:
El día martes, febrero 13, 2024 a las 11:04:31a. m. +0100, Werner Koch via
Gnupg-users escribió:
On Fri, 9 Feb 2024 15:36, Matthias Apitz said:
So, can I buy this card here in Europe or even in Germany?
floss-shop.de
I've contacted floss-shop.de.
El día martes, febrero 13, 2024 a las 11:04:31a. m. +0100, Werner Koch via
Gnupg-users escribió:
> On Fri, 9 Feb 2024 15:36, Matthias Apitz said:
>
> > So, can I buy this card here in Europe or even in Germany?
>
> floss-shop.de
I've contacted floss-shop.de. They can not provide (i.e. cut) th
Hi,
Am Fr den 9. Feb 2024 um 15:36 schrieb Matthias Apitz:
> Next question: Can I transfer somehow the key from one card to the
> other to use the same encrypted files foo.gpg from my password store:
>
> purism@pureos:~$ find .password-store/ -type f | wc -l
> 373
Well, pass has its mechanism i
On Fri, 9 Feb 2024 15:36, Matthias Apitz said:
> So, can I buy this card here in Europe or even in Germany?
floss-shop.de
> If not, I could with a script decrypt all the files in this tree and
> encrypt them again after setup the card. But, it would be better just
> copy the files over by SCP,
Hello Matthias,
Am 09.02.24 um 15:36 schrieb Matthias Apitz:
So, can I buy this card here in Europe or even in Germany?
yes you can buy this Card also in Europe:
https://www.floss-shop.de
https://www.cryptoshop.com
or you can also buy a USB/NFC-Device at Nitrokey
https://nitrokey.com
I hop
On 2024-02-09 14:36, Matthias Apitz wrote:
Next question: Can I transfer somehow the key from one card to the
other to use the same encrypted files foo.gpg from my password store:
purism@pureos:~$ find .password-store/ -type f | wc -l
373
No, the entire point of an openpgp card is that you
I do use an OpenPGP-card, bought from Purism in one of my L5 mobiles and I
want to buy a second one for my other L5. I use two L5, one in Europe,
the other in Cuba with a cuban SIM card. I could buy the 2nd card in
Purism to, but would have to pay $65 shipping fee for the $15 card.
So, can I buy
now:
/usr/local/libexec/scdaemon --debug-all --verbose --verbose --server
scdaemon[2131]: reading options from '/home/guru/.gnupg-ccid/scdaemon.conf'
scdaemon[2131.a884ac12000]: reading options from '[cmdline]'
scdaemon[2131.a884ac12000]: enabled debug flags: mpi crypto memory cache
mem
Matthias Apitz wrote:
> $ gdb /usr/local/libexec/scdaemon
> ...
> r --debug-all --verbose --verbose --server
> ...
> OK GNU Privacy Guard's Smartcard server ready
> SERIALNO
> [New LWP 101967 of process 2622]
>
> Thread 2 "pipe-connection" received signal SIGSEGV, Segmentation fault.
> Address not
El día lunes, septiembre 25, 2023 a las 11:03:23a. m. +0900, NIIBE Yutaka
escribió:
> Hello,
>
> Matthias Apitz wrote:
> > After an update of FreeBSD from 13-CURRENT to 14-CURRENT I can't used
> > my OpenPGP card with the USB token anymore. In /var/log/messages
&g
Hello,
Matthias Apitz wrote:
> After an update of FreeBSD from 13-CURRENT to 14-CURRENT I can't used
> my OpenPGP card with the USB token anymore. In /var/log/messages
> it says:
[...]
> Any hints how to debug this
You can run scdaemon as a foreground process to debug. An e
Hello,
After an update of FreeBSD from 13-CURRENT to 14-CURRENT I can't used
my OpenPGP card with the USB token anymore. In /var/log/messages
it says:
Sep 24 19:33:02 c720-1400094 kernel: ugen0.4: at usbus0
Sep 24 19:33:07 c720-1400094 kernel: pid 3886 (scdaemon), jid 0, uid 1001:
exit
The issue persists. Sometimes the readers (just now the YubiKey) are not
visible to the user. But they are always to root k. I then disabled the
PC/SC daemon:
[felix@felix-arch ~]$ sudo systemctl disable pcscd
Removed "/etc/systemd/system/sockets.target.wants/pcscd.socket".
[felix@feli
On Mon, Aug 7, 2023 at 3:30 PM Werner Koch wrote:
> > I also tried killing root’s gpg-agent, to avoid conflicts with that
> > of the user, but that didn’t help either.
>
> Right a second scdaemon might have grabbed the device. If you don't
> need it as root put into root's gpg-agent.conf "disable-
On Mon, Aug 7, 2023 at 9:00 AM NIIBE Yutaka wrote:
> Please note that there may be two methods to access the device in
> scdaemon:
>
> * in-stock CCID driver of scdaemon
> * the PC/SC service
>
> Your output shows that you are connecting the smartcard reader through
> the PC/SC service.
Inter
On Sat, 5 Aug 2023 12:10, Felix E. Klee said:
> I also tried killing root’s gpg-agent, to avoid conflicts with that of
> the user, but that didn’t help either.
Right a second scdaemon might have grabbed the device. If you don't
need it as root put into root's gpg-agent.conf "disable-scdaemon".
Hello,
Please note that I don't have any experience using scdaemon in a guest
OS of GNU/Linux. So, my answer may be wrong/irrelevant.
"Felix E. Klee" wrote:
> [felix@felix-arch ~]$ sudo gpg --card-status
> Reader ...: SCM Microsystems Inc. SPR 532 [CCID Interface]
> (5127174
[ 5136.137554] usb 2-1: Manufacturer: SCM Microsystems Inc.
[ 5136.137555] usb 2-1: SerialNumber: 51271741200012
^C
[felix@felix-arch ~]$ gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
[felix@felix-arc
?
> How do I fix that?
> I am happy to substitute the udev rules with a timer, or to call some
> command to give permissions every time I want to use the YubiKey or the
> OpenPGP card. I just would like the whole process to be more reliable.
> Currently, it’s extrem
the above command as
root. Now I notice that the occasional connection issues I have with the
OpenPGP card in my SCM SPR332 are similar. Furthermore, it happens that
the YubiKey or the card reader suddenly disappear for the ordinary user,
although that is rare.
I have set up udev rules for both. But
Never mind -- I realized this was a duplicate of this bug report:
https://dev.gnupg.org/T5935
I will try to work on getting a newer GnuPG into Guix as a solution.
/Simon
signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-user
racking it down, it only occurs when both of these holds:
1) Modern enough SSH versions that prefers
sntrup761x25519-sha...@openssh.com over curve25519-sha256. To force it:
ssh -oKexAlgorithms=sntrup761x25519-sha...@openssh.com root@192.168.10.186
2) The 25519 key is on an OpenPGP card. I ver
Am 06.04.22 um 18:15 schrieb Robert J. Hansen via Gnupg-users:
>> You're barking up the wrong tree: It wasn't me who brought politics to
>> this list.
>
> You're the one who is turning a single throwaway line in someone's
> signature block into an angry argument.
No. But you're the one who obvious
You're barking up the wrong tree: It wasn't me who brought politics to
this list.
You're the one who is turning a single throwaway line in someone's
signature block into an angry argument.
Nonsense. The OP issued a statement, I replied and that could have been
it. It is you who is obviously
Am 06.04.22 um 17:04 schrieb Robert J. Hansen via Gnupg-users:
>> Just as I am free to comment on a political statement that I find
>> provocative, blatantly wrong and in the context of current events almost
>> derisive.
>
> Excepting that this is not a mailing list for politics.
You're barking up
Just as I am free to comment on a political statement that I find
provocative, blatantly wrong and in the context of current events almost
derisive.
Excepting that this is not a mailing list for politics.
Matthias has a line in his signature that you object to. I object to
it, too, but the on
Am 06.04.22 um 16:06 schrieb Robert J. Hansen via Gnupg-users:
>> Given recent events: can't you spare us your stupid signature?
>
> Matthias should be, and is, free to advocate for his beliefs in his
> signature.
Just as I am free to comment on a political statement that I find
provocative, blata
Given recent events: can't you spare us your stupid signature?
Matthias should be, and is, free to advocate for his beliefs in his
signature.
If we don't stand up for people's right to peacefully say things we
don't like, we have failed as a community.
I say this as an American who's a fan
Am 05.04.22 um 16:57 schrieb Matthias Apitz:
>
> Hello,
>
> Can someone please comment in the forum or here (and I copy it over) how
> an OpenPGP card could be used to unlock a ciphered LUKS partition during
> boot of the L5 mobile device, see this posting at the end:
>
>
On Tue, 5 Apr 2022 16:57, Matthias Apitz said:
> an OpenPGP card could be used to unlock a ciphered LUKS partition during
> boot of the L5 mobile device, see this posting at the end:
No idea, I don't use LUKS but g13 ;-)
> Werner, what about your L5?
It is gathering dust in one
Hello,
Can someone please comment in the forum or here (and I copy it over) how
an OpenPGP card could be used to unlock a ciphered LUKS partition during
boot of the L5 mobile device, see this posting at the end:
https://forums.puri.sm/t/librem-5-unlock-luks-volume-with-a-fido2-device/16890/7
El día lunes, noviembre 08, 2021 a las 11:18:37a. m. +0100, Matthias Apitz
escribió:
> > You did the
> >
> > gpg-connect-agent updatestartuptty /bye
> >
> > thing to tell gpg-agent where it shall pop up the pinentry? Further
> > ...
>
> Thanks for the hints. Magically it works now by its own
El día domingo, noviembre 07, 2021 a las 02:14:59p. m. +0100, Werner Koch via
Gnupg-users escribió:
> On Fri, 5 Nov 2021 17:30, Matthias Apitz said:
>
> > But, it does not work locally on the L5 in its "terminal app", the
> > "pass" command in the terminal raises an error about no secret provid
On Fri, 5 Nov 2021 17:30, Matthias Apitz said:
> But, it does not work locally on the L5 in its "terminal app", the
> "pass" command in the terminal raises an error about no secret provided.
You did the
gpg-connect-agent updatestartuptty /bye
thing to tell gpg-agent where it shall pop up the
Werner,
I have an issue with the 'pinentry' in the L5:
/usr/bin/pinentry is as default a symlink to /etc/alternatives/pinentry
and pops up on the L5 as somekind graphical application, also when I use
the OpenPGP card in the L5 when connected via SSH to the L5, which is
not what I want
n with a sharp wire cutter) but I have
> not seen the device.
Hello Werner,
To get the OpenPGP card working, please follow the steps in my
attachment OpenPGP-L5.txt. You must flash some firmware into the device.
> Even after an OS update there is still no Bluetooth device (regardless
> of t
Hi Matthias,
On Thu, 4 Nov 2021 09:40, Matthias Apitz said:
> I got mine in early October after exactly 4 years waiting. I do not
Same here. I actually met with Todd back then and my colleague Gniibe
write the driver for their planned card reader. Then we had that long
delay.
it is good that
El día jueves, noviembre 04, 2021 a las 09:45:57a. m. +, Andrew Gallagher
via Gnupg-users escribió:
> On 04/11/2021 08:40, Matthias Apitz wrote:
> > I bought the OpenPGP card from
> > Purism for USD 15, I don't know if the small format exist here in
> > Germ
On 04/11/2021 08:40, Matthias Apitz wrote:
I bought the OpenPGP card from
Purism for USD 15, I don't know if the small format exist here in
Germany.
Not Germany, but Cryptoshop in Vienna sells them:
https://en.cryptoshop.com/products/smartcards/open-pgp-smartcard-v2-id-000.html
--
A
El día jueves, noviembre 04, 2021 a las 09:40:40a. m. +0100, Matthias Apitz
escribió:
> ...
>
> I have and have had some Linux mobiles, also the OpenMoko. The
> Purism L5 is the most usefull until now for me. You see, I really don't
> share your opinion. The biggest problem until now is the dura
ed touchpad. Both work fine, see this foto:
http://www.unixarea.de/l5-with-bt-keyboard.jpg
The slot for the mini OpenPGP card in behind the battery, just
pull the battery out and you will see. I bought the OpenPGP card from
Purism for USD 15, I don't know if the small format exist here in
German
On Wed, 3 Nov 2021 18:55, Matthias Apitz said:
> card, and available without any laptop or USB dongel, just in my phone -- a
> big progress. Thanks to Purism to bring this with the L5 to the Linux world!
You mean the Librem5 has indeed a second slot for a smartcard? I
recently received mine bu
l' will also expire the unlocked
> > state of the OpenPGP card, which it does not. How could I do this?
>
> No, it does not because it is the decision of the card how long the
> VERIFY command send to the card allows the use of the key. For most
> cards and keys the keys ar
On Sat, 30 Oct 2021 15:50, Matthias Apitz said:
> I just withdraw the USB dongle after the operation. I was thinking that
> the gpg-agent.conf entry 'max-cache-ttl' will also expire the unlocked
> state of the OpenPGP card, which it does not. How could I do this?
No, it doe
Hello,
I'm using GnuPG together with an OpenPGP card. When I want to decrypt
something the gpg-agent is via pinentry asking for the PIN to unlock the card.
Normally I don't care about how long the card remains unlocked, because
I just withdraw the USB dongle after the operation. I wa
Hello,
I'm using an OpenPGP card in my FreeBSD laptop and my Ubuntu mobile
phone (see photo http://www.unixarea.de/UbuntuPhone-GnuPG-card2.jpg )
The read is an Identiv uTrust 3512 SAM slot Token which works just fine
(after solving an issue in the FreeBSD USB driver). To connect it to the
m
e System (FreeBSD CURRENT) the /usr/local/sbin/pcscd does no work
> > anymore with the OpenPGP card (HID Global OMNIKEY 6121 Smart Card
> > Reader) after withdraw and re-insert. It works fine after boot, I
> > have to enter the PIN to unlock the card and all tested functions are
>
El día miércoles, enero 02, 2019 a las 11:36:54a. m. +0100, Werner Koch
escribió:
> On Tue, 1 Jan 2019 08:36, g...@unixarea.de said:
>
> > with the OpenPGP card (HID Global OMNIKEY 6121 Smart Card Reader) after
>
> Take care: Usual Omnikey problems with creating and using
Hi,
On 01.01.19 08:36, Matthias Apitz wrote:
> How can I meanwhile 'reset' the OpenPGP card so that on next request for
> the secrets (decrypt, signing, ssh) the PIN is requested?
for key slots 1 and 2 there probably is no way to do this other than
unplugging und replugging the
On Tue, 1 Jan 2019 08:36, g...@unixarea.de said:
> with the OpenPGP card (HID Global OMNIKEY 6121 Smart Card Reader) after
Take care: Usual Omnikey problems with creating and using large keys
apply.
> How can I meanwhile 'reset' the OpenPGP card so that on next request f
1 - 100 of 664 matches
Mail list logo