Re: Key corruption: duplicate signatures and usage flags

martin f. krafft [2017-06-21 11:03:40+02] wrote: > 24 duplicate signatures removed > > That's a bit weird. Where do these come from? I've seen the message with other keys too, just after --edit-key. The number of duplicate signatures varies. Next --refresh-keys command downloads the signatures

Re: Having trouble adding gpg key to apt keyring in Debian 9.0 (Stretch)

On Tue, Jun 20, 2017 at 01:56:57PM -0400, Daniel Kahn Gillmor wrote: Hi Rex-- On Tue 2017-06-20 08:43:16 -0700, Rex Kneisley wrote: root@debian-rig:/home/rexk# wget -qO - https://download.sublimetext.com/sublimehq-pub.gpg | sudo apt-key add - gpg: WARNING: nothing exported gpg: no valid

Key corruption: duplicate signatures and usage flags

Hey, My key on the keyservers is 0x55C9882D999BBCC4. If I download this to a fresh keyring, I get some weird behaviours: % alias gpg='gpg --homedir=.' % gpg --recv-key 0x55C9882D999BBCC4 gpg: keybox '/home/ssd/madduck/.tmp/cdt.p0R8ly/pubring.kbx' created gpg:

Re: Managing the WoT with GPG

Hi, At Tue, 20 Jun 2017 15:34:44 +0200, martin f krafft wrote: > I've spent some time trying to figure out how to make actual use of > the web-of-trust (the "pgp" trust-model), and I am turning to this > list for some advice, related to a couple of questions: > > 1. My public keyring has several

Re: Managing the WoT with GPG

also sprach Neal H. Walfield [2017-06-21 11:53 +0200]: > > 3. Is there a way to run --check-trustdb or --update-trustdb not > >over the entire key graph, but only traversing to a certain depth > >starting from a specific key? Then I could tell parcimonie to run > >

Re: Key corruption: duplicate signatures and usage flags

martin f krafft writes: > And then check this out: > > % gpg --edit-key 0x55C9882D999BBCC4 > gpg (GnuPG) 2.1.18; Copyright (C) 2017 Free Software Foundation, Inc. > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the

Re: Managing the WoT with GPG

At Wed, 21 Jun 2017 13:55:52 +0200, martin f krafft wrote: > > also sprach Neal H. Walfield [2017-06-21 11:53 +0200]: > > > 3. Is there a way to run --check-trustdb or --update-trustdb not > > >over the entire key graph, but only traversing to a certain depth > > >

Re: Key corruption: duplicate signatures and usage flags

martin f krafft writes: > Hey, > > My key on the keyservers is 0x55C9882D999BBCC4. If I download this > to a fresh keyring, I get some weird behaviours: gpg --version please? > % alias gpg='gpg --homedir=.' I tend to do: $ export GNUPGHOME=$(mktemp -d) > So far, so

Re: Revoking a certificate (--edit-key + revsig)

On Fri 2017-06-16 10:06:38 +0300, Teemu Likonen wrote: > My question is simple (kind of): In what situations would you revoke a > certificate that you have made on someone else's key? (Technically: > --edit-key + revsig.) That action would be me saying "i no longer believe that this key is only

Re: TOFU

On Wed, 21 Jun 2017 19:02:26 +0200, Peter Lebbing wrote: > On 08/06/17 22:33, Stefan Claas wrote: > > I did a test today with Enigmail and with TOFU in command line mode. > > I posted 3 messages with a fantasy name to a Usenet test group where > > the 3rd message was signed with a fake key and

Re: Revoking a certificate (--edit-key + revsig)

Daniel Kahn Gillmor [2017-06-21 14:03:00-04] wrote: > in the abstract: > > * i learned via some channel i consider trustworthy that this key isn't >appropriate for use with this User ID any more. > > more concretely: > > * "I had lunch with Sarah and she told me she'd lost access to her >

Re: TOFU

On 21/06/17 20:49, Peter Lebbing wrote: > which would still > be marginally safe until computers are much faster, and certainly not a > short ID which is utterly unsafe and has always been. Which *might* still be marginally safe. I haven't done any actual calculations, and I want to seriously

Re: speedo Error 2, download swdb.lst failed

On Wed, 21 Jun 2017 19:11, pe...@digitalbrains.com said: > I think this is because of an expired certificate for versions.gnupg.org: Sorry for this. Fixed. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpLUBTrl8Z_C.pgp Description: PGP

Re: TOFU

On Wed, 21 Jun 2017 21:04:09 +0200, Peter Lebbing wrote: > On 21/06/17 20:49, Peter Lebbing wrote: > > which would still > > be marginally safe until computers are much faster, and certainly > > not a short ID which is utterly unsafe and has always been. > > Which *might* still be marginally

Re: TOFU

On 21/06/17 20:30, Stefan Claas wrote: > Technically spoken Enigmail showed all three messages as "Untrusted > Good Signature from Ernst Mustermann etc. , because i have not signed > the first key locally, to get for the first two messages a green bar > in Enigmail. Or either: - Used

Re: Managing the WoT with GPG

On 2017/06/20 14:34, martin f krafft wrote: > 5. Has anyone come up with a smart way to keep pubring/trustdb >synchronised between multiple workstations? I have a quick and dirty tool here: https://github.com/andrewgdotcom/synctrust A signature.asc Description: OpenPGP digital signature

Re: Key corruption: duplicate signatures and usage flags

Hi Martin, On Wed, 21 Jun 2017 at 11:03:40 +0200, martin f krafft wrote: > And then check this out: > > % gpg --edit-key 0x55C9882D999BBCC4 > […] > > key 55C9882D999BBCC4: > 24 duplicate signatures removed > > That's a bit weird. Where do these come from? The OpenPGP packets were not ordered

Re: speedo Error 2, download swdb.lst failed

On 21/06/17 17:14, murphy wrote: > download of swdb.lst failed. I think this is because of an expired certificate for versions.gnupg.org: $ wget -S https://versions.gnupg.org/swdb.lst --2017-06-21 19:11:03-- https://versions.gnupg.org/swdb.lst Resolving versions.gnupg.org

Re: Using gpg for ssh (Maximum Portability)

On 18/06/17 03:48, Christopher Jones wrote: > It's a task to setup gpg on new boxes: Import pub key, ultimately trust > my key, and muck around with gpg and ssh agents. If all you want to do is SSH, you don't need your key, so it reduces to "muck around with gpg and ssh agents". As long as

speedo Error 2, download swdb.lst failed

Hi all - during a routine build of gnupg-2.1.21 for Ubuntu 16.04 LTS a speedo build from source that has consistently worked as recently as a few days ago has now consistently hung up. This is true on a Raspberry Pi 3 armhf environment as well as Ubuntu linux. The offending command seems to be:

Re: TOFU

On 08/06/17 22:33, Stefan Claas wrote: > I did a test today with Enigmail and with TOFU in command line mode. > I posted 3 messages with a fantasy name to a Usenet test group where > the 3rd message was signed with a fake key and Enigmail showed me this: > > UNTRUSTED Good signature from Ernst