Still trying to troubleshoot --refresh-keys error
For the last few weeks, I've talked about how, when I try to refresh the keys on my ring, I get an error from GnuPG. Today, I noticed a message that I hadn't noticed before and I strongly suspect this might be the cause of the problem I'm having. When I issued the gpg2 --refresh-keys command, GnuPG connected to the SKS pool and sent a request for all the keys on my ring. At the end of the refresh attempt, I saw the following: gpg: no valid OpenPGP data found. gpg: Total number processed: 0 gpg: keyserver communications error: keyserver helper internal error gpg: keyserver communications error: General error gpg: keyserver refresh failed: General error IIRC, Stephen mentioned something about the helper program the last time I posted. This seems to confirm that. However, since it's not giving me much information, I can't really troubleshoot further. This is GnuPG 2.0.3 (GpG4Win 2.3.3) on Windows 10. This issue DOES NOT happen on Linux. Can anyone offer a bit of insight? Thanks, Anthony -- VoIP/SIP: 1259...@localphone.com Skype:cajuntechie XMPP/Jabber: papill...@dukgo.com PGP Key: 0xCC9D1E072AC97369 Other Info: http://www.cajuntechie.org/p/my-pgp-key.html signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proof for a creation date [GishPuppy]
Unfortunately, I think the public key from that service is no longer importable in modern GnuPG. https://gnupg.org/faq/whats-new-in-2.1.html#nopgp2 Trying to import the public key on this page results in no public key being imported. Without this the service cannot be used to verify the signature on a timestamp report (I reported this to them several years ago. No changes were made). Also, this service is not a very secure source of time. They use their own clock. They claim some security by using an incrementing counter and publishing signed snapshots to a usenet group. Bottom line though is this service is pretty ancient and requires a lot of trust on your part of the administrator. http://www.itconsult.co.uk/stamper/stampinf.htm $ gpg2 --verbose --import stamper.asc gpg: armor header: Version: 2.6.3i gpg: Total number processed: 3 gpg: skipped PGP-2 keys: 3 $ gpg2 --version gpg (GnuPG) 2.1.16 > Bertram Scharpf wrote: > > > I want to make evidence that I created a document > > _before_ a certain point of time. > > > > > http://www.itconsult.co.uk/stamper.htm > > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proof for a creation date
Tierion creates a Merkle tree of incoming hashes and puts the root of the Merkle tree on the Bitcoin blockchain which proves that the hash was placed there prior to the time embedded in the BTC transaction. You want to use their HashAPI. https://tierion.com/features Other similar services are: http://truetimestamp.org https://proofofexistence.com These services don't need GnuPG, but nothing to stop you from hashing a signed document. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How do you help someone to encrypted email (Re: How do you let your M.D. ...)
On 02/12/16 14:57, Duane Whitty wrote: > > I believe that outside of the lack of awareness that their privacy is > being ignored, the problem is mostly private key management and the > unfortunate fact that most of the email clients that most people use > on the most popular platforms don't support encrypting and decrypting > mail. Yes. Secret key generation, backups, and portability. Also, the fact that so many people now use webmail rather than a local client. > Sure you can use a smart card reader to > solve the availability issues but then you have to deal with all the > software issues. Most people have no knowledge about any of this let > alone the existence of tools like smart card readers. Yep. I've been using a smart card reader for a while, and although I'm comfortable with it now, initially it was daunting. I ended up writing a tool to automate the key generation and backup process (https://andrewg.com/frith.html). There is a similar project under development in Debian (https://danielpocock.com/outreachy-gsoc-2017-pki-clean-room). I wouldn't ask my mother to use either of them. Enabling the smart card for use across multiple machines was a long, trial and error process. Once it is working the convenience is great. But I wouldn't expect anyone else to do it. > I realize there is an argument to be made that people need to exercise > personal responsibility when it comes to their security. But I > believe adoption will be limited to the technically adept until we can > make using encryption and decryption an understandable and short > process for people who only use their computers to run "canned" > applications and send mail. Yes. Arguing "personal responsibility" is too often a means of passing the buck. If it is too difficult or time consuming to be a responsible citizen, people won't. This applies across all walks of life, not just computer security. The best systems make Good Things easy, and Bad Things more trouble than they're worth. Poor systems make Bad easier than Good and then spend all their energy chasing up people who took the lazy way out - which in extreme cases can mean literally everyone. > (Thinking out loud) > I wonder if a solution akin to what the password managers do is > possible? Maybe storing a private key in a password manager would > work for a lot of users. GPG's secret keyring is a password protected database, just like a password manager. The main thing it does not do that many password managers provide is automatically store the encrypted secret in the cloud for easy synchronisation. This is a questionable practice however. Much better to store your secret key material on a smart card. Of course that buggers up mobile. > Still doesn't solve the problem of having gnupg available and > integrated on all the different platforms. Exactly. A signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proof for a creation date [GishPuppy]
Bertram Scharpf wrote: > I want to make evidence that I created a document > _before_ a certain point of time. > http://www.itconsult.co.uk/stamper.htm Gishpuppy | To change the delivery settings for this email, click here: http://www.gishpuppy.com/cgi-bin/edit.py?email=gmane@gishpuppy.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How do you help someone to encrypted email (Re: How do you let your M.D. ...)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 16-12-02 03:39 AM, Bernhard Reiter wrote: >> so that it's easier for folks unfamiliar to setup and use than >> having to go over the too long material > > Within next year, someone will just need to use an email client > that support the following technical solution: > > https://wiki.gnupg.org/WKD > > This is something the GnuPG team is actively working on. > > Best Regards, Bernhard > > > > ___ Gnupg-users mailing > list Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > First let me say thank you to the developers of gnupg and all the tools and scripts and everything else that goes into creating and running a project as complex as this. And thanks to all the helpful people on the list. Regarding WKD: I'm sure this will be a great tool for fetching public keys and will make life easier for many people on this list. Thank you for your efforts Bernhard! (Putting on fireproof suit :-) ) My personal feeling and opinion however is that public key management is not the barrier to adoption of gnupg for everyday users who would like to increase their security. I believe that outside of the lack of awareness that their privacy is being ignored, the problem is mostly private key management and the unfortunate fact that most of the email clients that most people use on the most popular platforms don't support encrypting and decrypting mail. I'll be the first to admit that I don't know how to make it easy for users to be able to generate a private/public key pair wherein the private key can be stored relatively securely and be available for use with their gmail or other email platform of choice from the desktop, laptop, tablet, and phone. Sure you can use a smart card reader to solve the availability issues but then you have to deal with all the software issues. Most people have no knowledge about any of this let alone the existence of tools like smart card readers. I realize there is an argument to be made that people need to exercise personal responsibility when it comes to their security. But I believe adoption will be limited to the technically adept until we can make using encryption and decryption an understandable and short process for people who only use their computers to run "canned" applications and send mail. (Thinking out loud) I wonder if a solution akin to what the password managers do is possible? Maybe storing a private key in a password manager would work for a lot of users. It's not as if anyone would be forced to do this. Create a partnership with a few of the password managers that would require a key be protected by a 30+ character random password and then users could access their private key from anywhere once they've logged into their password manager. Just a thought and clearly it's not the most secure method but maybe it is secure enough? Still doesn't solve the problem of having gnupg available and integrated on all the different platforms. (keeping fireproof suit on for a while :-) ) Thanks for your indulgence and patience :-) Best Regards, Duane - -- Duane Whitty du...@nofroth.com -BEGIN PGP SIGNATURE- iQEcBAEBCAAGBQJYQYvKAAoJEOJfpr8UVxtkJPgH/1iH2Lk9WFUgE+mkhbJRivsc HnPOzCY+XqWQkWSy7T9kgGddvnf/0jhanApsOnkOiVIUI44XOxuH2dViUbkoEDbj bl+eAjVttVzpyoyVhgwU7jmnsxj4BRvH+6vbTWp3bWt1Cdwz5MTcvsL1nfAgm7zR gAXR251Ul0kL+rFuM/SWe6DXlYoj5ZPWZRpCUR+cuP55PzYJTnoJeAvSMtoktBbH aFDVVyltNJhjikMRTDZ93VJWd0KAytGjCZntnYtwssFbxNkBJIh92ODkEuB8Rj/M mAqnzpKW7TLOjaAFXnD3Nyg4ATy4M3oK0hm+qV6IbTqEjzXspHlw/wubBHwZWfA= =Dm3t -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proof for a creation date
On Fri, Dec 02, 2016 at 01:37:00PM +0800, Quan Zhou wrote: > so GnuPG's timestamping isn't an option for this? > Even X509 has a timestamping feature for this kind of use. > No, because you could just set your computer's clock to anything you want, then create the GnuPG /X509 timestamp. I agree with some of the other posters; the best way is to either post the whole message, or a cryptographically strong hash of it to some public append-only location, and the Bitcoin blockchain or a certificate transparency log both do it the same way, via a cryptographic hash inserted into a Merkle tree. That has the desired properties of being append-only and publicly auditable. -- Brian Minton brian at minton dot name http://brian.minton.name Live long, and prosper longer! OpenPGP fingerprint = 8213 71DD 4665 CF4F AE20 2206 0424 DC19 B678 A1A9 signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG version info from GPGME?
> Have I just overlooked it, or do I really need to launch gpg --version > and parse the output? And literally two seconds after clicking "Send", I found the answer. Never mind. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GnuPG version info from GPGME?
I'm working on a command-line application to migrate profiles not just between machines, but versions of GnuPG. E.g., 1.4 on machine A -> 2.1 on machine B, or vice-versa. For this, I need a way to discover which version of GnuPG is currently installed. A quick look through the GPGME manual doesn't reveal anything. Have I just overlooked it, or do I really need to launch gpg --version and parse the output? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proof for a creation date
Hi Quan Zhou, Quan Zhou: > so GnuPG's timestamping isn't an option for this? > Even X509 has a timestamping feature for this kind of use. > > On Fri, Dec 2, 2016 at 11:59 AM, Schlacta, Christ> wrote: > >> The easiest way is to publish your code to a publicly controlled source >> with a signature on or before your desired date. Not sure if there's a >> *better* way. >> >> On Dec 1, 2016 7:43 PM, "Bertram Scharpf" >> wrote: [...] >>> I want to do the opposite. I want to make evidence >>> that I created a document _before_ a certain point of time. [...] >>> Is there a standard way in GnuPG and in the keyholder >>> infrastructure to accomplish this task? since it is possible to fake system time by modifying system time in BIOS (all OS with BIOS or similar) and (on GNU/Linux systems) by using faketool application-wide, or, more specifically, gpg's --fake-system-time EPOCH (usable from 2.1 on if gnupg was compiled using debug flags; although this option is documented for previous versions as to the 2.0.x manpages or the gnupg's info manual, it only is implemented and usable in gpg 2.1. see (1)(2)(3)(4) gpg's signature timestamp (on a given file) would NOT be a real proof of a document being allegedly signed at that specific date or (prior to a determined date). So it would NOT either be a credible proof of a document being allegedly created before a determined date, if you decided to sign it immediately after creating it in order to document its creation date via signature time). Cheers Stephan (1) https://lists.gnupg.org/pipermail/gnupg-devel/2014-September/028724.html (2) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760354 (3) https://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/2014-September/001774.html (4) https://marc.info/?l=gnupg-commit-watchers=146009708822599=2 0x4218732B.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpgme 1.8 build failure (again)
On Fri, 2 Dec 2016 07:05, r...@sixdemonbag.org said: > Unfortunately I didn't write this down, and the email thread is not in > the archive. (Only one message seems to be: The mails went to gnupg-devel and only one to gnupg-users. I am not sure whether this was helpful but I wrote We are still using x86_64-apple-darwin15.5.0 with ./configure --prefix=/Users/jenkins/prefix/native --enable-maintainer-mode 'CFLAGS= -D_DARWIN_C_SOURCE=90L -fPIC' 'CXXFLAGS= -D_DARWIN_C_SOURCE=90L -fPIC -std=c++11' and we see no problems. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpZ_N5EPG1PA.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
How do you help someone to encrypted email (Re: How do you let your M.D. ...)
> so that it's easier for folks unfamiliar to setup and use than having to > go over the too long material Within next year, someone will just need to use an email client that support the following technical solution: https://wiki.gnupg.org/WKD This is something the GnuPG team is actively working on. Best Regards, Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users