Still trying to troubleshoot --refresh-keys error

[Anthony Papillion]

For the last few weeks, I've talked about how, when I try to refresh the
keys on my ring, I get an error from GnuPG. Today, I noticed a message
that I hadn't noticed before and I strongly suspect this might be the
cause of the problem I'm having.

When I issued the

gpg2 --refresh-keys

command, GnuPG connected to the SKS pool and sent a request for all the
keys on my ring. At the end of the refresh attempt, I saw the following:

gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: keyserver helper internal error
gpg: keyserver communications error: General error
gpg: keyserver refresh failed: General error

IIRC, Stephen mentioned something about the helper program the last time
I posted. This seems to confirm that.  However, since it's not giving me
much information, I can't really troubleshoot further.

This is GnuPG 2.0.3 (GpG4Win 2.3.3) on Windows 10.  This issue DOES NOT
happen on Linux.

Can anyone offer a bit of insight?

Thanks,
Anthony



-- 
VoIP/SIP: 1259...@localphone.com
Skype:cajuntechie
XMPP/Jabber:  papill...@dukgo.com
PGP Key:  0xCC9D1E072AC97369
Other Info:   http://www.cajuntechie.org/p/my-pgp-key.html




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Proof for a creation date [GishPuppy]

[Glenn Rempe]

Unfortunately, I think the public key from that service is no longer importable 
in modern GnuPG.

https://gnupg.org/faq/whats-new-in-2.1.html#nopgp2

Trying to import the public key on this page results in no public key being 
imported. Without this the service cannot be used to verify the signature on a 
timestamp report (I reported this to them several years ago. No changes were 
made).  Also, this service is not a very secure source of time. They use their 
own clock. They claim some security by using an incrementing counter and 
publishing signed snapshots to a usenet group.  Bottom line though is this 
service is pretty ancient and requires a lot of trust on your part of the 
administrator.

http://www.itconsult.co.uk/stamper/stampinf.htm

$ gpg2 --verbose --import stamper.asc
gpg: armor header: Version: 2.6.3i
gpg: Total number processed: 3
gpg:     skipped PGP-2 keys: 3

$ gpg2 --version
gpg (GnuPG) 2.1.16

> Bertram Scharpf wrote:
>
> > I want to make evidence that I created a document
> > _before_ a certain point of time.
> >
>
>
> http://www.itconsult.co.uk/stamper.htm
>
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Proof for a creation date

[Glenn Rempe]

Tierion creates a Merkle tree of incoming hashes and puts the root of the 
Merkle tree on the Bitcoin blockchain which proves that the hash was placed 
there prior to the time embedded in the BTC transaction. You want to use their 
HashAPI.

https://tierion.com/features

Other similar services are:

http://truetimestamp.org
https://proofofexistence.com

These services don't need GnuPG, but nothing to stop you from hashing a signed 
document.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How do you help someone to encrypted email (Re: How do you let your M.D. ...)

[Andrew Gallagher]

On 02/12/16 14:57, Duane Whitty wrote:
> 
> I believe that outside of the lack of awareness that their privacy is
> being ignored, the problem is mostly private key management and the
> unfortunate fact that most of the email clients that most people use
> on the most popular platforms don't support encrypting and decrypting
> mail.

Yes. Secret key generation, backups, and portability. Also, the fact
that so many people now use webmail rather than a local client.

> Sure you can use a smart card reader to
> solve the availability issues but then you have to deal with all the
> software issues.  Most people have no knowledge about any of this let
> alone the existence of tools like smart card readers.

Yep. I've been using a smart card reader for a while, and although I'm
comfortable with it now, initially it was daunting. I ended up writing
a tool to automate the key generation and backup process
(https://andrewg.com/frith.html). There is a similar project under
development in Debian
(https://danielpocock.com/outreachy-gsoc-2017-pki-clean-room). I
wouldn't ask my mother to use either of them.

Enabling the smart card for use across multiple machines was a long,
trial and error process. Once it is working the convenience is great.
But I wouldn't expect anyone else to do it.

> I realize there is an argument to be made that people need to exercise
> personal responsibility when it comes to their security.  But I
> believe adoption will be limited to the technically adept until we can
> make using encryption and decryption an understandable and short
> process for people who only use their computers to run "canned"
> applications and send mail.

Yes.

Arguing "personal responsibility" is too often a means of passing the
buck. If it is too difficult or time consuming to be a responsible
citizen, people won't. This applies across all walks of life, not just
computer security.

The best systems make Good Things easy, and Bad Things more trouble
than they're worth. Poor systems make Bad easier than Good and then
spend all their energy chasing up people who took the lazy way out -
which in extreme cases can mean literally everyone.

> (Thinking out loud)
> I wonder if a solution akin to what the password managers do is
> possible?  Maybe storing a private key in a password manager would
> work for a lot of users. 

GPG's secret keyring is a password protected database, just like a
password manager. The main thing it does not do that many password
managers provide is automatically store the encrypted secret in the
cloud for easy synchronisation. This is a questionable practice
however. Much better to store your secret key material on a smart card.

Of course that buggers up mobile.

> Still doesn't solve the problem of having gnupg available and
> integrated on all the different platforms.

Exactly.

A



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Proof for a creation date [GishPuppy]

[gmane . bl4]

Bertram Scharpf wrote:

> I want to make evidence that I created a document
> _before_ a certain point of time.
>


http://www.itconsult.co.uk/stamper.htm


Gishpuppy | To change the delivery settings for this email, click here: 
http://www.gishpuppy.com/cgi-bin/edit.py?email=gmane@gishpuppy.com

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How do you help someone to encrypted email (Re: How do you let your M.D. ...)

[Duane Whitty]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 16-12-02 03:39 AM, Bernhard Reiter wrote:
>> so that it's easier for folks unfamiliar to setup and use than
>> having to go over the too long material
> 
> Within next year, someone will just need to use an email client 
> that support the following technical solution:
> 
> https://wiki.gnupg.org/WKD
> 
> This is something the GnuPG team is actively working on.
> 
> Best Regards, Bernhard
> 
> 
> 
> ___ Gnupg-users mailing
> list Gnupg-users@gnupg.org 
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

First let me say thank you to the developers of gnupg and all the
tools and scripts and everything else that goes into creating and
running a project as complex as this.  And thanks to all the helpful
people on the list.

Regarding WKD:  I'm sure this will be a great tool for fetching public
keys and will make life easier for many people on this list.  Thank
you for your efforts Bernhard!


(Putting on fireproof suit :-) )

My personal feeling and opinion however is that public key management
is not the barrier to adoption of gnupg for everyday users who would
like to increase their security.

I believe that outside of the lack of awareness that their privacy is
being ignored, the problem is mostly private key management and the
unfortunate fact that most of the email clients that most people use
on the most popular platforms don't support encrypting and decrypting
mail.

I'll be the first to admit that I don't know how to make it easy for
users to be able to generate a private/public key pair wherein the
private key can be stored relatively securely and be available for use
with their gmail or other email platform of choice from the desktop,
laptop, tablet, and phone.  Sure you can use a smart card reader to
solve the availability issues but then you have to deal with all the
software issues.  Most people have no knowledge about any of this let
alone the existence of tools like smart card readers.

I realize there is an argument to be made that people need to exercise
personal responsibility when it comes to their security.  But I
believe adoption will be limited to the technically adept until we can
make using encryption and decryption an understandable and short
process for people who only use their computers to run "canned"
applications and send mail.

(Thinking out loud)
I wonder if a solution akin to what the password managers do is
possible?  Maybe storing a private key in a password manager would
work for a lot of users.  It's not as if anyone would be forced to do
this.  Create a partnership with a few of the password managers that
would require a key be protected by a 30+ character random password
and then users could access their private key from anywhere once
they've logged into their password manager.  Just a thought and
clearly it's not the most secure method but maybe it is secure enough?
 Still doesn't solve the problem of having gnupg available and
integrated on all the different platforms.

(keeping fireproof suit on for a while :-) )


Thanks for your indulgence and patience :-)

Best Regards,
Duane

- -- 
Duane Whitty
du...@nofroth.com
-BEGIN PGP SIGNATURE-

iQEcBAEBCAAGBQJYQYvKAAoJEOJfpr8UVxtkJPgH/1iH2Lk9WFUgE+mkhbJRivsc
HnPOzCY+XqWQkWSy7T9kgGddvnf/0jhanApsOnkOiVIUI44XOxuH2dViUbkoEDbj
bl+eAjVttVzpyoyVhgwU7jmnsxj4BRvH+6vbTWp3bWt1Cdwz5MTcvsL1nfAgm7zR
gAXR251Ul0kL+rFuM/SWe6DXlYoj5ZPWZRpCUR+cuP55PzYJTnoJeAvSMtoktBbH
aFDVVyltNJhjikMRTDZ93VJWd0KAytGjCZntnYtwssFbxNkBJIh92ODkEuB8Rj/M
mAqnzpKW7TLOjaAFXnD3Nyg4ATy4M3oK0hm+qV6IbTqEjzXspHlw/wubBHwZWfA=
=Dm3t
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Proof for a creation date

[Brian Minton]

On Fri, Dec 02, 2016 at 01:37:00PM +0800, Quan Zhou wrote:
> so GnuPG's timestamping isn't an option for this?
> Even X509 has a timestamping feature for this kind of use.
> 

No, because you could just set your computer's clock to anything you want,
then create the GnuPG /X509 timestamp.  

I agree with some of the other posters; the best way is to either post the
whole message, or a cryptographically strong hash of it to some public
append-only location, and the Bitcoin blockchain or a certificate transparency
log both do it the same way, via a cryptographic hash inserted into a Merkle
tree.  That has the desired properties of being append-only and publicly
auditable.

-- 
Brian Minton
brian at minton dot name http://brian.minton.name
Live long, and prosper longer!
OpenPGP fingerprint = 8213 71DD 4665 CF4F AE20  2206 0424 DC19 B678 A1A9


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG version info from GPGME?

[Robert J. Hansen]

> Have I just overlooked it, or do I really need to launch gpg --version
> and parse the output?

And literally two seconds after clicking "Send", I found the answer.
Never mind.  :)


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG version info from GPGME?

[Robert J. Hansen]

I'm working on a command-line application to migrate profiles not just
between machines, but versions of GnuPG.  E.g., 1.4 on machine A -> 2.1
on machine B, or vice-versa.  For this, I need a way to discover which
version of GnuPG is currently installed.  A quick look through the GPGME
manual doesn't reveal anything.

Have I just overlooked it, or do I really need to launch gpg --version
and parse the output?

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Proof for a creation date

[Stephan Beck]

Hi Quan Zhou,

Quan Zhou:
> so GnuPG's timestamping isn't an option for this?
> Even X509 has a timestamping feature for this kind of use.
> 
> On Fri, Dec 2, 2016 at 11:59 AM, Schlacta, Christ 
> wrote:
> 
>> The easiest way is to publish your code to a publicly controlled source
>> with a signature on or before your desired date. Not sure if there's a
>> *better* way.
>>
>> On Dec 1, 2016 7:43 PM, "Bertram Scharpf" 
>> wrote:
[...]
>>> I want to do the opposite. I want to make evidence
>>> that I created a document _before_ a certain point of time.
[...]
>>> Is there a standard way in GnuPG and in the keyholder
>>> infrastructure to accomplish this task?

since it is possible to fake system time by modifying system time in
BIOS (all OS with BIOS or similar) and (on GNU/Linux systems) by using
faketool application-wide, or, more specifically, gpg's
--fake-system-time EPOCH (usable from 2.1 on if gnupg was compiled using
debug flags; although this option is documented for previous versions as
to the 2.0.x manpages or the gnupg's info manual, it only is implemented
and usable in gpg 2.1. see (1)(2)(3)(4)

gpg's signature timestamp (on a given file) would NOT be a real proof of
a document being allegedly signed at that specific date or (prior to a
determined date). So it would NOT either be a credible proof of a
document being allegedly created before a determined date, if you
decided to sign it immediately after creating it in order to document
its creation date via signature time).

Cheers

Stephan

(1) https://lists.gnupg.org/pipermail/gnupg-devel/2014-September/028724.html
(2) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760354
(3)
https://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/2014-September/001774.html
(4) https://marc.info/?l=gnupg-commit-watchers=146009708822599=2


0x4218732B.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpgme 1.8 build failure (again)

[Werner Koch]

On Fri,  2 Dec 2016 07:05, r...@sixdemonbag.org said:

> Unfortunately I didn't write this down, and the email thread is not in
> the archive.  (Only one message seems to be:

The mails went to gnupg-devel and only one to gnupg-users.

I am not sure whether this was helpful but I wrote

  We are still using x86_64-apple-darwin15.5.0 with
  
  ./configure --prefix=/Users/jenkins/prefix/native
--enable-maintainer-mode 'CFLAGS= -D_DARWIN_C_SOURCE=90L -fPIC'
'CXXFLAGS= -D_DARWIN_C_SOURCE=90L -fPIC -std=c++11'
  
  and we see no problems.  


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpZ_N5EPG1PA.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

How do you help someone to encrypted email (Re: How do you let your M.D. ...)

[Bernhard Reiter]

> so that it's easier for folks unfamiliar to setup and use than having to
> go over the too long material

Within next year, someone will just need to use an email client
that support the following technical solution:

  https://wiki.gnupg.org/WKD

This is something the GnuPG team is actively working on.

Best Regards,
Bernhard

-- 
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users