Re: Fwd: gnupg SmartCard V3.3

Hello, Werner Koch wrote: > @gniibe: Do you have any more up to date information on macOS and > smartcard readers? If possible, I recommend to use GnuPG's in-stock driver to access smartcard. It is direct access by libusb, not using PC/SC service. For GNU/Linux, if you don't

Re: gpgsm as a CA

On Wed, 28 Feb 2018 18:57, andr...@andrewg.com said: > Is there any support for using gpgsm as a certificate authority? There is some basic support to create certificates: The format of the parameter file is described in the manual under "Unattended Usage". [...] This parameter

Re: Issuing non self-signed certificate without having the private key in gpgsm keyring

Le 2018-02-28 15:35, Werner Koch a écrit : On Fri, 23 Feb 2018 19:21, j...@netbsd.org said: ATM (with gpgsm (GnuPG) 2.2.4) , due to [1], gpgsm cannot sign certificate for which a public key has been imported but without an associated private key to it (disregarding the self-signing What you

Re: gpgsm as a CA

> Hi, all. > > Is there any support for using gpgsm as a certificate authority? Hi, FWIW I have put up a guide recently on how I achieved this with gpgsm + an OpenPGP card for private key handling. You can drop the card thing if you don't intend using and keep the private key instead.

Re: gpgsm --gen-key with key on smartcard

On Wed, 28 Feb 2018 16:30, thomas.jaro...@intra2net.com said: > what do you think about Peter's idea: > > $ gpg --with-keygrip --card-status If you use that with --with-colons you can also script this. But that is about gpg and not about gpgsm. gpgsm has no external card interface because the

gpgsm as a CA

Hi, all. Is there any support for using gpgsm as a certificate authority? -- Andrew Gallagher signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org

Re: gpgsm --gen-key with key on smartcard

On Wednesday, 28 February 2018 14:50:39 CET Werner Koch wrote: > If you need this information a small tool to present an enhanced menu > could be written. That tool would then utilize gpgsm and gpg. GPA > might be a candidate to implement this. what do you think about Peter's idea: $ gpg

Re: entropy gathering daemon

On Wed, 28 Feb 2018 15:53, ed...@pettijohn-web.com said: > for chroot'd programs that need it on a filesystem mounted nodev. I > sent some patches awhile back to add arc4random_buf as the entropy > gathering 'device'. Which I've been using with no problems since. And In case you have a problem

Re: Fwd: gnupg SmartCard V3.3

On Tue, 27 Feb 2018 01:04, k...@glsys.de said: > gpg2 --version is 2.1.11 That is a pretty old an somewhat buggy version which will likely have problems with newer smartcards. > Tried gpg (GnuPG/MacGPG2) 2.2.3 > on a completely different machine (mac) That version is recent enough and as long

Re: Configuration for offline usage - best practice tips?

On Fri, 23 Feb 2018 23:08, jc.gnupg...@unser.net said: > Yes, that's what I plan to do, generate a subkey for each month in advance > and use this to encrypt my backups. That raises the question for us whether it will make sense to change --quick-add-key fpr [algo [usage [expire]]] to add

Re: entropy gathering daemon

On Feb 28, 2018 8:22 AM, Werner Koch wrote: > > On Sun,  4 Feb 2018 08:44, ed...@pettijohn-web.com said: > > > Is it no longer possible to use egd? Most of the info I can find seems > > If Libgcrypt has been configured with EGD support this should still > work.  I have not tested

Re: gnupg SmartCard V3.3

Hello Klaus, On Tuesday, 27 February 2018 01:04:27 CET Klaus Römer wrote: > i bought two V3.3 cards, but can`t get them to work … > the keytocard command does not move the key but copy it and further on the > gpg2 --card-status -> fetch followed by gpg2 --card-status does not create > the stub

Re: Issuing non self-signed certificate without having the private key in gpgsm keyring

On Fri, 23 Feb 2018 19:21, j...@netbsd.org said: > ATM (with gpgsm (GnuPG) 2.2.4) , due to [1], gpgsm cannot sign > certificate for which a public key has been imported but without an > associated private key to it (disregarding the self-signing What you here is to create CSR (Certifciate

Re: Not enough information to check signature validity

On Wed, 7 Feb 2018 23:59, marshallabr...@alumni.cmu.edu said: > A friends had to re-install gpg4win as a result of a hard disk > failure. Since then, all encrypted files received from her come with a > warning "Not enough information to check signature validity." What can You don't have her

Re: entropy gathering daemon

On Sun, 4 Feb 2018 08:44, ed...@pettijohn-web.com said: > Is it no longer possible to use egd? Most of the info I can find seems If Libgcrypt has been configured with EGD support this should still work. I have not tested it for more than a decade, though. Why do you want to use it? Which OS

Re: initramfs - gpg decryption failed invalid IPC response

On Wed, 31 Jan 2018 22:25, m...@davidlasek.eu said: >     gpg (GnuPG) 2.2.4 >     libgcrypt 1.8.2 > And prints: > >gpg: encrypted with RSA key, ID . created > > >gpg: public key decryption failed: Invalid IPC response > >gpg: decryption failed: No secret key Can you please add

Re: Use the same passphrase for PGP and SSH keys and get prompted only once by gpg-agent

On Wed, 21 Feb 2018 07:27, b...@adversary.org said: >> No, there is no way to configure an extra hack to also test a passphrase >> for an ssh key. > > Wanna bet? Oh no, I don't want to promote create solutions of our complex API ;-) Shalom-Salam, Werner -- # Please read: Daniel

Re: gpgsm --gen-key with key on smartcard

On Wed, 28 Feb 2018 10:56, thomas.jaro...@intra2net.com said: > When using a smartcard, what about showing the openpgp key IDs > in the "Available keys" menu? gpgsm does and shall not know anything about OpenPGP. Thus it can't display OpenPGP information. In theory we could display the

Re: gpgsm --gen-key with key on smartcard

On 28/02/18 10:56, Thomas Jarosch wrote: > When using a smartcard, what about showing the openpgp key IDs > in the "Available keys" menu? I don't think that's possible: keygrips are "protocol" agnostic, but key IDs are not. So while the keygrip is the same for S/MIME and OpenPGP, key ID's are

Re: gpgsm --gen-key with key on smartcard

Hi. Am Mittwoch, den 28.02.2018, 10:56 +0100 schrieb Thomas Jarosch: > To me it seems it shows the 'keygrip' instead of the smartcard key > IDs? Yes, that's correct. > When using a smartcard, what about showing the openpgp key IDs > in the "Available keys" menu? I think this is not

gpgsm --gen-key with key on smartcard

Hello together, gpgsm can be used to create X.509 certificates for existing secret keys on a openpgp smartcard. "gpg2 --card-status" looks like this: * .. Signature key : E642 8DAC 275A 3247 5B59 A16F A3E9 1268 663A 9918 created :