Hi!
On Sat, 4 May 2024 18:45, Andreas Metzler said:
> rG0a355b2fe7d8 gpg: Add compatibility flag "vsd-allow-ocb"
> rGa545e14e8a74 gpg: Support OCB encryption.
> Which understand to mean that 2.2.43 would by default both generate keys
> with 'AEAD: OCB' and use OCB when encrypting
Hi!
Given that you have an uncommon primary key I would like to see some
information of the card. Please run
gpg-card
to get infos on the card and used keys. In case you don't want to share
this with the list, feel free to send it to Eva or me directly
(w...@gnupg.org - no html parts).
On Thu, 2 May 2024 15:31, Matthias Apitz said:
> which locks the card again. Any ideas?
If you really want to reset the card after an operation _and_ you are
using pcscd you can use
gpg-connect-agent 'scd disconnect' /bye
But killing scdaemon is probably the easier and more reliable way:
On Thu, 2 May 2024 16:58, Matěj Cepl said:
> rather dubious: systemd can certainly manage a dependence on
> shared resource, and concurrent running of two processes at
Right. However, systemd does not use the same locking scheme as gnupg
uses to avoid duplicate daemon startup. The gnupg
On Wed, 1 May 2024 11:50, Henning Follmann said:
> Well, if you have a authentication subkey on your card you could use that
> for ssh authentication directly.
> Your gpg-agent would then act as ssh-agent.
I would even claim that this is the best way to work with ssh - I do
this now for nearly
On Mon, 29 Apr 2024 07:03, Bee said:
> But that environment is not passed and used by pinentry - it has no
> knowledge of them. PINENTRY_USER_DATA may exist, but it has no
> knowledge as to how to interpret it. Ergo, some other mechanism must
Its is called "USER DATA" for a reason - you have to
On Sun, 28 Apr 2024 13:02, Bee said:
>>+ (https://dev.gnupg.org/T4154)
[...]
>>+ mypass="IUuKctdEhH8' gpg --batch --pinentry-mode=loopback \
>>+ --passphrase-env=mypass --decrypt < message.txt
>>+
>
> can be effected without resorting to PINENTRY_USER_DATA - so no need to
> code, customize,
On Tue, 23 Apr 2024 21:39, Eric Pruitt said:
> I have multiple public keys in my GPG keyring. When validating
> signatures, I sometimes want to validate them against a specific key so
The classcc tool for this is gpgv with its --keyring option. This is
what for example Debian uses to validate
On Thu, 18 Apr 2024 10:26, Bruce Walzer said:
> Perhaps things that accept key fingerprints should ignore anything
> other than hex digits?
Double clicking a word makes things really easy. I also doubt that
anyone will compare a 64 hex digit fingerprint visually. Thus better
paste it and let
On Wed, 17 Apr 2024 16:43, Christian Sommer said:
> I indeed choose to preset the "with-fingerprint" option in my
> gpg.conf. By removing it, listing my keys give back the full 64
> character long fingerprint of my X448 key.
We once agreed that it is better to show a shortened fingerprint for
On Thu, 11 Apr 2024 12:24, Moses said:
> tried to import again, and the same error still occurred. The same
> error happened when I tried to directly execute the
> D:\software\GNU\GnuPG\bin\gpg --import command.
Well, I have no more idea on how to debug this by mail :-(.
On Linux you would now
On Wed, 10 Apr 2024 12:15, Todd Zullinger said:
> This caused me to re-read the document and I'll likely add
> an additional Token: line to note the two cards which hold a
> new key (which I have yet to start using). That should make
That is actually there (TOKEN, see the example) and gpg-agent
Hi,
I see in your PATH
D:\software\GNU\GnuWin32\bin
prior to
D:\software\GNU\Gpg4win\..\GnuPG\bin
May it be that you use a gpg version picked up from the GnuWin32? Check
also whether there is a gpg binary in the Git program directory.
My educated guess is that Gnuwin32 is a Cygwin based
Hi!
On Tue, 9 Apr 2024 12:21, Moses said:
> C:\>gpgconf -L
which merely shows that you installed the software on d:\software and
kep the user data at the usual C: directories. I see nothing strange.
To recap your problem was:
c:\> gpg --import private-keys.asc
gpg: enabled compatibility
On Mon, 8 Apr 2024 21:50, Dan Fandrich said:
> Running "echo SERIALNO | scd/scdaemon --server" is enough. I've tried both
> pcsc-lite 1.9.9 and 2.0.3 without a difference. I'm not sure how to drill
By default we are not using PC/SC on Linux but direct access to the
reader via USB. Now if
On Mon, 8 Apr 2024 11:42, Moses said:
> C:\> gpg-connect-agent -v
>> getinfo version
> D 2.4.5
Okay, that works.
>> gpgconf -L
> ERR 67109139 Unknown IPC command
Please enter this on the command line not at the gpg-connect-agent
prompt.
Salam-Shalom,
Werner
--
The pioneers of a
Hi!
On Mon, 8 Apr 2024 02:38, Moses said:
> gpg: key xxx: error sending to agent: Not enough space
That is a ENOMEM which is commonly returned for a failed malloc call.
Could happen at a lot of places.
Try:
gpg-connect-agent -v
and tehre a command like "getinfo
On Fri, 5 Apr 2024 13:03, Todd Zullinger said:
> In such a case, it sounds like it may be reasonable to use
> the normal socket? Until the remote side is updated to
In fact, I also did this for some time but later came up with
CommitDate: Wed Oct 12 11:30:35 2022 +0200
agent:
Hi!
> gpg: problem with fast path key listing: Forbidden - ignored
I'll suppress that message in --quiet mode for the next release.
When doing a secret key listing (which happens with -K but also in
--with-colons mode) gpg walks over all public keys and asks the agent
for each key whether a
On Tue, 2 Apr 2024 18:53, Andrew Gallagher said:
> technical challenge since no modern software supports them, and gnupg1
> doesn’t implement --list-packets :-) But I have to admit they do
Sure it has the --list-packets command. This command dates back to the
very first release.
>> But let me
On Tue, 2 Apr 2024 12:39, Andrew Gallagher said:
> Are you saying that this is *not* a novel failure mode? Because we’ve
No. We had v2, v3 and v4 keyes in all kind of combinations in the past
(even as part of subkeys) and back then the two OpenPGP implementations
had no problems with that.
On Fri, 29 Mar 2024 13:00, Andrew Gallagher said:
> V5 subkeys of v4 primary keys would appear to introduce a novel
> failure mode. It should be noted that in crypto-refresh, adding a
Nope. A v5 key has nothing to do a v4 signature and having different
algorithm on the primary key and the
On Thu, 28 Mar 2024 13:54, Christian Sommer said:
> Likewise by telling GnuPG you really want the short keyID displayed
> (gpg --keyid-format short) it takes the LAST 32 bytes of the FIRST 64
> bytes of the fingerprint.
The thing here is that the short keyid is not from the specification but
a
On Thu, 28 Mar 2024 08:26, Damien Cassou said:
> Is that a problem? Am I missing something important? It seems this
> causes me the troubles mentioned at [1].
Your subkeys are all stored on a smartcard. The primary key is online.
This is as intended. If you remove the the primary private key
On Thu, 28 Mar 2024 00:49, Christian Sommer said:
> on the other hand a x488 fingerprint is 50 hex characters long. let's say
> it's 1 2 3 4 0 0 A B C D then its
> long keyid is 1 2 3 4 and its short keyid is 22 3 4.
x448 keys are created
On Mon, 25 Mar 2024 19:55, Bee said:
> Could you make whatever notation at dev.gnupg.org is appropriate, please?
https://dev.gnupg.org/T7060
Already implemented a new option but you need to wait for gnupg 2.6.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
On Mon, 25 Mar 2024 08:33, Bee said:
> C:\Program Files (x86)\GnuPG\bin>type HelloWorld.txt | .\gpg.exe
> --passphrase-fd 3 -c 3< HelloWorld.txt
>> gpg: failed to translate osfhandle 0x0003
gpg takes system handles and not libc file descriptors. File
descriptors 0, 1, and 2 are handled by
On Sat, 23 Mar 2024 21:17, Bee said:
> Is 'gpg: failed to translate osfhandle 0x0003' known / expected?
Don't mix Cygwin and plain Windows programs.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
On Fri, 22 Mar 2024 20:14, Christian Sommer said:
> building GnuPG by speedo.mk on current master branch fails. The log
That is quite possible. I doubt that anyone of us used it yet. Please
use the STABLE-BRANCH-2-4 for such things. master is for development
and things might or might not
Hi!
> gpg -K --with-colon 20E0635864445A177F8F7C0C6141FD27892AE9B4
> sec:u:255:22:6141FD27892AE9B4:1700197485:::u:::cESCA:::#::ed25519:::0:
This is your primary key and it has been taken offline ..^.. marked by
the pound sign. Only the primary key can be used to sign other keys.
>
On Sat, 16 Mar 2024 21:26, B.S. said:
> ... (Windows 10) [DOS] cmd ... [*NOT* powershell]
> ... cygwin gpg ...
[Do not use a Cygwin build of gpg - this is not supported. Use a
standard build for WIndows.]
> How can I have gpg pause to receive its passphrase, before it starts
> outputing decrypt
Hi!
and thanks for asking.
On Sun, 17 Mar 2024 11:29, pal said:
> I am writing to express my strong interest in a 64-bit version of GnuPG for
> Windows. While I understand that currently only 32-bit systems (x86) are
> officially supported, I believe adding 64-bit compatibility would be a
>
On Sun, 17 Mar 2024 13:09, Bence Ferdinandy said:
> running out of memory. Based on a discussion I found
> (https://dev.gnupg.org/T4255), I set `auto-expand-secmem 100M` in
Right. The man page says:
--auto-expand-secmem n
Allow Libgcrypt to expand its secure memory area as
5 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28
Andre Heinecke (Release Signing Key)
ed25519 2020-08-24 [expires: 2030-06-30]
6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
ed25519 2021-05-19 [expires: 2027-04-04]
AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 1
Hi,
please send proper bug reports or detailed questions. Stuart have hints
how how this can be done. If you don't want to follow this basic rule
we have to set you on moderated.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service.
Hi!
On Wed, 6 Mar 2024 20:20, Vladimir Nikishkin said:
> However, I don't seem to be able to find a way to download a tarball
> of the commit in any way.
You man a tarball made from the repository at that commit? In general
we only publish traballs. If you want to use a working thing (i.e.
On Tue, 5 Mar 2024 11:15, Bruce Walzer said:
> So just to be clear, I am not complaining that GnuPG implemented the
> LibrePGP version of OCB. I am complaining that GnuPGP did #2 and #3
> before implementation was close to universal and did not clearly spell
Sorry, this is not true. OCB mode is
Hi!
On Tue, 5 Mar 2024 12:39, Tobias Leupold said:
> Sorry for asking another thing about this. For sure, I didn't want to set off
> an avalanche, and I still don't want to. But from a user's perspective, this
> is simply very confusing and also unsettling.
You are right. What I can do is to
On Mon, 4 Mar 2024 15:34, Matěj Cepl said:
> like this one. My key has been signed by 60+ signatures, but
> still 45K just for that seems excessive. Is there some way how to
> generate something meaningful, which would be smaller?
gpg --export -a --export-options export-minimal FOO >foo.asc
On Mon, 4 Mar 2024 19:05, Tobias Leupold said:
> IMO interoperability with GnuPG is crucial for this project. Most
> people using that on their phones will come from Linux, or they will
Actually most users will come from Windows ;-)
Salam-Shalom,
Werner
--
The pioneers of a warless
On Tue, 5 Mar 2024 00:16, Vincent Breitmoser said:
> The packet format referred to here is GnuPG-specific. In November
Vincent, please stop spreading wrong facts.
That is not a GnuPG specific but an agreed upon format by the
participants of the OpenPGP WG and implemented by all major
On Mon, 4 Mar 2024 14:19, Matěj Cepl said:
> Do I understand it correctly that gnupg contains smaller version
> of systemd (dependency activation) inside of itself and that
No. It is not required. Just don't let systemd start gpg-agent or
dirmngr with option --supervised. If you use ssh just
On Mon, 4 Mar 2024 12:03, Tobias Leupold said:
> So: Is it wise and/or necessary to disable that for new GnuPG generated keys,
> for the sake of interoperability? Or will the others catch up and implement
No, it is not because you are delaying the deployment of new and a much
faster algorithm
On Sun, 3 Mar 2024 20:38, Matěj Cepl said:
> 1. Could you please explain why it is racy? Why from all services
Because all components of gnupg will start gpg-agent and the other
daemons oin the fly and make sure that only one is started. Systemd
does not know about this specific start
Hi!
On Sat, 2 Mar 2024 20:54, mc...@cepl.eu said:
> am running it on host with systemd --user services (configuration
Take care, the use of systemd is racy and support will be removed in
2.6.
> gpg: all values passed to '--default-key' ignored
> gpg: keydb_search failed: IPC syntax error
On Fri, 1 Mar 2024 21:56, Daniel Kahn Gillmor said:
> For example, GnuPG could instead offer an interface with explicit
> options to allow the user to choose to match certificates by
> fingerprint, or by e-mail address, or by name, or by full User ID, but
Simply prefix the fingerprint with 0x
On Wed, 28 Feb 2024 17:41, Jacob Bachmeyer said:
> As Werner mentioned, you can also have different .gpg-id files for
> different parts of your password store, if you wanted some passwords
> to only be available with certain smartcards.
FWIW: The C3S uses pass for their teams and meik wrote a
On Wed, 28 Feb 2024 17:40, Jacob Bachmeyer said:
> Or even Windows, which remains disturbingly common in applications
> that probably need far less attack surface, like industrial control
> systems... (Is the stupidity of management a main driver of Shamir's
> law?)
Often true but the real
On Wed, 28 Feb 2024 10:55, Matthias Apitz said:
> purism@pureos:~$ cat .password-store/.gpg-id
> CCID L5
Which means that it encrypts to "CCID L5". pass parses this using
while read -r gpg_id; do
gpg_id="${gpg_id%%#*}" # strip comment
[[ -n $gpg_id ]] ||
On Tue, 27 Feb 2024 20:52, Jacob Bachmeyer said:
> Therefore, pass(1) almost certainly has its own list of keys stored
pass stores the fingerprints of the keys in a .gpg-id file and allows to
set different ones per directories.
> logarithm problem and /vice versa/. Accordingly, RSA1024 is now
On Tue, 27 Feb 2024 10:07, Matthias Apitz said:
> I've never done anything with this and expected it also at date
> 2021-10-30 (when I initialized the OpenPGP card in the mobile L5).
The pubring.kbx is used for various things. For example we also store
"ephemeral keys" for X.509 (those we
Hi!
sorry, for the wrong order of the messages, I simply forgot to sent
them yesterday.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
openpgp-digital-signature.asc
Description: PGP signature
On Fri, 23 Feb 2024 22:59, Marcin Wrochna said:
> However, I cannot make `gpg --symmetric` encryption work on the remote,
> as it tells me getting a passphrase is "Forbidden".
Right. It does not sund like a good idea to give the server access to
your local password store (in gpg-agent). This
service. - A. Einstein
From 4025da324903093736f238329274f5e234f5339e Mon Sep 17 00:00:00 2001
From: Werner Koch
Date: Sun, 25 Feb 2024 15:55:14 +0100
Subject: [PATCH GnuPG] agent: Allow GET_PASSPHRASE in restricted mode.
* agent/command.c (cmd_get_passphrase): Allow use in restricted mode
On Thu, 22 Feb 2024 15:37, Bernhard Reiter said:
> For Debian GNU/Linux oldstable, it still is 2.2.27, though
> and 2.2.19 for Ubuntu GNU/Linux 20.04LTS.
--locate-external-keys was introduced with 2.2.17.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse
On Wed, 21 Feb 2024 15:52, Philip Colmer said:
> that works. The wiki (https://wiki.gnupg.org/WKDHosting) says to use
> gpg --homedir "$(mktemp -d)" --verbose --locate-keys
> your.em...@example.org ... and this doesn't work.
Its a wiki and ppl change it at will and worse nobody checks and
Hi!
Please don't use PKA. Any remaining support will be removed anyway.
The Web Key Directory is a far better and easiert way to get
certificates. In fact it is enabled by default and used transparently
in Kleopatra and with the Windows GpgOL plugin. Other Unix mailers
might also have support
On Tue, 13 Feb 2024 17:32, Matthias Apitz said:
> We need here 'Microm SIM'. And I talked to the owner of floss-shop. They
> do not offer a way to pop out Micro SIM.
I simply uses scissors to cut them out and those cards work. Granted I
don't use the Librem regulary (if at all), but the card
On Thu, 15 Feb 2024 11:48, Bernhard Reiter said:
> But it does not get the current version of the pubkey in some circumstances.
Example? I am not zware of it.
> And the long version works in a few more elder GnuPG versions. ;)
Since 2.2.17 from summer 2019 - 5 years passed since then with a
On Wed, 14 Feb 2024 11:24, Bernhard Reiter said:
> The following will get his pubkey by WKD on the command line:
> gpg --locate-keys --auto-key-locate clear,nodefault,wkd w...@gnupg.org
FWIW,
gpg --locate-external-key w...@gnupg.org
is much easier that the abvove long list of options.
On Fri, 9 Feb 2024 15:36, Matthias Apitz said:
> So, can I buy this card here in Europe or even in Germany?
floss-shop.de
> If not, I could with a script decrypt all the files in this tree and
> encrypt them again after setup the card. But, it would be better just
> copy the files over by SCP,
On Sun, 11 Feb 2024 20:28, mlist_e9e869bc--- said:
> signature is done in Version 5, instead of Version 4 like other parts of
> the key. With that certify signature removed, I can import the secret
> key to GPG 2.2.27 no problem.
Can you please try to import that key (with the v5 key
On Tue, 6 Feb 2024 17:51, Bernhard Reiter said:
> So far I haven't seen renewed signatures from GnuPG devs, which makes it
> unlikely they sign the nPth release from 2018 again.
Right, we will soon do a new release with some fixes for AIX and to
modernize tyhe build system.
In theory we could
Hi!
I would suggest that you put
debug ipc
log-file /foo/bar/agent.log
into gpg-agent.conf and
debug cardio
log-file /foo/bar/scd.log
into scdaemon.conf and restart them all (gpgconf -K all). You way of
course also run watchgnupg to see a combined log but sepearte log files
are good enough.
xpires: 2027-03-15]
5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28
Andre Heinecke (Release Signing Key)
ed25519 2020-08-24 [expires: 2030-06-30]
6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
Werner Koch (dist signing 2020)
ed25519 2021-05-19 [expires: 2027-04-04]
AC8E 1
On Tue, 23 Jan 2024 12:38, Leo Coogan said:
> sec# ed25519 2023-03-03 [SC] [expires: 2025-03-02]
> C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B
> Keygrip = 38953FFD2BD558606473A90A6EDD5B26F03FA3CB
You don't have a signing key. Ther primary key has been taken offline
('#') and can thus
On Fri, 19 Jan 2024 14:19, Leo Coogan said:
> When I run `git commit -m` on nixos, I receive this error:
For debugging add "verbose" to ~/.gnupg/gpg.conf . This should give you
more information what's up.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse
On Wed, 17 Jan 2024 08:22, Thomas said:
> I didn't use ssh @ on purpose because I'm used to
> use the same user on remoteserver as on client.
Common problem for me too when I ssh into a Windows box where I use a
different user name on purpose ;-). This way you don't accidently login
into a
On Wed, 17 Jan 2024 14:01, Falko Strenzke said:
> I would like to run my development version of GPG-agent under valgrind. As I
> understand it, for that purpose I have to run it in the foreground, i.e. in
> server mode. However, whenever I launch it as
No, that will not work for you. I recommend
On Mon, 15 Jan 2024 20:03, Thomas Schneider said:
> And ssh-pageant is not available for Win 11, but pageant is included
> in PuTTY.
I didn't implemented or tested the newer --enable-w32-openssh-support so
I don't have first have experience. However, Windows comes with an sssh
server and an
Hi!
I am not 100% sure whether I did understand you correctly:
You are in Windows 11 and want to use its native OpenSSH client to
connect to some other ssh server.
Why do you need Putty, which has an integrated but different ssh
implementation?
For Putty you had *enable-putty-support* in your
On Mon, 15 Jan 2024 09:25, Philipp Schmidt said:
> - Everything works fine until I use one of the keys for FIDO2
> - Afterwards I cannot restore the service without a reboot
Try to add
pscs-shared
to scdaemon.conf and gpgconf -R scdaemon. Does this change anything?
If not, add
log-file
On Fri, 5 Jan 2024 21:25, Ming Kuang said:
> I think it should be "may also be" instead of "my also be" :)
Fixed. Thanks.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
openpgp-digital-signature.asc
On Fri, 5 Jan 2024 10:07, Felix E. Klee said:
>> gpg-connect-agent updatestartuptty /bye
>
> or otherwise, I get no PIN entry dialog / prompt
That is right. The ssh-agent protocol has no means to tell the
ssh-agent or gpg-agent some important environment cariabales, like the
current tty or
Hi!
Right, no-options also inhibits the homedir creation:
--no-options
Shortcut for --options /dev/null. This option is detected
before an attempt to open an option file. Using this op‐
tion will also prevent the creation of a ‘~/.gnupg’
Hi!
On Thu, 14 Dec 2023 16:19, Jakob Bohm said:
> zcat ${infl} |
> faketime "${DSTAMP}" gpgsm --verify --validation-model shell
> --assume-binary --status-fd 3 --output - - 3>${wrkdir}/sigdec.status
> || :
> gpgsm: ksba_cms_parse failed: Broken pipe
gpgsm expects more data but zcat
Hi!
> info and the gpg man page. I would like to know which files do I need to
> edit in order to edit the gpg man page and the gpg info page.
Both are build from the same texinfo source. That is gnupg/doc/gpg.texi
or one of the other *texi files - some are include files.
Shalom-Salam,
On Thu, 7 Dec 2023 12:07, Conrad Hoffmann said:
> Thanks a lot, that did the trick. I only got to an empty
> /etc/gnupg/common.conf, but was not yet aware of the [ignore] syntax,
> very useful.
There is also a
--8<---cut here---start->8---
[force]
Hi!
On Wed, 6 Dec 2023 12:29, Conrad Hoffmann said:
> it on. But as temporary workaround, I would be interested if there is
> a way to disable keyboxd system-wide (as opposed to
> ~/.gnupg/common.conf), so unsuspecting new users do not run into this?
If you put this
--8<---cut
Hi!
On Tue, 5 Dec 2023 00:00, Maxime de Roucy said:
> On gnupg 2.4.3 the fist subkey tried is the "local" one.
> I think that it's because the "local" subkey is rsa4096, which is more secure
> than rsa2048 (the yubikey subkey).
No, there is such logic.
> I found --personal-cipher-preferences,
On Wed, 22 Nov 2023 19:39, Felix E. Klee said:
> However, I could not log in. SSH reports:
>
> Permission denied (publickey).
You need to make sure that the gpg-agent is running and the
SSH_AUTH_SOCK envvar is set correctly. Here is the snippet from by
~/.bashrc
--8<---cut
On Tue, 14 Nov 2023 20:52, Jacob Bachmeyer said:
> succeed in either case. If this condition is not met, Mallory will
> eventually be able to forge a signature. Therefore, smartcards do not
> actually provide additional security in the typical PGP usage.
In all environments you have the
On Fri, 10 Nov 2023 13:48, Stephan Verbücheln said:
> Notifications, warnings and errors are sent to stderr (rather than
> stdout), so the solution for bash would be:
>
> $ gpg --decrypt file.txt.gpg 2> /dev/null
Or to suppress the specific diagnostics mentioned but still show
important error
nfig
--8<---cut here---start->8---
[user]
name = "Werner Koch"
email = "w...@gnupg.org"
signingkey = C1D34B69219E4AEEC0BA1C21E3FDFF218E45B72B
[commit]
gpgsign
--8<---cut here---end-
Hi,
hit the sent key combination by accident. The last para should have
read:
I think it is time to make things like this easier. Actually re-encrypt
support has been on our feature list for many years.
Every time I want to tackle this I stop at the decision on whether to
also handle the
On Wed, 25 Oct 2023 10:54, Felix E. Klee said:
> Thank you! I modified that a bit, to make it more readable to me and fix
> a little bug: The second `$1` doesn’t expand to the file name. Also, I
Upoi caught me, I didn't test the posted version.
> gpg: decryption failed: No secret key
>
> I
On Wed, 25 Oct 2023 13:01, Falko Strenzke said:
> Can anyone give me an advice what I can try to get the GnuPG Agent
> pinentry working with different home directory specified via
> GNUPGHOME?
Run it this way:
mkdir /foo/bar
cd /foo/bar
GNUPGHOME=`pwd` gpg-agent --daemon ~/bin/gnupg-setup-tests
On Tue, 24 Oct 2023 11:38, Felix E. Klee said:
> For the purpose of re-encryption with a new key, I’d like to find all
> files that are encrypted with my key BEF6EFD38FE8DCA0. All encrypted
> files, independent of key, have the extension `.gpg`.
>
> How do I do that for a massive directory tree?
On Mon, 16 Oct 2023 15:25, Frank Lindner said:
> Changing this back to cc/xlC did throw the well know issue of 'keyword
> inline unknown'.
I am not aware of that problem. We are Libgcrypt and the entire GnuPG
suite on AIX for decades. The configure script should detect whether
inline is
On Sat, 14 Oct 2023 12:06, Martin Jambor said:
> Is there a way to specify a preferred decryption key (that is different
> from the default signing key)?
Although we meanwhile have a way to set preferences for ssh keys [1] we
don't have this for decryption keys. :-(
> Incidentally, does
Hi Falko,
On Wed, 11 Oct 2023 09:08, Falko Strenzke said:
> I see now that even https://github.com/gpg/libassuan/tree/libassuan-3.0-base
> is identifying itself as version "2.5.6-beta1" via its config binary. So I
> wonder how I can have working version of libassuan for current GnuPG master.
I
Hi!
On Wed, 4 Oct 2023 20:37, soil said:
> i'd like to sign a public key that i'm keen to send emails to, but i'm
> only given the option to sign with the 1st private key i set up. but
In case you are using the command line this is easy:
gpg -u YOURKEYID --quick-sign-key
On Thu, 14 Sep 2023 14:33, Alan Mackenzie said:
> But I'd like to apologise for the tone of my first post, which came out
No problem, my tone is also often pretty rude.
> Yes, it was my pinentry, which had been set up to use gnome3. I was
Actually a pinentry should fallback to curses if
On Wed, 13 Sep 2023 20:48, Alan Mackenzie said:
> I type
>
> $ gpg --gen-key
Use
gpg -v --gen-key
to see more warning.
> agent_genkey failed: Timeout
Look like a problem with your pinentry. Did it show up on another
screen? The "-v" should tell you which pinentry was invoked;
On Mon, 11 Sep 2023 22:29, Jacob Bachmeyer said:
> So using threads to compute a blinded RSA operation would just about
> recover the computational cost of blinding the calculation? How would
No. I gave this as an example where you could else see on how to speed
up things. For example if you
Hi,
so everthing looks okay. What I would now do is to strace pinentry;
Here is a wpinentry wrapper I have used in the past.
--8<---cut here---start->8---
#!/bin/sh
MYPINENTRY="/usr/local/bin/pinentry-qt"
locale >/tmp/pinentry.err
set >>/tmp/pinentry.err
Hi!
Thanks Rob for your comments. Here are some additional points:
On Sat, 9 Sep 2023 22:07, Robert J. Hansen said:
> and for the vast majority of users isn't worth it. The easy wins (28%
> cost savings on RSA encryption! Whee, almost half a millisecond!) are
The blinding we use for RSA (to
On Fri, 8 Sep 2023 13:49, Alexander Leidinger said:
> default-yes=_Yes
> 2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- ERR 83886254
> Unknown option
Don't care about this error. It is shown but ignored. Future
Pinentries might want to implement a yes button and gpg provides the
On Mon, 4 Sep 2023 19:45, Alexander Leidinger said:
> If I specify --pinentry-mode loopback it works. Shouldn't this also
> work without this option? If yes, what's wrong or how to debug this
Sure, this shall work. You may want to add
--8<---cut
On Wed, 30 Aug 2023 11:54, Andrew Ammerlaan said:
> Signing /dev/null feels like more of a hack then an actual solution to
> keeping the key unlocked until portage finishes. Therefore I would
> like to ask you if you have any better ideas to do this?
Don't use a passphrase or better use remote
1 - 100 of 3670 matches
Mail list logo