Re: ctf-like WKD challenge (was: WKD proper behavior on fetch error)

On 21/01/2021 07:10, Stefan Claas via Gnupg-users wrote: On Thu, Jan 21, 2021 at 8:02 AM Stefan Claas wrote: The nice things about OpenPGP amored messages is also that procmail and friends can be used at providers to filter -BEGIN blah P.S. When Stale Schumacher ran the International

Re: WKD proper behavior on fetch error

On 22/01/2021 17:29, Daniel Kahn Gillmor via Gnupg-users wrote: > this is a non-backward-compatible change to the format, so i think > that's probably not a great outcome. I can't help thinking that length fingerprinting and padding oracles are a general concern, and therefore more appropriately

Re: Fundraising

> On 21 Jan 2021, at 20:27, Stefan Claas via Gnupg-users > wrote: > > *Appologies* Robert for highjacking your thread!!! Can we please try to keep on topic. A ___ Gnupg-users mailing list Gnupg-users@gnupg.org

Re: ctf-like WKD challenge

On 22/01/2021 10:32, Werner Koch wrote: On Thu, 21 Jan 2021 10:48, Andrew Gallagher said: If you need to hide your metadata from the state on pain of torture and death, PGP is NOT the solution. Use Tor, use Signal. And even then That is not corrct. OpenPGP can and is in the real world part

Re: WKD proper behavior on fetch error

On 18/01/2021 11:33, Juergen Bruckner via Gnupg-users wrote: Hello Andrew, Am 18.01.21 um 12:17 schrieb Andrew Gallagher via Gnupg-users: On 18/01/2021 11:07, Juergen Bruckner via Gnupg-users wrote: Sequoia accepts an *invalid* certificate for the host 'foo.abc.github.io' and that is "fa

Re: WKD proper behavior on fetch error

On 18/01/2021 11:07, Juergen Bruckner via Gnupg-users wrote: Sequoia accepts an *invalid* certificate for the host 'foo.abc.github.io' and that is "failure by design". This is incorrect. Sequoia *does not* accept this invalid certificate. Sequoia and gnupg only differ in their fallback

Re: Long Term Key Management With Hardware Tokens

On 22/06/2021 17:53, Brandon Anderson via Gnupg-users wrote: Many tutorials, examples, and articles that are talking about using Yubikeys and smartcards currently suggest making paper backups of the encryption key so you can add it to new devices if needed. But this, at least to me, feels

Re: Long Term Key Management With Hardware Tokens

On 22/06/2021 07:47, Brandon Anderson via Gnupg-users wrote: If you know the recipient, then solving the latter is easy. Ask the recipient to resend the message encrypted with your new key. In my setup, when something is sent, only the encrypted mail is sent to my sent folder, so if I

Re: gpg: keyserver receive failed: No name - for gpg --keyserver hkp://pool.sks-keyservers.net

On 24/06/2021 22:39, Brandon Anderson via Gnupg-users wrote: $ host pool.sks-keyservers.net Host pool.sks-keyservers.net not found: 3(NXDOMAIN) Did these names get permanently deleted? Any workarounds or suggestions would

Re: Long Term Content Protection

> On 26 Jun 2021, at 08:26, LisToFacTor via Gnupg-users > wrote: > > Once a message reaches > the recipient's operational environment, it should be decrypted, > and its further protection is best addressed as part and parcel > of the protection of that complete environment. But this is not

Re: recommendation for key servers

> On 28 Jun 2021, at 18:02, Стефан Васильев via Gnupg-users > wrote: > > When looking at the stats, why are there IMHO such high numbers > (daily) on updated pub keys, compared to submitted ones? It’s not clear, but it may be due to a lack of canonical ordering of packets. Say Alice and Bob

Re: recommendation for key servers

On 06/07/2021 20:59, Daniel Kahn Gillmor wrote: On Mon 2021-06-28 18:42:02 +0100, Andrew Gallagher via Gnupg-users wrote: It’s not clear, but it may be due to a lack of canonical ordering of packets. There are no published specifications for how to canonically order OpenPGP packets, but i

Re: We shall value email usage

On 01/04/2021 15:39, Stefan Vasilev via Gnupg-users wrote: Another option would be direct FAX/GnuPG usage, with a different armor, which is OCR friendly. From a purely practical point of view, why would anyone in the modern world use a system where a digital message is rendered in OCR-able

Re: Can IPAD or Android Tablets create Keys and use gnupg

On 12/03/2021 14:29, Bernhard Reiter wrote: d) Are there compatible OpenPGP and OpenPGP/MIME implementations for iOS? Yes, though proprietary Software (AFAIK), for example I've heard about Canary Mail, iPGMail, PGPro, Safe Easy Privacy PGPro is open source, but neither it nor iPGMail handle

Re: error searching keyserver: Network is unreachable

Hi, Christian > > And, actually, we deployed our own (hkp://keyserver.dcc.sib.swiss:80) keyserver, which I am trying to access. But can't for some reason I do not understand. I can connect to that server from here, but it appear to contain only 85 keys. Did you import a dump, or is it meant

Cannot set trust on one identity

I appear to have an ID on my longstanding key that I can't set to ultimate trust. I had this issue on my previous macbook, and after migrating to a new one the problem persists: ``` gpg> trust pub  rsa4096/0xFB73E21AF1163937 created: 2013-07-02  expires: 2022-12-09  usage: SCA

Re: Generic question: replication/sync between key servers, how long until published?

On 19/02/2021 11:06, michaelof--- via Gnupg-users wrote: Hi all, published a revocation cert for a very long used old 1024 bit key plus a newly created 4096 bit key to http://keys.gnupg.net/. Visible after some minutes. Now, four days later, both keys are still not visible on e.g.

Re: Handling an identity over multiple devices

Hi, Luke. My personal experience is that a hardware device such as an OpenPGP card or Yubikey is the easiest way to share the same private key across multiple devices (assuming you have physical access, see below). You designate one machine your master, where you store your original key

Re: Call me crazy, but ...

> On 14 Jul 2021, at 18:34, Стефан Васильев via Gnupg-users > wrote: > > Viktor wrote: > >> It's the same as putting any other public information in public key >> certificate. You can put first and last name, email address and even >> photo of another person. > > But this information can be

Re: Call me crazy, but ...

> On 14 Jul 2021, at 23:52, Стефан Васильев via Gnupg-users > wrote: > > It would tell me as 3rd party that for WoT puposes, if this is still used, > Alice and her good friend Bob were able to sign their pub keys remotely, > based on a free of charge verification method. That’s what ordinary

Re: Call me crazy, but ...

> On 14 Jul 2021, at 19:49, Стефан Васильев wrote: > > Andrew Gallagher wrote: On 14 Jul 2021, at 18:34, Стефан Васильев via Gnupg-users wrote: >>> Viktor wrote: It's the same as putting any other public information in public key certificate. You can put first and last

Re: Multiple Yubikeys/Smartcards and Thunderbird email client

> On 15 Jul 2021, at 12:54, john doe via Gnupg-users > wrote: > > Is this still relevent with the built-in gpg stuff of TB? Very much so. Thunderbird’s native Open PGP support is quite basic, and anything to do with smartcards still has to be delegated to an external gnupg process. A

Re: --search-keys: "gpg: error searching keyserver: No inquire callback in IPC"

On 29/07/2021 17:52, Rainer Fiebig wrote: ~> openssl x509 -text So the file exists, and appears to have the correct contents (the difference in checksum is probably whitespace or commentary, I wouldn't worry about it). I'm going to refer back to my earlier statement: "It looks like

Re: --search-keys: "gpg: error searching keyserver: No inquire callback in IPC"

On 29/07/2021 08:41, Rainer Fiebig via Gnupg-users wrote: Am 28.07.21 um 21:38 schrieb Ingo Klöcker: On Mittwoch, 28. Juli 2021 18:38:07 CEST Rainer Fiebig via Gnupg-users wrote: >> Does 'gpg --keyserver hkps://pgpkeys.eu --search-keys ...' work for you? No, same output as reported

Re: --search-keys: "gpg: error searching keyserver: No inquire callback in IPC"

On 29/07/2021 17:33, Rainer Fiebig wrote: Thanks. File exists but has a different checksum: /etc/ssl/certs> sha256sum DST_Root_CA_X3.pem 4b3ecda4db3f417f23f5dfa84eb4d59d6cc2959446ebaf89c7df5866d31e9980 DST_Root_CA_X3.pem Ah, I wonder is the expiry date different. Can you incant the following

Re: --search-keys: "gpg: error searching keyserver: No inquire callback in IPC"

On 28/07/2021 15:19, Rainer Fiebig via Gnupg-users wrote: 2021-07-28 16:06:50 dirmngr[4135.6] Fehler beim Verbinden mit 'https://keys.openpgp.org:443': Fehlendes Herausgeberzertifikat in der Kette 2021-07-28 16:06:50 dirmngr[4135.6] command 'KS_SEARCH' failed: Fehlendes Herausgeberzertifikat in

Re: WKD docs on the wiki, restructuring. Feedback on forUsers page

On 30/09/2021 13:17, ಚಿರಾಗ್ ನಟರಾಜ್ via Gnupg-users wrote: Hmm, this is odd. I setup WKD as detailed on thehttps://wiki.gnupg.org/WKDHosting (using the openpgpkey subdomain), currently only for one address on my domain (s...@chiraag.me). Opening the file directly in a web browser does work,

Re: Why are 64-bit libraries not included in GnuPG but Gpg4win?

> On 4 Dec 2021, at 04:14, Sven Richter via Gnupg-users > wrote: > > Thunderbird expects to be able to manage all public keys regardless. Even > with this setup of mine, it only pulls the private keys from GnuPG. You may be interested in the Sequoia Octopus, which is a drop in replacement

Re: fingerprint associated public key does not match displayed public key

> On 18 Dec 2021, at 02:25, Robert J. Hansen via Gnupg-users > wrote: > > As the FAQ says, "The good news is the internet is a treasure trove of > information. The bad news is that the internet is a festering sewer of > misinformation, conspiracy theories, and half-informed speculations all

Re: Gpg4win LetsEncrypt issue

> On 30 Dec 2021, at 16:27, Alex Nadtoka wrote: > > Even if I remove root certificate from the server it will be added again on > renewal. It is the client that needs the ca certificate to be removed, not the server. The root cause is that there is more than one verification path possible

Re: issue with gpg4win

> 2021-12-23 11:27:30 gpg[12864] DBG: connection to the dirmngr established > 2021-12-23 11:27:30 gpg[12864] DBG: chan_0x025c -> GETINFO version > 2021-12-23 11:27:30 gpg[12864] DBG: chan_0x025c <- D 2.3.4 > 2021-12-23 11:27:30 gpg[12864] DBG: chan_0x025c <- OK > 2021-12-23 11:27:30

Re: issue with gpg4win

On Thu, 2021-12-23 at 12:37 +0200, Alex Nadtoka via Gnupg-users wrote: > 2021-12-23 11:27:30 gpg[12864] DBG: chan_0x025c -> KEYSERVER -- > clear hkps://gpg.example.com/ This doesn't look like a real keyserver. Did you redact this, or is this really what is currently configured in

Re: issue with gpg4win

> On 25 Dec 2021, at 11:24, Alex Nadtoka wrote: > >  > Hi Andrew, yes I have changed the real name of my mailbox and the server) > Thanks for the reply. > My Client Machine is Windows . If you can tell me how to do that I would > appreciate it. Thanks again for the update) > Finally got

Re: Gpg4win LetsEncrypt issue

> On 29 Dec 2021, at 21:12, Alex Nadtoka wrote: > > We have our internal GPG server( I want people in company to be able to > connect to it from windows as well... OK, so you definitely need to solve the root certificate issue. Do sites using letsencrypt work from an Edge browser on that

Re: Gpg4win LetsEncrypt issue

> On 29 Dec 2021, at 20:15, Alex Nadtoka wrote: > > yes it works with keyserver-01.2ndquadrant.com Is this server sufficient for your purposes or do you also need to support an internal keyserver? A > ср, 29 груд. 2021 р. о 17:06 Andrew Gallagher via Gnupg-users > пише:

Re: [Announce] A New Future for GnuPG

On Mon, 2022-01-03 at 11:31 -0500, Robert J. Hansen via Gnupg-users wrote: > Werner, this is amazing news. Thank you for sharing it! Indeed, many congratulations! > I did spend about six months doing a clean-room implementation of > RFC2440 in PHP3.  It was a vile experience and one I don't

Re: Gpg4win LetsEncrypt issue

On Fri, 2021-12-31 at 23:23 +0200, Alex Nadtoka wrote: > Ok, thanks. Where on the client end i can remove it? This blog appears to do it correctly (to the best of my knowledge) and as its worked example uses the very same CA certificate that we have just been discussing:  

Re: Gpg4win LetsEncrypt issue

On Wed, 2021-12-29 at 14:33 +0200, Alex Nadtoka via Gnupg-users wrote: > I cannot connect to any keyserver. The error is certificate expired. > I am on latest (I think) Windows 10 . Tried reinstalling it or > installing on new Windows machine but no luck . dirmngr keeps telling > me that

Re: User id's without person's name, only email

On 17/11/2021 18:15, Robert J. Hansen wrote: Mapping a "Real Name" to an email address is a conceptually different thing from mapping an email address to a public key. Except that should we be mapping keys to email addresses in the first place? > When we sign a certificate we make an

Re: User id's without person's name, only email

On 17/11/2021 14:40, Teemu Likonen wrote: 2. Second "address book" is my OpenPGP keyring. It groups persons' names, their email and other key data. If many keys don't have name in their user id it could be inconvenience. Computer programs can find keys but often we need also

Re: User id's without person's name, only email

On Tue, 2021-11-16 at 18:20 +0200, Teemu Likonen wrote: > Am I seeing a starting trend here? Do some people think that it is > better practice to have only have email address as user id? What > might be their reason? Or maybe it's not a trend and doesn't mean > anything. I got curious anyway. Add

Re: Error when trying to locate key via WKD

On 28/10/2021 10:44, Bernhard Reiter wrote: Am Mittwoch 27 Oktober 2021 22:54:48 schrieb Ingo Klöcker: The problem with wildcard sub-domains and WKD has been discussed here or on gnupg-devel recently. Ingo, can you provide me a pointer to the gnupg-devel thread? (Did a few minutes of

Re: WKD, wildcard DNS resolution (Re: Error when trying to locate key via WKD)

On 28/10/2021 12:25, Bernhard Reiter wrote: Am Donnerstag 28 Oktober 2021 12:07:52 schrieb Andrew Gallagher via Gnupg-users: The megathread from hell starts here :-) https://lists.gnupg.org/pipermail/gnupg-users/2021-January/064567.html That is not gnupg-_devel_ (where I was searching

Re: OpenPGP card and gpg-agent TTL

On 04/11/2021 08:40, Matthias Apitz wrote: I bought the OpenPGP card from Purism for USD 15, I don't know if the small format exist here in Germany. Not Germany, but Cryptoshop in Vienna sells them: https://en.cryptoshop.com/products/smartcards/open-pgp-smartcard-v2-id-000.html -- Andrew

Re: Gpg4win LetsEncrypt issue

> On 4 Jan 2022, at 12:15, Alex Nadtoka wrote: > > yes thanks, tried disabling it but error was still there. So I deleted DST > Root CA X3 . At the mooment I see error from dirmngr 2.3.4: no CA certificate > found > And > error searching keyserver: "No inquire callback in IPC" > > Not

Re: one ecc key-pair for both encryption and signature?

On 07/01/2022 16:55, Bernhard Reiter wrote: > Then RSA should be limited in the same way. (Because there it is possible, so I guess that there is another reason.) I agree, although IIRC such usage is supported for backwards compatibility reasons. | The curve is birationally equivalent to a

Re: one ecc key-pair for both encryption and signature?

On 07/01/2022 14:06, Bernhard Reiter wrote: With 2.2.33 is is not possible to create a single ecc key-pair that can do "sign" and "encrypt". There are circumstances (legal, contractual, operational) where you may need to disclose or share an encryption key, so it is best practice to keep the

Re: Gnupg-users Digest, Vol 220, Issue 11

> On 10 Jan 2022, at 20:33, Chris Taylor > wrote: > > Hello, > > Please unsubscribe me from this list. Please follow the instructions that you quoted in the email you just sent: >> To subscribe or unsubscribe via the World Wide Web, visit >>

Re: Questions re auto-key-locate

 > On 15 Feb 2022, at 21:46, Dan Mahoney (Gushi) via Gnupg-users > wrote: > > Since the debacle a few years ago with the SKS keyserver denial-of-service > attack, the keyservers are kind of a non-starter. Why so? Keyservers are still around, and the ones that survived the apocalypse are

Re: How to solve this garbled code?

On 15/02/2022 11:32, Gao Xiaohui via Gnupg-users wrote: Hello, why do such garbled characters appear on the display page of gnupg(inside the red box),The Chinese characters will be displayed abnormally too, similar to this garbled character. what should I do and how to avoid it? Thank you

Re: Questions re auto-key-locate

On 15/02/2022 23:37, Dan Mahoney wrote: That's a decision I leave up to the people who *make* the key (and the software that it's signing). Sorry, from your previous message it sounded like you were publishing your own software. (and it's no longer the case that you can publish just

Re: TB weirdness

On 24/02/2022 16:59, Robert J. Hansen via Gnupg-users wrote: Sounds like a defect to me, do you have a problem report ticket with Thunderbird or a forum entry which described the problem in more detail (like which version is affected). It turns out the actual behavior is a little different

Re: "Are You Now or Have You Ever Been..."

On 31/01/2022 22:29, jonkomer wrote: Confirming it, possibly many years after it has been dissolved. Future is the key-word here. In that context, then-current response of a key-server query on "" could be much more deleterious to John than the evidence given to the tribunal by Jane Doe that

Re: Preventing public key upload to key-servers

On 26/01/2022 22:03, jonkomer via Gnupg-users wrote: > Is there anything that a public key owner can do, to actually > *ensure* that, if some careless or malicious correspondent > ignores the comment ("Please do not upload...") and attempts > to upload his or her (otherwise fully functional)

Re: First Amendment and Marines?

I go away for the weekend, and my mailbox catches fire... ;-) On 29/01/2022 16:38, jonkomer via Gnupg-users wrote: > (a) Unfortunately, OpenPG email encryption is incompatible > with GDPR and should not be used by those that either want > or need to be GDPR compliant. This is not so; the use of

Re: Preventing public key upload to key-servers

On 29/01/2022 03:51, Shawn K. Quinn via Gnupg-users wrote: > If the server is physically in the US, administered by someone residing > in the US, is the EU really expecting US courts to enforce EU > laws/directives like the GDPR on a US citizen? The short answer is no, of course not. The

Re: First Amendment and Marines?

On 30/01/2022 10:12, Klaus Ethgen wrote: > > When it comes to keyservers, with the same argument you could state that > bitcoin is illegal. (No information in the key chain can be removed. And > there is even child porn inside that key chain that could never ever > again be removed!) > > There

Re: Preventing public key upload to key-servers

On 28/01/2022 20:02, jonkomer via Gnupg-users wrote: >> A. G. via : >> The short answer is "no", or at best "not yet"... > > Thank you very much for the response and comprehensive > comments. > > In this case, the mail domain owner is actually the one > that needs this level of control: he

Re: Preventing public key upload to key-servers

On 29/01/2022 01:55, Johan Wevers via Gnupg-users wrote: > There are known technical issues: the HKP keyserver does not allow keys > to be removed, GDPR or not. When the keyserer operator operates outside > of the EU I don't think that is a legal problem. This is incorrect. All three of the

Re: Preventing public key upload to key-servers

> On 31 Jan 2022, at 21:39, jonkomer wrote: > > There is significant difference between a one-time > "third-party" correspondent misusing his knowledge of > the relationship after it has been dissolved, from > that same knowledge being published in perpetuity via > a simple, automated Internet

Re: lost id on keyserver

On 10/02/2022 13:23, Raja Saha wrote: I created the subkey, output it to a file and imported it to gpg on working dir. Then I sent the key to the keyserver, gpg --send-keys *. After that when I searched the keyserver by my email it, there was no key. When I searched by my key

Re: GnuPG - signed Telefax communication

On 14/01/2022 18:22, Стефан Васильев wrote: >> Good question. My thought was that Telefax is still used, among > lawyers, doctors, business folks etc., and brand-new Fax machines > can be bought on Amazon etc. +1 for obsolescence! Beware of course that fax machines are VERY noisy, and analogue

Re: GnuPG - signed Telefax communication

On Fri, 2022-01-14 at 16:42 +, Стефан Васильев via Gnupg-users wrote: > The --begin etc. markers should be used to detect where > the OCR scanned document begins and ends to have later > a good signature. If you are relying on OCR to reconstitute a bitwise-perfect message (because that's the

Re: GnuPG - signed Telefax communication

On 14/01/2022 17:54, Стефан Васильев wrote: > > The idea is to use a Telefax machine for endpoint security, with > an offline usage PC, which for example gpg4win is ideal for. Would it not be simpler to use a modem? > I thought about that too, but in case the document would be several > pages

Re: Finding all files encrypted with a certain key

On 24 Oct 2023, at 04:38, Felix E. Klee wrote: > > For the purpose of re-encryption with a new key, I’d like to find all > files that are encrypted with my key BEF6EFD38FE8DCA0. All encrypted > files, independent of key, have the extension `.gpg`. > > How do I do that for a massive directory

Re: Finding all files encrypted with a certain key

Apologies to the `file` authors, it’s a BSD utility, not GNU. A On 24 Oct 2023, at 10:11, Andrew Gallagher via Gnupg-users wrote: > > Signed PGP part > On 24 Oct 2023, at 04:38, Felix E. Klee wrote: >> >> For the purpose of re-encryption with a new key, I’d like

Re: Sirs:

On 25 Aug 2023, at 19:09, Andrew Gallagher wrote: > > On 25 Aug 2023, at 18:23, xyz938 via Gnupg-users > wrote: >> >> How do I hide the fact that the key is 32764 on the keyserver? > > You can’t. That’s like trying to publish a book written in Chinese without > letting anyone know that it

Re: Sirs:

On 25 Aug 2023, at 18:23, xyz938 via Gnupg-users wrote: > > How do I hide the fact that the key is 32764 on the keyserver? You can’t. That’s like trying to publish a book written in Chinese without letting anyone know that it is written in Chinese. A

Re: GnuPG 2.2.36 released

> On 7 Jul 2022, at 04:47, Ralph Seichter via Gnupg-users > wrote: > > 1.) Starting today, disk images (*.dmg) are signed with a new ed25519 > key (EAB0FE4FF793D9E7028EC8E2FD56297D9833FF7F). This key has been > uploaded to pgp.mit.edu today, but the site is once again very sluggish > and it

Re: gpg auto-locate-key selects expired/revoked key

On 8 Jun 2022, at 07:46, Jan Eden via Gnupg-users wrote: > > - Which WKD server hosts my expired/revoked key such that it takes precedence > over my own WKD server at domain.com ? > - Why does gpg select an expired/revoked key over a valid key? I suspect the issue is that

Re: gpg auto-locate-key selects expired/revoked key

On 09/06/2022 12:20, Jan Eden wrote: > I had configured hkp://keys.gnupg.net in gpg.conf (no separate > dirmngr.conf). Switching to keys.openpgp.org had the desired effect: keys.gnupg.net has not existed for a few years now, but for backwards compatibility gnupg silently maps it to the hardcoded

Re: gpg auto-locate-key selects expired/revoked key

On 09/06/2022 07:11, Jan Eden wrote: > PS. The key used to sign your message seems to be expired. That could be because you already had my key in your keyring and it wasn't recently (i.e. in the last 18 months) refreshed. What does it say if you incant the following? ``` gpg --refresh-key

Re: gpg auto-locate-key selects expired/revoked key

On 09/06/2022 11:50, Jan Eden wrote: > jan ~ % gpg --refresh-key 0xFB73E21AF1163937 > gpg: refreshing 1 key from hkp://pgp.surf.nl > gpg: key FB73E21AF1163937: "Andrew Gallagher " not > changed > gpg: Total number processed: 1 > gpg: unchanged: 1 You're using the pgp.surf.nl

Re: Question about redundant smartcard setup

On 19 Aug 2022, at 13:48, kho via Gnupg-users wrote: > > 5. What is at the end the best way to setup 2 smartcards that can be > used in encryption, signing and decryption? And additionally both > smartscard should work, I have 2 smartcards for redundancy. If you want the two smartcards to be

Re: Question about redundant smartcard setup

On 19 Aug 2022, at 17:17, kho wrote: > > Thanks for this fast, complete and clear answer. > > I am going to see if I can still pick up somewhere or just remove all I > did and start all over by following your steps. Just a note of caution: since it is quite an involved process I would

Re: Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/

On 06/08/2022 13:49, Jay Sulzberger via Gnupg-users wrote: I think the Washington Post has not placed their recent key on the PGP public keyservers.  Below is quoted from a different machine:   Welcome to the Emacs shell   ~ $ gpg --recv-keys 'EC6C2905F0F93C0373946CA10642427A5FF780BE'  

Re: Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/

On 06/08/2022 13:49, Jay Sulzberger via Gnupg-users wrote: I think the Washington Post has not placed their recent key on the PGP public keyservers.  Below is quoted from a different machine:   Welcome to the Emacs shell   ~ $ gpg --recv-keys 'EC6C2905F0F93C0373946CA10642427A5FF780BE'  

Re: Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/

> On 7 Aug 2022, at 17:28, Jay Sulzberger via Gnupg-users > wrote: > > Andrew, do the sks keyservers work today? > > I was able to find the key by going to > > https://keyserver.ubuntu.com/ > > and putting > > EC6C2905F0F93C0373946CA10642427A5FF780BE > > into the search box. Do you mean

Re: OT: Re: Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/

> On 7 Aug 2022, at 19:31, john doe via Gnupg-users > wrote: > > Why did you published the key to the sks key servers? > > I guess my question is about the reasoning behind using sks key server > instead of WKD or Hagrid. WKD publication can only be done by (or with the cooperation of) the

Re: Reminder: use plaintext mails only on ML

Dezember 2022 19:54:39 schrieb Andrew Gallagher via Gnupg-users: I’ve been Argh, that will teach me not to reply to list emails from my phone. Sorry, everyone. :-( A ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman

Re: Subkeys renewing/expiring strategy

On 5 Jan 2023, at 13:42, Ingo Klöcker wrote: > > GitLab keeps the verification state if a > key is removed, but I added the updated key including the expired subkey. That > was a bad idea because GitLab invalidated all commits signed with the expired > subkey. It is disappointing to see that

Re: Expiration date of subkeys (retroactive)

On 1 Jan 2023, at 03:49, gnupg-us...@aschoettler.com wrote: > > I have several GnuPG keys which I edited with KGpg. > https://apps.kde.org/de/kgpg/ > > Unfortunately, the subkeys were not taken into account when setting the > expiry date. > How can I retroactively edit my expired keys and

Re: Card-Reader

I’ve been using this ACS reader for years with no problems. It appears to be no longer available but there is a successor model that may suit your purposes ACR38T-D1cardomatic.deAndrew GallagherOn 17 Dec 2022, at 18:36, Klaus Ethgen wrote:Hi,I destroyed my card reader from gemalto and need a new

Re: macos IKEv2 auth with yubikey

On 28/11/2022 06:29, Martin Brook via Gnupg-users wrote: 2. I've achieved IKEv2 vpn auth with yubikey on windows. It seems windows can interact with Yubikey perfectly but not on macos. Hi, Martin. How did you get this to work on Windows? Which IKE software are you using on each platform? A

Re: Mastodon account, good server?

On 1 Dec 2022, at 16:42, Bernhard Reiter wrote: > > Hi friends of GnuPG, > > seems to be a good time to start an official Mastodon account > for GnuPG and related topics like Gpg4win and OpenPGP. > > At least for announcements and some interaction as the interest > is growing for this

Re: Ecrypt group email addresses

On 26 Jan 2023, at 22:40, Alex wrote: > > Clients that have their own OpenPGP implementation, like Mozilla > Thunderbird, likely don't support groups. Thunderbird does support encryption to groups, but you have to manually edit a JSON configuration file:

Re: Optimal workflow with GPG signatures from multiple parties

On 04/03/2023 17:18, Ave Milia via Gnupg-users wrote: What are some available solutions? How would you suggest to organize the keys? Maybe, there should be some signing server in-place, that the developers sends an artifact to? I built something similar for $WORK. You lock down the signing

Re: ADK's (was: [Announce] GnuPG 2.4.1 released)

On 30 Apr 2023, at 11:30, Johan Wevers via Gnupg-users wrote: > > On 2023-04-30 1:15, ckeader via Gnupg-users wrote: > >> Can't call it that as long as it's under user control (every long option of >> the software has an equivalent config file option. You don't add such a key >> via config

Re: ADK's

On 30 Apr 2023, at 13:45, Johan Wevers via Gnupg-users wrote: > > On 2023-04-30 14:10, Werner Koch via Gnupg-users wrote: > >> It does not make any sense so have such an option. If a user wants to >> allow colleagues or an archive system to decrypt her mails that is her >> decision. > >

Re: ADK's

On 30 Apr 2023, at 14:42, Johan Wevers via Gnupg-users wrote: > > On 2023-04-30 14:58, Andrew Gallagher via Gnupg-users wrote: >> Whether this is done voluntarily or under duress from their employer is an >> opsec issue, not a comsec one. > > If it is an ex-emp

Re: ADK's

On 1 May 2023, at 12:40, Ineiev via Gnupg-users wrote: > now, I generate a key > for y...@guan.edu locally and add 0123456789ABCDEF as an ADK (BTW, > will GnuPG complain if the only encryption-capable subkey is ADK? Or you could just use an alias…? A

Re: ADK's

On 2 May 2023, at 02:18, Michael Richardson wrote: > > It's the initial investigation of an irregularity where there could be a > problem. These examples are becoming increasingly contrived. If you are investigating fraud by someone who can read all your company emails, don’t discuss it over

Re: Flooding attack against synchronising keyservers

recovering your system, please get in touch. Thanks, A > On 27 Mar 2023, at 18:47, Andrew Gallagher via Gnupg-users > wrote: > > Signed PGP part > Hi, everyone. > > The synchronising keyserver network has been under an intermittent flooding > attack for the past five days, r

Flooding attack against synchronising keyservers

Hi, everyone. The synchronising keyserver network has been under an intermittent flooding attack for the past five days, resulting in the addition of approximately 3 million obviously-fake OpenPGP keys to the SKS dataset. The fake keys are currently being submitted multiple times per second

Re: Unable to sign public key

On 31 Jan 2023, at 19:52, Joel via Gnupg-users wrote: > > Hello! > > I am trying to sign a public key, but I get an error saying, `gpg: signing > failed: No secret key`. However, a normal signing on a file works perfectly > fine. I suspect it could be something because I have a yubikey and it

Re: out-of-key UIDs [was: ADK's]

On 4 May 2023, at 06:46, Ineiev wrote: > > On Mon, May 01, 2023 at 03:16:12PM +0100, Andrew Gallagher wrote: >> On 1 May 2023, at 12:40, Ineiev via Gnupg-users >> wrote: >>> now, I generate a key >>> for y...@guan.edu locally and add 0123456789ABCDEF as an ADK (BTW, >>> will GnuPG complain if

Re: out-of-key UIDs [was: ADK's]

On 4 May 2023, at 10:43, Ineiev wrote: > > On Thu, May 04, 2023 at 09:52:54AM +0100, Andrew Gallagher wrote: >> >> andrewg@serenity % gpg --group >> fn...@test.eu=BD9D4DEE7B2FF1CBEF2EE0C4E0ACD3E0CBE7874A -r fn...@test.eu -e < >> /etc/shells > shells.gpg >> gpg: 0x40F9B9601900E974: There is no

Re: Looking for keyserver software without any validation or fancy features

Hi, Bernd. hagrid and huckeypuck are total overkill,(Disclaimer: I’m one of the hockeypuck contributors)If you have docker-compose installed, it’s *very* easy to spin up a test instance of hockeypuck, see the README at https://github.com/hockeypuck/hockeypuckYou will need a non-empty keydump to

Re: "gpg --card-edit" with multiple card readers (Yubikey)

On 17 Jul 2023, at 18:36, Michael Richardson wrote: > > Andrew Gallagher wrote: >>> Juanjo via Gnupg-users wrote: >>> >>> "Keys stored on YubiKey are non-exportable (as opposed to file-based >>> keys that are stored on disk) and are convenient for everyday use. " >>> >>> In my case, I want

Re: "gpg --card-edit" with multiple card readers (Yubikey)

On 15 Jul 2023, at 20:36, Michael Richardson wrote: > > Juanjo via Gnupg-users wrote: > >> This may be a good starting point: >> https://github.com/drduh/YubiKey-Guide > > "Keys stored on YubiKey are non-exportable (as opposed to file-based keys > that are stored on disk) and are convenient

  1   2   >