Re: Upgrade GPG from 2.0.9 to 2.0.30

Hello Luke, > Please kindly looking on this, how to make upgrade session successfully? you configured gnupg with the default installation which is /usr/local. You're previous gpg was probably installed in /usr. In order to use the new gpg version, you either needs to change your path or use the

Re: Creating key stubs from smartcard without public key

Hello Felix, > Is there any way those public keys or key stubs can be created from > the keys stored on the Yubikey or any smartcard itself? the easiest way is: (infra) [~] ssh-add -L ssh-rsa

Re: Yubikey + GNUPG 2.1.14 + GPG Agent Forwarding + Mutt 1.6.0 (gpgme 1.6.0): Not asking for PIN for smartcard on first use of an encryption key

Hello Peter, > GnuPG doesn't expect that you forward the normal gpg-agent socket. For > forwarding to a remote machine, there is the gpg-agent.conf option > extra-socket [socket file] I see, I read a lot of tutorials on the web, nobody seems to really understand what they're doing. In one of

Re: Yubikey + GNUPG 2.1.14 + GPG Agent Forwarding + Mutt 1.6.0 (gpgme 1.6.0): Not asking for PIN for smartcard on first use of an encryption key

Hello Niibe, * NIIBE Yutaka [2016-07-21 04:24]: > What do you mean by the term "prepopulate"? Use they GPG key once on the workstation, so that the private key is unlocked in memory of the GPG agent or at least the PIN/transport key is available. > In this message, I explain

Re: Yubikey + GNUPG 2.1.14 + GPG Agent Forwarding + Mutt 1.6.0 (gpgme 1.6.0): Not asking for PIN for smartcard on first use of an encryption key

Hello Peter, * Thomas Glanzmann <tho...@glanzmann.de> [2016-07-21 16:22]: > From what I learned so far, the behaviour depends on the entry > 'pinentry-mode' if you set it to 'default' it asks the remote agent. in order to not spread misinformation myself. 'pinentry-mode default' and

Re: Yubikey + GNUPG 2.1.14 + GPG Agent Forwarding + Mutt 1.6.0 (gpgme 1.6.0): Not asking for PIN for smartcard on first use of an encryption key

Hello Peter, * Peter Lebbing [2016-07-21 11:27]: > extra-socket [socket file] quick follow up. With this option it works like a charm without the need for keep-display or keep-tty. Thanks again for bringing this up. Also you made my private key which is on disk probably

Yubikey 4 gpg 2.1.14 forget passphrase for RSA key

Hello, I have a yubikey 4 where I store a 4K RSA for authentication, ecryption and signature on. I'm using it for ssh and gpg agent forwarding to a remote machine. So far I'm unable to tell gpg-agent to forget the passphrase. The only thing that works is replug the yubikey. When I goggeled for the

Re: Yubikey 4 gpg 2.1.14 forget passphrase for RSA key

Hello Peter, > On 19/07/16 12:26, Thomas Glanzmann wrote: > > So far I'm unable to tell gpg-agent to forget the > > passphrase for a yubikey. * Peter Lebbing <pe...@digitalbrains.com> [2016-07-19 14:12]: > gpg-connect-agent 'SCD RESET' /bye thank you. That works for me.

Re: Yubikey + GNUPG 2.1.14 + GPG Agent Forwarding + Mutt 1.6.0 (gpgme 1.6.0): Not asking for PIN for smartcard on first use of an encryption key

Hello, to answer my own question partly: * Thomas Glanzmann <tho...@glanzmann.de> [2016-07-20 10:06]: > Something else I'm wandering about. When I do 'gpg -d test.gpg' on the > remote machine, I was not prompted for a PIN when the key was not > prepopulated, than I added 'pinentr

Yubikey + GNUPG 2.1.14 + GPG Agent Forwarding + Mutt 1.6.0 (gpgme 1.6.0): Not asking for PIN for smartcard on first use of an encryption key

Hello, I have yubikey 4 plugged into my Laptop, than I use ssh to forward my gpg agent socket to a remote machine, On the remote machine I start mutt and would like to read an encrypted email using the RSA encryption key stored on my yubikey. It works if I use gpg2 to enter the pin by opening an

gpg-agent forwarding from Windows to a Linux machine

Hello, I would like to use gpg-agent on Windows with a yubikey and use ssh to forward my gpg agent to a remote machine. Is that already possible, if so how? I assume I can't use putty. So probably I have to use cygwin openssh, but what about the unix socket on windows? Can a named pipe be used?

gpg TOFU mutt

Hello, on my local workstation I have gpg-agent running and use gpg agent forwarding to a remote machine where I run mutt. I have the newest releast version of gpg2.1 compiled by myself on both machines and they're in use. On my local workstation I also have the most recent version of pinentry and

Re: What is a reliable way to backup/restore my keys and test?

Hello Duane, > How can I make sure my private key and trust assignments were copied > properly? for me in the past taking a backup of .gnupg was sufficient. However you can also export your secret key using: gpg --export-secret-keys -a > secret.asc And the manual trust assignments by doing:

Re: yubikey 4 openkeychain rsa [WAS: smartcard reader]

Hello, > The Yubikey Neo has NFC which is how it is usable with android. There is a > video of it in action here: > https://grepular.com/An_NFC_PGP_SmartCard_For_Android I know about the Yubikey Neo. However it can only do 2048 Bit RSA. So I'm really interested how to use the Yubikey 4 or

Re: Why doesn't gpg-agent forwarding work?

Hello Kevin, > Thanks for the advice. But as I mentioned, I tried using GnuPG 2.1.15 > on the target machine as well (via the packages in Debian sid), and > this did not work. gpg2 is simply not speaking to the forwarded > gpg-agent socket, however gpg-connect-agent can. Any other ideas? Check

yubikey 4 openkeychain rsa [WAS: smartcard reader]

Hello Michel, [RESEND: forgot list] > Mainly because its usable on mobile devices through openkeychain I have two yubikeys myself, one yubikey 4 nano constantly plugged into my main workstation and another yubikey4 on my keychain. I use it for ssh authentication and gpg also using ssh and gpg

Re: Why doesn't gpg-agent forwarding work?

Hello Kevin, > GPG version on host: 2.1.15 (Debian stretch) > GPG version on VM: 2.0.26 (Debian jessie) gpg 2.0.26 does the gpg operations local and not using gnupg-agent. Starting with the 2.1.x versions gnupg uses gnupg-agent for doing all operations. As a result you need to have 2.1.x on the

Decrypt RSA encrypted secret by using gpg authentication key stored on yubikey

Hello, I have a yubikey that I use as gpg smartcard. On that yubikey I have an authentication subkey. I uploaded the pubkey to AWS cloud. When I create a Windows instance they use that pubkey to encrypt a password using RSA to my privkey. Since my privkey is stored on the smartcard, I can't use

card-sized 4 Kbit RSA Smartcard recommendation with 3 slots

Hello, I'm looking for a recommendation for a cardsized 4 kbit RSA smartcard with 3 keyslots which works with Linux und Windows and gnupg. Has anyone a recommendation. At the moment I use yubikey but I aquired a laptop with a smartcard reader that I would like to use in order to free up an USB

How to tell gpg not to start gpg-agent on a remote machines when using gpg agent forwarding

Hello, I'm using gpg using gpg agent forwarding over ssh on a remote system. Sometimes my agent socket is not available. If I start any gpg operation, it starts a new agent. Is there a configuration option that I can specify so that gpg gives up is there is no socket or no agent behind a socket

gpg prompts me thrice for my passphrase - how to resolve it

Hello, I sometimes use a yubikey, there gpg-agent only asks me once for my pin, however if I have my key on the disk, gpg-agent asks me three times: - once for local gpg -d test.gpg - once for gpg-agent functioning as ssh-agent - once for remote gpg -d test.gpg Now I

graphical pinentry no longer working after upgrading to debian bullseye and pinentry and how to resolve it

Hello, I just upgraded to Debian bullseye and the graphical pinentry did not work anymore. I got the following error message: 2020-11-28 21:37:41 gpg-agent[3535] DBG: connection to PIN entry established 2020-11-28 21:37:41 gpg-agent[3535] DBG: chan_10 -> INQUIRE PINENTRY_LAUNCHED 3633