Gnupg-users Digest, Vol 136, Issue 23

georgeorwellhardwired at riseup.net georgeorwellhardwired at riseup.net
Thu Jan 15 09:11:33 CET 2015


Subject: cannot build database in GPA in ubuntu and won't generate GPG 
key.

Hey.

Every time I use GPA in ubuntu it says, when I start GPA: "GnuPG is 
rebuilding the trust database.
This might take a few seconds." And I can wait for hours, while nothing 
happens.

And If I try to close the window and try to generate a GPG key, it will 
say: "The GPGME library returned an unexpected error. The error 
was:"General error." This is probably a bug in GPA. GPA will now try to 
recover from this error.

Is there anyone that seen these errors before?





On 2015-01-14 21:51, gnupg-users-request at gnupg.org wrote:
> Send Gnupg-users mailing list submissions to
> 	gnupg-users at gnupg.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.gnupg.org/mailman/listinfo/gnupg-users
> or, via email, send a message with subject or body 'help' to
> 	gnupg-users-request at gnupg.org
> 
> You can reach the person managing the list at
> 	gnupg-users-owner at gnupg.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Gnupg-users digest..."
> 
> 
> Today's Topics:
> 
>    1. Re: Are there cases where gpg --verify will exit 0, even if
>       verification failed? (Sandeep Murthy)
>    2. Re: Are there cases where gpg --verify will exit 0, even if
>       verification failed? (Daniel Kahn Gillmor)
>    3. Re: Are there cases where gpg --verify will exit 0, even if
>       verification failed? (Kristian Fiskerstrand)
>    4. Re: Are there cases where gpg --verify will exit 0, even if
>       verification failed? (Sandeep Murthy)
>    5. Re: Are there cases where gpg --verify will exit 0, even if
>       verification failed? (Werner Koch)
>    6. Re: Are there cases where gpg --verify will exit 0, even if
>       verification failed? (Patrick Schleizer)
>    7. Is there a shell script or bash library for parsing gpg's
>       --status-fd output? (Patrick Schleizer)
>    8. Re: Vanity Keys (Johan Wevers)
>    9. Re: Are there cases where gpg --verify will exit 0, even if
>       verification failed? (Werner Koch)
>   10. Specifying passphrase for batch key generation (Joey Castillo)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Wed, 14 Jan 2015 13:22:45 +0000
> From: Sandeep Murthy <s.murthy at mykolab.com>
> To: gnupg-users at gnupg.org
> Subject: Re: Are there cases where gpg --verify will exit 0, even if
> 	verification failed?
> Message-ID: <3B2D48C6-89BD-452E-B7C5-FED144E13925 at mykolab.com>
> Content-Type: text/plain; charset="utf-8"
> 
>>> Are there cases where gpg --verify will exit 0, even if verification 
>>> failed?
> 
> Verification could fail internally within the gpg program, or 
> externally because
> the signature fie does not exist or is incorrectly named or maybe 
> corrupt
> e.g.
> 
> [srm@~]$ gpg --verify asig.sig; echo $?
> gpg: can't open `asig.sig': No such file or directory
> gpg: verify signatures failed: No such file or directory
> 2
> 
> Exit codes in shells indicate problems relating to completion or 
> disruption
> of the child process invoked by a parent process.
> 
> They will not record unsuccessful events inside the child process
> related to program functions, i.e. if you inside gpg editing a key
> and enter an incorrect subcommand or use it incorrectly then this will
> not affect the exit code, I don?t think.
> 
> Sandeep Murthy
> s.murthy at mykolab.com
> 
>> On 14 Jan 2015, at 07:51, Dave Pawson <dave.pawson at gmail.com> wrote:
>> 
>> In Unix terms, a program that has run successfully to completion
>> exits with status zero, no 'extra' semantic attached?
>> 
>> Dave
>> 
>> On 13 January 2015 at 19:03, Patrick Schleizer
>> <patrick-mailinglists at whonix.org> wrote:
>>> In another thread...
>>> 
>>> Werner Koch
>>>> On Mon, 12 Jan 2015 19:52, patrick-
>>>>> When it exits 0, then this approach is sound, sane and fine?
>>>> You better check the status lines; in particular watch out for
>>>> 
>>>>  [GNUPG:] VALIDSIG E4B868C8F90C.....
>>>> 
>>>> or use gpgv.
>>> 
>>> Are there cases where gpg --verify will exit 0, even if verification 
>>> failed?
>>> 
>>> (Suppose one uses a separate --homedir where only legitimate signing
>>> keys are imported.)
>>> 
>>> 
>>> _______________________________________________
>>> Gnupg-users mailing list
>>> Gnupg-users at gnupg.org
>>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>> 
>> 
>> 
>> --
>> Dave Pawson
>> XSLT XSL-FO FAQ.
>> Docbook FAQ.
>> http://www.dpawson.co.uk
>> 
>> _______________________________________________
>> Gnupg-users mailing list
>> Gnupg-users at gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 873 bytes
> Desc: Message signed with OpenPGP using GPGMail
> URL: </pipermail/attachments/20150114/1b6b111e/attachment-0001.sig>
> 
> ------------------------------
> 
> Message: 2
> Date: Wed, 14 Jan 2015 08:40:23 -0500
> From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
> To: Sandeep Murthy <s.murthy at mykolab.com>, gnupg-users at gnupg.org
> Subject: Re: Are there cases where gpg --verify will exit 0, even if
> 	verification failed?
> Message-ID: <878uh55vlk.fsf at alice.fifthhorseman.net>
> Content-Type: text/plain; charset=utf-8
> 
> On Wed 2015-01-14 08:22:45 -0500, Sandeep Murthy wrote:
>> Exit codes in shells indicate problems relating to completion or 
>> disruption
>> of the child process invoked by a parent process.
>> 
>> They will not record unsuccessful events inside the child process
>> related to program functions, i.e. if you inside gpg editing a key
>> and enter an incorrect subcommand or use it incorrectly then this will
>> not affect the exit code, I don?t think.
> 
> This is not the case.  all processes have a return code, whether they
> are invoked by a shell or by other processes.  The return code is a
> critical part of the output of a program.
> 
> gpg does use the return code to indicate failure of signature
> verification.
> 
> consider the results of:
> 
>     echo test1 > test1.txt
>     echo test2 > test2.txt
>     gpg --detach-sign --armor test1.txt
>     gpg --verify test1.txt.asc test1.txt
>     gpg --verify test1.txt.asc test2.txt
> 
> the return value of the first --verify should be 0, but the second
> --verify invocation should return 1, indicating that the signature
> cannot be verified over the (different) contents of test2.txt
> 
>        --dkg
> 
> 
> 
> ------------------------------
> 
> Message: 3
> Date: Wed, 14 Jan 2015 15:06:53 +0100
> From: Kristian Fiskerstrand
> 	<kristian.fiskerstrand at sumptuouscapital.com>
> To: Daniel Kahn Gillmor <dkg at fifthhorseman.net>,  Sandeep Murthy
> 	<s.murthy at mykolab.com>, gnupg-users at gnupg.org
> Subject: Re: Are there cases where gpg --verify will exit 0, even if
> 	verification failed?
> Message-ID: <54B677FD.8090002 at sumptuouscapital.com>
> Content-Type: text/plain; charset=utf-8
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> On 01/14/2015 02:40 PM, Daniel Kahn Gillmor wrote:
>> On Wed 2015-01-14 08:22:45 -0500, Sandeep Murthy wrote:
>>> Exit codes in shells indicate problems relating to completion or
>>> disruption of the child process invoked by a parent process.
>>> 
> 
> 
> ..
> 
>> 
>> the return value of the first --verify should be 0, but the second
>> --verify invocation should return 1, indicating that the signature
>> cannot be verified over the (different) contents of test2.txt
> 
> But iirc you will anyways have to check the status-fd for the validity
> of the issuing key.
> 
> - --
> - ----------------------------
> Kristian Fiskerstrand
> Blog: http://blog.sumptuouscapital.com
> Twitter: @krifisk
> - ----------------------------
> Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
> fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
> - ----------------------------
> "A government that robs Peter to pay Paul can always depend on the
> support of Paul."
> (George Bernard Shaw)
> -----BEGIN PGP SIGNATURE-----
> 
> iQIcBAEBCgAGBQJUtnf3AAoJEPw7F94F4Tag93cP/3sI+nnS0HK68JEeE3dfCO/5
> pFweOpBSeSOeh5gA2e0UuO0Nm7l1hD2syjFNn18L/fMybVfqodYKnIWkh3v9O8oi
> sNNxDJ8emhWPaE0oV9VpPocEcq5MbZwerF5iIB+rm9d+R2CuqMKpIkEYv2abIxWJ
> tJsMlp9bXWC66QbQBDc9D+okn9yKzJgYdfAilprk7kKPmnSgIVIagwdcQyg9iUks
> dX1q6rsGonYzPOwWk2sZdXyAB2TleYSPq8ySaShtSt4dZ/DFK38l4hYOcOX/OrG1
> bROwTg3fnjISvFHYAJPx1CCrsdN/fIOPATrCITPQLV0IdTUIhrbi6bgTjDvfr8eQ
> NSuggpdjvif1EtDnCQYv6gSoI2egbFFs92bqzLsfm/gVtJJi25d4JRammHNOzjWt
> 0SBxFBAI64cAuReDkLcqnhSu0dccQRQYUjF88a4dP9ldE6eK4HNo8h6vQxbVJ6Y+
> xPQxBCMwHUoLLKWQt+PLBQXqqZFnFOdPRF6Ns+OHsIC3Go/oH7ynY+yKSQHziTRc
> 6TnLMfg4by2bh1RIsBF1nb1wkXcyV9tZXrriaM4H6wwPoR6IDnZnHU2dTcUn8LLT
> c4FBn743TT0OZbVnMhd7e3PdUe6EVE0ZTKXilKqRk36+yEdBcrRj+ihwS9Vy/gt3
> /u59aDPZpS8gTPWFSzjN
> =KsGq
> -----END PGP SIGNATURE-----
> 
> 
> 
> ------------------------------
> 
> Message: 4
> Date: Wed, 14 Jan 2015 15:31:43 +0000
> From: Sandeep Murthy <s.murthy at mykolab.com>
> To: gnupg-users at gnupg.org
> Subject: Re: Are there cases where gpg --verify will exit 0, even if
> 	verification failed?
> Message-ID: <D214C3E8-F22E-416B-9C86-50AAB7BE74C5 at mykolab.com>
> Content-Type: text/plain; charset=utf-8
> 
> I know that all processes have an exit code, what I meant was
> if you invoke gpg interactively like gpg ?edit-key <key ID /email>
> and then execute a wrong subcommand or specify something incorrectly
> then the gpg exit code will not reflect this unless the subcommand
> launches another process.
> 
> Sandeep Murthy
> s.murthy at mykolab.com
> 
>> On 14 Jan 2015, at 13:40, Daniel Kahn Gillmor <dkg at fifthhorseman.net> 
>> wrote:
>> 
>> On Wed 2015-01-14 08:22:45 -0500, Sandeep Murthy wrote:
>>> Exit codes in shells indicate problems relating to completion or 
>>> disruption
>>> of the child process invoked by a parent process.
>>> 
>>> They will not record unsuccessful events inside the child process
>>> related to program functions, i.e. if you inside gpg editing a key
>>> and enter an incorrect subcommand or use it incorrectly then this 
>>> will
>>> not affect the exit code, I don?t think.
>> 
>> This is not the case.  all processes have a return code, whether they
>> are invoked by a shell or by other processes.  The return code is a
>> critical part of the output of a program.
>> 
>> gpg does use the return code to indicate failure of signature
>> verification.
>> 
>> consider the results of:
>> 
>>   echo test1 > test1.txt
>>   echo test2 > test2.txt
>>   gpg --detach-sign --armor test1.txt
>>   gpg --verify test1.txt.asc test1.txt
>>   gpg --verify test1.txt.asc test2.txt
>> 
>> the return value of the first --verify should be 0, but the second
>> --verify invocation should return 1, indicating that the signature
>> cannot be verified over the (different) contents of test2.txt
>> 
>>      --dkg
> 
> 
> 
> 
> ------------------------------
> 
> Message: 5
> Date: Wed, 14 Jan 2015 17:18:19 +0100
> From: Werner Koch <wk at gnupg.org>
> To: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
> Cc: gnupg-users at gnupg.org
> Subject: Re: Are there cases where gpg --verify will exit 0, even if
> 	verification failed?
> Message-ID: <87wq4p2v5g.fsf at vigenere.g10code.de>
> Content-Type: text/plain; charset=us-ascii
> 
> On Wed, 14 Jan 2015 14:40, dkg at fifthhorseman.net said:
> 
>> gpg does use the return code to indicate failure of signature
>> verification.
> 
> But recall that success does not mean that the signature is good.
> Check the status output or use gpgv.
> 
> Shalom-Salam,
> 
>    Werner
> 
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
> 
> 
> 
> 
> ------------------------------
> 
> Message: 6
> Date: Wed, 14 Jan 2015 16:40:34 +0000
> From: Patrick Schleizer <patrick-mailinglists at whonix.org>
> To: gnupg-users at gnupg.org
> Subject: Re: Are there cases where gpg --verify will exit 0, even if
> 	verification failed?
> Message-ID: <54B69C02.5050905 at whonix.org>
> Content-Type: text/plain; charset=windows-1252
> 
> Werner Koch:
>> On Wed, 14 Jan 2015 14:40, dkg at fifthhorseman.net said:
>> 
>>> gpg does use the return code to indicate failure of signature
>>> verification.
>> 
>> But recall that success does not mean that the signature is good.
>> Check the status output or use gpgv.
> 
> Do you mean, for example, the signature could be valid, but the key 
> that
> signed it could be revoked and gpg would still exit 0?
> 
> Or can you tell another example please where gpg would exit 0, but 
> where
> where the signature is bad?
> 
> 
> 
> 
> ------------------------------
> 
> Message: 7
> Date: Wed, 14 Jan 2015 16:44:47 +0000
> From: Patrick Schleizer <patrick-mailinglists at whonix.org>
> To: gnupg-users at gnupg.org
> Subject: Is there a shell script or bash library for parsing gpg's
> 	--status-fd output?
> Message-ID: <54B69CFF.5080506 at whonix.org>
> Content-Type: text/plain; charset=utf-8
> 
> Hi!
> 
> Is there a shell script or bash library for parsing gpg's --status-fd
> output?
> 
> I mean, I could code it myself. But why duplicate effort and risk
> messing up. Maybe there is some existing or even recommended or even
> official library to do this?
> 
> (What I mean by parsing is: to get from lines such as "[GNUPG:] GOODSIG
> 416..." to variables such as goodsig=true, fingerprint=416... and so 
> forth.)
> 
> Cheers,
> Patrick
> 
> 
> 
> 
> ------------------------------
> 
> Message: 8
> Date: Wed, 14 Jan 2015 19:23:48 +0100
> From: Johan Wevers <johanw at vulcan.xs4all.nl>
> To: gnupg-users at gnupg.org
> Subject: Re: Vanity Keys
> Message-ID: <54B6B434.6050200 at vulcan.xs4all.nl>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> On 13-01-2015 21:38, Werner Koch wrote:
> 
>> Well, we could also change the code
>> to trial verify with all key ids but that takes longer than needed and
>> may by itself be used as a DoS.
> 
> You don't need to test all keyID's - just those with the same key ID.
> Assuming this is a rare occasion and someone's keyring is not flooded
> with keys with the same ID (in that case you are probably under some
> kind of attack and might investigate), you can even detect and store
> this condition somewere when importing the key and checking this
> probably very short list if key ID's that appear multiple times.
> 
> I wonder what this would do with the keyserver network. They probably
> need adapting too.
> 
> --
> ir. J.C.A. Wevers
> PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
> 
> 
> 
> 
> ------------------------------
> 
> Message: 9
> Date: Wed, 14 Jan 2015 21:15:54 +0100
> From: Werner Koch <wk at gnupg.org>
> To: Patrick Schleizer <patrick-mailinglists at whonix.org>
> Cc: gnupg-users at gnupg.org
> Subject: Re: Are there cases where gpg --verify will exit 0, even if
> 	verification failed?
> Message-ID: <87a91l2k5h.fsf at vigenere.g10code.de>
> Content-Type: text/plain; charset=us-ascii
> 
> On Wed, 14 Jan 2015 17:40, patrick-mailinglists at whonix.org said:
> 
>> Do you mean, for example, the signature could be valid, but the key 
>> that
>> signed it could be revoked and gpg would still exit 0?
> 
> Sure.  It is just to complex to put it into one number.  Consider the
> case for multiple signatures - who is going to decide whether the
> signature is valid.  This has all been discussed about 15 years ago
> with the result of writing the gpgv binary which is suitable for most
> automated signature verification use cases.
> 
> 
> Shalom-Salam,
> 
>    Werner
> 
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
> 
> 
> 
> 
> ------------------------------
> 
> Message: 10
> Date: Wed, 14 Jan 2015 15:59:51 -0500
> From: Joey Castillo <jose.castillo at gmail.com>
> To: gnupg-users at gnupg.org
> Subject: Specifying passphrase for batch key generation
> Message-ID:
> 	<CAAocvpu_1oe9Rpu-kNmpdDskg9VgOi-sY=2YVPhvujUU_MyDag at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
> 
> Reading the manual for batch GPG key generation in GnuPG 2.1, I see
> the following note:
> 
>> Since GnuPG version 2.1 it is not anymore possible to specify a 
>> passphrase for unattended key generation. The passphrase command is 
>> simply ignored and ?%ask-passpharse? is thus implicitly enabled.
> 
> I'm running into an issue now with a module I was using to generate
> keys in a python script (python-gnupg). Its method was to generate a
> set of parameters, including the passphrase parameter, and pass that
> via stdin to gpg --batch --gen-key.
> 
> Now that we cannot specify a passphrase in the batch parameters, what
> is the preferred method for batch key generation with a specified
> passphrase?
> 
> 
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
> 
> ------------------------------
> 
> End of Gnupg-users Digest, Vol 136, Issue 23
> ********************************************




More information about the Gnupg-users mailing list