From sac at 300baud.de Sun Feb 2 13:35:49 2020 From: sac at 300baud.de (Stefan Claas) Date: Sun, 2 Feb 2020 13:35:49 +0100 Subject: Maybe a good date to create a new key pair ... Message-ID: <20200202133549.0000320b.sac@300baud.de> Hi all, today is Palindrome-Day! Regards Stefan -- NaClbox: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56 certified OpenPGP key blocks available on keybase.io/stefan_claas From johanw at vulcan.xs4all.nl Sun Feb 2 14:32:33 2020 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Sun, 2 Feb 2020 14:32:33 +0100 Subject: Maybe a good date to create a new key pair ... In-Reply-To: <20200202133549.0000320b.sac@300baud.de> References: <20200202133549.0000320b.sac@300baud.de> Message-ID: <9536d342-9d0a-b977-734c-1a2cc2fecbd2@vulcan.xs4all.nl> On 02-02-2020 13:35, Stefan Claas via Gnupg-users wrote: > today is Palindrome-Day! You can always set your computer's clock to a different date if you like a specific creation date of course. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From sac at 300baud.de Sun Feb 2 16:29:41 2020 From: sac at 300baud.de (Stefan Claas) Date: Sun, 2 Feb 2020 16:29:41 +0100 Subject: Maybe a good date to create a new key pair ... In-Reply-To: <9536d342-9d0a-b977-734c-1a2cc2fecbd2@vulcan.xs4all.nl> References: <20200202133549.0000320b.sac@300baud.de> <9536d342-9d0a-b977-734c-1a2cc2fecbd2@vulcan.xs4all.nl> Message-ID: <20200202162941.0000726e.sac@300baud.de> Johan Wevers wrote: > On 02-02-2020 13:35, Stefan Claas via Gnupg-users wrote: > > > today is Palindrome-Day! > > You can always set your computer's clock to a different date if you like > a specific creation date of course. Correct, but I like to certify my key from Governikus, which then should have the same signing date. :-) Regards Stefan -- NaClbox: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56 certified OpenPGP key blocks available on keybase.io/stefan_claas From sac at 300baud.de Sun Feb 2 17:32:40 2020 From: sac at 300baud.de (Stefan Claas) Date: Sun, 2 Feb 2020 17:32:40 +0100 Subject: Maybe a good date to create a new key pair ... In-Reply-To: <20200202162941.0000726e.sac@300baud.de> References: <20200202133549.0000320b.sac@300baud.de> <9536d342-9d0a-b977-734c-1a2cc2fecbd2@vulcan.xs4all.nl> <20200202162941.0000726e.sac@300baud.de> Message-ID: <20200202173240.000019cf.sac@300baud.de> Stefan Claas via Gnupg-users wrote: > Johan Wevers wrote: > > > On 02-02-2020 13:35, Stefan Claas via Gnupg-users wrote: > > > > > today is Palindrome-Day! > > > > You can always set your computer's clock to a different date if you like > > a specific creation date of course. > > Correct, but I like to certify my key from Governikus, which then > should have the same signing date. :-) Done. :-) pub ed25519 2020-02-02 [SC] 8AC7C662F31E288412035A755834D78EC9DD2EDB uid [ unbekannt ] Stefan Claas (*offline key*) sig 3 5834D78EC9DD2EDB 2020-02-02 Stefan Claas (*offline key*) sig 3 1 5E5CCCB4A4BF43D7 2020-02-02 Governikus OpenPGP Signaturservice (Neuer Personalausweis) sub cv25519 2020-02-02 [E] sig 5834D78EC9DD2EDB 2020-02-02 Stefan Claas (*offline key*) Regards Stefan -- NaClbox: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56 certified OpenPGP key blocks available on keybase.io/stefan_claas From tmz at pobox.com Sun Feb 2 19:08:38 2020 From: tmz at pobox.com (Todd Zullinger) Date: Sun, 2 Feb 2020 13:08:38 -0500 Subject: setrlimit failure on aarch64 (was: Interesting failure on aarch64) In-Reply-To: <875zh6nr7k.fsf@wheatstone.g10code.de> References: <20191220162212.qsi7yr5cmgdivmpd@chatter.i7.local> <875zh6nr7k.fsf@wheatstone.g10code.de> Message-ID: <20200202180838.GJ4046@pobox.com> Werner Koch via Gnupg-users wrote: > On Fri, 20 Dec 2019 11:22, Konstantin Ryabitsev said: > >> On x86_64 this succeeds, but when I tried building on aarch64, that step > [...] >> gpg: Fatal: can't disable core dumps: Operation not permitted > > setrlimit returns an unexpected error code: > > if (getrlimit (RLIMIT_CORE, &limit)) > limit.rlim_max = 0; > limit.rlim_cur = 0; > if( !setrlimit (RLIMIT_CORE, &limit) ) > return 0; > if( errno != EINVAL && errno != ENOSYS ) > log_fatal (_("can't disable core dumps: %s\n"), strerror(errno) ); > > This is the first time I see a report that EPERM is returned. The getrlimit call also fails, according to strace: getrlimit(RLIMIT_CORE, 0xffffeb2acf88) = -1 EPERM (Operation not permitted) setrlimit(RLIMIT_CORE, {rlim_cur=0, rlim_max=0}) = -1 EPERM (Operation not permitted) I don't have access to an aarch64 host running RHEL 7 directly, so my only testing is via the mock command from an aarch74 Fedora 31 host. Mock can use two styles of container, an old-style chroot or new-style systemd-nspawn. Using chroot succeeds, while systemd-nspawn fails. I tested with CAP_SYS_RESOURCE added to the capability list in the systemd-nspawn call, without success. From my reading, that should work (thought shouldn't be needed as we're not trying to raise the limit). So it seems like a bug either in systemd-nspawn or a lower level component like glibc or the kernel with RHEL 7 on aarch64, as you suggested. -- Todd -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 543 bytes Desc: not available URL: From sac at 300baud.de Sun Feb 2 22:41:45 2020 From: sac at 300baud.de (Stefan Claas) Date: Sun, 2 Feb 2020 22:41:45 +0100 Subject: Maybe a good date to create a new key pair ... In-Reply-To: <20200202173240.000019cf.sac@300baud.de> References: <20200202133549.0000320b.sac@300baud.de> <9536d342-9d0a-b977-734c-1a2cc2fecbd2@vulcan.xs4all.nl> <20200202162941.0000726e.sac@300baud.de> <20200202173240.000019cf.sac@300baud.de> Message-ID: <20200202224145.00007334.sac@300baud.de> Stefan Claas via Gnupg-users wrote: > Stefan Claas via Gnupg-users wrote: > > > Johan Wevers wrote: > > > > > On 02-02-2020 13:35, Stefan Claas via Gnupg-users wrote: > > > > > > > today is Palindrome-Day! > > > > > > You can always set your computer's clock to a different date if you like > > > a specific creation date of course. > > > > Correct, but I like to certify my key from Governikus, which then > > should have the same signing date. :-) > > Done. :-) > > pub ed25519 2020-02-02 [SC] > 8AC7C662F31E288412035A755834D78EC9DD2EDB > uid [ unbekannt ] Stefan Claas (*offline key*) > sig 3 5834D78EC9DD2EDB 2020-02-02 Stefan Claas (*offline key*) > sig 3 1 5E5CCCB4A4BF43D7 2020-02-02 Governikus OpenPGP > Signaturservice (Neuer Personalausweis) sub > cv25519 2020-02-02 [E] sig 5834D78EC9DD2EDB 2020-02-02 Stefan Claas > (*offline key*) Since this day is so special (for me) I decided to do it again with a new (RSA) key. But this time with a 'proper' Fingerprint, to celebrate this day. :-) 0202 2020 D638 E78F 4DFE 737C 419F 025C 897D B2E6 Regards Stefan -- NaClbox: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56 certified OpenPGP key blocks available on keybase.io/stefan_claas From vedaal at nym.hush.com Mon Feb 3 02:54:49 2020 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Sun, 02 Feb 2020 20:54:49 -0500 Subject: Maybe a good date to create a new key pair ... In-Reply-To: <20200202224145.00007334.sac@300baud.de> References: <20200202133549.0000320b.sac@300baud.de> <9536d342-9d0a-b977-734c-1a2cc2fecbd2@vulcan.xs4all.nl> <20200202162941.0000726e.sac@300baud.de> <20200202173240.000019cf.sac@300baud.de> <20200202224145.00007334.sac@300baud.de> Message-ID: <20200203015449.8D411406CD@smtp.hushmail.com> On 2/2/2020 at 4:44 PM, "Stefan Claas via Gnupg-users" wrote:Since this day is so special (for me) I decided to do it again with a new (RSA) key. But this time with a 'proper' Fingerprint, to celebrate this day. :-) 0202 2020 D638 E78F 4DFE 737C 419F 025C 897D B2E6 ===== Maybe try generating new keys until you have a keypair of palindromic primes, or at least a palindromic fingerprint http://mathworld.wolfram.com/PalindromicPrime.html 8^)) vedaal -------------- next part -------------- An HTML attachment was scrubbed... URL: From sac at 300baud.de Mon Feb 3 07:44:18 2020 From: sac at 300baud.de (Stefan Claas) Date: Mon, 3 Feb 2020 07:44:18 +0100 Subject: Maybe a good date to create a new key pair ... In-Reply-To: <20200203015449.8D411406CD@smtp.hushmail.com> References: <20200202133549.0000320b.sac@300baud.de> <9536d342-9d0a-b977-734c-1a2cc2fecbd2@vulcan.xs4all.nl> <20200202162941.0000726e.sac@300baud.de> <20200202173240.000019cf.sac@300baud.de> <20200202224145.00007334.sac@300baud.de> <20200203015449.8D411406CD@smtp.hushmail.com> Message-ID: <20200203074418.00000d2b.sac@300baud.de> vedaal at nym.hush.com wrote: > Maybe try generating new keys until you have a keypair of palindromic > primes, > or at least a palindromic fingerprint > > http://mathworld.wolfram.com/PalindromicPrime.html A complete palindromic fingerprint would be absolutely awesome!!! But I *strongly* doubt that this possible, in a timely manner, with my little GPU. Regards Stefan -- NaClbox: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56 certified OpenPGP key blocks available on keybase.io/stefan_claas From azbigdogs at gmx.com Mon Feb 3 21:23:15 2020 From: azbigdogs at gmx.com (Mark) Date: Mon, 3 Feb 2020 13:23:15 -0700 Subject: Maybe a good date to create a new key pair ... In-Reply-To: <20200202224145.00007334.sac@300baud.de> References: <20200202133549.0000320b.sac@300baud.de> <9536d342-9d0a-b977-734c-1a2cc2fecbd2@vulcan.xs4all.nl> <20200202162941.0000726e.sac@300baud.de> <20200202173240.000019cf.sac@300baud.de> <20200202224145.00007334.sac@300baud.de> Message-ID: I know the palindrome day was yesterday (although the article missed several others in the 21st century). I am curious on how you were able to create a key with a certain fingerprint. On 2/2/2020 2:41 PM, Stefan Claas via Gnupg-users wrote: > Stefan Claas via Gnupg-users wrote: > >> Stefan Claas via Gnupg-users wrote: >> >>> Johan Wevers wrote: >>> >>>> On 02-02-2020 13:35, Stefan Claas via Gnupg-users wrote: >>>> >>>>> today is Palindrome-Day! >>>> You can always set your computer's clock to a different date if you like >>>> a specific creation date of course. >>> Correct, but I like to certify my key from Governikus, which then >>> should have the same signing date. :-) >> Done. :-) >> >> pub ed25519 2020-02-02 [SC] >> 8AC7C662F31E288412035A755834D78EC9DD2EDB >> uid [ unbekannt ] Stefan Claas (*offline key*) >> sig 3 5834D78EC9DD2EDB 2020-02-02 Stefan Claas (*offline key*) >> sig 3 1 5E5CCCB4A4BF43D7 2020-02-02 Governikus OpenPGP >> Signaturservice (Neuer Personalausweis) sub >> cv25519 2020-02-02 [E] sig 5834D78EC9DD2EDB 2020-02-02 Stefan Claas >> (*offline key*) > Since this day is so special (for me) I decided to do it again with a new (RSA) > key. But this time with a 'proper' Fingerprint, to celebrate this day. :-) > > 0202 2020 D638 E78F 4DFE 737C 419F 025C 897D B2E6 > > Regards > Stefan > From sac at 300baud.de Mon Feb 3 22:45:59 2020 From: sac at 300baud.de (Stefan Claas) Date: Mon, 3 Feb 2020 22:45:59 +0100 Subject: Maybe a good date to create a new key pair ... In-Reply-To: References: <20200202133549.0000320b.sac@300baud.de> <9536d342-9d0a-b977-734c-1a2cc2fecbd2@vulcan.xs4all.nl> <20200202162941.0000726e.sac@300baud.de> <20200202173240.000019cf.sac@300baud.de> <20200202224145.00007334.sac@300baud.de> Message-ID: <20200203224559.00004a8b.sac@300baud.de> Mark wrote: > I know the palindrome day was yesterday (although the article missed > several others in the 21st century). I am curious on how you were able > to create a key with a certain fingerprint. I used the (Windows) program scallion, from GitHub, with the following parameters: scallion --gpg -k 2048 02022020 That's all and it took less than five seconds to generate the private key. :-) That way you can also create keys with your birthday or deadbeef etc. After key generation you have to import the private key into GnuPG with '--allow-non-selfsigned-uid' to add a proper UID and passphrase. Regards Stefan -- NaClbox: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56 certified OpenPGP key blocks available on keybase.io/stefan_claas From vedaal at nym.hush.com Mon Feb 3 23:44:12 2020 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Mon, 03 Feb 2020 17:44:12 -0500 Subject: Maybe a good date to create a new key pair ... In-Reply-To: <20200203224559.00004a8b.sac@300baud.de> References: <20200202133549.0000320b.sac@300baud.de> <9536d342-9d0a-b977-734c-1a2cc2fecbd2@vulcan.xs4all.nl> <20200202162941.0000726e.sac@300baud.de> <20200202173240.000019cf.sac@300baud.de> <20200202224145.00007334.sac@300baud.de> <20200203224559.00004a8b.sac@300baud.de> Message-ID: <20200203224412.70F0B406F4@smtp.hushmail.com> On 2/3/2020 at 4:48 PM, "Stefan Claas via Gnupg-users" wrote:Mark wrote: > I know the palindrome day was yesterday (although the article missed > several others in the 21st century). I am curious on how you were able > to create a key with a certain fingerprint. I used the (Windows) program scallion, from GitHub, with the following parameters: scallion --gpg -k 2048 02022020 That's all and it took less than five seconds to generate the private key. :-) That way you can also create keys with your birthday or deadbeef etc. After key generation you have to import the private key into GnuPG with '--allow-non-selfsigned-uid' to add a proper UID and passphrase. ===== So, could you pipe in a script to create a fingerprint with the following form: n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 n13 n14 n15 n16 n17 n18 n19 n20 n20 n19 n18 n17 n16 n15 n14 n13 n12 n11 n10 n9 m8 n7 n6 n5 n4 n3 n2 n1 where each n is a character of (1, 2, 3, 4, 5, 6, 7, 8, 9, 0, A, B, C, D, E, F), and where each n is allowed to be repeated, as long as it is the same in its' corresponding mirror position, i.e., n1 can = n3 as long as it is present in the first, and third and thirty-eighth and fortieth position of the fingerprint). It might not be that simple, but it doesn't seem impossible, to create a Palindromic fingerprint, (and just reset your computer clock to 02/20/2020 at 02:20 am) 8^)) vedaal -------------- next part -------------- An HTML attachment was scrubbed... URL: From sac at 300baud.de Mon Feb 3 23:56:24 2020 From: sac at 300baud.de (Stefan Claas) Date: Mon, 3 Feb 2020 23:56:24 +0100 Subject: Maybe a good date to create a new key pair ... In-Reply-To: <20200203224412.70F0B406F4@smtp.hushmail.com> References: <20200202133549.0000320b.sac@300baud.de> <9536d342-9d0a-b977-734c-1a2cc2fecbd2@vulcan.xs4all.nl> <20200202162941.0000726e.sac@300baud.de> <20200202173240.000019cf.sac@300baud.de> <20200202224145.00007334.sac@300baud.de> <20200203224559.00004a8b.sac@300baud.de> <20200203224412.70F0B406F4@smtp.hushmail.com> Message-ID: <20200203235624.000014b8.sac@300baud.de> vedaal at nym.hush.com wrote: > On 2/3/2020 at 4:48 PM, "Stefan Claas via Gnupg-users" wrote:Mark > wrote: > > > I know the palindrome day was yesterday (although the article missed > > several others in the 21st century). I am curious on how you were > able > > to create a key with a certain fingerprint. > > I used the (Windows) program scallion, from GitHub, with the following > parameters: scallion --gpg -k 2048 02022020 > > That's all and it took less than five seconds to generate the private > key. :-) > > That way you can also create keys with your birthday or deadbeef etc. > > After key generation you have to import the private key into GnuPG > with '--allow-non-selfsigned-uid' to add a proper UID and passphrase. > > ===== > > So, could you pipe in a script to create a fingerprint with the > following form: > > n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 n13 n14 n15 n16 n17 n18 n19 n20 > > n20 n19 n18 n17 n16 n15 n14 n13 n12 n11 n10 n9 m8 n7 n6 n5 n4 n3 n2 n1 > > where each n is a character of (1, 2, 3, 4, 5, 6, 7, 8, 9, 0, A, B, C, > D, E, F), > and where each n is allowed to be repeated, as long as it is the same > in its' corresponding mirror position, > > i.e., n1 can = n3 as long as it is present in the first, and third > and thirty-eighth and fortieth position of the fingerprint). > > It might not be that simple, but it doesn't seem impossible, to create > a Palindromic fingerprint, > (and just reset your computer clock to 02/20/2020 at 02:20 am) 8^)) > vedaal The proplem is not piping etc., because I can input also a complete Fingerprint. The problem is the computation time, like the same as factoring a large modulus n. As an example I just did as input only the short string 'deadbeefdeadbeef' and it would take on my little GPU (see Predicted): scallion --gpg -k 2048 deadbeefdeadbeef Cooking up some delicious scallions... Using kernel optimized from file kernel.cl (Optimized4) Using work group size 32 Compiling kernel... done. Testing SHA1 hash... CPU SHA-1: d3486ae9136e7856bc42212385ea797094475802 GPU SHA-1: d3486ae9136e7856bc42212385ea797094475802 Looks good! LoopIteration:3689 HashCount:61891,15MH Speed:2886,7MH/s Runtime:00:00:21 Predicted:36980.10:50:46 Stopping the GPU and shutting down... Regards Stefan -- NaClbox: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56 certified OpenPGP key blocks available on keybase.io/stefan_claas From jcross at gmail.com Tue Feb 4 15:53:00 2020 From: jcross at gmail.com (Jonathan Cross) Date: Tue, 4 Feb 2020 15:53:00 +0100 Subject: Batch generate keys without revocation cert? In-Reply-To: References: Message-ID: > > On 2020-01-23 at 17:32 +0100, Jonathan Cross via Gnupg-users wrote: > > Hello, > I would like to batch generate keys, but *not* have a revocation cert > generated. > I do not see an option for this, how can it be done? > Thanks, Jonathan > > From: ?ngel > To: gnupg-users at gnupg.org > Subject: Re: Batch generate keys without revocation cert? > Hello Jonathan > See if this helps > > https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html > Anyway, you could always generate a revocation certificate and then > discard it. > Kind regards Thank you Angel, I am already making extensive use of batching, but (as you can see on the linked page), there is no option to remove revocation certificates from being generated. Was there something specific there that I overlooked? As you mentioned, I am deleting the revocation cert, but this is suboptimal. A bit of background... I was trying to use this for generating "vanity" keys (while using all of the gpg mechanics, entropy, etc) -- so I need it as fast as possible. I have come to see that this is far too slow to get an interesting key ID of my choosing, so I will continue looking into other options like this: https://github.com/osresearch/pgp-vanity-keygen (with modifications for Curve25519 added) If there was an option to provide my own fixed entropy, that would also be helpful as I'd like to create that using Diceware. If you have any suggestions, please let me know. Thanks! Jonathan -------------- next part -------------- An HTML attachment was scrubbed... URL: From sandra.franklin-king at thermofisher.com Tue Feb 4 21:43:25 2020 From: sandra.franklin-king at thermofisher.com (Franklin-King, Sandra M.) Date: Tue, 4 Feb 2020 20:43:25 +0000 Subject: US Government Message-ID: Hi I am inquiring as to this software has been reviewed and classified by the Bureau of Security with the US Government? Sandra Franklin-King LPD Trade Compliance Manager Thermo Fisher Scientific 28 Schenck Parkway, Suite 400 | Asheville, NC 28803 Phone +1 828 365 1221 | Mobile: +1 828 458 8747 sandra.franklin-king at thermofisher.com | www.thermoscientific.com ______________________________________________________________________ WORLDWIDE CONFIDENTIALITY NOTE: Dissemination, distribution or copying of this email or the information herein by anyone other than the intended recipient, or an employee or agent of a system responsible for delivering the message to the intended recipient, is prohibited. If you are not the intended recipient, please inform the sender and delete all copies. [iConnectBanner-LGBT-675x200 (1)] -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image003.jpg Type: image/jpeg Size: 9514 bytes Desc: image003.jpg URL: From gnupg at raf.org Tue Feb 4 23:26:52 2020 From: gnupg at raf.org (raf) Date: Wed, 5 Feb 2020 09:26:52 +1100 Subject: US Government In-Reply-To: References: Message-ID: <20200204222652.dakyubxnvka62hmq@raf.org> Franklin-King, Sandra M. via Gnupg-users wrote: > Hi > > I am inquiring as to this software has been reviewed and classified by the Bureau of Security with the US Government? > > Sandra Franklin-King > LPD Trade Compliance Manager > > Thermo Fisher Scientific > 28 Schenck Parkway, Suite 400 | Asheville, NC 28803 > Phone +1 828 365 1221 | Mobile: +1 828 458 8747 > sandra.franklin-king at thermofisher.com | www.thermoscientific.com The only Bureau of Security I could find via google is part of the California government, not the US government. If they are who you are referring to, you can contact them to ask at https://www.bsis.ca.gov/about_us/contact_us.shtml cheers, raf From azbigdogs at gmx.com Wed Feb 5 23:59:01 2020 From: azbigdogs at gmx.com (Mark) Date: Wed, 5 Feb 2020 15:59:01 -0700 Subject: Revoking a Lost Key Message-ID: Is there anyway to revoke an OLD LOST PGP key? I no longer have either the public or private keys but can find the KeyID. I'm guessing not but figured I'd ask just in case. Thanks From dgouttegattat at incenp.org Thu Feb 6 00:37:05 2020 From: dgouttegattat at incenp.org (Damien Goutte-Gattat) Date: Wed, 5 Feb 2020 23:37:05 +0000 Subject: Revoking a Lost Key In-Reply-To: References: Message-ID: <20200205233705.o44ut4njatxzjyz6@dynein.local.incenp.org> On Wed, Feb 05, 2020 at 03:59:01PM -0700, Mark wrote: >Is there anyway to revoke an OLD LOST PGP key? I no longer have either >the public or private keys but can find the KeyID. I'm guessing not but >figured I'd ask just in case. The revocation certificate needs to be signed by the private key, so without the private key it is indeed not possible. It is possible to ask a third party to revoke your key in your stead, but only if you have previously made said third party a "designated revoker" (something that needs to be done in advance, when you still have the private key). Since you cannot revoke, the only thing you may try is asking some of the people who certified your lost key (if any) to revoke their certification of your key. Cheers, - Damien -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: not available URL: From abbot at monksofcool.net Thu Feb 6 00:38:53 2020 From: abbot at monksofcool.net (Ralph Seichter) Date: Thu, 06 Feb 2020 00:38:53 +0100 Subject: Revoking a Lost Key In-Reply-To: References: Message-ID: <875zgk7gfm.fsf@wedjat.horus-it.com> * Mark: > Is there anyway to revoke an OLD LOST PGP key? I no longer have either > the public or private keys but can find the KeyID. As you guessed, it is not possible, because you require the private key in order to create a revocation. That's why it is recommended to create revocations (and storing them safely and separately) right after creating new keys, just for the case you describe, i.e. not having access to the original key material later on. -Ralph From chd at chud.net Thu Feb 6 00:07:04 2020 From: chd at chud.net (Chris DeYoung) Date: Wed, 5 Feb 2020 16:07:04 -0700 Subject: Revoking a Lost Key In-Reply-To: References: Message-ID: <34cfa5fe-48db-fa15-1995-8d32195661a3@chud.net> I wouldn't think you would want to be able to do that. If it can be done without the private key, then I can revoke your key for you... :-) -C On 2/5/2020 3:59 PM, Mark wrote: > Is there anyway to revoke an OLD LOST PGP key? I no longer have either > the public or private keys but can find the KeyID. I'm guessing not but > figured I'd ask just in case. > > Thanks > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From azbigdogs at gmx.com Thu Feb 6 16:33:14 2020 From: azbigdogs at gmx.com (Mark) Date: Thu, 6 Feb 2020 08:33:14 -0700 Subject: Revoking a Lost Key In-Reply-To: <34cfa5fe-48db-fa15-1995-8d32195661a3@chud.net> References: <34cfa5fe-48db-fa15-1995-8d32195661a3@chud.net> Message-ID: <7a0993bf-56b5-7c73-7e67-053a567059c7@gmx.com> I know there was is a HUGE downside to be able to do that guessed that is why it is not possible. On 2/5/2020 4:07 PM, Chris DeYoung wrote: > I wouldn't think you would want to be able to do that. If it can be > done without the private key, then I can revoke your key for you... :-) > > -C > > On 2/5/2020 3:59 PM, Mark wrote: >> Is there anyway to revoke an OLD LOST PGP key? I no longer have either >> the public or private keys but can find the KeyID. I'm guessing not but >> figured I'd ask just in case. >> >> Thanks >> >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users >> > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From azbigdogs at gmx.com Thu Feb 6 16:36:52 2020 From: azbigdogs at gmx.com (Mark) Date: Thu, 6 Feb 2020 08:36:52 -0700 Subject: Revoking a Lost Key In-Reply-To: <20200205233705.o44ut4njatxzjyz6@dynein.local.incenp.org> References: <20200205233705.o44ut4njatxzjyz6@dynein.local.incenp.org> Message-ID: <4bcbaeea-1a0f-ad82-8158-8e71b0f32fa4@gmx.com> I figured it was not possible but just wanted to double check. It is an OLD key from the 90s attached to an email address for a ISP that no longer exists so it's not really used. IF it was possible I would revoke it but since it is not, it will just live out there forever. On 2/5/2020 4:37 PM, Damien Goutte-Gattat wrote: > On Wed, Feb 05, 2020 at 03:59:01PM -0700, Mark wrote: >> Is there anyway to revoke an OLD LOST PGP key? I no longer have either >> the public or private keys but can find the KeyID. I'm guessing not but >> figured I'd ask just in case. > > The revocation certificate needs to be signed by the private key, so > without the private key it is indeed not possible. > > It is possible to ask a third party to revoke your key in your stead, > but only if you have previously made said third party a "designated > revoker" (something that needs to be done in advance, when you still > have the private key). > > Since you cannot revoke, the only thing you may try is asking some of > the people who certified your lost key (if any) to revoke their > certification of your key. > > Cheers, > > - Damien From azbigdogs at gmx.com Thu Feb 6 16:41:50 2020 From: azbigdogs at gmx.com (Mark) Date: Thu, 6 Feb 2020 08:41:50 -0700 Subject: Revoking a Lost Key In-Reply-To: <875zgk7gfm.fsf@wedjat.horus-it.com> References: <875zgk7gfm.fsf@wedjat.horus-it.com> Message-ID: <58cdd84d-8136-f14a-70e3-f695666eddeb@gmx.com> These were keys created in the 90s on probably 3 computers ago. I looked through some old CDs that I had laying around but they didn't have the saved keys. I don't use these keys anymore and having in over a decade. In fact the email address and even the entire ISP are long gone now.? I was just thinking if I could revoke them I would but it doesn't look like that is possible. On 2/5/2020 4:38 PM, Ralph Seichter via Gnupg-users wrote: > * Mark: > >> Is there anyway to revoke an OLD LOST PGP key? I no longer have either >> the public or private keys but can find the KeyID. > As you guessed, it is not possible, because you require the private key > in order to create a revocation. That's why it is recommended to create > revocations (and storing them safely and separately) right after > creating new keys, just for the case you describe, i.e. not having > access to the original key material later on. > > -Ralph > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From skquinn at rushpost.com Thu Feb 6 17:50:59 2020 From: skquinn at rushpost.com (Shawn K. Quinn) Date: Thu, 6 Feb 2020 10:50:59 -0600 Subject: Revoking a Lost Key In-Reply-To: <58cdd84d-8136-f14a-70e3-f695666eddeb@gmx.com> References: <875zgk7gfm.fsf@wedjat.horus-it.com> <58cdd84d-8136-f14a-70e3-f695666eddeb@gmx.com> Message-ID: <1c26361c-9073-a788-b550-274869cea438@rushpost.com> On 2/6/20 09:41, Mark wrote: > These were keys created in the 90s on probably 3 computers ago. I looked > through some old CDs that I had laying around but they didn't have the > saved keys. I don't use these keys anymore and having in over a decade. > In fact the email address and even the entire ISP are long gone now.? I > was just thinking if I could revoke them I would but it doesn't look > like that is possible. If the email address is dead, I wouldn't worry about that. I have old keys out there with FidoNet addresses on them, as well as cypherpunk-style remailer keys I forgot to revoke before shutting down the remailer and wiping the system. Stuff happens. -- Shawn K. Quinn http://www.rantroulette.com http://www.skqrecordquest.com From azbigdogs at gmx.com Fri Feb 7 15:46:31 2020 From: azbigdogs at gmx.com (Mark) Date: Fri, 7 Feb 2020 07:46:31 -0700 Subject: Revoking a Lost Key In-Reply-To: <1c26361c-9073-a788-b550-274869cea438@rushpost.com> References: <875zgk7gfm.fsf@wedjat.horus-it.com> <58cdd84d-8136-f14a-70e3-f695666eddeb@gmx.com> <1c26361c-9073-a788-b550-274869cea438@rushpost.com> Message-ID: I can't even remember what program I used to create them. I think it was when Symantec first started with the PGP program and was beta testing it. Anything that the keys encrypted is long gone anyway so not a huge loss. I just would have "properly dealt" with them if possible. I didn't think so, but figured I'd just in case. I remember the old FidoNet days. I was involved with QWK mail reader way back then. On 2/6/2020 9:50 AM, Shawn K. Quinn via Gnupg-users wrote: > On 2/6/20 09:41, Mark wrote: >> These were keys created in the 90s on probably 3 computers ago. I looked >> through some old CDs that I had laying around but they didn't have the >> saved keys. I don't use these keys anymore and having in over a decade. >> In fact the email address and even the entire ISP are long gone now.? I >> was just thinking if I could revoke them I would but it doesn't look >> like that is possible. > If the email address is dead, I wouldn't worry about that. I have old > keys out there with FidoNet addresses on them, as well as > cypherpunk-style remailer keys I forgot to revoke before shutting down > the remailer and wiping the system. Stuff happens. > From africa131 at protonmail.ch Sat Feb 8 17:27:26 2020 From: africa131 at protonmail.ch (africa131 at protonmail.ch) Date: Sat, 08 Feb 2020 16:27:26 +0000 Subject: Tor Download Verify Signature. Asc Prblem Message-ID: Hi, I am currently doing a course on online privacy. I have been trying to verify the signature on the 64 bit windows tor browser download. When I type in download directory I get 801 signature. asc for the signature file I downloaded with the tor browser 64 bit download. When I type the command gpg. exe - - verify signature. asc, I get the response, no signed data and can"t hash datafile:no data. Does anyone know how I can solve this problem? Greg Sent from ProtonMail mobile -------------- next part -------------- An HTML attachment was scrubbed... URL: From mirimir at riseup.net Sat Feb 8 21:23:13 2020 From: mirimir at riseup.net (Mirimir) Date: Sat, 8 Feb 2020 13:23:13 -0700 Subject: Tor Download Verify Signature. Asc Prblem In-Reply-To: References: Message-ID: On 02/08/2020 09:27 AM, africa131--- via Gnupg-users wrote: > Hi, > I am currently doing a course on online privacy. I have been trying to verify the signature on the 64 bit windows tor browser download. > When I type in download directory I get 801 signature. asc for the signature file I downloaded with the tor browser 64 bit download. > When I type the command gpg. exe - - verify signature. asc, I get the response, no signed data and can"t hash datafile:no data. Does anyone know how I can solve this problem? > > Greg It should be gpg.exe --verify [signature file].asc [download file] From mac3iii at gmail.com Sun Feb 9 22:44:42 2020 From: mac3iii at gmail.com (murphy) Date: Sun, 9 Feb 2020 16:44:42 -0500 Subject: swdb.lst problem Message-ID: With a new version of raspbian out for the raspberry pi I'm having trouble with a speedo compile of gnupg-2.2.19 with error messages: make -f /home/pi/Downloads/gnupg-2.2.19/build-aux/speedo.mk UPD_SWDB=1 TARGETOS=native WHAT=release WITH_GUI=0 all make[1]: Entering directory '/home/pi/Downloads/gnupg-2.2.19' download of swdb.lst failed. /home/pi/Downloads/gnupg-2.2.19/build-aux/speedo.mk:311: *** Error getting GnuPG software version database.? Stop. make[1]: Leaving directory '/home/pi/Downloads/gnupg-2.2.19' make: *** [build-aux/speedo.mk:73: native] Error 2 Also when I try to download swdb.lst directly it fails with: ~/Downloads/gnupg-2.2.19/build-aux $ sh getswdb.sh download of swdb.lst failed. This seemed to work fine a couple of days ago - anybody know how I can fix this? Thanks - Murphy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From gnupg-users at spodhuis.org Mon Feb 10 09:39:13 2020 From: gnupg-users at spodhuis.org (Phil Pennock) Date: Mon, 10 Feb 2020 03:39:13 -0500 Subject: swdb.lst problem In-Reply-To: References: Message-ID: <20200210083913.GA71415@tower.spodhuis.org> On 2020-02-09 at 16:44 -0500, murphy via Gnupg-users wrote: > With a new version of raspbian out for the raspberry pi I'm having > trouble with a speedo compile of gnupg-2.2.19 with error messages: > Also when I try to download swdb.lst directly it fails with: > > ~/Downloads/gnupg-2.2.19/build-aux $ sh getswdb.sh > download of swdb.lst failed. > > This seemed to work fine a couple of days ago - anybody know how I can > fix this? Wait for the GnuPG folks to notice that the certificate on https://versions.gnupg.org/ expired four days ago. Issued On Friday, November 8, 2019 at 7:39:18 PM Expires On Thursday, February 6, 2020 at 7:39:18 PM Regards, -Phil From wk at gnupg.org Mon Feb 10 11:21:28 2020 From: wk at gnupg.org (Werner Koch) Date: Mon, 10 Feb 2020 11:21:28 +0100 Subject: swdb.lst problem In-Reply-To: (murphy via Gnupg-users's message of "Sun, 9 Feb 2020 16:44:42 -0500") References: Message-ID: <875zgelp3r.fsf@wheatstone.g10code.de> On Sun, 9 Feb 2020 16:44, murphy said: > Also when I try to download swdb.lst directly it fails with: The certificate for version.gnupg.org expired. Actually it was renewed but due to a certificate update problem with another rarely used domain, pound was not restarted. I just fixed this all. Thanks for notifying us. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From Eric.Linner at fresenius-kabi.com Tue Feb 18 21:19:17 2020 From: Eric.Linner at fresenius-kabi.com (Eric Linner) Date: Tue, 18 Feb 2020 20:19:17 +0000 Subject: Building GnuPG for QNX 7 Message-ID: I'm a software developer working on an embedded application that runs on QNX 7. I would like to use GnuPG to create encrypted software update files and decrypt them on the target system. However, I'm having trouble building GnuPG for QNX 7. My development environment is Windows 10 and the target is x86 running 64-bit QNX 7. QNX supposedly has some support for cross compiling GNU projects but I haven't been able to successfully build and QNX has not been very helpful when I tried to get support on this. I think I have 2 options for approaching this, 1) pure QNX development tools (they have some limited posix tools like bash, etc. that run on Windows) or 2) Cygwin environment with some tricky setup to point to the QNX cross compiler, libraries, etc. Any suggestions for how I should proceed? Eric Linner Sr. Engineering Specialist, BU TCT Fresenius Kabi USA, LLC Three Corporate Drive Lake Zurich, Illinois 60047 Desk: +1 847-550-5672 Eric.Linner at fresenius-kabi.com www.fresenius-kabi.com/us This e-mail message is intended solely for the use of the addressee and may contain legally privileged and confidential information. If you are not the intended recipient or his/her representative, please be advised that any dissemination, distribution, copying, or the use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and please delete this message and all attachments from your computer. -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Thu Feb 20 13:20:04 2020 From: wk at gnupg.org (Werner Koch) Date: Thu, 20 Feb 2020 13:20:04 +0100 Subject: Building GnuPG for QNX 7 In-Reply-To: (Eric Linner via Gnupg-users's message of "Tue, 18 Feb 2020 20:19:17 +0000") References: Message-ID: <874kvl78nf.fsf@wheatstone.g10code.de> On Tue, 18 Feb 2020 20:19, Eric Linner said: > update files and decrypt them on the target system. However, I'm > having trouble building GnuPG for QNX 7. My development environment is > Windows 10 and the target is x86 running 64-bit QNX 7. QNX supposedly > has some support for cross compiling GNU projects but I haven't been > able to successfully build and QNX has not been very helpful when I My knowledge of QNX is a bit rusty since I worked on it in the 80ies. IIRC, it is for a long time now a standard Unix system and thus there should be no major problems to port GnuPG to QNX. Our build environment is designed to be run on a Unix system and for other platforms we prefer to cross-compile. Native building does only require standard Unix tools along with an C-90 compiler with a few C99 features. Porting to a new platform always involves evaluating entropy sources for the random number generator. Our basic Unix entropy gathering code supports QNX but it has probably not been checked in a long time and it might be better to make use of system or CPU provided entropy sources. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From fredrik.a.lindstrom at swedbank.se Thu Feb 20 13:53:23 2020 From: fredrik.a.lindstrom at swedbank.se (fredrik.a.lindstrom at swedbank.se) Date: Thu, 20 Feb 2020 12:53:23 +0000 Subject: Encrypted GPG files Message-ID: <22bed2c705034655843da1f5ecb2957d@SRV62316.fspa.myntet.se> Hi all, We receive PGP encrypted files from several external parties that uses many different tools to create PGP files and I have noticed a difference between these files that cumbers me. We never (well almost never) have issues with binary GPG files that starts with 0x85 0x01 ..... as the first 2 bytes in the binary file. Now I have received binary PGP files that starts with 0xC1 0xC0 ..... and have not been able to smoothly to decrypt these files. Every time I encrypt files then the binary output file always starts with 0x85 0x01 ..... and I am using version 2.2.9. How can I create PGP encrypted binary files that starts with 0xC1 0xC0 ..... ? Best Regards, Fredrik -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6487 bytes Desc: not available URL: From angel at pgp.16bits.net Thu Feb 20 23:28:33 2020 From: angel at pgp.16bits.net (=?ISO-8859-1?Q?=C1ngel?=) Date: Thu, 20 Feb 2020 23:28:33 +0100 Subject: Encrypted GPG files In-Reply-To: <22bed2c705034655843da1f5ecb2957d@SRV62316.fspa.myntet.se> References: <22bed2c705034655843da1f5ecb2957d@SRV62316.fspa.myntet.se> Message-ID: <1582237713.758.14.camel@16bits.net> On 2020-02-20 at 12:53 +0000, fredrik.a.lindstrom--- via Gnupg-users wrote: > Hi all, > > We receive PGP encrypted files from several external parties that uses > many different tools to create PGP files and I have noticed a > difference between these files that cumbers me. > > We never (well almost never) have issues with binary GPG files that > starts with 0x85 0x01 ..... as the first 2 bytes in the binary file. > Now I have received binary PGP files that starts with > 0xC0 ..... and have not been able to smoothly to decrypt these files. > > Every time I encrypt files then the binary output file always starts > with 0x85 0x01 ..... and I am using version 2.2.9. > > How can I create PGP encrypted binary files that starts with 0xC1 > 0xC0 ..... ? See https://tools.ietf.org/html/rfc4880#section-4.2 The files starting with 0xCx are using the "new packet" format A file starting with 0x85 0x01 mean: 0x80 ? The bit 7 is always set Bit 6 is not set, ergo it's in old format: - The packet tag is 1 (5 >> 2): Public-Key Encrypted Session Key Packet - The length is 1 (5 & 3): two-octet length (0x01 ...) A file starting with 0xC1 0xC0 would mean 0xC1 ? The bit 7 is always set Bit 6 is set, ergo it's in new format: Packet tag is 1 (0xC1 & 3F): Public-Key Encrypted Session Key Packet The length is provided by the next bytes, 0xC0 would be the start of a two-byte length header (from 192 to 8383 bytes) If you are not able to decode new format files, maybe it's a problem with your client? What do you mean by smoothly decoding them? Are you able to successfully decode them from the command line? I suspect that the problem may not actually be the packet format, but something else presented by the same client that is choosing new format (e.g. it could be choosing IDEA as cipher). Issuing a gpg --list-packets over the file will probably give you valuable information. Kind regards From wk at gnupg.org Fri Feb 21 18:38:23 2020 From: wk at gnupg.org (Werner Koch) Date: Fri, 21 Feb 2020 18:38:23 +0100 Subject: Encrypted GPG files In-Reply-To: <1582237713.758.14.camel@16bits.net> (=?utf-8?Q?=22=C3=81ngel?= =?utf-8?Q?=22's?= message of "Thu, 20 Feb 2020 23:28:33 +0100") References: <22bed2c705034655843da1f5ecb2957d@SRV62316.fspa.myntet.se> <1582237713.758.14.camel@16bits.net> Message-ID: <87ftf34z8w.fsf@wheatstone.g10code.de> Hi! Thanks for your analysis; I have one additional comment: On Thu, 20 Feb 2020 23:28, ?ngel said: > I suspect that the problem may not actually be the packet format, but > something else presented by the same client that is choosing new format > (e.g. it could be choosing IDEA as cipher). gpg support IDEA so that is can't be the problem. A more likely problem with older clients is that it does not support the MDC checksub we use for nearly 20 years. An easy test is to use the option --ignore-mdc-error for just this one message and if that works, asking the communication partner to update their software to something from the millenium. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From guru at unixarea.de Sat Feb 22 07:49:37 2020 From: guru at unixarea.de (Matthias Apitz) Date: Sat, 22 Feb 2020 07:49:37 +0100 Subject: command "SCD SERIALNO openpgp" not answered correctly Message-ID: <20200222064937.GA2325@c720-r342378> Hello, I'm preparing the move to a new FreeBSD version (bleeding edge CURRENT with all ports from beginning of February). My OpenPGP card works in the "Identiv uTrust 3512 SAM slot Token" fine on the new setup for decrypting my passwordstore and SSH. On the old system where GnuPG is 2.2.12, the 'gpg2 --card-status' says: $ gpg2 --card-status Reader ...........: 04E6:5816:55511725600891:0 Application ID ...: D27600012401020100050000532B0000 Version ..........: 2.1 Manufacturer .....: ZeitControl Serial number ....: 0000532B Name of cardholder: Matthias Apitz ... But on the new system it does work correctly. Here are the details: $ uname -a FreeBSD c720-r357756 13.0-CURRENT FreeBSD 13.0-CURRENT #2 r357756: Tue Feb 11 18:52:09 CET 2020 guru at jet:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 $ gpg2 --version gpg (GnuPG) 2.2.19 libgcrypt 1.8.5 Copyright (C) 2019 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /home/guru/.gnupg-ccid Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 $ gpg2 --card-status gpg: selecting card failed: Operation not supported by device gpg: OpenPGP card not available: Operation not supported by device $ gpg2 --card-edit gpg: selecting card failed: Operation not supported by device gpg: OpenPGP card not available: Operation not supported by device gpg/card> A trussing (it's like Linux strace) shows the offending dialog with the gpg-agent: $ truss -o tr gpg2 --card-status ... connect(3,{ AF_UNIX "/var/run/user/1001/gnupg/d.m4rfaasqebhjmgto9ddm6m7y/S.gpg-agent" },65) = 0 (0x0) read(3,"OK Pleased to meet you",1002) = 22 (0x16) read(3,"\n",980) = 1 (0x1) write(3,"RESET",5) = 5 (0x5) write(3,"\n",1) = 1 (0x1) read(3,"OK",1002) = 2 (0x2) read(3,"\n",1000) = 1 (0x1) mmap(0x0,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) = 34379100160 (0x801277000) mmap(0x0,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) = 34379104256 (0x801278000) write(3,"OPTION ttyname=/dev/pts/1",25) = 25 (0x19) write(3,"\n",1) = 1 (0x1) read(3,"OK",1002) = 2 (0x2) read(3,"\n",1000) = 1 (0x1) write(3,"OPTION ttytype=rxvt-unicode-256c"...,36) = 36 (0x24) write(3,"\n",1) = 1 (0x1) read(3,"OK",1002) = 2 (0x2) read(3,"\n",1000) = 1 (0x1) write(3,"OPTION display=:0",17) = 17 (0x11) write(3,"\n",1) = 1 (0x1) read(3,"OK\n",1002) = 3 (0x3) write(3,"OPTION xauthority=/home/guru/.Xa"...,40) = 40 (0x28) write(3,"\n",1) = 1 (0x1) read(3,"OK\n",1002) = 3 (0x3) write(3,"OPTION lc-ctype=es_ES.UTF-8",27) = 27 (0x1b) write(3,"\n",1) = 1 (0x1) read(3,"OK",1002) = 2 (0x2) read(3,"\n",1000) = 1 (0x1) write(3,"OPTION lc-messages=es_ES.UTF-8",30) = 30 (0x1e) write(3,"\n",1) = 1 (0x1) read(3,"OK",1002) = 2 (0x2) read(3,"\n",1000) = 1 (0x1) write(3,"GETINFO version",15) = 15 (0xf) write(3,"\n",1) = 1 (0x1) read(3,"D 2.2.19\n",1002) = 9 (0x9) read(3,"OK\n",1002) = 3 (0x3) write(3,"OPTION allow-pinentry-notify",28) = 28 (0x1c) write(3,"\n",1) = 1 (0x1) read(3,"OK\n",1002) = 3 (0x3) write(3,"OPTION agent-awareness=2.1.0",28) = 28 (0x1c) write(3,"\n",1) = 1 (0x1) read(3,"OK",1002) = 2 (0x2) read(3,"\n",1000) = 1 (0x1) write(3,"SCD GETINFO version",19) = 19 (0x13) write(3,"\n",1) = 1 (0x1) read(3,"D 2.2.19\n",1002) = 9 (0x9) read(3,"OK\n",1002) = 3 (0x3) write(3,"SCD SERIALNO",12) = 12 (0xc) write(3,"\n",1) = 1 (0x1) read(3,"ERR 100696144 Operation not supp"...,1002) = 54 (0x36) fstatat(AT_FDCWD,"/usr/share/nls/es_ES.UTF-8/libc.cat",0x7fffffffd570,0x0) ERR#2 'No such file or directory' fstatat(AT_FDCWD,"/usr/share/nls/libc/es_ES.UTF-8",0x7fffffffd570,0x0) ERR#2 'No such file or directory' fstatat(AT_FDCWD,"/usr/local/share/nls/es_ES.UTF-8/libc.cat",0x7fffffffd570,0x0) ERR#2 'No such file or directory' fstatat(AT_FDCWD,"/usr/local/share/nls/libc/es_ES.UTF-8",0x7fffffffd570,0x0) ERR#2 'No such file or directory' write(2,"gpg: selecting card failed: Oper"...,61) = 61 (0x3d) write(2,"\n",1) = 1 (0x1) On the old system the agent answers: write(3,"SCD SERIALNO openpgp",20) = 20 (0x14) write(3,"\n",1) = 1 (0x1) read(3,"S SERIALNO D27600012401020100050"...,1002) = 44 (0x2c) read(3,"OK\n",1002) = 3 (0x3) write(3,"LEARN --sendinfo",16) = 16 (0x10) write(3,"\n",1) = 1 (0x1) What could be causing this? Thanks matthias -- Matthias Apitz, ? guru at unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From guru at unixarea.de Sat Feb 22 10:13:56 2020 From: guru at unixarea.de (Matthias Apitz) Date: Sat, 22 Feb 2020 10:13:56 +0100 Subject: Fwd: security/pinentry-qt5 Message-ID: <20200222091356.GA132543@sh4-5.1blu.de> fyi; maybe it's a change somewhere in GnuPG land? ----- Forwarded message from Matthias Apitz ----- Date: Sat, 22 Feb 2020 10:11:20 +0100 From: Matthias Apitz To: jhale at FreeBSD.org, freebsd-ports at freebsd.org Subject: security/pinentry-qt5 Hello, I use security/pinentry-qt5 in KDE5 on FreeBSD CURRENT (all from SVN HEAD, compiled by my own, ports with poudriere on February, 11). security/pinentry-qt5 is used to unlock my OpenPGP card. In the past the pinentry-qt5 pop-up window have had automatically the focus, now the focus stays in the terminal window from one starts, for example, the SSH session und the PIN goes into the terminal window, visible to all and is executed as command on the remoe host and then there in the bash history. This is highly a security risk! Any idea how to avoid this or what triggered this change of behaviour? Thanks matthias _______________________________________________ freebsd-ports at freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org" ----- End forwarded message ----- -- Matthias Apitz, ? guru at unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub May, 9: ???????? ????????????! Thank you very much, Russian liberators! From info at dwbrown.biz Sun Feb 23 20:24:39 2020 From: info at dwbrown.biz (DW Brown) Date: Sun, 23 Feb 2020 13:24:39 -0600 Subject: Access secret key from C# asp.net website using Process class Message-ID: I have a public and private key on a Windows web server that I am able to use without problems using DOS commands. I can do import, encrypt, decrypt, list-secret-keys etc. I am trying to do the same from a web page. From a C# asp.net web page using the Process class, I can import a public key and encrypt a file. But I can not decrypt a file from the web page. From the web page, when I do a --list-keys, it only lists the public keys. From the web page, when I do a --list-secret-keys, it lists nothing. When I try to decrypt, the error output is: gpg: encrypted with 2048-bit RSA key, ID AAAAAAAAAAAAAAAA, created 2019-12-06 "Company A " gpg: decryption failed: No secret key My gpg cmd is: gpg --batch --trust-model always --pinentry-mode loopback --passphrase "xxxxxxxxxx" --output "D:\Websites\test.txt" --decrypt "D:\Websites\test.pgp" How can I access the secret-key from the web page? thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry at seibercom.net Mon Feb 24 13:44:10 2020 From: jerry at seibercom.net (Jerry) Date: Mon, 24 Feb 2020 07:44:10 -0500 Subject: Bulk removal of expired keys Message-ID: <20200224074410.5e61cd02@scorpio> On the URL: there is a listing for "pgpclean.ps1" that I have used successfully on my Windows machine. Is there any similar program for use on a FreeBSD based OS? My primary goal is to remove all expired keys and refresh the remaining ones if necessary. -- Jerry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Mon Feb 24 18:01:42 2020 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 24 Feb 2020 12:01:42 -0500 Subject: Bulk removal of expired keys In-Reply-To: <20200224074410.5e61cd02@scorpio> References: <20200224074410.5e61cd02@scorpio> Message-ID: <4a40bf1bba91ef62ff8243299bd8c7fa@mail.monkeyblade.net> On 2020-02-24 07:44, Jerry wrote: > > there is a listing for "pgpclean.ps1"... gpgclean.ps1. "PGP" is a registered trademark of Symantec. The free software version is GPG. > Is there any similar program for use on a > FreeBSD based OS? No, but if you give me until tonight there can be. From jerry at seibercom.net Mon Feb 24 19:59:21 2020 From: jerry at seibercom.net (Jerry) Date: Mon, 24 Feb 2020 13:59:21 -0500 Subject: Bulk removal of expired keys In-Reply-To: <4a40bf1bba91ef62ff8243299bd8c7fa@mail.monkeyblade.net> References: <20200224074410.5e61cd02@scorpio> <4a40bf1bba91ef62ff8243299bd8c7fa@mail.monkeyblade.net> Message-ID: <20200224135921.382be32f@scorpio> On Mon, 24 Feb 2020 12:01:42 -0500, Robert J. Hansen stated: >On 2020-02-24 07:44, Jerry wrote: >> >> there is a listing for "pgpclean.ps1"... > >gpgclean.ps1. "PGP" is a registered trademark of Symantec. The free >software version is GPG. > >> Is there any similar program for use on a >> FreeBSD based OS? > >No, but if you give me until tonight there can be. Well, if you are not going to put a rush on it, I guess I will have too. :) -- Jerry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From tlikonen at iki.fi Mon Feb 24 20:41:45 2020 From: tlikonen at iki.fi (Teemu Likonen) Date: Mon, 24 Feb 2020 21:41:45 +0200 Subject: Bulk removal of expired keys In-Reply-To: <20200224074410.5e61cd02@scorpio> References: <20200224074410.5e61cd02@scorpio> Message-ID: <87lfor6adi.fsf@iki.fi> jerry at seibercom.net [2020-02-24T07:44:10-05] wrote: > Is there any similar program for use on a FreeBSD based OS? My primary > goal is to remove all expired keys and refresh the remaining ones if > necessary. For the primary goal of removing expired keys: gpg --list-keys --with-colons | awk -F: ' $1 == "pub" && $2 == "e" {expired = 1} $1 == "fpr" && expired == 1 {print $10; expired = 0}' | \ xargs echo gpg --batch --yes --delete-keys Remove the "echo" when you are sure. -- /// OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450 // https://keys.openpgp.org/search?q=tlikonen at iki.fi / https://keybase.io/tlikonen https://github.com/tlikonen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 694 bytes Desc: not available URL: From gniibe at fsij.org Tue Feb 25 04:27:02 2020 From: gniibe at fsij.org (NIIBE Yutaka) Date: Tue, 25 Feb 2020 12:27:02 +0900 Subject: command "SCD SERIALNO openpgp" not answered correctly In-Reply-To: <20200222064937.GA2325@c720-r342378> References: <20200222064937.GA2325@c720-r342378> Message-ID: <878skrfit5.fsf@iwagami.gniibe.org> Matthias Apitz wrote: > On the old system where GnuPG is 2.2.12, the 'gpg2 --card-status' says: > > $ gpg2 --card-status > Reader ...........: 04E6:5816:55511725600891:0 > Application ID ...: D27600012401020100050000532B0000 > Version ..........: 2.1 > Manufacturer .....: ZeitControl > Serial number ....: 0000532B > Name of cardholder: Matthias Apitz > ... Good. You are using the internal CCID driver to access your card reader. > But on the new system it does work correctly. Here are the details: > > $ uname -a > FreeBSD c720-r357756 13.0-CURRENT FreeBSD 13.0-CURRENT #2 r357756: Tue Feb 11 18:52:09 CET 2020 guru at jet:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 [...] > What could be causing this? Most likely, it is a problem of permission of your usb device. Please check your /dev/usb/* (in your old system and in your new system). -- From john at jr0cket.co.uk Wed Feb 26 01:18:00 2020 From: john at jr0cket.co.uk (John Stevenson) Date: Wed, 26 Feb 2020 00:18:00 +0000 Subject: How to create an authinfo.gpg encrypted file with a GitHub token Message-ID: Hello everyone, I would like to store a GitHub personal access token in a file called ~/.authinfo.gpg so that the token is not stored unencrypted on my computer. This file would be used by Emacs to talk to GitHub via its API. I have never used GnuPGP before, although I have gnupg2 installed on Ubuntu Linux. After many searches, I have not found any information on how to do this. I am looking through the documentation on the https://gnupg.org/ website, but its unclear where to start reading. Thank you John -------------- next part -------------- An HTML attachment was scrubbed... URL: From abbot at monksofcool.net Wed Feb 26 13:08:27 2020 From: abbot at monksofcool.net (Ralph Seichter) Date: Wed, 26 Feb 2020 13:08:27 +0100 Subject: How to create an authinfo.gpg encrypted file with a GitHub token In-Reply-To: References: Message-ID: <87y2spv9dw.fsf@wedjat.horus-it.com> * John Stevenson: > This file would be used by Emacs to talk to GitHub via its API. While "used by Emacs" is quite unspecific and I possibly misunderstand your requirements, it suggests searching for "emacs gpg". Doing so returns many hits for Easy PG, so that might be a good place to start. -Ralph From sac at 300baud.de Wed Feb 26 16:57:09 2020 From: sac at 300baud.de (Stefan Claas) Date: Wed, 26 Feb 2020 16:57:09 +0100 Subject: Proposal - variable line width for ASCII armor output Message-ID: <20200226165709.00002117.sac@300baud.de> Hi Werner, I like to make a proposal for future versions of GnuPG, where a user can change the line witdh of ASCII armor output. The reason why I ask, I often see postings on social media sites and the output there looks horrible, IMHO. For myself, I would like to have this feature when also using such media or other chat apps etc. when I have to reply there with GnuPG. Mabye something like this could work gpg -a 32 etc. Regards Stefan -- Signal (Desktop) +4915126058973 https://keybase.io/stefan_claas From jc.gnupg18a at unser.net Wed Feb 26 14:20:11 2020 From: jc.gnupg18a at unser.net (Juergen Christoffel) Date: Wed, 26 Feb 2020 14:20:11 +0100 Subject: How to create an authinfo.gpg encrypted file with a GitHub token In-Reply-To: References: Message-ID: <20200226132011.GA3645@unser.net> On Wed, Feb 26, 2020 at 12:18:00AM +0000, John Stevenson wrote: >I would like to store a GitHub personal access token in a file called >~/.authinfo.gpg so that the token is not stored unencrypted on my >computer. This file would be used by Emacs to talk to GitHub via its API. Recent versions of Emacs (>= 23.x) offer EasyPG ("epa-mode") which handles GnuPG encrypted files easily. That might be a good place to start looking for what you might need. Just try to create /tmp/foo.gpg and save it. You should be asked for a recipient and/or a key. Or, if you're using org-mode, you could handle encrypted data there as it offers to encrypt/decrypt certain regions of .org files: https://orgmode.org/worg/org-tutorials/encrypting-files.html Cheers, JC -- If universal surveillance were the answer, lots of us would have moved to the former East Germany. If surveillance cameras were the answer, camera-happy London, with something like 500,000 of them at a cost of $700 million, would be the safest city on the planet. -- Bruce Schneier From vedaal at nym.hush.com Wed Feb 26 19:34:58 2020 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Wed, 26 Feb 2020 13:34:58 -0500 Subject: Proposal - variable line width for ASCII armor output In-Reply-To: <20200226165709.00002117.sac@300baud.de> Message-ID: <20200226183458.6E8A4406B9@smtp.hushmail.com> On 2/26/2020 at 11:27 AM, "Stefan Claas via Gnupg-users" wrote: >I like to make a proposal for future versions of GnuPG, >where a user can change the line witdh of ASCII armor >output. ===== It would not be compatible with older versions. The simplest thing for you, (or any users who prefer the aesthetics of a particular custom line width), would be to first make the GnuPG ascii armored message, then change it as you want to and copy, paste, and post, with a little note of how to change it back for verification. (fwiw, in my own experience, even the GnuPG clearsigned messages with it''s header and footer, are somewhat 'resented' in any non-crypto group, and often don't verify anyway because of minor alterations by the media posting) vedaal From sac at 300baud.de Wed Feb 26 19:54:48 2020 From: sac at 300baud.de (Stefan Claas) Date: Wed, 26 Feb 2020 19:54:48 +0100 Subject: Proposal - variable line width for ASCII armor output In-Reply-To: <20200226183458.6E8A4406B9@smtp.hushmail.com> References: <20200226165709.00002117.sac@300baud.de> <20200226183458.6E8A4406B9@smtp.hushmail.com> Message-ID: <20200226195448.000052c7.sac@300baud.de> vedaal at nym.hush.com wrote: > > > On 2/26/2020 at 11:27 AM, "Stefan Claas via Gnupg-users" > wrote: > > >I like to make a proposal for future versions of GnuPG, > >where a user can change the line witdh of ASCII armor > >output. > > ===== > > It would not be compatible with older versions. I remember from base64 encoders which have this feature that others which don't have this that decoding still works with older decoders. And to be honest, people should keep their (privacy) software up to date, IMHO, if they like to have that feature (should it be implemented) as well ... :-) > The simplest thing for you, (or any users who prefer the aesthetics of a > particular custom line width), would be to first make the GnuPG ascii armored > message, then change it as you want to and copy, paste, and post, with a > little note of how to change it back for verification. Well, I can do that, yes, but you can't expect that all users would go the extra mile, while this could be easily implemented. Regards Stefan -- Signal (Desktop) +4915126058973 https://keybase.io/stefan_claas From sac at 300baud.de Wed Feb 26 20:35:31 2020 From: sac at 300baud.de (Stefan Claas) Date: Wed, 26 Feb 2020 20:35:31 +0100 Subject: Proposal - variable line width for ASCII armor output In-Reply-To: References: <20200226183458.6E8A4406B9@smtp.hushmail.com> Message-ID: <20200226203531.000015ae.sac@300baud.de> Micha? G?rny wrote: > On Wed, 2020-02-26 at 13:34 -0500, vedaal via Gnupg-users wrote: > > > > On 2/26/2020 at 11:27 AM, "Stefan Claas via Gnupg-users" > > wrote: > > > > > I like to make a proposal for future versions of GnuPG, > > > where a user can change the line witdh of ASCII armor > > > output. > > > > ===== > > > > It would not be compatible with older versions. > > > > The simplest thing for you, (or any users who prefer the aesthetics of a > > particular custom line width), would be to first make the GnuPG ascii > > armored message, then change it as you want to and copy, paste, and post, > > with a little note of how to change it back for verification. > > > > Why 'change it back'? Unless I'm mistaken, GPG shouldn't have any real > problem with a different base64 width, as long as the overall layout is > preserved. I've just did a quick test and GPG is entirely happy with > the result after rewrapping at 50 chars, as well as after cheap > rewrapping with uneven lines. Just did a quick test ... :-) -----BEGIN PGP ARMORED FILE----- Comment: Use "gpg --dearmor" for unpacking VGhhbmtzIGZvciBwb2ludGluZyB0aGF0IG91dCEgSG VyZSBpcyBhIHF1aWNrCnRlc3Qgc2hvd2luZyB0aGF0 IGl0IHdvcmtzLgoKUmVnYXJkcwpTdGVmYW4K=cex4 -----END PGP ARMORED FILE----- Regards Stefan -- Signal (Desktop) +4915126058973 https://keybase.io/stefan_claas From vedaal at nym.hush.com Wed Feb 26 20:40:33 2020 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Wed, 26 Feb 2020 14:40:33 -0500 Subject: Proposal - variable line width for ASCII armor output In-Reply-To: References: <20200226183458.6E8A4406B9@smtp.hushmail.com> Message-ID: <20200226194033.98116406C0@smtp.hushmail.com> On 2/26/2020 at 2:03 PM, "Micha? G?rny" wrote: > >Why 'change it back'? Unless I'm mistaken, GPG shouldn't have any >real >problem with a different base64 width, as long as the overall >layout is >preserved. I've just did a quick test and GPG is entirely happy >with >the result after rewrapping at 50 chars, as well as after cheap >rewrapping with uneven lines. Yes, but not if the header, footer, comment line, or checksum are altered. If a comment line is wrapped, and the new line does not begin with a ':' Example: This should verify: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 just a test -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Acts of Kindness better the World, and protect the Soul iQIcBAEBCAAGBQJeVsTLAAoJEFBvT6HTX7GGNRIP/1Wf7wnKYc8EF6iff3ZT6x6h TI/ipE5X5jvQNo+rhsQm2AMQXHfTY7o9gYVFqkpy2XC3mTcKi/kKeFqRr6gHjPZS DcDhsLlMEMWix/QGx8v8JAARjoaHSoXMIegOjhkjAJs07nz16EbfhIoN9AnKUcap e4/KqzpVjAjT/Q1kToV8x2gllLBtAnwp/aOG0PAYEFkgOv7RwAKpNblI5+X1skCx 1c00i5J0hyXTmIe2vp2fPJzkyuIqhAkb9IG37rH0Rm1uTq/yIeYEuw16U5OBQABy JIiBVQQDdClPuAKHKZElT/TfRsfXgDpkj5NTV3AREJGESwrQeqrGdkwU8454pivB Ukhso5KQ3iseds/qmUSMsb4G8lJ+qu1Hri1GlRGurGcjhwIeQ8TQQ2BfQ8pbVHIZ UTCOIcqIpHbgAVzRVa/UsUFiqiCkPkS3sHIF1lz5tLbnoC0E1p6e2uA2mlXtvNNt HaXPFll+Xk7U1/OuNjnFFyjUs30yDpxLT4O+46I/hioH7zGisTFjJO1iEuSO0RqO QZ3jsyjjBEhIOC9Aiko9FMhXa6MvCqIembcFQUm2v0XoZSl6PBvtBJDmVmGvLt1P GvSmaHRbRCZaiYk/KmV3d7axJQHXmt2CyFIJvw28yFh85PrGnZN6F/0TZmwZSEKh fGTZanDrJYrys3425Fd4 =/Rbe -----END PGP SIGNATURE----- This, with the comment line wrapped, will not: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 just a test -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Acts of Kindness better the World, and protect the Soul iQIcBAEBCAAGBQJeVsTLAAoJEFBvT6HTX7GGNRIP/1Wf7wnKYc8EF6iff3ZT6x6h TI/ipE5X5jvQNo+rhsQm2AMQXHfTY7o9gYVFqkpy2XC3mTcKi/kKeFqRr6gHjPZS DcDhsLlMEMWix/QGx8v8JAARjoaHSoXMIegOjhkjAJs07nz16EbfhIoN9AnKUcap e4/KqzpVjAjT/Q1kToV8x2gllLBtAnwp/aOG0PAYEFkgOv7RwAKpNblI5+X1skCx 1c00i5J0hyXTmIe2vp2fPJzkyuIqhAkb9IG37rH0Rm1uTq/yIeYEuw16U5OBQABy JIiBVQQDdClPuAKHKZElT/TfRsfXgDpkj5NTV3AREJGESwrQeqrGdkwU8454pivB Ukhso5KQ3iseds/qmUSMsb4G8lJ+qu1Hri1GlRGurGcjhwIeQ8TQQ2BfQ8pbVHIZ UTCOIcqIpHbgAVzRVa/UsUFiqiCkPkS3sHIF1lz5tLbnoC0E1p6e2uA2mlXtvNNt HaXPFll+Xk7U1/OuNjnFFyjUs30yDpxLT4O+46I/hioH7zGisTFjJO1iEuSO0RqO QZ3jsyjjBEhIOC9Aiko9FMhXa6MvCqIembcFQUm2v0XoZSl6PBvtBJDmVmGvLt1P GvSmaHRbRCZaiYk/KmV3d7axJQHXmt2CyFIJvw28yFh85PrGnZN6F/0TZmwZSEKh fGTZanDrJYrys3425Fd4 =/Rbe -----END PGP SIGNATURE----- And, this will verify, but needs the gpg.conf line of ignore-mdc-error ignore-crc-error -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 just a test -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Acts of Kindness better the World, and protect the Soul iQIcBAEBCAAGBQJeVsTLAAoJEFBvT6HTX7GGNRIP/1Wf7wnKYc8EF6iff3ZT6x6h TI/ipE5X5jvQNo+rhsQm2AMQXHfTY7o9gYVFqkpy2XC3mTcKi/kKeFqRr6gHjPZS DcDhsLlMEMWix/QGx8v8JAARjoaHSoXMIegOjhkjAJs07nz16EbfhIoN9AnKUcap e4/KqzpVjAjT/Q1kToV8x2gllLBtAnwp/aOG0PAYEFkgOv7RwAKpNblI5+X1skCx 1c00i5J0hyXTmIe2vp2fPJzkyuIqhAkb9IG37rH0Rm1uTq/yIeYEuw16U5OBQABy JIiBVQQDdClPuAKHKZElT/TfRsfXgDpkj5NTV3AREJGESwrQeqrGdkwU8454pivB Ukhso5KQ3iseds/qmUSMsb4G8lJ+qu1Hri1GlRGurGcjhwIeQ8TQQ2BfQ8pbVHIZ UTCOIcqIpHbgAVzRVa/UsUFiqiCkPkS3sHIF1lz5tLbnoC0E1p6e2uA2mlXtvNNt HaXPFll+Xk7U1/OuNjnFFyjUs30yDpxLT4O+46I/hioH7zGisTFjJO1iEuSO0RqO QZ3jsyjjBEhIOC9Aiko9FMhXa6MvCqIembcFQUm2v0XoZSl6PBvtBJDmVmGvLt1P GvSmaHRbRCZaiYk/KmV3d7axJQHXmt2CyFIJvw28yFh85PrGnZN6F/0TZmwZSEKh fGTZanDrJYrys3425Fd4=/Rbe-----END PGP SIGNATURE----- vedaal From mgorny at gentoo.org Wed Feb 26 20:02:58 2020 From: mgorny at gentoo.org (=?UTF-8?Q?Micha=C5=82_G=C3=B3rny?=) Date: Wed, 26 Feb 2020 20:02:58 +0100 Subject: Proposal - variable line width for ASCII armor output In-Reply-To: <20200226183458.6E8A4406B9@smtp.hushmail.com> References: <20200226183458.6E8A4406B9@smtp.hushmail.com> Message-ID: On Wed, 2020-02-26 at 13:34 -0500, vedaal via Gnupg-users wrote: > > On 2/26/2020 at 11:27 AM, "Stefan Claas via Gnupg-users" wrote: > > > I like to make a proposal for future versions of GnuPG, > > where a user can change the line witdh of ASCII armor > > output. > > ===== > > It would not be compatible with older versions. > > The simplest thing for you, (or any users who prefer the aesthetics of a particular custom line width), > would be to first make the GnuPG ascii armored message, then change it as you want to and copy, paste, and post, > with a little note of how to change it back for verification. > Why 'change it back'? Unless I'm mistaken, GPG shouldn't have any real problem with a different base64 width, as long as the overall layout is preserved. I've just did a quick test and GPG is entirely happy with the result after rewrapping at 50 chars, as well as after cheap rewrapping with uneven lines. -- Best regards, Micha? G?rny -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 618 bytes Desc: This is a digitally signed message part URL: From info at adnplanet.com Wed Feb 26 21:09:18 2020 From: info at adnplanet.com (ADNPLANET) Date: Wed, 26 Feb 2020 17:09:18 -0300 Subject: GNUGP new key with old data under an old gnu version - how to fix it? Message-ID: <004101d5ece0$a1bf5cc0$e53e1640$@adnplanet.com> Hello I?m having this problem: I have running a BIG system made few years ago and the programmer is not working anymore. The system store few data in mySQL database using gnupg encryption. All was fine until few days ago, when the key expired. So i generate a new one and all was perfect. But... The new gnugp key was generated under version 2.0.22 and the data stored in database is under gnugp 1.45 Then.. ALL new record is encrypted perfectly and appears in the database, but the archive of a LOT records are missing, because the system is not displaying the data encrypted with the old version. My questions : 1 - is possible to dwongrade the GNUGP version to 1.45 in the server using cpanel + cloudlinux and then, re-generate the key using the old 1.45 version? 2 - or is possible to update the entire database to read the encrypted data wit the new key generated under the new version? 3 - or i?m doing something wrong ??? Thanks Fabian -------------- next part -------------- An HTML attachment was scrubbed... URL: From abbot at monksofcool.net Wed Feb 26 23:44:18 2020 From: abbot at monksofcool.net (Ralph Seichter) Date: Wed, 26 Feb 2020 23:44:18 +0100 Subject: Proposal - variable line width for ASCII armor output In-Reply-To: <20200226165709.00002117.sac@300baud.de> References: <20200226165709.00002117.sac@300baud.de> Message-ID: <874kvd9dfh.fsf@wedjat.horus-it.com> * Stefan Claas via Gnupg-users: > The reason why I ask, I often see postings on social > media sites and the output there looks horrible, IMHO. Fixed-width fun should do the trick. Besides, the ASCII armor format is meant to facilitate transporting key data in email, not to look pretty. Personally, I'd rather not see valuable developer time squandered on a purely aesthetic feature. -Ralph From sac at 300baud.de Thu Feb 27 00:13:13 2020 From: sac at 300baud.de (Stefan Claas) Date: Thu, 27 Feb 2020 00:13:13 +0100 Subject: Proposal - variable line width for ASCII armor output In-Reply-To: <20200226203531.000015ae.sac@300baud.de> References: <20200226183458.6E8A4406B9@smtp.hushmail.com> <20200226203531.000015ae.sac@300baud.de> Message-ID: <20200227001313.0000094b.sac@300baud.de> Stefan Claas via Gnupg-users wrote: > Micha? G?rny wrote: > > > On Wed, 2020-02-26 at 13:34 -0500, vedaal via Gnupg-users wrote: > > > > > > On 2/26/2020 at 11:27 AM, "Stefan Claas via Gnupg-users" > > > wrote: > > > > > > > I like to make a proposal for future versions of GnuPG, > > > > where a user can change the line witdh of ASCII armor > > > > output. > > > > > > ===== > > > > > > It would not be compatible with older versions. > > > > > > The simplest thing for you, (or any users who prefer the aesthetics of a > > > particular custom line width), would be to first make the GnuPG ascii > > > armored message, then change it as you want to and copy, paste, and post, > > > with a little note of how to change it back for verification. > > > > > > > Why 'change it back'? Unless I'm mistaken, GPG shouldn't have any real > > problem with a different base64 width, as long as the overall layout is > > preserved. I've just did a quick test and GPG is entirely happy with > > the result after rewrapping at 50 chars, as well as after cheap > > rewrapping with uneven lines. > > Just did a quick test ... :-) > > -----BEGIN PGP ARMORED FILE----- > Comment: Use "gpg --dearmor" for unpacking > > VGhhbmtzIGZvciBwb2ludGluZyB0aGF0IG91dCEgSG > VyZSBpcyBhIHF1aWNrCnRlc3Qgc2hvd2luZyB0aGF0 > IGl0IHdvcmtzLgoKUmVnYXJkcwpTdGVmYW4K=cex4 > -----END PGP ARMORED FILE----- Works also nicely with signatures. :-) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Zw?lf Boxk?mpfer jagen Victor quer ?ber den gro?en Sylter Deich. Gr??e Stefan -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEUmRPI2NxNYXBCN+dVv bYx6vEHHYFAl5W+UYACgkQVvbYx6vEHHZv DQf/dFmJOOkzNQrSYYeJAEFhAKpBJp55Vu Nx94PtuZR/6oj2ZK3TRwS8tIMRfiE4W3jQ RVS2yn9WNLRvsYEPKaGxNhK9p47xR/AQHH u2m+hdd7BcvSIAt3jwbI5Zi6L9/VcCsYpV 5CsvGB/qkqtasbJjNvVf+FmLNEyqIwIR9i EBS9E57kJzZbZn2AwT9CbF9iDvvC2bo61W bP6LYrS8dDydKLQag6/kHBVksTxN/vA2Yd LLqduADCdGnVGh1SAfh94fC/rUjZjzoFHD TTIUztQK4egbITVyyg9YhBNxxCtmc/bfri P2TgESE7pl1nyB8Q3vKHCusuZRnWf1e9X8 LbHkng===bv72 Regards Stefan -- Signal (Desktop) +4915126058973 https://keybase.io/stefan_claas From sac at 300baud.de Thu Feb 27 00:19:01 2020 From: sac at 300baud.de (Stefan Claas) Date: Thu, 27 Feb 2020 00:19:01 +0100 Subject: Proposal - variable line width for ASCII armor output In-Reply-To: <874kvd9dfh.fsf@wedjat.horus-it.com> References: <20200226165709.00002117.sac@300baud.de> <874kvd9dfh.fsf@wedjat.horus-it.com> Message-ID: <20200227001901.00002680.sac@300baud.de> Ralph Seichter via Gnupg-users wrote: > * Stefan Claas via Gnupg-users: > > > The reason why I ask, I often see postings on social > > media sites and the output there looks horrible, IMHO. > > Fixed-width fun should do the trick. Besides, the ASCII armor format is > meant to facilitate transporting key data in email, not to look pretty. > Personally, I'd rather not see valuable developer time squandered on > a purely aesthetic feature. I am aware of fixed-with fonts, but modern messengers or social media do not use them. And about valuable developer time, I guess Werner would only need a very very short time to implement this feature among the many many many other commands and parameters GnuPG has already accumulated over the years. :-) Regards Stefan -- Signal (Desktop) +4915126058973 https://keybase.io/stefan_claas From abbot at monksofcool.net Thu Feb 27 00:34:51 2020 From: abbot at monksofcool.net (Ralph Seichter) Date: Thu, 27 Feb 2020 00:34:51 +0100 Subject: Proposal - variable line width for ASCII armor output In-Reply-To: <20200227001901.00002680.sac@300baud.de> References: <20200226165709.00002117.sac@300baud.de> <874kvd9dfh.fsf@wedjat.horus-it.com> <20200227001901.00002680.sac@300baud.de> Message-ID: <87blpk6hyc.fsf@wedjat.horus-it.com> * Stefan Claas: > I am aware of fixed-with fonts, but modern messengers or social media > do not use them. I deliberately don't use "social" media, nor do I care about it. Also, if a modern messenger (whatever you may label as such) is not supporting fixed-width fonts, that's the messenger's fault, not something to be remedied by changing GnuPG. > I guess Werner would only need a very very short time to implement > this feature among the many many many other commands and parameters > GnuPG has already accumulated over the years. :-) Any change requires design, development and testing. In the case of GnuPG across platforms. That is why I consider your specific proposal a complete waste of resources -- which is not meant as critique of you as a person. -Ralph From gnupg-users at spodhuis.org Wed Feb 26 23:32:02 2020 From: gnupg-users at spodhuis.org (Phil Pennock) Date: Wed, 26 Feb 2020 17:32:02 -0500 Subject: How to create an authinfo.gpg encrypted file with a GitHub token In-Reply-To: References: Message-ID: <20200226223202.GA16586@fullerene> On 2020-02-26 at 00:18 +0000, John Stevenson wrote: > I would like to store a GitHub personal access token in a file called > ~/.authinfo.gpg so that the token is not stored unencrypted on my > computer. This file would be used by Emacs to talk to GitHub via its API. > > I have never used GnuPGP before, although I have gnupg2 installed on Ubuntu > Linux. Hide away GnuPG as a low-level detail and focus on "storing credentials for use". Take a serious look at Pass: which has an Emacs integration already, at: . (It's been 25 years since I last seriously used Emacs so I can't comment on that, and I don't actually use pass myself, as I independently created the same general thing in Python at about the same time as Pass was create, but the model definitely works since it works for me). -Phil From sac at 300baud.de Thu Feb 27 00:56:59 2020 From: sac at 300baud.de (Stefan Claas) Date: Thu, 27 Feb 2020 00:56:59 +0100 Subject: Proposal - variable line width for ASCII armor output In-Reply-To: <87blpk6hyc.fsf@wedjat.horus-it.com> References: <20200226165709.00002117.sac@300baud.de> <874kvd9dfh.fsf@wedjat.horus-it.com> <20200227001901.00002680.sac@300baud.de> <87blpk6hyc.fsf@wedjat.horus-it.com> Message-ID: <20200227005659.000061ae.sac@300baud.de> Ralph Seichter via Gnupg-users wrote: > * Stefan Claas: > > > I am aware of fixed-with fonts, but modern messengers or social media > > do not use them. > > I deliberately don't use "social" media, nor do I care about it. Also, > if a modern messenger (whatever you may label as such) is not supporting > fixed-width fonts, that's the messenger's fault, not something to be > remedied by changing GnuPG. It should be noted that a fixed-width font would not help in this case, because with my proposal we are talking about a line-length paramter. Regards Stefan -- Signal (Desktop) +4915126058973 https://keybase.io/stefan_claas From abbot at monksofcool.net Thu Feb 27 01:08:36 2020 From: abbot at monksofcool.net (Ralph Seichter) Date: Thu, 27 Feb 2020 01:08:36 +0100 Subject: Proposal - variable line width for ASCII armor output In-Reply-To: <20200227005659.000061ae.sac@300baud.de> References: <20200226165709.00002117.sac@300baud.de> <874kvd9dfh.fsf@wedjat.horus-it.com> <20200227001901.00002680.sac@300baud.de> <87blpk6hyc.fsf@wedjat.horus-it.com> <20200227005659.000061ae.sac@300baud.de> Message-ID: <87zhd4oprv.fsf@wedjat.horus-it.com> * Stefan Claas: > It should be noted that a fixed-width font would not help in this case, > because with my proposal we are talking about a line-length paramter. Making lines shorter to fit a vertical smartphone display? Or wider for horizontal displays? For whatever functional purpose? The key data is meant to be consumed by software, not to be visually pleasing to humans. I dare say you won't be able to convince me that your idea is beneficial in any way. ;-) -Ralph From andrewg at andrewg.com Thu Feb 27 11:31:35 2020 From: andrewg at andrewg.com (Andrew Gallagher) Date: Thu, 27 Feb 2020 10:31:35 +0000 Subject: GNUGP new key with old data under an old gnu version - how to fix it? In-Reply-To: <004101d5ece0$a1bf5cc0$e53e1640$@adnplanet.com> References: <004101d5ece0$a1bf5cc0$e53e1640$@adnplanet.com> Message-ID: <78f0de45-9608-0c33-80ae-b0e24f1807b0@andrewg.com> On 26/02/2020 20:09, ADNPLANET via Gnupg-users wrote: > > The new gnugp key was generated under version 2.0.22 and the data stored > in database is under gnugp 1.45 > Then.. ALL new record is encrypted perfectly and appears in the > database, but the archive of a LOT records are missing, because the > system is not displaying the data encrypted with the old version. Firstly, are you sure you have both the old and new keys in your private keyring? If an encryption key expires, it just means that nothing should be encrypted *to* it any more, but unless you believe that it has been compromised it is still safe to use to process existing data. So don't delete it. :-) If you do have the old key but it isn't decrypting the old data, then it may be because the old data is using an outdated format. Try passing the option --ignore-mdc-error and see what happens. Are there any error messages emitted? Can you export one of the encrypted blobs to local disk and decrypt it on the command line? > My questions : > > 1 - is possible to dwongrade the GNUGP version to 1.45 in the server > using cpanel + cloudlinux and then, re-generate the key using the old > 1.45 version? Yes, but I would only recommend this as a last resort. Also note that if you do this you will lose access to all your *new* data, which may be a worse outcome for you, depending on your use case. > 2 - or is possible to update the entire database to read the encrypted > data wit the new key generated under the new version? Yes, but it will depend on you being able to decrypt the old data so we should fix that problem first... > 3 - or i?m doing something wrong ??? Maybe, what *exactly* are you doing? Without divulging any secrets. :-) -- Andrew Gallagher -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From GubbaS at hnicorp.com Fri Feb 28 23:31:03 2020 From: GubbaS at hnicorp.com (Gubba, Srikanth (HNI Corp)) Date: Fri, 28 Feb 2020 22:31:03 +0000 Subject: Help me on this Message-ID: Hi , When I want to decryption for the encrypted file am getting below error message : . "ECHO --103124F0D4B45A2ECB6C46FC83D49E14F387B063BD7A0C8707|gpg --passphrase-fd 0 --homedir e:\Programs\GNU\GnuPG\bin --batch --no-greeting --verbose --yes --output \hniapps\dev\adp\employee\processing\Employee.csv --decrypt \hniapps\dev\adp\employee\processing\Employee.csv.pgp" gpg: public key is 7E5B6A6AB3392A8D gpg: using subkey 7E5B6A6AB3392A8D instead of primary key 1CC8C8AD84BF7E76 gpg: pinentry launched (8244 gtk2 1.1.0 - - -) gpg: using subkey 7E5B6A6AB3392A8D instead of primary key 1CC8C8AD84BF7E76 gpg: encrypted with 2048-bit ELG key, ID 7E5B6A6AB3392A8D, created 2018-06-12 "HNICorp " gpg: public key decryption failed: Timeout gpg: decryption failed: No secret key I have imported my private and public key and trusted ultimately but still getting same error message . Can you please help me on this. Thanks, Srikanth Gubba -------------- next part -------------- An HTML attachment was scrubbed... URL: