From jb-gnumlists at wisemo.com Sat Nov 1 08:08:27 2025 From: jb-gnumlists at wisemo.com (Jakob Bohm) Date: Sat, 1 Nov 2025 08:08:27 +0100 Subject: How to setup trust? In-Reply-To: <87pla3cca7.fsf@lispclub.com> References: <87pla3cca7.fsf@lispclub.com> Message-ID: <014efe78-eb8d-b653-478d-83c098a486c8@wisemo.com> On 31/10/2025 16:37, Daniel Cerqueira wrote: > Hi. > > Firstly, I am not subscribe to this list. Please, do reply my address > in the "To:", and the gnupg-users at gnupg.org in the "Cc:" field. Thanks! > > Second, I am trying to use the trust feature of GnuPG. My GnuPG uses > the trust model "pgp". > > Now, if I do `gpg -k ""` it shows this: > > --8<---------------cut here---------------start------------->8--- > pub ed25519/0x63113AE866587D0A 2018-09-28 [SC] [expires: 2027-01-31] > Key fingerprint = AEA8 4EDC F01A D86C 4701 C85C 6311 3AE8 6658 7D0A > uid [ unknown] wk at gnupg.org > uid [ unknown] werner at eifzilla.de > uid [ unknown] wk at g10code.com > uid [ unknown] werner.koch at gnupg.com > sub ed25519/0x19CC1C9E085B107A 2020-08-04 [S] > Key fingerprint = 8777 461F 2A07 4EBC 480D 3594 19CC 1C9E 085B 107A > sub brainpoolP384r1/0x2B999FA9CE046B1B 2021-06-28 [E] [expires: 2027-01-10] > Key fingerprint = A1DB 793D C236 63E7 F914 75D8 2B99 9FA9 CE04 6B1B > sub ky768_bp256/0x5CF9E3DE6BC9DA95 2025-02-06 [E] > Key fingerprint = 5CF9E 3DE6B C9DA9 57ED2 4B39E C2D29 580F7 0B3F8 AF14B 8D7BE > --8<---------------cut here---------------end--------------->8--- > > The "[ unknown]" is what shows the trust? Or it shows something else > (like PGP's concept of validity)? "Trust" is PGP's concept of validity.? Not sure if the --list-keys output prints out the full trust result, or only the calculated result from other signatures.? Someone else on the list has to answer that. > > Third, how can I make this 0x63113AE866587D0A key, to be marginally > trusted? The root of trust in the PGP model is to "ultimately trust" one of your own keys (not necessarily the one you use for regular e-mail), and then count the trust levels of keys that signed other keys. For gnupg, this ultimate trust is typically granted to all the keys for which your copy of gnupg stores the private key under your user account, plus any offline keys listed in the "--trusted-key" option (which is usually placed in a gnupg config file). On top of the default calculation of trust based on signatures tracing back to your trusts, gnupg has a personal database of "ownertrusts", which can be changed interactively with the command "gpg --edit-key" and saved with the command "gpg --export-ownertrust".? Usually, gnupg will prompt you to set the trust for any key where you have not yet set it.? Either when encountering the key in its calculations or when rerunning the calculculations with the command "gpg --update-trustdb" .?? Much more about this concept can be found in the gnupg handbook . > I have tried making a local signature with cert-level of 1 and also have > edited this key's `trust` to be "marginal", then "save". Afterwards, I > did an `gpg --update-trustdb`, and still I get the output above :-( . > > > I am not understanding how the GnuPG's trust feature works. I want to > learn. > > > Cheers for Freedom :-) , > Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded From dan.git at lispclub.com Sun Nov 2 02:32:11 2025 From: dan.git at lispclub.com (Daniel Cerqueira) Date: Sun, 02 Nov 2025 01:32:11 +0000 Subject: How to setup trust? In-Reply-To: <014efe78-eb8d-b653-478d-83c098a486c8@wisemo.com> (Jakob Bohm's message of "Sat, 1 Nov 2025 08:08:27 +0100") References: <87pla3cca7.fsf@lispclub.com> <014efe78-eb8d-b653-478d-83c098a486c8@wisemo.com> Message-ID: <87ecqhcj8k.fsf@lispclub.com> Jakob Bohm writes: > Much more about this concept can be found in the gnupg handbook . Thank you, Jakob, for this info. I haven't read all the GnuPG Handbook, yet. I am now reading all past mails to this list about "trust", am also reading GnuPG Privacy Handbook; all while reading the `man 1 gpg`. I will also be reading the GnuPG FAQ. So, it will take some time for me to getting back on this thread. Hopefully, after this investment in knowledge, I will get an understanding about the concept of Trust with GnuPG, the Web of Trust concept; in order to write Internet Log articles (in a Web Log -- Blog -- and in a Gopher Log -- Phlog) to clarify people about these concepts. Unfortunately, I believe there is a big misunderstanding about what the Web of Trust is, what is Trust to GnuPG, what is Ownertrust in GnuPG, and what is validity in GnuPG. I, myself, struggle with these concepts, even after having read a book about PGP 7 and an introduction to cryptography. Lastly, and most important, I want to thank Werner and all the GnuPG Hackers, for making GnuPG a reality. I really love this project. I also support the LibrePGP initiative; not meaning a defensive move only, but as a way for the future. Finally, thank you for you that keep this list a positive and welcoming environment for learning about GnuPG! I will be coming to this thread, when the time has come. Cheers for Freedom, -- The pioneers of a warless world are the youth that refuse military service. ~ Albert Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 901 bytes Desc: not available URL: From bwalzer at 59.ca Sun Nov 2 20:46:58 2025 From: bwalzer at 59.ca (Bruce Walzer) Date: Sun, 2 Nov 2025 13:46:58 -0600 Subject: My comments on: Legacy Encryption Downgrade Attacks against GnuPG In-Reply-To: <87ed6fb4g3.fsf@jacob.g10code.de> References: <87ed6fb4g3.fsf@jacob.g10code.de> Message-ID: This paper has been discussed on this list before. So I will assume possible interest and will post a link to my comments: Legacy Encryption Downgrade Attacks against LibrePGP and CMS: Some Comments https://articles.59.ca/doku.php?id=pgpfan:ledowngrade Bruce From rjh at sixdemonbag.org Thu Nov 6 20:53:26 2025 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 6 Nov 2025 14:53:26 -0500 Subject: GPGMEPP and C++ antipatterns Message-ID: <13fbd315-e6ba-453a-8403-4286976d3d0a@sixdemonbag.org> After using GPGMEPP for a week or so, I'm pleased with it. Somebody clearly put some thought into how to make it a properly C++ library, rather than just a thin wrapper around a C one. Whoever's responsible for that (Ingo?), thank you. However, I do have a couple of minor nits. (Of course I do. It's me.) First, a number of functions accept unsigned ints as a parameter. This involves a minor pain point for those of us working in environments that require us to follow the MISRA C++ guidelines. Admittedly, it's a one-letter fix: (*ctx).setKeyListMode(0); | becomes | V (*ctx).setKeyListMode(0U); but it would be nice if we could find some way to avoid one letter of syntactic sugar and let us express code in the most natural way. Second, MISRA has ? I can only call them _opinions_, shall we say ? on the subject of pointers. Look at, e.g., creating a new Context: auto ctx = unique_ptr(OpenPGP); if (nullptr == ctx) { // handle the error } Here there are two problems. The first is that GPGMEPP is using old-style enums rather than modern C++ class enums, which means they're not typesafe and it's harder for static analysis tools to detect when you're feeding in garbage. The second is that per MISRA, unique_ptrs and shared_ptrs should be created only by calls to make_unique and/or make_shared, not by direct application of the constructor. Hence, two more suggestions. First, replace all enums with C++ class enums, and second, make createForProtocol take a template parameter of the type of pointer to return, whether unique, shared, or raw. These minor problems aren't creating any obstacles to my development, just requiring me to fill out a small amount of paperwork documenting the deviations from MISRA. All in all I quite like GPGMEPP. Thanks for the code, guys. :) -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 236 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Thu Nov 6 22:00:52 2025 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 6 Nov 2025 16:00:52 -0500 Subject: GPGMEPP and C++ antipatterns In-Reply-To: <13fbd315-e6ba-453a-8403-4286976d3d0a@sixdemonbag.org> References: <13fbd315-e6ba-453a-8403-4286976d3d0a@sixdemonbag.org> Message-ID: <9142e0ea-7a5c-4c38-bf8f-9bf8f4c6cd36@sixdemonbag.org> > ????auto ctx = unique_ptr(OpenPGP); Gah! I was literally looking at my code while copying it and still somehow managed to goof it. "auto ctx = unique_ptr(Context::createForProtocol(OpenPGP));" -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 236 bytes Desc: OpenPGP digital signature URL: From johndoe65534 at mail.com Fri Nov 7 07:47:57 2025 From: johndoe65534 at mail.com (john doe) Date: Fri, 7 Nov 2025 07:47:57 +0100 Subject: GPGMEPP and C++ antipatterns In-Reply-To: <13fbd315-e6ba-453a-8403-4286976d3d0a@sixdemonbag.org> References: <13fbd315-e6ba-453a-8403-4286976d3d0a@sixdemonbag.org> Message-ID: On 11/6/25 20:53, Robert J. Hansen via Gnupg-users wrote: > After using GPGMEPP for a week or so, I'm pleased with it. Somebody > clearly put some thought into how to make it a properly C++ library, > rather than just a thin wrapper around a C one. Whoever's responsible > for that (Ingo?), thank you. > > However, I do have a couple of minor nits. (Of course I do. It's me.) > I'm not sure why you are posting this here instead of patching this up and creating a PR. -- John Doe From wk at gnupg.org Fri Nov 7 09:53:09 2025 From: wk at gnupg.org (Werner Koch) Date: Fri, 07 Nov 2025 09:53:09 +0100 Subject: GPGMEPP and C++ antipatterns In-Reply-To: (john doe via Gnupg-users's message of "Fri, 7 Nov 2025 07:47:57 +0100") References: <13fbd315-e6ba-453a-8403-4286976d3d0a@sixdemonbag.org> Message-ID: <87v7jmz0ju.fsf@jacob.g10code.de> On Fri, 7 Nov 2025 07:47, john doe said: > I'm not sure why you are posting this here instead of patching this up > and creating a PR. Because a mailing list is a better media than a bug tracker because it reaches a muchwider audience. The bug tracker is only monitored by a few hackers. gnupg-devel might have been more appropriate but gnupg-user may also mean users of GPGME. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 284 bytes Desc: not available URL: From jtbaldikoski at gmail.com Fri Nov 7 01:47:22 2025 From: jtbaldikoski at gmail.com (Jack Baldikoski) Date: Thu, 6 Nov 2025 16:47:22 -0800 Subject: Question/Bug? Message-ID: I've tried following Thunderbird's instructions here to make my private key RFC 4880-compatible with the --rfc4880 flag, but GPG does not change any of the feature flags. Am I doing something wrong? Jack -------------- next part -------------- An HTML attachment was scrubbed... URL: From alci at mecadu.org Fri Nov 7 11:43:58 2025 From: alci at mecadu.org (Franck Routier (Personnel)) Date: Fri, 7 Nov 2025 11:43:58 +0100 Subject: No PIN asked for with libpam-poldi Message-ID: <95ba74c7-5a90-4e7e-8df4-c21bb1a554b3@mecadu.org> Hi, I'm trying to use my Yubikey with libpam-poldi to sudo on a Ubuntu based OS (Tuxedo OS). My card is working: $ gpg --card-status Reader ...........: Yubico YubiKey OTP FIDO CCID 00 00 Application ID ...: Dxxxxxxxxxxxxxxxxxxxxxxxxxxxx Application type .: OpenPGP Version ..........: 3.4 Manufacturer .....: Yubico [...] When using pass password manager, I am asked for a PIN to unlock the card, touch it and I get my password unencrypted. It also works with browserpass Firefox extension. So far so good. Now, I have setup libpam-poldi: - created the /etc/poldi/localdb/users and linked my user with the Application ID - created the /etc/poldi/localdb/keys/MyAppID file, with sudo sh -c 'gpg-connect-agent "/datafile /etc/poldi/localdb/keys/MyAppID" "SCD READKEY --advanced OPENPGP.3" /bye' My .gnupg/scdaemon.conf file looks like this: disable-ccid My /etc/pam.d/sudo and /etc/pam.d/sudo-i have auth sufficient pam_poldi.so And finally .gnupg/gpg-agent.conf looks like: pinentry-program /usr/bin/pinentry-qt debug-lvel 3 enable-ssh-support ttyname $GPG_TTY default-cache-ttl 60 max-cache-ttl 120 Nos, when I try to sudo, I am asked to insert my card, and asked for a password, but never for a PIN: $sudo su Insert authentication card for user `franck' Trying authentication as user `franck'... [sudo] password for franck: Journalctl -f shows: gpg-agent[13666]: scdaemon[13666]: detected reader 'Yubico YubiKey OTP+FIDO+CCID 00 00' gpg-agent[13666]: scdaemon[13666]: detected reader 'Yubico YubiKey OTP+FIDO+CCID 00 00' But I am never given the opportunity to unlock the card... Any idea to fix or to troubleshoot this ? Thanks Franck -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Fri Nov 7 14:20:25 2025 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 7 Nov 2025 08:20:25 -0500 Subject: The community fringe (was GPGMEPP) In-Reply-To: References: <13fbd315-e6ba-453a-8403-4286976d3d0a@sixdemonbag.org> Message-ID: > I'm not sure why you are posting this here instead of patching this up > and creating a PR. A couple of solid ones. 1. Do I understand things correctly? We're not talking about a bug fix, we're talking about architectural and API changes. These are not things to be done lightly. Discussing proposed changes before going through the work of implementing them is generally a better option. 2. I'm a former government-funded digital forensics researcher who has delivered research results at NSA. That's enough to make me permanently suspect in the eyes of some people in the community. For this reason I don't touch the code. I don't want anyone who might be thinking of using GnuPG decide "no, no, I can't trust it, they accept patches from people with NSA ties." #2 also has a disturbing aspect of there are people in this community who are clinically paranoid and mentally ill. 95% of these people are harmless victims of a terrible mental illness who deserve our love, support, and understanding. 5% of these people send me unhinged emails threatening my life. ===== If you are legitimate, wait three days for me to cool down you asshole. I have sat here and tolerated the pandering to Windows people the Gnu people have been telling Microsoft people are stupid long enough. Personally, these statements by you are TOTALLY out of character to ***EVERYTHING*** I have heard from Werner Koch and others say for years. I have assumed all during this time that Werner and the others are much more intelligent than me (true). I have also assumed that they are so busy that they haven't had time to do much of anything else (that I don't know the truth of). I don't give a damn how many people have signed your god-damn keys. THAT IS WHY I SAY, IF YOU ARE A GOD-DAMN FBI AGENT YOU GO TO HELL!!! I WILL KILL YOU, YOU SON OF SATAN!!! This message is signed and encrypted. Take it for what it is worth. If the filthy United States would allow me to adopt my nom-de-guerre as legitimate legal alias I would do so and MAYBE (*JUST* *MAYBE*) the signing of this message would have more meaning to you. I doubt it though. ===== Really, folks, that's what some users send me. That's about one-sixth of the complete email, which is ? well, much the same as that excerpt. That guy also dug up my home address, my employer, and my phone number. I had to get the police involved and it was a bad experience for everyone. Also remember that when the SKS keyserver network was poisoned by certificates sporting hundreds of thousands of spurious signatures, that was almost certainly done by someone who believed they needed to "save the GnuPG ecosystem". The fact they used the certificates of Daniel Kahn Gillmor and myself to wage this attack also tells you who this deranged person thought GnuPG needed to be saved from. The more I touch the code, the more the nutcases like the key-poisoner are incentivized to act. So, yeah. As a general rule I don't touch the code unless explicitly invited. I don't want to cause anyone to lose faith in GnuPG, and I don't want to provoke the crazies into "saving GnuPG". -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 236 bytes Desc: OpenPGP digital signature URL: From kloecker at kde.org Fri Nov 7 15:56:58 2025 From: kloecker at kde.org (Ingo =?UTF-8?B?S2zDtmNrZXI=?=) Date: Fri, 07 Nov 2025 15:56:58 +0100 Subject: No PIN asked for with libpam-poldi In-Reply-To: <95ba74c7-5a90-4e7e-8df4-c21bb1a554b3@mecadu.org> References: <95ba74c7-5a90-4e7e-8df4-c21bb1a554b3@mecadu.org> Message-ID: <4634150.niJfEyVGOH@daneel> On Freitag, 7. November 2025 11:43:58 Mitteleurop?ische Normalzeit Franck Routier (Personnel) via Gnupg-users wrote: > I'm trying to use my Yubikey with libpam-poldi to sudo on a Ubuntu based > OS (Tuxedo OS). [...] > My .gnupg/scdaemon.conf file looks like this: > disable-ccid > > My /etc/pam.d/sudo and /etc/pam.d/sudo-i have auth sufficient pam_poldi.so > > And finally .gnupg/gpg-agent.conf looks like: > pinentry-program /usr/bin/pinentry-qt > debug-lvel 3 Typo? In any case, avoid the weird debug-level setting. Use "debug ipc" instead. Also set log-file so that the logs don't end up in some random place (or nowhere). > enable-ssh-support > ttyname $GPG_TTY > default-cache-ttl 60 > max-cache-ttl 120 > > > Nos, when I try to sudo, I am asked to insert my card, and asked for a > password, but never for a PIN: > > $sudo su > Insert authentication card for user `franck' > Trying authentication as user `franck'... > [sudo] password for franck: Very likely gpg-agent fails to start pinentry-qt or pinentry-qt fails to start because there's no window manager running. Try using pinentry-curses or pinentry-tty instead of pinentry-qt if you are anyway using the terminal. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 265 bytes Desc: This is a digitally signed message part. URL: From alci at mecadu.org Fri Nov 7 18:36:43 2025 From: alci at mecadu.org (Franck Routier (Personnel)) Date: Fri, 7 Nov 2025 18:36:43 +0100 Subject: No PIN asked for with libpam-poldi In-Reply-To: <4634150.niJfEyVGOH@daneel> References: <95ba74c7-5a90-4e7e-8df4-c21bb1a554b3@mecadu.org> <4634150.niJfEyVGOH@daneel> Message-ID: <97fb7b4a-67c1-46a6-989b-48cd32c060ec@mecadu.org> > Typo? In any case, avoid the weird debug-level setting. Use "debug ipc" > instead. Also set log-file so that the logs don't end up in some random place > (or nowhere). Yes typo. I removed it alltogether for now: pinentry-program /usr/bin/pinentry-qt enable-ssh-support ttyname $GPG_TTY default-cache-ttl 60 max-cache-ttl 120 > Very likely gpg-agent fails to start pinentry-qt or pinentry-qt fails to start > because there's no window manager running. Try using pinentry-curses or > pinentry-tty instead of pinentry-qt if you are anyway using the terminal. In fact gpg-agent seems to be able to call pinentry-qt, as when I use pass or browserpass, it works and I get a pretty pinentry window... That said, switching to pinentry-tty does not solve the problem with pam. In fact I can see pinentry-tty working with pass and failing with sudo in the same terminal session: $ pass perso/ameli.fr Please unlock the card Number: 10 955 601 Holder: Franck Routier PIN: ************************* $ sudo su Insert authentication card for user `franck' Trying authentication as user `franck'... [sudo] password for franck: Franck -------------- next part -------------- An HTML attachment was scrubbed... URL: