Making the case for smart cards for the average user

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Tue Apr 7 14:39:57 CEST 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Tuesday 7 April 2015 at 4:34:05 AM, in
<mid:5523502D.1060107 at adversary.org>, Ben McGinnes wrote:


> The function and operation you're after is reasonable,
> no arguments there, my question is whether this is
> something which is actually a fault with GPG or if it's
> your MUA.

I don't believe it to be a fault with either.



> I strongly suspect the latter and here's
> why:

> Using one of the more unique UIDs on my key (the 4th
> one) if I enter that in the Enigmail Key Management
> window it returns my current key.

We are talking at cross-purposes.

When I look at that UID:-

     Ben McGinnes <ben.mcginnes at pirate.org.au>

I see angle brackets around the email address, in the usual way.

I was talking about what happens when the angle brackets are not
there.

If I generate a key with the UID of:-

   Test20150407 user at example.com

and try to encrypt an email to user at example.com it fails.

If I add the UID:-

   Test20150407 <user at example.com>

and try again, it just works.




> bash4-4.3$ gpg -k <ben.mcginnes at pirate.org.au>
> bash4: syntax error near unexpected token `newline'
> bash4-4.3$
>
> An alternative character escape method drives this home:
>
> bash4-4.3$ gpg -k \<ben.mcginnes at pirate.org.au>
> bash4: syntax error near unexpected token `newline'
> bash4-4.3$ gpg -k <ben.mcginnes at pirate.org.au\>
> bash4: ben.mcginnes at pirate.org.au>: No such file or directory
> bash4-4.3$ gpg -k \<ben.mcginnes at pirate.org.au\>
> pub   rsa4096/0x321E4E2373590E5D 2012-07-28
> uid                 [ultimate] Ben McGinnes <ben at adversary.org>
> uid                 [ultimate] Ben McGinnes <ben.mcginnes at pirate.org.au>
> sub   rsa3072/0x7FF2D37135C7553C 2012-07-28
> sub   elg4096/0xC98BAA1862E4484D 2012-07-28


> Furthermore, if I put another string after the line
> that produced that second error message I'll end up
> with a text file with that name containing the gpg
> output with no output to the screen.  I'm reasonably
> sure that if you do the same thing in a DOS terminal
> you'll get similar or possibly identical results.


Out of interest, yes:-

C:\TDM-GCC-32>gpg -k <ben.mcginnes at pirate.org.au>
The syntax of the command is incorrect.
C:\TDM-GCC-32>
C:\TDM-GCC-32>gpg -k ^<ben.mcginnes at pirate.org.au^>
gpg: using character set 'utf-8'
gpg: using PGP trust model
gpg: key 0xxxxxxxxxxxxxxxxx: accepted as trusted key

Keyring: C:/[...]/pubring.kbx
- --------------------------------------------------------------------------------
- ---
pub   rsa4096/0x321E4E2373590E5D 2012-07-28
      Key fingerprint = DB47 24E6 FA42 86C9 2B4E  55C4 321E 4E23 7359 0E5D
uid                 [  full  ] Ben McGinnes <ben at adversary.org>
uid                 [  full  ] Ben McGinnes (backup email address) <benmcginnes@
gmail.com>
uid                 [  full  ] Ben McGinnes <ben.mcginnes at pirate.org.au>
uid                 [  full  ] Ben McGinnes <ben.mcginnes at pirateparty.org.au>
sub   rsa3072/0x7FF2D37135C7553C 2012-07-28
sub   elg4096/0xC98BAA1862E4484D 2012-07-28


C:\TDM-GCC-32>gpg -k ^<ben.mcginnes at pirate.org.au>
The syntax of the command is incorrect.

C:\TDM-GCC-32>gpg -k <ben.mcginnes at pirate.org.au^>
The filename, directory name, or volume label syntax is incorrect.

C:\TDM-GCC-32>



> If
> so, then chances are pretty good that The Bat! is doing
> it wrong.

I disagree. That is me doing it on the command line. What The Bat!
does works, except in the event the email address is stated without
the usual angle brackets in the key's UID (or, if the email address is
the name on a group line, it appears there without angle brackets).



> Yes, that's the point, they're the 4 most likely ways a
> mail client might send a UID to GPG to look for a key,
> that was intentional.


Quotation marks aside, gpg.man says to include the angle brackets to
specify a key by an exact match on an email address. But that just
seems to be an example of substring match, where you pass the
substring, optionally prepended with an asterisk. And, of course, if
the first and last characters of the substring passed for matching are
not present in the key's UID there is no match.



> Right, so for the MUA to match them as a string they do
> indeed need to be escaped and it is precisely that
> behaviour which The Bat! needs to implement for it to
> just work.

The issue you refer to with The Bat! is not a difficulty in passing
the angle brackets as part of the string to match; that bit works. As
evidenced by my need to begin my PGPNET group line with:-

      group <pgpnet at yahoogroups.com>=

rather than:-

       group pgpnet at yahoogroups.com=

the issue is an inability to match with something that is not there.

Which is not a fault in GnuPG nor in the MUA.



- --
Best regards

MFPA                  <mailto:2014-667rhzu3dc-lists-groups at riseup.net>

All generalisations are dangerous, even this one.
-----BEGIN PGP SIGNATURE-----

iQF8BAEBCgBmBQJVI9A7XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwt60H/iQj+J9ffLPPOXP/4Msu7tFb
mLc2WaatdQ0j7QG9GAkF1BPSY2yf1q/PkvgTfo7NwJV91OM1b3Ap00KftbfE3gJO
5m2HRfVcIyWH71Tz9T7/b4jc688HK7RqdmFKYB6B3Yaf7sK7Lq4vE+ERLETXOeqG
/KjP0wHr/1EDCZ4O82rWiRonxJGmQtO620t27iuLtE5A7EZ8AmDtL4iaaEun+p/X
rTgKzemVeNo0IQxpkPS6Jh7Vk1jHP34/o8ZIPL2FB+0gNOGLbS7MkaHp2au/wLsk
lC8Qopp3Z4hfHahdZLpnd0Gqa+h/c9tZsL6D5Rn5EnkNdRCb774mPET0JVR3aBqI
vgQBFgoAZgUCVSPQRV8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45E1RAQByUOZfxKuMWOd3jkGn6UZzRmvP
TfvWGxBi08vBJlMMiQEAkS/BINLexVvOJCgwpALUnYDpviY+TxpiDV2cVWB/+gE=
=EpmT
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list