installing version 2.1.4 in Debian 8.0 (Jessie)

Rex Kneisley rex.k at me.com
Wed May 27 06:22:34 CEST 2015


Thank you for all of the thoughtful replies. I think i will try the experimental version within Debian. This sounds like the most stable and strait-forward way to use the latest (close enough) version in Debian 8.0.

As a follow up. Since, version 1.4 is also installed, my assumption is that using "gpg" on the command line invokes 1.4, and using "gpg2" on the command line invokes 2.x. Is my assumption correct?

If so, is there any way to make the command "gpg" invoke version 2.x? It is a bit tedious to add the 2 on every command to ensure I am invoking version 2.x

Rex

Sent from my iPad

> On May 26, 2015, at 7:41 PM, gnupg-users-request at gnupg.org wrote:
> 
> Send Gnupg-users mailing list submissions to
>    gnupg-users at gnupg.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>    http://lists.gnupg.org/mailman/listinfo/gnupg-users
> or, via email, send a message with subject or body 'help' to
>    gnupg-users-request at gnupg.org
> 
> You can reach the person managing the list at
>    gnupg-users-owner at gnupg.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Gnupg-users digest..."
> 
> 
> Today's Topics:
> 
>   1. Re: Trying to install version 2.1.4 (Peter Lebbing)
>   2. Re: Trying to install version 2.1.4 (Antony Prince)
>   3. Re: Trying to install version 2.1.4 (Peter Lebbing)
>   4. Random Seed for Generating PGP Keys (George Lee)
>   5. Re: Random Seed for Generating PGP Keys (kendrick eastes)
>   6. Re: Random Seed for Generating PGP Keys (Jean-David Beyer)
>   7. Re: Random Seed for Generating PGP Keys (NIIBE Yutaka)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Sun, 24 May 2015 12:58:21 +0200
> From: Peter Lebbing <peter at digitalbrains.com>
> To: Rex Kneisley <rex.k at me.com>, gnupg-users at gnupg.org
> Subject: Re: Trying to install version 2.1.4
> Message-ID: <5561AECD.3080901 at digitalbrains.com>
> Content-Type: text/plain; charset=utf-8
> 
>> On 24/05/15 07:28, Rex Kneisley wrote:
>> It appears that when I go through the motions of installing 2.1.4, it
>> leaves things untouched.
> 
> It would be very helpful if you could share the actual commands you entered
> and their output. This is just an interpretation of what happened, and makes
> it impossible to give an answer as to what went wrong.
> 
> By the way, since you say you really want the latest, I assume 2.1.3 from the
> Debian experimental "distribution" is too old for you? Because that is very
> easy to install on jessie; it's what I do.
> 
>> Question: Will all this stuff reinstall itself when I re-install GnuPG
>> 2.1.4?
> 
> When it doesn't come from a Debian package but is something you installed
> locally: the stuff will definitely not be re-installed.
> 
> In fact, having both the Debian gnupg2 package and your local GnuPG 2.1.4
> installed at the same time might give subtle but show stopping issues down the
> line... In my crystal ball, for instance, I foresee private keys, especially
> smartcards, stopping to work in some graphical frontends, but not all ;).
> (Stuff will start to depend on the precise combination of /usr/bin/gpg2 or
> /usr/local/bin/gpg2 and /usr/bin/gpg-agent or /usr/local/bin/gpg-agent,
> scdaemon, stuff like that).
> 
>> Is there any way to do a targeted removal of 2.0.26 to make room for 2.1.4 
>> without removing all the other things?
> 
> Well, yes, but it's not recommended. You can fool the package system into
> thinking that you have the gnupg2 package installed, and install your own,
> unmanaged instance of 2.1.4. But it's really not recommended. I hesitate to
> direct you down that path.
> 
>> Is there a way to UPGRADE from 2.0.26 to the latest version (2.1.4)?
> 
> You can easily upgrade it to 2.1.3 by using the experimental "repository".
> 
> Come to think of it... you could perhaps make your own .deb package by taking
> the source for 2.1.3 from experimental and upgrading the source in there to
> 2.1.4. I think that is actually the best way to go if you take for granted
> that you really, really want the latest version. Otherwise, I'd stick with
> experimental.
> 
> It might also be that the package maintainers (hi dkg!) might soon put 2.1.4
> into experimental themselves. So it really depends on how far you want to take
> this "I need the latest and greatest".
> 
> HTH,
> 
> Peter.
> 
> -- 
> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
> 
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Sun, 24 May 2015 12:14:29 -0400
> From: Antony Prince <antony at blazrsoft.com>
> To: gnupg-users at gnupg.org
> Subject: Re: Trying to install version 2.1.4
> Message-ID: <5561F8E5.7090601 at blazrsoft.com>
> Content-Type: text/plain; charset=windows-1252
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> 
> 
>> On 05/24/2015 01:28 AM, Rex Kneisley wrote:
>> Hello all,
>> 
>> I have just done a clean install of Debian 8.0 on an i7-4790K with 
>> 16 GB RAM. I am trying to install GNUPG 2.1.4 (I have this thing 
>> about wanting the latest version? call me crazy)
>> 
>> I have done this before in Debian Wheezy. I install all of the 
>> latest libraries (in order), and the install GnuPg 2.1 The problem 
>> is that Debian 8.0 (Jessie) comes with GnuPG version 2.0.26
>> 
>> It appears that when I go through the motions of installing 2.1.4, 
>> it leaves things untouched. after I?m done: #gpg2 ?version
>> returns: 2.0.26 And then I read that 2.0.26 and 2.1.4 cannot
>> co-exist.
>> 
>> OK, so now I am trying to remove 2.0.26
>> 
>> However, when I try to remove it using package manager it wants to 
>> also remove a whole host of other software.
>> 
>> So I tried using apt-get remove gnupg
>> 
>> I get an ominous warning that the following packages will be 
>> REMOVED apt apt-listchanges apt-utils gnome gnupg 
>> python-reporting... etc. etc. This should NOT be done unless you 
>> know exactly what you are doing (which I don?t) apt gnupg (due to 
>> apt) 0 upgraded, 0 newly installed , 14 to remove, and 0 not 
>> upgraded You are about to do something potentially harmful Type: 
>> Yes, do as I say!
>> 
>> 
>> Question: Will all this stuff reinstall itself when I re-install 
>> GnuPG 2.1.4? Is there any way to do a targeted removal of 2.0.26
>> to make room for 2.1.4 without removing all the other things? Is
>> there a way to UPGRADE from 2.0.26 to the latest version (2.1.4)?
>> 
>> Any suggestions would be appreciated.
>> 
>> Rex Kneisley rex.k at me.com <mailto:rex.k at me.com> 818-429-7472 Want 
>> to keep your emails private? Ask me how.
> 
> My first reply was off-list. I apologize. In my case, I just left the
> system default gpg installed. Ubuntu comes with gpg 1.4.x and gives
> the same warnings when trying to uninstall because it is a dependency
> of apt. There's no need to uninstall it. Just modify your system path
> to find the new version first. In my case, I altered /etc/environment
> so that /usr/local/bin comes before /bin in the PATH. After reading
> the other replies though, I'm not sure whether this will cause any
> keyring issues. I haven't experienced any in my case, but I haven't
> tested it extensively.
> 
> - --
> Hope that helps,
> Antony Prince
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> 
> iQIcBAEBCAAGBQJVYfjYAAoJEK89QIcwGxsZMfsP/jfYehUsu6YJLGqUtCjcV/hs
> Vz2VjwndzUDLkrtvvyro0rw4WOm/4tIuQlONzzlKTrrDuxLMEGGjOLxU7MbE8SCt
> GTl5fWGvHvds2U2RpVwwbFjXCIiQKrsEX655hLv9IITAW6MHDXyZC13UTSjSvE0u
> UVrx0de0pUFxpc6g9Doa1fRNW4GRphu2s06sAbq+lkjfbiXptqaK1XBFe6UXe3c8
> Iod4qa6Kq/EO0RlciqnOgcckW1ppa4PTrf5fhGwU5n5/CpACcgt+vVeKM0RYa3iY
> Cma61el1hBIbmC4nr82LvCzHjEr2MMsj/FJAODXsBV7TVMTo6u4KZ5PE9vuKE8lh
> tNVTCiAo7hFa17gcl6D4QO9X/lszhlc+D/6It7SqRtOA392f+zzkIrY8ZOejMmwD
> WGxPRfh8p2K3vmN3N0aWLwhaLCb/Mk93vn6At/Ma8zyNnd4DipJ2tbHn/3K8uNgN
> f58jlsap7FP82mpj9119yPjNT3zSFzIXDxLhdnpJGStszqY0bPZ69ftjukHbIMZb
> L2dbt0D96rYElpOqFeqVPmfU5MhlQWJS26a7r6aQTq6fmz5GzZt2QC4jDM7XORzI
> SoWuUaEd0t2zpXNRGw1HPZwCenO4FACxbCsylZ2iqyUJ/6xVOYxrrQ7iLm34BXlF
> OHIFTWA3Rwhws9TWix1x
> =wZAR
> -----END PGP SIGNATURE-----
> 
> 
> 
> ------------------------------
> 
> Message: 3
> Date: Sun, 24 May 2015 19:03:09 +0200
> From: Peter Lebbing <peter at digitalbrains.com>
> To: Antony Prince <antony at blazrsoft.com>, gnupg-users at gnupg.org
> Subject: Re: Trying to install version 2.1.4
> Message-ID: <5562044D.7040905 at digitalbrains.com>
> Content-Type: text/plain; charset=utf-8
> 
>> On 24/05/15 18:14, Antony Prince wrote:
>> My first reply was off-list. I apologize. In my case, I just left the
>> system default gpg installed. Ubuntu comes with gpg 1.4.x and gives the
>> same warnings when trying to uninstall because it is a dependency of apt.
> 
>> [...]
> 
>> After reading the other replies though, I'm not sure whether this will
>> cause any keyring issues. I haven't experienced any in my case, but I
>> haven't tested it extensively.
> 
> GnuPG 1.4.x and GnuPG 2.1.x are co-installable. You will not have any problems
> with those two installed side-by-side.
> 
> The issue is that OP can't uninstall the gnupg2 package without it removing
> other packages (like graphical frontends for GnuPG, I suppose). So he's facing
> the situation that he can't install GnuPG 2.0.26 and GnuPG 2.1.4 side-by-side.
> 
> If he were to install 2.1.3 from the experimental gnupg2 package, that would
> /replace/ 2.0.26 and satisfy the dependencies of the packages that would be
> removed by removing the gnupg2 package.
> 
> HTH,
> 
> Peter.
> 
> -- 
> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
> 
> 
> 
> ------------------------------
> 
> Message: 4
> Date: Sun, 24 May 2015 12:35:27 -0400
> From: George Lee <george at cmtytech.org>
> To: gnupg-users at gnupg.org
> Subject: Random Seed for Generating PGP Keys
> Message-ID:
>    <CA+P=93CEr5vKdhMJeo=Ux3QK9VzGiXrRY_8ow1xO2kx2qSB8Ug at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
> 
> Hello,
> 
> I'm interested in seeing if rather than relying on the built-in software to
> generate randomness when creating a PGP key, if it is possible to configure
> GnuPG to use a manually entered random seed. That way I could generate a
> seed using coins, dice, my magic cauldron, etc.
> 
> Is this possible to do? How much entropy in a seed would I need?
> 
> I also imagine that folks might say the software is very good at generating
> random numbers. Feel free to share more details why, e.g. how many bits of
> entropy are provided and how to make sure they're truly random. But it
> would still be helpful to know if the above customization is possible.
> 
> Thank you!
> 
> - George
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: </pipermail/attachments/20150524/e0333b91/attachment-0001.html>
> 
> ------------------------------
> 
> Message: 5
> Date: Sun, 24 May 2015 15:11:48 -0600
> From: kendrick eastes <keastes at gmail.com>
> To: George Lee <george at cmtytech.org>
> Cc: gnupg-users at gnupg.org
> Subject: Re: Random Seed for Generating PGP Keys
> Message-ID:
>    <CAEydrT9dfAh_DYPnC1ixY37JQY4fAK9cA8Jvu4cUC-yXMOCovw at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
> 
>> On Sun, May 24, 2015 at 10:35 AM, George Lee <george at cmtytech.org> wrote:
>> 
>> Hello,
>> 
>> I'm interested in seeing if rather than relying on the built-in software
>> to generate randomness when creating a PGP key, if it is possible to
>> configure GnuPG to use a manually entered random seed. That way I could
>> generate a seed using coins, dice, my magic cauldron, etc.
>> 
>> Is this possible to do? How much entropy in a seed would I need?
>> 
>> I also imagine that folks might say the software is very good at
>> generating random numbers. Feel free to share more details why, e.g. how
>> many bits of entropy are provided and how to make sure they're truly
>> random. But it would still be helpful to know if the above customization is
>> possible.
>> 
>> Thank you!
>> 
>> - George
> 
> would it not be more reliable and simpler to use a HWRNG to generate
> entropy?
> 
> https://en.wikipedia.org/wiki/Comparison_of_hardware_random_number_generators
> has a list of commercially available generators, and i know i have seen at
> least 2 homebrew designs that had source and HW schematics released.
> 
>> _______________________________________________
>> Gnupg-users mailing list
>> Gnupg-users at gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: </pipermail/attachments/20150524/8fd104ce/attachment-0001.html>
> 
> ------------------------------
> 
> Message: 6
> Date: Mon, 25 May 2015 07:48:16 -0400
> From: Jean-David Beyer <jeandavid8 at verizon.net>
> To: gnupg-users at gnupg.org
> Subject: Re: Random Seed for Generating PGP Keys
> Message-ID: <55630C00.2020808 at verizon.net>
> Content-Type: text/plain; charset=windows-1252
> 
>> On 05/24/2015 05:11 PM, kendrick eastes wrote:
>> 
>> On Sun, May 24, 2015 at 10:35 AM, George Lee <george at cmtytech.org
>> <mailto:george at cmtytech.org>> wrote:
>> 
>>    Hello,
>> 
>>    I'm interested in seeing if rather than relying on the built-in
>>    software to generate randomness when creating a PGP key, if it is
>>    possible to configure GnuPG to use a manually entered random seed.
>>    That way I could generate a seed using coins, dice, my magic
>>    cauldron, etc.
>> 
>>    Is this possible to do? How much entropy in a seed would I need?
>> 
>>    I also imagine that folks might say the software is very good at
>>    generating random numbers. Feel free to share more details why, e.g.
>>    how many bits of entropy are provided and how to make sure they're
>>    truly random. But it would still be helpful to know if the above
>>    customization is possible.
>> 
>>    Thank you!
>> 
>>    - George
>> 
>> 
>> 
>> would it not be more reliable and simpler to use a HWRNG to generate
>> entropy?
> 
> In theory, no software random number generator can generate truly random
> numbers, since they will repeat. They function they generate is cyclic,
> just as sin(t) is cyclic, though their period is much greater. But once
> you use an algorithm to generate random numbers, you have sinned.
> 
> If you used a good HwRNG.
>> 
>> https://en.wikipedia.org/wiki/Comparison_of_hardware_random_number_generators
>> has a list of commercially available generators, and i know i have seen
>> at least 2 homebrew designs that had source and HW schematics released.
> 
> This article would have been more useful if the author had subjected
> these random number generator to the usual mathematical tests for
> randomness.
> 
> Here is what was, at the time it was written, a very good paper on
> software random number generators. Almost 50 years old now. I have not
> kept up with the field, so I do not know how much progress, if any, has
> been made since.
> 
> https://dl.acm.org/citation.cfm?id=321379
> 
> I remember in the past when I needed a random number generator, I made
> plots on a crt where one random number was used as the x-coordinate and
> the next one was used as the y-coordinate of a plotted point. I expected
> to see a mess of noise, but there were, instead, stripes. Turns out
> there was a bug in the RNG I was using.
> 
> 
> -- 
>  .~.  Jean-David Beyer          Registered Linux User 85642.
>  /V\  PGP-Key:166D840A 0C610C8B Registered Machine  1935521.
> /( )\ Shrewsbury, New Jersey    http://linuxcounter.net
> ^^-^^ 07:35:01 up 23 days, 15:26, 2 users, load average: 4.22, 4.37, 4.69
> 
> 
> 
> ------------------------------
> 
> Message: 7
> Date: Wed, 27 May 2015 11:46:57 +0900
> From: NIIBE Yutaka <gniibe at fsij.org>
> To: George Lee <george at cmtytech.org>
> Cc: gnupg-users at gnupg.org
> Subject: Re: Random Seed for Generating PGP Keys
> Message-ID: <55653021.40102 at fsij.org>
> Content-Type: text/plain; charset=windows-1252
> 
>> On 05/25/2015 01:35 AM, George Lee wrote:
>> I'm interested in seeing if rather than relying on the built-in software to
>> generate randomness when creating a PGP key, if it is possible to configure
>> GnuPG to use a manually entered random seed. That way I could generate a
>> seed using coins, dice, my magic cauldron, etc.
> 
> Well, in my I HWRNG implementation (named NeuG), I don't use coins or
> dice.  The source is sampling of analog inputs by A/D converter (the
> inputs itself doesn't matter much).  When you generate a key on Gnuk
> Token, it goes directly from NeuG.
> 
> Actually, I thought similar thing.  Here is a post of mine in
> September, 2013:
> 
>    http://lists.gnupg.org/pipermail/gnupg-devel/2013-September/027900.html
> 
> At that time, I considered that I could control more reliably with a
> specific "raw" interface to feed entropy to an application directly.
> But, currently, I think that it is rather good for GnuPG/libgcyrpt not
> to have such an interface but just use system /dev/random (if
> available).
> 
> When we are using GNU/Linux system or some UNIXen, it goes like this
> with HWRNG (with GCRY_RNG_TYPE_STANDARD configuration):
> 
>   HWRNG --> /dev/random --> CSPRNG [of GnuPG/libgcrypt] --> GPG key
> 
> Note that within HWRNG design itself, thre is usually CSPRNG component
> to remove bias from its entropy source.  Further, it's also there in
> the design of system /dev/random.
> 
> Thus, it is common to have many components of CRRNG in sequence, which
> sounds pretty much redundant.
> 
> After all, the problem to solve here is: we want the random number
> sequence under *none*'s control, so, it would be OK to have another
> redundant CSPRNG or two.  That's my opinion.
> 
> BTW, now, my HWRNG is available in US, too.  Please visit:
> 
>    http://shop.fsf.org/category/gnu-gear/
> -- 
> 
> 
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
> 
> ------------------------------
> 
> End of Gnupg-users Digest, Vol 140, Issue 21
> ********************************************



More information about the Gnupg-users mailing list