From aheinlein at gmx.com Thu Dec 1 14:45:33 2022 From: aheinlein at gmx.com (Andreas Heinlein) Date: Thu, 1 Dec 2022 14:45:33 +0100 Subject: Questions regarding WKD/WKS Message-ID: Hello, I am trying to implement WKD/WKS and followed the tutorial here: https://wiki.gnupg.org/WKS I have a few questions: 1. If I follow the guidelines for creating the directory /var/lib/gnupg/wkd, it has ownership webkey:webkey and permissions 2750. So there ist no chance for the apache user to be able to read anything within that directory. I could solve that by adding the apache user to the webkey group. Is that the intended solution? 2. I am stuck when submitting a key to the submission address for confirmation. I have created a key for the submission address as suggested and I am submitting the key encrypted and signed with the key I am submitting. On the server side, gpg-wks-server fails when trying to decrypt the key because it cannot verify the signature: gpg-wks-server: t2body for level 0 gpg-wks-server: t2body for level 1 gpg-wks-server: t2body for level 1 gpg-wks-server: gpg: armor header: Version: GnuPG v1.4.11 (GNU/Linux) gpg-wks-server: gpg: public key is *** gpg-wks-server: gpg: using subkey *** instead of primary key *** gpg-wks-server: gpg: public key is *** gpg-wks-server: gpg: encrypted with ELG key, ID *** gpg-wks-server: gpg: using subkey *** instead of primary key *** gpg-wks-server: gpg: encrypted with 3072-bit RSA key, ID ***, creat ed 2022-11-30 gpg-wks-server: gpg:?????? "schluessel@***.de" gpg-wks-server: gpg: AES256 encrypted data gpg-wks-server: gpg: original file name='' gpg-wks-server: gpg: Signature made Wed Nov 30 12:27:14 2022 CET gpg-wks-server: gpg:??????????????? using DSA key *** gpg-wks-server: gpg: Can't check signature: No public key gpg-wks-server: error running '/usr/bin/gpg': exit status 2 gpg-wks-server: decryption failed: General error gpg-wks-server: parsing decrypted message gpg-wks-server: no suitable data found in the message gpg-wks-server: command failed: No data There's obviously no chance verification could succeed. How can I turn this off? I tried creating /home/webkey/.gnupg/gpg.conf and adding "skip-verify" to it. This works on the command line, but has no effect on gpg-wks-server. 3. What is the behaviour when the WKS server receives a key for an address for which it already has a (different) key? Will it replace the old key, will it refuse or ignore the new one? Thanks, Andreas From bernhard at intevation.de Thu Dec 1 17:42:47 2022 From: bernhard at intevation.de (Bernhard Reiter) Date: Thu, 1 Dec 2022 17:42:47 +0100 Subject: Mastodon account, good server? Message-ID: <202212011742.56784.bernhard@intevation.de> Hi friends of GnuPG, seems to be a good time to start an official Mastodon account for GnuPG and related topics like Gpg4win and OpenPGP. At least for announcements and some interaction as the interest is growing for this decentral platform. Is there an interest here? Should be do this? If we do this, a server needs to be select. I'd probably go and suggest one my initial rough requirements: * located in Europe * can be volunteeringly paid for * some volume / track record to expect a good administration * a moderation and contents policy that allows for respectful exchange, but is liberal in that commercial Free Software topics (and broad other topics) are allowed as well. * (optional) Free Software and privacy friendly organisation Any suggestions matching these? Best Regards Bernhard -- https://intevation.de/~bernhard ? +49 541 33 508 3-3 Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: This is a digitally signed message part. URL: From andrewg at andrewg.com Thu Dec 1 18:51:02 2022 From: andrewg at andrewg.com (Andrew Gallagher) Date: Thu, 1 Dec 2022 17:51:02 +0000 Subject: Mastodon account, good server? In-Reply-To: <202212011742.56784.bernhard@intevation.de> References: <202212011742.56784.bernhard@intevation.de> Message-ID: <5FB1318D-1C8F-4A85-96D2-0A0960C56374@andrewg.com> On 1 Dec 2022, at 16:42, Bernhard Reiter wrote: > > Hi friends of GnuPG, > > seems to be a good time to start an official Mastodon account > for GnuPG and related topics like Gpg4win and OpenPGP. > > At least for announcements and some interaction as the interest > is growing for this decentral platform. > > Is there an interest here? Should be do this? I would say so, yes. > If we do this, a server needs to be select. > I'd probably go and suggest one my initial rough requirements: > * located in Europe > * can be volunteeringly paid for > * some volume / track record to expect a good administration > * a moderation and contents policy that allows for respectful > exchange, but is liberal in that commercial Free Software > topics (and broad other topics) are allowed as well. > * (optional) Free Software and privacy friendly organisation > > Any suggestions matching these? infosec.exchange is hosted in the EU (via Hetzner) and has a focus on security, encryption etc. without being prescriptive. I haven?t seen any abuse on it personally, and they have fediblocked a significant list of known hate sites. It?s run by Jerry Bell, who?s pretty respectable (CISO of IBMCloud), and a significant fraction of the security/encryption people I follow(ed) on Twitter use it. You can support it financially via liberapay.com (other security/foss themed mastodon sites are available. YMMV etc etc) A -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From tech at eden.one Thu Dec 1 17:54:38 2022 From: tech at eden.one (Jan Eden) Date: Thu, 1 Dec 2022 17:54:38 +0100 Subject: Mastodon account, good server? In-Reply-To: <202212011742.56784.bernhard@intevation.de> References: <202212011742.56784.bernhard@intevation.de> Message-ID: On 2022-12-01 17:42, Bernhard Reiter wrote: > Hi friends of GnuPG, > > seems to be a good time to start an official Mastodon account > for GnuPG and related topics like Gpg4win and OpenPGP. > > At least for announcements and some interaction as the interest > is growing for this decentral platform. > > Is there an interest here? Should be do this? > > If we do this, a server needs to be select. > I'd probably go and suggest one my initial rough requirements: > * located in Europe > * can be volunteeringly paid for > * some volume / track record to expect a good administration > * a moderation and contents policy that allows for respectful > exchange, but is liberal in that commercial Free Software > topics (and broad other topics) are allowed as well. > * (optional) Free Software and privacy friendly organisation > > Any suggestions matching these? I have high confidence in https://mstdn.social, located in NL and administered by @stux. - Jan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: not available URL: From modulus at spiritofcontradiction.eu Thu Dec 1 20:43:40 2022 From: modulus at spiritofcontradiction.eu (modulus) Date: Thu, 1 Dec 2022 20:43:40 +0100 Subject: Mastodon account, good server? In-Reply-To: <5FB1318D-1C8F-4A85-96D2-0A0960C56374@andrewg.com> References: <202212011742.56784.bernhard@intevation.de> <5FB1318D-1C8F-4A85-96D2-0A0960C56374@andrewg.com> Message-ID: On 01/12/2022 18:51, Andrew Gallagher via Gnupg-users wrote:> infosec.exchange is hosted in the EU (via Hetzner) and has a focus on security, encryption etc. without being prescriptive. I haven?t seen any abuse on it personally, and they have fediblocked a significant list of known hate sites. It?s run by Jerry Bell, who?s pretty respectable (CISO of IBMCloud), and a significant fraction of the security/encryption people I follow(ed) on Twitter use it. You can support it financially via liberapay.com Would make sense, but my understanding is they're getting blocked for hosting a DHS-affiliated account. Not taking sides on whether 1) hosting the account is good, 2) the blocking is good. Just that it might not have optimal reach. --Mod From juergen at bruckner.email Fri Dec 2 08:27:54 2022 From: juergen at bruckner.email (Juergen M. Bruckner) Date: Fri, 2 Dec 2022 08:27:54 +0100 Subject: Mastodon account, good server? In-Reply-To: References: <202212011742.56784.bernhard@intevation.de> <5FB1318D-1C8F-4A85-96D2-0A0960C56374@andrewg.com> Message-ID: <95e005a6-3821-0c23-26e0-9bc8e73259e4@bruckner.email> Hello to all, Am 01.12.22 um 20:43 schrieb modulus via Gnupg-users: > On 01/12/2022 18:51, Andrew Gallagher via Gnupg-users wrote:> > infosec.exchange is hosted in the EU (via Hetzner) and has a focus on > security, encryption etc. without being prescriptive. I haven?t seen any > abuse on it personally, and they have fediblocked a significant list of > known hate sites. It?s run by Jerry Bell, who?s pretty respectable (CISO > of IBMCloud), and a significant fraction of the security/encryption > people I follow(ed) on Twitter use it. You can support it financially > via liberapay.com > > Would make sense, but my understanding is they're getting blocked for > hosting a DHS-affiliated account. Not taking sides on whether 1) hosting > the account is good, 2) the blocking is good. Just that it might not > have optimal reach. > What do you think about hosting your own Mastodon instance under the domain gnupg.org. Then it would be under full control. And there would certainly be no problems with blocked instances and so on. just my 2C Juergen -- /?\ No | \ / HTML | Juergen Bruckner X in | juergen at bruckner.email / \ Mail | -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3482 bytes Desc: S/MIME Cryptographic Signature URL: From sergi.blanch.torne at collabora.com Fri Dec 2 08:41:30 2022 From: sergi.blanch.torne at collabora.com (Sergi Blanch Torne) Date: Fri, 02 Dec 2022 08:41:30 +0100 Subject: Mastodon account, good server? In-Reply-To: <202212011742.56784.bernhard@intevation.de> References: <202212011742.56784.bernhard@intevation.de> Message-ID: <4ed205391e6a1f8fa8749aa8294d8cbfaf8aab40.camel@collabora.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, I would suggest to evaluate "fosstodon.org". Server seems to be in France (and mail server in Swiss). Domain registered in 2017 so it isn't an instance created in the boom. By patreon on can contribute. I haven't check specifically for the liberal in commercial FS topics. And, it is oriented to FOSS so I thing the optional requirement. ./Sergi On Thu, 2022-12-01 at 17:42 +0100, Bernhard Reiter wrote: > Hi friends of GnuPG, > > seems to be a good time to start an official Mastodon account > for GnuPG and related topics like Gpg4win and OpenPGP. > > At least for announcements and some interaction as the interest > is growing for this decentral platform. > > Is there an interest here?? Should be do this? > > If we do this, a server needs to be select. > I'd probably go and suggest one my initial rough requirements: > ?* located in Europe > ?* can be volunteeringly paid for > ?* some volume / track record to expect a good administration > ?* a moderation and contents policy that allows for respectful > ?? exchange, but is liberal in that commercial Free Software > ?? topics (and broad other topics) are allowed as well. > ?* (optional) Free Software and privacy friendly organisation > > Any suggestions matching these? > > Best Regards > Bernhard > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > https://lists.gnupg.org/mailman/listinfo/gnupg-users -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQwWRK68l+taJfhwqAto5bHyTm9RwUCY4msKgAKCRAto5bHyTm9 R+/ZAQDBbuSl/JhKAqQutdElk++XeXO3tIBFCpILBxfram+r9AD+IpSdmfTRyHEG BBkOH9XRwzNhdx7gAKOthnB27xRRpAk= =B1pS -----END PGP SIGNATURE----- From wk at gnupg.org Fri Dec 2 14:59:05 2022 From: wk at gnupg.org (Werner Koch) Date: Fri, 02 Dec 2022 14:59:05 +0100 Subject: Questions regarding WKD/WKS In-Reply-To: (Andreas Heinlein via Gnupg-users's message of "Thu, 1 Dec 2022 14:45:33 +0100") References: Message-ID: <87pmd1ewk6.fsf@wheatstone.g10code.de> On Thu, 1 Dec 2022 14:45, Andreas Heinlein said: > 1. If I follow the guidelines for creating the directory > /var/lib/gnupg/wkd, it has ownership webkey:webkey and permissions > 2750. So there ist no chance for the apache user to be able to read That does not look right. You should have o+rx for the directories and o+r for the files. > suggested and I am submitting the key encrypted and signed with the You should not sign the message. The key to be published MUST be submitted using a PGP/MIME encrypted message ({{{RFC(3156)}}}, section 4). The message MUST NOT be signed (because the authenticity of the signing key has not yet been confirmed). I would also strongly suggest to use gpg-wks-client. > gpg-wks-server: gpg: armor header: Version: GnuPG v1.4.11 (GNU/Linux) GnuPG 1.4 - really? Don't do this. And in particialr not a 12 year old version. > 3. What is the behaviour when the WKS server receives a key for an > address for which it already has a (different) key? Will it replace > the old key, will it refuse or ignore the new one? The old key will be replaced after the confirmation has been received. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From aheinlein at gmx.com Fri Dec 2 18:06:59 2022 From: aheinlein at gmx.com (Andreas Heinlein) Date: Fri, 2 Dec 2022 18:06:59 +0100 Subject: Questions regarding WKD/WKS In-Reply-To: <87pmd1ewk6.fsf@wheatstone.g10code.de> References: <87pmd1ewk6.fsf@wheatstone.g10code.de> Message-ID: Am 02.12.22 um 14:59 schrieb Werner Koch: > On Thu, 1 Dec 2022 14:45, Andreas Heinlein said: > >> 1. If I follow the guidelines for creating the directory >> /var/lib/gnupg/wkd, it has ownership webkey:webkey and permissions >> 2750. So there ist no chance for the apache user to be able to read > That does not look right. You should have o+rx for the directories and > o+r for the files. If I do that, I get: gpg-wks-server: directory '/var/lib/gnupg/wks' has too relaxed permissions gpg-wks-server: Fix by running: chmod o-rw '/var/lib/gnupg/wks' This is gpg-wks-server version 2.2.27, as packaged with Debian 11. If this is a (known) bug, I may try to get it fixed. > >> suggested and I am submitting the key encrypted and signed with the > You should not sign the message. > > The key to be published MUST be submitted using a PGP/MIME encrypted > message ({{{RFC(3156)}}}, section 4). The message MUST NOT be signed > (because the authenticity of the signing key has not yet been > confirmed). > > I would also strongly suggest to use gpg-wks-client. Thanks, I overlooked that. I find it a little difficult to instruct normal users to configure their client to sign mails, but make an exception when submitting their mail to the wks. I cannot use gpg-wks-client here - our folks are using thunderbird. This is a known missing feature in thunderbird, WKS client support got lost when moving from Enigmail to their own implementation. See here: https://bugzilla.mozilla.org/show_bug.cgi?id=1695048 For the moment it would be nice if we could "stretch" the RFC a little and just ignore any signatures. Any way to achieve that, or would it be necessary to patch the wks server? > >> gpg-wks-server: gpg: armor header: Version: GnuPG v1.4.11 (GNU/Linux) > GnuPG 1.4 - really? Don't do this. And in particialr not a 12 year old > version. Yeah, I know. This was from an old testing machine, I wouldn't do that in real life ;-) > >> 3. What is the behaviour when the WKS server receives a key for an >> address for which it already has a (different) key? Will it replace >> the old key, will it refuse or ignore the new one? > The old key will be replaced after the confirmation has been received. That's what I expected. Thank you, Andreas -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrew at lists.savchenko.net Sat Dec 3 02:18:34 2022 From: andrew at lists.savchenko.net (Andrew Savchenko) Date: Sat, 3 Dec 2022 11:48:34 +1030 Subject: Mastodon account, good server? In-Reply-To: <95e005a6-3821-0c23-26e0-9bc8e73259e4@bruckner.email> References: <202212011742.56784.bernhard@intevation.de> <5FB1318D-1C8F-4A85-96D2-0A0960C56374@andrewg.com> <95e005a6-3821-0c23-26e0-9bc8e73259e4@bruckner.email> Message-ID: <12cc03ca-7b52-d671-f3e7-f0c4fe2fbe8d@savchenko.net> On 02/12/2022 17:57, Juergen M. Bruckner via Gnupg-users wrote: > What do you think about hosting your own Mastodon instance under the domain gnupg.org. Then it would be under full control. > And there would certainly be no problems with blocked instances and so on. The idea is good. But is there a desire, time and server capacity to support self-hosted installation? -- With regards, A From hfollmann at itcfollmann.com Sat Dec 3 14:55:03 2022 From: hfollmann at itcfollmann.com (Henning Follmann) Date: Sat, 3 Dec 2022 08:55:03 -0500 Subject: Mastodon account, good server? In-Reply-To: <12cc03ca-7b52-d671-f3e7-f0c4fe2fbe8d@savchenko.net> References: <202212011742.56784.bernhard@intevation.de> <5FB1318D-1C8F-4A85-96D2-0A0960C56374@andrewg.com> <95e005a6-3821-0c23-26e0-9bc8e73259e4@bruckner.email> <12cc03ca-7b52-d671-f3e7-f0c4fe2fbe8d@savchenko.net> Message-ID: On Sat, Dec 03, 2022 at 11:48:34AM +1030, Andrew Savchenko via Gnupg-users wrote: > On 02/12/2022 17:57, Juergen M. Bruckner via Gnupg-users wrote: > > > What do you think about hosting your own Mastodon instance under the domain gnupg.org. Then it would be under full control. > > And there would certainly be no problems with blocked instances and so on. > > The idea is good. But is there a desire, time and server capacity to support self-hosted installation? > > Well, in general I might volunteer some resources. However I work mostly on the AWS cloud here in the US. I heard some resentments against the instance being located in the US. I also registered gnupg.social and I m donating this to the effort and promise to keep the registration current. There would also be the question who controls/feeds the "official" account. -H -- Henning Follmann | hfollmann at itcfollmann.com From juergen at bruckner.email Sat Dec 3 21:01:17 2022 From: juergen at bruckner.email (Juergen M. Bruckner) Date: Sat, 3 Dec 2022 21:01:17 +0100 Subject: Mastodon account, good server? In-Reply-To: References: <202212011742.56784.bernhard@intevation.de> <5FB1318D-1C8F-4A85-96D2-0A0960C56374@andrewg.com> <95e005a6-3821-0c23-26e0-9bc8e73259e4@bruckner.email> <12cc03ca-7b52-d671-f3e7-f0c4fe2fbe8d@savchenko.net> Message-ID: <21bed452-d308-bda9-4f7a-d7166aaddac8@bruckner.email> Hello to all, Am 03.12.22 um 14:55 schrieb Henning Follmann: > On Sat, Dec 03, 2022 at 11:48:34AM +1030, Andrew Savchenko via Gnupg-users wrote: >> On 02/12/2022 17:57, Juergen M. Bruckner via Gnupg-users wrote: >> >>> What do you think about hosting your own Mastodon instance under the domain gnupg.org. Then it would be under full control. >>> And there would certainly be no problems with blocked instances and so on. >> >> The idea is good. But is there a desire, time and server capacity to support self-hosted installation? >> >> > > Well, in general I might volunteer some resources. However I work mostly on > the AWS cloud here in the US. I heard some resentments against the instance > being located in the US. > I also registered gnupg.social and I m donating this to the effort and > promise to keep the registration current. > > There would also be the question who controls/feeds the "official" account. > > -H > I generally host at Contabo [1], a German provider. If desired, I would offer to provide you with a VPS instance and fully cover these costs for the first year. If after that (or in general) someone wants to contribute to the costs, we will definitely find a solution that is acceptable to everyone. And I think Henning's offer about the domain gnupg.social is very suitable for this project. In my view, someone from the GnuPG core team should be in control of the account. Any other opinions and suggestions? [1] www.contabo.com -- /?\ No | \ / HTML | Juergen Bruckner X in | juergen at bruckner.email / \ Mail | -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3482 bytes Desc: S/MIME Cryptographic Signature URL: From mcr at sandelman.ca Sat Dec 3 23:21:33 2022 From: mcr at sandelman.ca (Michael Richardson) Date: Sat, 03 Dec 2022 17:21:33 -0500 Subject: Mastodon account, good server? In-Reply-To: <12cc03ca-7b52-d671-f3e7-f0c4fe2fbe8d@savchenko.net> References: <202212011742.56784.bernhard@intevation.de> <5FB1318D-1C8F-4A85-96D2-0A0960C56374@andrewg.com> <95e005a6-3821-0c23-26e0-9bc8e73259e4@bruckner.email> <12cc03ca-7b52-d671-f3e7-f0c4fe2fbe8d@savchenko.net> Message-ID: <21439.1670106093@localhost> It's not the technical work or the system resources that are really the challenge (I think that there is plenty of technical volunteers). It's the promises about moderation and other softer human resources that seem to really be the limit for running Mastodon instances. Maybe FSF.org will do something. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 511 bytes Desc: not available URL: From bwalzer at 59.ca Sat Dec 3 23:54:18 2022 From: bwalzer at 59.ca (Bruce Walzer) Date: Sat, 3 Dec 2022 16:54:18 -0600 Subject: Questions regarding WKD/WKS In-Reply-To: References: Message-ID: On Thu, Dec 01, 2022 at 02:45:33PM +0100, Andreas Heinlein via Gnupg-users wrote: > Hello, > > I am trying to implement WKD/WKS and followed the tutorial here: > https://wiki.gnupg.org/WKS > > I have a few questions: > > 1. If I follow the guidelines for creating the directory > /var/lib/gnupg/wkd, it has ownership webkey:webkey and permissions > 2750. So there ist no chance for the apache user to be able to read > anything within that directory. I could solve that by adding the > apache user to the webkey group. Is that the intended solution? That is from this part: mkdir /var/lib/gnupg/wks chown webkey:webkey /var/lib/gnupg/wks chmod 2750 /var/lib/gnupg/wks That doesn't make sense to me. I think this might count as a documentation bug. The original author probably wanted to leave the directory sticky instead. At any rate, the web server needs access to this directory. Something like adding the apache user to the webkey group sounds like a reasonable approach. Bruce From karel-v_g at tutanota.com Sat Dec 3 17:34:44 2022 From: karel-v_g at tutanota.com (Karel van Gruiten) Date: Sat, 3 Dec 2022 17:34:44 +0100 (CET) Subject: Unable to make GPG4Win 4.x portable Message-ID: Hello! Unfortunately my mail to gpg4win-users-en at wald.intevation.org was bounced, so I am trying to ask for help here: I recently finally switched from the old 3.x series of GPG4Win to 4.0.4 doing a clean install which is working properly. ButI am unable to create a portable installation from this, mkportable gives this output: C:\Program Files (x86)\Gpg4win\bin>mkportable.exe --full f:\gpg4win\ mkportable: file 'share/locale/mai/kf5_entry.desktop' not found in the source directory mkportable: file 'share/locale/mai/LC_MESSAGES/ki18n5.mo' not found in the source directory mkportable: file 'share/locale/mai/LC_MESSAGES/kcompletion5_qt.qm' not found in the source directory mkportable: file 'share/locale/mai/LC_MESSAGES/kxmlgui5.mo' not found in the source directory mkportable: file 'share/locale/mai/LC_MESSAGES/kcoreaddons5_qt.qm' not found in the source directory mkportable: file 'share/locale/mai/LC_MESSAGES/kitemviews5_qt.qm' not found in the source directory mkportable: file 'share/locale/mai/LC_MESSAGES/kconfigwidgets5.mo' not found in the source directory mkportable: file 'share/locale/mai/LC_MESSAGES/kwindowsystem5_qt.qm' not found in the source directory mkportable: file 'share/locale/mai/LC_MESSAGES/kcodecs5_qt.qm' not found in the source directory mkportable: file 'share/locale/mai/LC_MESSAGES/kiconthemes5.mo' not found in the source directory mkportable: file 'share/locale/mai/LC_MESSAGES/kwidgetsaddons5_qt.qm' not found in the source directory mkportable: file 'share/locale/mai/LC_MESSAGES/libkleopatra.mo' not found in the source directory mkportable: file 'share/locale/mai/LC_MESSAGES/kconfig5_qt.qm' not found in the source directory mkportable: file 'share/locale/sr at ijekavianlatin/kf5_entry.desktop' not found in the source directory mkportable: file 'share/locale/sr at ijekavianlatin/LC_MESSAGES/ki18n5.mo' not found in the source directory mkportable: file 'share/locale/sr at ijekavianlatin/LC_MESSAGES/kcompletion5_qt.qm' not found in the source directory mkportable: file 'share/locale/sr at ijekavianlatin/LC_MESSAGES/kxmlgui5.mo' not found in the source directory mkportable: file 'share/locale/sr at ijekavianlatin/LC_MESSAGES/kcoreaddons5_qt.qm' not found in the source directory mkportable: file 'share/locale/sr at ijekavianlatin/LC_MESSAGES/kitemviews5_qt.qm' not found in the source directory mkportable: file 'share/locale/sr at ijekavianlatin/LC_MESSAGES/kconfigwidgets5.mo' not found in the source directory mkportable: file 'share/locale/sr at ijekavianlatin/LC_MESSAGES/kwatchgnupg.mo' not found in the source directory mkportable: file 'share/locale/sr at ijekavianlatin/LC_MESSAGES/kwindowsystem5_qt.qm' not found in the source directory mkportable: file 'share/locale/sr at ijekavianlatin/LC_MESSAGES/kcodecs5_qt.qm' not found in the source directory mkportable: file 'share/locale/sr at ijekavianlatin/LC_MESSAGES/kiconthemes5.mo' not found in the source directory mkportable: file 'share/locale/sr at ijekavianlatin/LC_MESSAGES/kwidgetsaddons5_qt.qm' not found in the source directory mkportable: file 'share/locale/sr at ijekavianlatin/LC_MESSAGES/libkleopatra.mo' not found in the source directory mkportable: file 'share/locale/sr at ijekavianlatin/LC_MESSAGES/kconfig5_qt.qm' not found in the source directory mkportable: file 'share/locale/sr at ijekavian/kf5_entry.desktop' not found in the source directory mkportable: file 'share/locale/sr at ijekavian/LC_MESSAGES/ki18n5.mo' not found in the source directory mkportable: file 'share/locale/sr at ijekavian/LC_MESSAGES/kcompletion5_qt.qm' not found in the source directory mkportable: file 'share/locale/sr at ijekavian/LC_MESSAGES/kxmlgui5.mo' not found in the source directory mkportable: file 'share/locale/sr at ijekavian/LC_MESSAGES/kcoreaddons5_qt.qm' not found in the source directory mkportable: file 'share/locale/sr at ijekavian/LC_MESSAGES/kitemviews5_qt.qm' not found in the source directory mkportable: file 'share/locale/sr at ijekavian/LC_MESSAGES/kconfigwidgets5.mo' not found in the source directory mkportable: file 'share/locale/sr at ijekavian/LC_MESSAGES/kwatchgnupg.mo' not found in the source directory mkportable: file 'share/locale/sr at ijekavian/LC_MESSAGES/kwindowsystem5_qt.qm' not found in the source directory mkportable: file 'share/locale/sr at ijekavian/LC_MESSAGES/kcodecs5_qt.qm' not found in the source directory mkportable: file 'share/locale/sr at ijekavian/LC_MESSAGES/kiconthemes5.mo' not found in the source directory mkportable: file 'share/locale/sr at ijekavian/LC_MESSAGES/kwidgetsaddons5_qt.qm' not found in the source directory mkportable: file 'share/locale/sr at ijekavian/LC_MESSAGES/libkleopatra.mo' not found in the source directory mkportable: file 'share/locale/sr at ijekavian/LC_MESSAGES/kconfig5_qt.qm' not found in the source directory mkportable: file 'share/locale/sr at latin/kf5_entry.desktop' not found in the source directory mkportable: file 'share/locale/sr at latin/LC_MESSAGES/ki18n5.mo' not found in the source directory mkportable: file 'share/locale/sr at latin/LC_MESSAGES/kcompletion5_qt.qm' not found in the source directory mkportable: file 'share/locale/sr at latin/LC_MESSAGES/kxmlgui5.mo' not found in the source directory mkportable: file 'share/locale/sr at latin/LC_MESSAGES/kcoreaddons5_qt.qm' not found in the source directory mkportable: file 'share/locale/sr at latin/LC_MESSAGES/kitemviews5_qt.qm' not found in the source directory mkportable: file 'share/locale/sr at latin/LC_MESSAGES/kconfigwidgets5.mo' not found in the source directory mkportable: file 'share/locale/sr at latin/LC_MESSAGES/kwatchgnupg.mo' not found in the source directory mkportable: file 'share/locale/sr at latin/LC_MESSAGES/kwindowsystem5_qt.qm' not found in the source directory mkportable: file 'share/locale/sr at latin/LC_MESSAGES/kcodecs5_qt.qm' not found in the source directory mkportable: file 'share/locale/sr at latin/LC_MESSAGES/kiconthemes5.mo' not found in the source directory mkportable: file 'share/locale/sr at latin/LC_MESSAGES/kwidgetsaddons5_qt.qm' not found in the source directory mkportable: file 'share/locale/sr at latin/LC_MESSAGES/libkleopatra.mo' not found in the source directory mkportable: file 'share/locale/sr at latin/LC_MESSAGES/kconfig5_qt.qm' not found in the source directory What am I making wrong? Thanks Karel From bernhard at intevation.de Tue Dec 6 09:22:06 2022 From: bernhard at intevation.de (Bernhard Reiter) Date: Tue, 6 Dec 2022 09:22:06 +0100 Subject: Thunderbird is missing WKS (Re: Questions regarding WKD/WKS) In-Reply-To: References: <87pmd1ewk6.fsf@wheatstone.g10code.de> Message-ID: <202212060922.13538.bernhard@intevation.de> Am Freitag 02 Dezember 2022 18:06:59 schrieb Andreas Heinlein via Gnupg-users: > > I would also strongly suggest to use gpg-wks-client. > > Thanks, I overlooked that. I find it a little difficult to instruct normal > users to configure their client to sign mails, but make an exception when > submitting their mail to the wks. The idea is that a mail user agent supports this special workflow. > I cannot use gpg-wks-client here - our folks are using thunderbird. > https://bugzilla.mozilla.org/show_bug.cgi?id=1695048 Yes, it would be cool to have good manual instructions. Especially for windows. I ponder writing a tool in go to supplement to gpg-wks-client for the sending part on windows only (as it is quite easy to do a static cross build in go). But it can be done in C as well I guess. The usability problems stays the same: You would want to use the credentials and the TLS implementation of the email client, which you cannot get. And even accessing the TLS properties on windows makes this less portable. And I do not think GnuPG wants to grow a real smtp-client library. Regards, Bernhard -- https://intevation.de/~bernhard ? +49 541 33 508 3-3 Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: This is a digitally signed message part. URL: From bernhard at intevation.de Tue Dec 6 09:27:42 2022 From: bernhard at intevation.de (Bernhard Reiter) Date: Tue, 6 Dec 2022 09:27:42 +0100 Subject: Mastodon account: offer to operate it for the GnuPG Verein In-Reply-To: <21bed452-d308-bda9-4f7a-d7166aaddac8@bruckner.email> References: <202212011742.56784.bernhard@intevation.de> <21bed452-d308-bda9-4f7a-d7166aaddac8@bruckner.email> Message-ID: <202212060927.43078.bernhard@intevation.de> Hello, Am Samstag 03 Dezember 2022 21:01:17 schrieb Juergen M. Bruckner via Gnupg-users: > In my view, someone from the GnuPG core team should be in control of the > account. as it should be an official account I also believe someone should operate it on behalf of the GnuPG core team. I volunteer to operate the account on behalf of the GnuPG e.V. https://gnupg.org/verein/ (which is where I am currently the vice-chair) My suggestion to them is that the verein also volunteeringly pays for the account (that is a yearly donation of 50-100? I in my view). Regards Bernhard -- https://intevation.de/~bernhard ? +49 541 33 508 3-3 Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: This is a digitally signed message part. URL: From bernhard at intevation.de Tue Dec 6 09:36:32 2022 From: bernhard at intevation.de (Bernhard Reiter) Date: Tue, 6 Dec 2022 09:36:32 +0100 Subject: Mastodon account: hosting a server In-Reply-To: References: <202212011742.56784.bernhard@intevation.de> <12cc03ca-7b52-d671-f3e7-f0c4fe2fbe8d@savchenko.net> Message-ID: <202212060936.32735.bernhard@intevation.de> Am Samstag 03 Dezember 2022 14:55:03 schrieb Henning Follmann: > Well, in general I might volunteer some resources. Thanks to you and to the other for offering help with running a server. (Also for suggesting server for an account, this will still take me few days until I get to it.) About running a server just for GnuPG, I agree with what Michael wrote: | It's the promises about moderation and other softer human resources | that seem to really be the limit for running Mastodon instances. (back to Henning) > However I work mostly on the AWS cloud here in the US. > I heard some resentments against the instance being located in the US. I'd stated a preferred location in Europe mostly because this is a legal space that I (and many members of the Verein) are most familiar with. To me GnuPG and OpenPGP is about friendly global collaboration for those that care about privacy. Regards Bernhard -- https://intevation.de/~bernhard ? +49 541 33 508 3-3 Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: This is a digitally signed message part. URL: From bernhard at intevation.de Tue Dec 6 09:39:04 2022 From: bernhard at intevation.de (Bernhard Reiter) Date: Tue, 6 Dec 2022 09:39:04 +0100 Subject: Unable to make GPG4Win 4.x portable In-Reply-To: References: Message-ID: <202212060939.04645.bernhard@intevation.de> Hello Karel, Am Samstag 03 Dezember 2022 17:34:44 schrieb Karel van Gruiten via Gnupg-users: > Unfortunately my mail to gpg4win-users-en at wald.intevation.org was bounced, (I'd be interested in this offlist, can you send me the bounce message to see if this is a problem with our infrastructure?) > so I am trying to ask for help here: I recently finally switched from the > old 3.x series of GPG4Win to 4.0.4 doing a clean install which is working > properly. ButI am unable to create a portable installation from this, > mkportable gives this output: > > C:\Program Files (x86)\Gpg4win\bin>mkportable.exe --full f:\gpg4win\ > mkportable: file 'share/locale/mai/kf5_entry.desktop' not found in the > source directory mkportable: file 'share/locale/mai/LC_MESSAGES/ki18n5.mo' > not found in the source directory mkportable: file > What am I making wrong? Possibly not having installed "everything" (see instructions at): https://www.gpg4win.org/download.html Regards Bernhard -- https://intevation.de/~bernhard ? +49 541 33 508 3-3 Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: This is a digitally signed message part. URL: From christoph.klassen at intevation.de Tue Dec 6 09:47:46 2022 From: christoph.klassen at intevation.de (Christoph Klassen) Date: Tue, 6 Dec 2022 09:47:46 +0100 Subject: Unable to make GPG4Win 4.x portable In-Reply-To: References: Message-ID: <003920bb-1b20-50c3-fc26-2fe702aa0821@intevation.de> Hello Karel, On 12/3/22 17:34, Karel van Gruiten via Gnupg-users wrote: > Unfortunately my mail to gpg4win-users-en at wald.intevation.org was bounced, so I am trying to ask for help here: > I recently finally switched from the old 3.x series of GPG4Win to 4.0.4 doing a clean install which is working properly. > ButI am unable to create a portable installation from this, mkportable gives this output: > [...] > What am I making wrong? There is already an issue for this case (https://dev.gnupg.org/T6246) so you can subscribe there to get notified if there is a fix for this problem :) Best regards, Christoph -- Christoph Klassen | https://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 665 bytes Desc: OpenPGP digital signature URL: From vishal.rana118 at gmail.com Thu Dec 8 05:48:34 2022 From: vishal.rana118 at gmail.com (Vishal Rana) Date: Thu, 8 Dec 2022 10:18:34 +0530 Subject: GPG Message-ID: Hi Team, I want to use Gnupg for Digital Signature and other cryptographic functions for our project. On the server side its working fine. Where I am doing digital signatures by enabling FIP140-2. But on the target side, we are using an embedded processor (imx6 + linux) on which I want to include the minimum feature for D.Signature verification with FIP140-2. But I am not sure what all things need to include in rootfs to achieve the same. Got one yocto reference where they suggested to include {gpg and gpg-agent} is sufficient. Please suggest it to me. -- *Thanks & Regards,Vishal RanaMobile :09422123401* -------------- next part -------------- An HTML attachment was scrubbed... URL: From kloecker at kde.org Thu Dec 8 07:57:10 2022 From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=) Date: Thu, 08 Dec 2022 07:57:10 +0100 Subject: GPG In-Reply-To: References: Message-ID: <12114342.O9o76ZdvQC@daneel> On Donnerstag, 8. Dezember 2022 05:48:34 CET Vishal Rana via Gnupg-users wrote: > I want to use Gnupg for Digital Signature and other cryptographic functions > for our project. > > On the server side its working fine. Where I am doing digital signatures by > enabling FIP140-2. > > But on the target side, we are using an embedded processor (imx6 + linux) > on which > I want to include the minimum feature for D.Signature verification with > FIP140-2. > But I am not sure what all things need to include in rootfs to achieve the > same. If all you need is signature verification, then you can probably use gpgv which exists exactly for this use case. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: This is a digitally signed message part. URL: From christoph.klassen at intevation.de Fri Dec 9 08:40:31 2022 From: christoph.klassen at intevation.de (Christoph Klassen) Date: Fri, 9 Dec 2022 08:40:31 +0100 Subject: Max size of files that can be encrypted Message-ID: Hello everyone, does anyone here know which is the maximal size of a file that can be encrypted by GnuPG? Greetings, Christoph -- Christoph Klassen | https://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 665 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Fri Dec 9 15:39:10 2022 From: wk at gnupg.org (Werner Koch) Date: Fri, 09 Dec 2022 15:39:10 +0100 Subject: Max size of files that can be encrypted In-Reply-To: (Christoph Klassen's message of "Fri, 9 Dec 2022 08:40:31 +0100") References: Message-ID: <87v8mkfxpt.fsf@wheatstone.g10code.de> On Fri, 9 Dec 2022 08:40, Christoph Klassen said: > does anyone here know which is the maximal size of a file that can be > encrypted by GnuPG? Depends on the shell and operating system. On any non-legacy system you may read and write files larger than 4 GiB. If you pipe the data in and out there is no limit even if the shell does not support large files. However you need some process to write the data but netcat is also an option. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From karel-v_g at tutanota.com Sat Dec 10 22:21:51 2022 From: karel-v_g at tutanota.com (Karel van Gruiten) Date: Sat, 10 Dec 2022 22:21:51 +0100 (CET) Subject: Only GnuPG 2.2.x in Debian Bookworm? Message-ID: Hello! Debians next release Bookworm is scheduled for mid 2023 an the first deadlines are approaching in January. I am only a user, but I wonder why they stick to the 2.2-series and do not jump to the 2.3-builds as they have many new algorithms and should be quiet stable after all the Point-releases. But even sid is still at 2.2 so there is no sign of an update. If Debian Bookworm releases with 2.2.x users will not be able to use the new AE- and EC-algorithms unless 2.3.x will appear in backports. Any ideas? Karel From kloecker at kde.org Sun Dec 11 13:19:11 2022 From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=) Date: Sun, 11 Dec 2022 13:19:11 +0100 Subject: Only GnuPG 2.2.x in Debian Bookworm? In-Reply-To: References: Message-ID: <21704014.EfDdHjke4D@breq> On Samstag, 10. Dezember 2022 22:21:51 CET Karel van Gruiten via Gnupg-users wrote: > Debians next release Bookworm is scheduled for mid 2023 an the first > deadlines are approaching in January. I am only a user, but I wonder why > they stick to the 2.2-series and do not jump to the 2.3-builds as they have > many new algorithms and should be quiet stable after all the > Point-releases. But even sid is still at 2.2 so there is no sign of an > update. The Debians may be waiting for the 2.4 release (which was announced as the next stable release after 2.2). > If Debian Bookworm releases with 2.2.x users will not be able to > use the new AE- and EC-algorithms unless 2.3.x will appear in backports. This information is wrong. Support for most algorithms has been backported to 2.2. Almost all people who reported incompatibilities between 2.3 and 2.2 were using outdated 2.2.x releases. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: This is a digitally signed message part. URL: From bernhard at intevation.de Mon Dec 12 12:53:52 2022 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon, 12 Dec 2022 12:53:52 +0100 Subject: Only GnuPG 2.2.x in Debian Bookworm? In-Reply-To: <21704014.EfDdHjke4D@breq> References: <21704014.EfDdHjke4D@breq> Message-ID: <202212121254.00160.bernhard@intevation.de> Am Sonntag 11 Dezember 2022 13:19:11 schrieb Ingo Kl?cker: > The Debians may be waiting for the 2.4 release (which was announced as the > next stable release after 2.2). Unlikely, it seems more like the maintainers were less active. 2.3 is on the wishlist (since October), you may want to follow https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022702 And Daniel Kahn Gillmor (DKG, the maintainer) got more active since April this year, and added 2.2.40 (and previously .35, .39). See https://tracker.debian.org/pkg/gnupg2 (Thanks Daniel!) (DKG does not appear in the changelog for about 14 months, maybe this break of him is reponsible for a slight delay in current versions for bookworm, you possibly can see more if you look at the archives of the maintainer's mailing list or other public information of Debian.) Regards Bernhard -- https://intevation.de/~bernhard ? +49 541 33 508 3-3 Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: This is a digitally signed message part. URL: From wk at gnupg.org Tue Dec 13 16:36:24 2022 From: wk at gnupg.org (Werner Koch) Date: Tue, 13 Dec 2022 16:36:24 +0100 Subject: Only GnuPG 2.2.x in Debian Bookworm? In-Reply-To: (Karel van Gruiten via Gnupg-users's message of "Sat, 10 Dec 2022 22:21:51 +0100 (CET)") References: Message-ID: <87tu1zco3r.fsf@wheatstone.g10code.de> On Sat, 10 Dec 2022 22:21, Karel van Gruiten said: > I am only a user, but I wonder why they stick to the 2.2-series and do Probably because there is an interest conflict between the GnuPG maintainers in Debian and those who want to turn OpenPGP into something very different (i.e. new IETF OpenPGP WG participants / Sequoia venture capitalists). SCNR, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From bernhard at intevation.de Thu Dec 15 09:17:46 2022 From: bernhard at intevation.de (Bernhard Reiter) Date: Thu, 15 Dec 2022 09:17:46 +0100 Subject: Only GnuPG 2.2.x in Debian Bookworm? In-Reply-To: <87tu1zco3r.fsf@wheatstone.g10code.de> References: <87tu1zco3r.fsf@wheatstone.g10code.de> Message-ID: <202212150917.46639.bernhard@intevation.de> Werner, Am Dienstag 13 Dezember 2022 16:36:24 schrieb Werner Koch via Gnupg-users: > On Sat, 10 Dec 2022 22:21, Karel van Gruiten said: > > I am only a user, but I wonder why they stick to the 2.2-series and do > > Probably because there is an interest conflict between the GnuPG > maintainers in Debian and those who want to turn OpenPGP into something > very different (i.e. new IETF OpenPGP WG participants / Sequoia venture > capitalists). > SCNR can you be more specific? Speculations and rumors do not help much, even if they are meant to be funny (where they?) Which IETF OpenPGP working group members are you referring to? What of their actions will be a problem for OpenPG from our point of view? Who are the "Sequoia venture capitalists" and what are their interests? Regards Bernhard -- https://intevation.de/~bernhard ? +49 541 33 508 3-3 Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: This is a digitally signed message part. URL: From wk at gnupg.org Fri Dec 16 18:45:58 2022 From: wk at gnupg.org (Werner Koch) Date: Fri, 16 Dec 2022 18:45:58 +0100 Subject: Only GnuPG 2.2.x in Debian Bookworm? In-Reply-To: <202212150917.46639.bernhard@intevation.de> (Bernhard Reiter's message of "Thu, 15 Dec 2022 09:17:46 +0100") References: <87tu1zco3r.fsf@wheatstone.g10code.de> <202212150917.46639.bernhard@intevation.de> Message-ID: <87cz8jb5t5.fsf@wheatstone.g10code.de> On Thu, 15 Dec 2022 09:17, Bernhard Reiter said: > Which IETF OpenPGP working group members are you referring to? That should be obvious with just a little research. > What of their actions will be a problem for OpenPG from our point of view? Instead of finalizing the draft started in 2015, they took the last year to replace large parts of the specs while ignoring all deployed code by the two major implementations (namely GnuPG and RNP which are based on the WG group mailing list agreed drafts from 2017/2018). The problem is called "Design by committee" and the inevitable split/profiling of standards. GnuPG won't follow the likely outcome of the IETF OpenPGP WG because we value our users and feel a responsibility to keep a deployed and sensible moving ecosystem alive and working. > Who are the "Sequoia venture capitalists" and what are their interests? A pun on the name of one implemetation and the(ir) VC sphere. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From klaus+gnupg at ethgen.ch Sat Dec 17 18:53:26 2022 From: klaus+gnupg at ethgen.ch (Klaus Ethgen) Date: Sat, 17 Dec 2022 18:53:26 +0100 Subject: Card-Reader Message-ID: Hi, I destroyed my card reader from gemalto and need a new one. (The card, luckily survived.) Is there any way to order them anymore? I found many ways to download a reader but no shop where to buy them. Preferred in Switzerland. They should be able to read SIM card size GnuPG-Cards and been optimal robust tu carry them in the pocket. Gru? Klaus -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 688 bytes Desc: not available URL: From andrewg at andrewg.com Sat Dec 17 19:54:39 2022 From: andrewg at andrewg.com (Andrew Gallagher) Date: Sat, 17 Dec 2022 18:54:39 +0000 Subject: Card-Reader In-Reply-To: References: Message-ID: An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ACR38T-D1.jpg Type: image/jpeg Size: 24664 bytes Desc: not available URL: From anze at anze.dev Sat Dec 17 19:46:07 2022 From: anze at anze.dev (Anze Jensterle) Date: Sat, 17 Dec 2022 19:46:07 +0100 Subject: Card-Reader In-Reply-To: References: Message-ID: This might fit your needs: https://www.cardomatic.de/epages/64510967.sf/de_DE/?ObjectPath=/Shops/64510967/Products/ACR39T-A1 Best, Anze On Sat, Dec 17, 2022 at 7:44 PM Klaus Ethgen wrote: > Hi, > > I destroyed my card reader from gemalto and need a new one. (The card, > luckily survived.) > > Is there any way to order them anymore? I found many ways to download a > reader but no shop where to buy them. Preferred in Switzerland. > > They should be able to read SIM card size GnuPG-Cards and been optimal > robust tu carry them in the pocket. > > Gru? > Klaus > -- > Klaus Ethgen http://www.ethgen.ch/ > pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen > Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > https://lists.gnupg.org/mailman/listinfo/gnupg-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dave.mehler at gmail.com Mon Dec 19 14:48:57 2022 From: dave.mehler at gmail.com (David Mehler) Date: Mon, 19 Dec 2022 08:48:57 -0500 Subject: Card-Reader In-Reply-To: References: Message-ID: Hello, Are these credit card readers? Thanks. Dave. On 12/17/22, Anze Jensterle wrote: > This might fit your needs: > https://www.cardomatic.de/epages/64510967.sf/de_DE/?ObjectPath=/Shops/64510967/Products/ACR39T-A1 > > Best, > Anze > > On Sat, Dec 17, 2022 at 7:44 PM Klaus Ethgen wrote: > >> Hi, >> >> I destroyed my card reader from gemalto and need a new one. (The card, >> luckily survived.) >> >> Is there any way to order them anymore? I found many ways to download a >> reader but no shop where to buy them. Preferred in Switzerland. >> >> They should be able to read SIM card size GnuPG-Cards and been optimal >> robust tu carry them in the pocket. >> >> Gru? >> Klaus >> -- >> Klaus Ethgen http://www.ethgen.ch/ >> pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen >> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> https://lists.gnupg.org/mailman/listinfo/gnupg-users >> > From wk at gnupg.org Tue Dec 20 10:46:59 2022 From: wk at gnupg.org (Werner Koch) Date: Tue, 20 Dec 2022 10:46:59 +0100 Subject: [Announce] GnuPG 2.4.0 released (silver anniversary) Message-ID: <87sfhao19o.fsf@wheatstone.g10code.de> Hello! Exactly 25 years ago the very first release of GnuPG was published. We are pleased to take this opportunity to announce the availability of a new stable GnuPG release: version 2.4.0. This release has a few new features and the binary releases come with an updated Libksba to fix another vulnerability related to CVE-2022-3515. What is GnuPG ============= The GNU Privacy Guard (GnuPG, GPG) is a complete and free implementation of the OpenPGP and S/MIME standards. GnuPG allows to encrypt and sign data and communication, features a versatile key management system as well as access modules for public key directories. GnuPG itself is a command line tool with features for easy integration with other applications. The separate library GPGME provides a uniform API to use the GnuPG engine by software written in common programming languages. A wealth of frontend applications and libraries making use of GnuPG are available. As an universal crypto engine GnuPG provides support for S/MIME and Secure Shell in addition to OpenPGP. GnuPG is Free Software (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the GNU General Public License. Three different series of GnuPG are actively maintained: - Version 2.4 is the current stable version with a lot of new features compared to 2.2. This announcement is about the latest release of this series; the previous release was 2.3.8. - Version 2.2 is our LTS (long term support) version and guaranteed to be maintained at least until the end of 2024. Only a small subset of features from 2.4 has been back-ported to this series. See https://gnupg.org/download/index.html#end-of-life - Version 1.4 is only maintained to allow decryption of very old data which is, for security reasons, not anymore possible with other GnuPG versions. Please use 1.4 only for this purpose. Noteworthy changes in version 2.4.0 =================================== * The key database daemon is now a fully supported feature. Keys are stored in a SQLite database to make key lookups much faster. Enable it by adding "use-keyboxd" o common.conf. See also the README file. * gpg: New command --quick-update-pref. [rGd40d23b233] * gpg: New list-options show-pref and show-pref-verbose. [rG811cfa34cb] * gpg: New option --list-filter to restrict key listings like gpg -k --list-filter 'select=revoked-f && sub/algostr=ed25519' [rG1324dc3490] * gpg: New --export-filter export-revocs. [rGc985b52e71] * gpg: Also import stray revocation certificates. [rG7aaedfb107] * gpg: Add a notation to encryption subkeys in de-vs mode. [T6279] * gpg: Improve signature verification speed by a factor of more than four. Double detached signing speed. [T5826] * gpg: Allow only OCB for AEAD encryption. [rG5a2cef801d] * gpg: Fix trusted introducer for mbox only user-ids. [T6238] * gpg: Report an error via status-fd for receiving a key from the agent. [T5151] * gpg: Make --require-compliance work without the --status-fd option. [rG2aacd843ad] * gpg: Fix verification of cleartext signatures with overlong lines. [T6272] * agent: Fix import of protected OpenPGP v5 keys. [T6294] * gpgsm: Change the default cipher algorithm from AES128 to AES256. Also announce support for this in signatures. [rG2d8ac55d26] * gpgsm: Always use the chain validation model if the root-CA requests this. [rG7fa1d3cc82] * gpgsm: Print OCSP revocation date and reason in cert listings. [rGb6abaed2b5] * agent: Support Win32-OpenSSH emulation by gpg-agent. [T3883] * scd: Support the Telesec Signature Card v2.0. [T6252] * scd: Redact --debug cardio output of a VERIFY APDU. [T5085] * scd: Skip deleted pkcs#15 records in CARDOS 5. [rG061efac03f] * dirmngr: Fix build with no LDAP support. [T6239] * dirmngr: Fix verification of ECDSA signed CRLs. [rG868dabb402] * wkd: New option --add-revocs for gpg-wks-client. [rGc3f9f2d497] * wkd: Ignore expired user-ids in gpg-wks-client. [T6292] * card: New commands "gpg" and "gpgsm". [rG9c4691c73e] Release-info: https://dev.gnupg.org/T6303 Getting the Software ==================== Please follow the instructions found at or read on: GnuPG may be downloaded from one of the GnuPG mirror sites or direct from its primary FTP server. The list of mirrors can be found at . Note that GnuPG is not available at ftp.gnu.org. The GnuPG source code compressed using BZIP2 and its OpenPGP signature are available here: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.0.tar.bz2 (7487k) https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.0.tar.bz2.sig An installer for Windows without any graphical frontend except for a very minimal Pinentry tool is available here: https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.4.0_20221216.exe (4816k) https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.4.0_20221216.exe.sig The source used to build this Windows installer can be found in the same directory with a ".tar.xz" suffix. A link to GnuPG Desktop?, an AppImage for Linux, featuring this version of GnuPG along with the advanced graphical user interface Kleopatra is available from the download page: https://gnupg.org/download/index.html#binary A new release of Gpg4win (version 4.1.0) including this version of GnuPG is available at https://gpg4win.org Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a version of GnuPG installed, you can simply verify the supplied signature. For example to verify the signature of the file gnupg-2.4.0.tar.bz2 you would use this command: gpg --verify gnupg-2.4.0.tar.bz2.sig gnupg-2.4.0.tar.bz2 This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by one or more of the release signing keys. Make sure that this is a valid key, either by matching the shown fingerprint against a trustworthy list of valid release signing keys or by checking that the key has been signed by trustworthy other keys. See the end of this mail for information on the signing keys. * If you are not able to use an existing version of GnuPG, you have to verify the SHA-1 checksum. On Unix systems the command to do this is either "sha1sum" or "shasum". Assuming you downloaded the file gnupg-2.4.0.tar.bz2, you run the command like this: sha1sum gnupg-2.4.0.tar.bz2 and check that the output matches the next line: 63dde155a8df0d5e1987efa5fc17438beca83ac1 gnupg-2.4.0.tar.bz2 f8b5aaf759fa311e60d34823be342d7e15d1e752 gnupg-w32-2.4.0_20221216.tar.xz 5195ff17de15ffd8629bfd0f0b5dd2b2774295f2 gnupg-w32-2.4.0_20221216.exe Internationalization ==================== This version of GnuPG has support for 26 languages with Chinese (traditional and simplified), Czech, French, German, Italian, Japanese, Norwegian, Polish, Russian, Turkish, and Ukrainian being almost completely translated. Documentation and Support ========================= The file gnupg.info has the complete reference manual of the system. Separate man pages are included as well but they miss some of the details available only in the manual. The manual is also available online at https://gnupg.org/documentation/manuals/gnupg/ or can be downloaded as PDF at https://gnupg.org/documentation/manuals/gnupg.pdf You may also want to search the GnuPG mailing list archives or ask on the gnupg-users mailing list for advise on how to solve problems. Most of the new features are around for several years and thus enough public experience is available. https://wiki.gnupg.org has user contributed information around GnuPG and relate software. In case of build problems specific to this release please first check https://dev.gnupg.org/T6303 for updated information. Please consult the archive of the gnupg-users mailing list before reporting a bug: https://gnupg.org/documentation/mailing-lists.html. We suggest to send bug reports for a new release to this list in favor of filing a bug at https://bugs.gnupg.org. If you need commercial support go to https://gnupg.com or https://gnupg.org/service.html. If you are a developer and you need a certain feature for your project, please do not hesitate to bring it to the gnupg-devel mailing list for discussion. Thanks ====== Since 2001 maintenance and development of GnuPG is done by g10 Code GmbH and has mostly been financed by donations. Three full-time employed developers as well as two contractors exclusively work on GnuPG and closely related software like Libgcrypt, GPGME and Gpg4win. Fortunately, and this is still not common with free software, we have established a way of financing the development while keeping all our software free and freely available for everyone. Our model is similar to the way RedHat manages RHEL and Fedora: Except for the actual binary of the MSI installer for Windows and client specific configuration files, all the software is available under the GNU GPL and other Open Source licenses. Thus customers may even build and distribute their own version of the software as long as they do not use our trademarks GnuPG Desktop? or GnuPG VS-Desktop?. We like to thank all the nice people who are helping the GnuPG project, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word, answering questions on the mailing lists, or helped with donations. *Thank you all* Your GnuPG hackers p.s. This is an announcement only mailing list. Please send replies only to the gnupg-users at gnupg.org mailing list. List of Release Signing Keys: To guarantee that a downloaded GnuPG version has not been tampered by malicious entities we provide signature files for all tarballs and binary versions. The keys are also signed by the long term keys of their respective owners. Current releases are signed by one or more of these four keys: rsa3072 2017-03-17 [expires: 2027-03-15] 5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28 Andre Heinecke (Release Signing Key) ed25519 2020-08-24 [expires: 2030-06-30] 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA Werner Koch (dist signing 2020) ed25519 2021-05-19 [expires: 2027-04-04] AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD Niibe Yutaka (GnuPG Release Key) brainpoolP256r1 2021-10-15 [expires: 2029-12-31] 02F3 8DFF 731F F97C B039 A1DA 549E 695E 905B A208 GnuPG.com (Release Signing Key 2021) The keys are available at https://gnupg.org/signature_key.html and in any recently released GnuPG tarball in the file g10/distsigkey.gpg . Note that this mail has been signed by a different key. -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From avaiss at fmiw.org Wed Dec 21 17:51:39 2022 From: avaiss at fmiw.org (=?UTF-8?Q?Alexandre_Vaissi=c3=a8re?=) Date: Wed, 21 Dec 2022 17:51:39 +0100 Subject: scd: binary data returned when sending direct APDU Message-ID: Hello, I am trying to send arbitrary APDU commands via scd. When doing that I noticed that scd answers me with binary data. For example: gpg-connect-agent > scd apdu 00 A4 04 00 07 A0 00 00 05 27 21 01 D yZ??... OK As assuan protocol is supposed to transmit utf-8 encoded string data, I would have expected an hexified string as returned data (as the input data is). Is that a bug or the expected behaviour? Thank you very much, Alexandre. From kloecker at kde.org Wed Dec 21 18:58:32 2022 From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=) Date: Wed, 21 Dec 2022 18:58:32 +0100 Subject: scd: binary data returned when sending direct APDU In-Reply-To: References: Message-ID: <5652089.DvuYhMxLoT@daneel> On Mittwoch, 21. Dezember 2022 17:51:39 CET Alexandre Vaissi?re via Gnupg- users wrote: > I am trying to send arbitrary APDU commands via scd. When doing that I > noticed that scd answers me with binary data. For example: > > gpg-connect-agent > > scd apdu 00 A4 04 00 07 A0 00 00 05 27 21 01 > D yZ??... > OK > > As assuan protocol is supposed to transmit utf-8 encoded string data, I > would have expected an hexified string as returned data (as the input > data is). Is that a bug or the expected behaviour? I suppose this is intended behavior (because data is often text and you don't want to get that in hex). You may want to use `gpg-connect-agent --hex`. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: This is a digitally signed message part. URL: From wk at gnupg.org Thu Dec 22 10:45:45 2022 From: wk at gnupg.org (Werner Koch) Date: Thu, 22 Dec 2022 10:45:45 +0100 Subject: scd: binary data returned when sending direct APDU In-Reply-To: <5652089.DvuYhMxLoT@daneel> ("Ingo \=\?utf-8\?Q\?Kl\=C3\=B6cker\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Wed, 21 Dec 2022 18:58:32 +0100") References: <5652089.DvuYhMxLoT@daneel> Message-ID: <87pmcbn54m.fsf@wheatstone.g10code.de> On Wed, 21 Dec 2022 18:58, Ingo Kl?cker said: > I suppose this is intended behavior (because data is often text and you don't > want to get that in hex). You may want to use `gpg-connect-agent --hex`. Yes, that is indeed intended. D(data) lines may return arbitrary data with only a few values being %-escaped. Some commands have options to return the result as S(status) lines which are then UTF-8. BTW, in gpg-connect-agent you may also use "/hex" or "/nohex" to enable hex style dumps of D lines. Try "/help" for other gpg-connect-agent commands. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From cai.0407 at gmail.com Fri Dec 30 11:48:27 2022 From: cai.0407 at gmail.com (Kosuke Kaizuka) Date: Fri, 30 Dec 2022 19:48:27 +0900 Subject: location of pubring.db Message-ID: <9519b9e6-f176-9afe-2dfc-e2b6a45763c0@gmail.com> Hello, The location of public keyring can be changed with "keyring" option like this; keyring /path/to/pubring.kbx (current) or keyring /path/to/pubring.gpg (legacy) On GnuPG >= 2.3.0 with "use-keyboxd" option, new SQlite database of public keyring "pubring.db" is located in /GnuPG-HomeDir/public-keys.d, but it is not possible to change the location of this new file. keyring /path/to/pubring.db (does not work) "keyring" does not work any more with "use-keyboxd"? -- Kosuke Kaizuka -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 236 bytes Desc: OpenPGP digital signature URL: From simon at josefsson.org Fri Dec 30 15:04:44 2022 From: simon at josefsson.org (Simon Josefsson) Date: Fri, 30 Dec 2022 15:04:44 +0100 Subject: OpenPGP card with 25519 key breaks SSH sntrup761x25519-sha512@openssh.com Message-ID: <874jtd3s3n.fsf@josefsson.org> Hi. When I SSH with gpg-agent's ssh-agent emulation, this happens: jas at kaka ~$ ssh root at 192.168.10.186 sign_and_send_pubkey: signing failed for ED25519 "cardno:FFFE 42315277" from agent: agent refused operation root at 192.168.10.186: Permission denied (publickey). jas at kaka ~$ Tracking it down, it only occurs when both of these holds: 1) Modern enough SSH versions that prefers sntrup761x25519-sha512 at openssh.com over curve25519-sha256. To force it: ssh -oKexAlgorithms=sntrup761x25519-sha512 at openssh.com root at 192.168.10.186 2) The 25519 key is on an OpenPGP card. I verified that 'ssh-keygen -t ed25519' and using that key works successfully with sntrup761x25519-sha512, so the problem is likely not within the OpenSSH server or client. I have verified the problem with two different OpenPGP cards, Gnuk1.2.20 at FST01SZ and YubiKey, so it is likely not a card problem. Isn't this supposed to work? The workaround is to use the old default of curve25519-sha256: jas at kaka ~$ ssh -oKexAlgorithms=curve25519-sha256 root at 192.168.10.186 Then it works. I enable debugging and restarting scdaemon as follows: jas at kaka ~$ cat>.gnupg/scdaemon.conf debug-all log-file /tmp/scd.log jas at kaka ~$ gpg-connect-agent "SCD KILLSCD" "SCD BYE" /bye OK ERR 67125247 Slut p? fil jas at kaka ~$ The relevant output from a failing SSH command: DBG: chan_7 <- SERIALNO DBG: chan_7 -> S SERIALNO D276000124010200FFFE423152770000 DBG: chan_7 -> OK DBG: chan_7 <- GETINFO card_list DBG: chan_7 -> S SERIALNO D276000124010200FFFE423152770000 DBG: chan_7 -> OK DBG: chan_7 <- SERIALNO --demand=D276000124010200FFFE423152770000 DBG: chan_7 -> S SERIALNO D276000124010200FFFE423152770000 DBG: chan_7 -> OK DBG: chan_7 <- GETATTR $AUTHKEYID DBG: chan_7 -> S $AUTHKEYID OPENPGP.3 DBG: chan_7 -> OK DBG: chan_7 <- GETATTR SERIALNO DBG: chan_7 -> S SERIALNO D276000124010200FFFE423152770000 DBG: chan_7 -> OK DBG: chan_7 <- READKEY OPENPGP.3 DBG: chan_7 -> [ 44 20 28 31 30 3a 70 75 62 6c 69 63 2d 6b 65 79 ...(85 byte(s) skipped) ] DBG: chan_7 -> OK DBG: chan_7 <- GETATTR $DISPSERIALNO DBG: chan_7 -> S $DISPSERIALNO FFFE+42315277 DBG: chan_7 -> OK DBG: chan_7 <- SERIALNO --demand=D276000124010200FFFE423152770000 DBG: chan_7 -> S SERIALNO D276000124010200FFFE423152770000 DBG: chan_7 -> OK DBG: chan_7 <- SETDATA 3021300906052B0E03021A0500041400000040FAE895F31F2660B12248ED8BBF26A300125BABD0322CDDF09E9C15D963528F3EE5C65FED25D5F4A06A00C870ECA356EFAC01EC6AF60908B7F792C0B52571FB103200000004726F6F740000000E7373682D636F6E6E656374696F6E000000237075626C69636B65792D686F7374626F756E642D763030406F70656E7373682E636F6D010000000B7373682D65643235353139000000330000000B7373682D6564323535313900000020BCC215C1C7ACACD548F0C36AB64F62A9FCF47E533DAC7070E460460FB80DA804000000330000000B7373682D65643235353139000000209E01C3E55A1A346ED50BA91A9AE6752CED4ACC5B747450EC58B33E558718BC44 DBG: chan_7 -> OK DBG: chan_7 <- PKAUTH 24C58979C8A143555526ECBA27CE64C86D0D563D DBG: send apdu: c=00 i=88 p1=00 p2=00 lc=260 le=256 em=0 operation auth result: Invalid value app_auth failed: Invalid value DBG: chan_7 -> ERR 100663351 Invalid value DBG: chan_7 <- RESTART DBG: chan_7 -> OK Releant part when I use -oKexAlgorithms=curve25519-sha256 for a successfull SSH command: 2022-12-30 14:55:37 scdaemon[8885] DBG: chan_7 <- SETDATA 3021300906052B0E03021A05000414000000201B17C1E7A476E697A846BFEC82D58277CE29BE5D5E4729707B50817AB58DAEAA3200000004726F6F740000000E7373682D636F6E6E656374696F6E000000237075626C69636B65792D686F7374626F756E642D763030406F70656E7373682E636F6D010000000B7373682D65643235353139000000330000000B7373682D6564323535313900000020BCC215C1C7ACACD548F0C36AB64F62A9FCF47E533DAC7070E460460FB80DA804000000330000000B7373682D65643235353139000000209E01C3E55A1A346ED50BA91A9AE6752CED4ACC5B747450EC58B33E558718BC44 2022-12-30 14:55:37 scdaemon[8885] DBG: chan_7 -> OK 2022-12-30 14:55:37 scdaemon[8885] DBG: chan_7 <- PKAUTH 24C58979C8A143555526ECBA27CE64C86D0D563D 2022-12-30 14:55:37 scdaemon[8885] DBG: send apdu: c=00 i=88 p1=00 p2=00 lc=228 le=256 em=0 2022-12-30 14:55:37 scdaemon[8885] DBG: PCSC_data: 00 88 00 00 E4 00 00 00 20 1B 17 C1 E7 A4 76 E6 97 A8 46 BF EC 82 D5 82 77 CE 29 BE 5D 5E 47 29 70 7B 50 81 7A B5 8D AE AA 32 00 00 00 04 72 6F 6F 74 00 00 00 0E 73 73 68 2D 63 6F 6E 6E 65 63 74 69 6F 6E 00 00 00 23 70 75 62 6C 69 63 6B 65 79 2D 68 6F 73 74 62 6F 75 6E 64 2D 76 30 30 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 01 00 00 00 0B 73 73 68 2D 65 64 32 35 35 31 39 00 00 00 33 00 00 00 0B 73 73 68 2D 65 64 32 35 35 31 39 00 00 00 20 BC C2 15 C1 C7 AC AC D5 48 F0 C3 6A B6 4F 62 A9 FC F4 7E 53 3D AC 70 70 E4 60 46 0F B8 0D A8 04 00 00 00 33 00 00 00 0B 73 73 68 2D 65 64 32 35 35 31 39 00 00 00 20 9E 01 C3 E5 5A 1A 34 6E D5 0B A9 1A 9A E6 75 2C ED 4A CC 5B 74 74 50 EC 58 B3 3E 55 87 18 BC 44 00 2022-12-30 14:55:37 scdaemon[8885] DBG: response: sw=9000 datalen=64 2022-12-30 14:55:37 scdaemon[8885] DBG: dump: 7E 25 60 36 E3 B5 34 22 74 C0 DD 0C 08 84 70 AE B2 A9 2F A4 75 66 A2 AF 48 C2 BE C3 5C 29 6B CD 1D 37 38 2C 32 ED BC 40 8D C5 E3 C4 3F 8A 7E D3 B2 BA C3 93 BE F1 F7 60 A0 55 A4 A1 AE AF 8A 03 2022-12-30 14:55:37 scdaemon[8885] operation auth result: Success 2022-12-30 14:55:37 scdaemon[8885] DBG: chan_7 -> [ 44 20 7e 25 32 35 60 36 e3 b5 34 22 74 c0 dd 0c ...(52 byte(s) skipped) ] 2022-12-30 14:55:37 scdaemon[8885] DBG: chan_7 -> OK 2022-12-30 14:55:37 scdaemon[8885] DBG: chan_7 <- RESTART 2022-12-30 14:55:37 scdaemon[8885] DBG: chan_7 -> OK /Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 255 bytes Desc: not available URL: From simon at josefsson.org Fri Dec 30 17:37:38 2022 From: simon at josefsson.org (Simon Josefsson) Date: Fri, 30 Dec 2022 17:37:38 +0100 Subject: OpenPGP card with 25519 key breaks SSH sntrup761x25519-sha512@openssh.com In-Reply-To: <874jtd3s3n.fsf@josefsson.org> (Simon Josefsson via Gnupg-users's message of "Fri, 30 Dec 2022 15:04:44 +0100") References: <874jtd3s3n.fsf@josefsson.org> Message-ID: <87zgb43l0t.fsf@josefsson.org> Never mind -- I realized this was a duplicate of this bug report: https://dev.gnupg.org/T5935 I will try to work on getting a newer GnuPG into Guix as a solution. /Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 255 bytes Desc: not available URL: