From soil.compacter356 at silomails.com Wed Oct 4 22:37:41 2023 From: soil.compacter356 at silomails.com (soil.compacter356 at silomails.com) Date: Wed, 04 Oct 2023 20:37:41 +0000 Subject: (No Subject) Message-ID: <169645186827.8.61716223723059293.191226233@silomails.com> hi, i've set up 2 public/private key pairs. with all this data stored in my linux home folder. i'd like to sign a public key that i'm keen to send emails to, but i'm only given the option to sign with the 1st private key i set up. but i'd like to keep these two keys separate and used for different use cases, and not just sign all pub keys i'm sending to from either email, with th same private key... pretty new to using PGP. explored quite bit online for solution, but can't find a way.. thanks. Sent with [Proton Mail](https://proton.me/) secure email. -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Thu Oct 5 14:29:22 2023 From: wk at gnupg.org (Werner Koch) Date: Thu, 05 Oct 2023 14:29:22 +0200 Subject: (No Subject) In-Reply-To: <169645186827.8.61716223723059293.191226233@silomails.com> (soil via Gnupg-users's message of "Wed, 04 Oct 2023 20:37:41 +0000") References: <169645186827.8.61716223723059293.191226233@silomails.com> Message-ID: <87wmw15k2l.fsf@jacob.g10code.de> Hi! On Wed, 4 Oct 2023 20:37, soil said: > i'd like to sign a public key that i'm keen to send emails to, but i'm > only given the option to sign with the 1st private key i set up. but In case you are using the command line this is easy: gpg -u YOURKEYID --quick-sign-key FINGERPRINT_OF_KEY_TO_SIGN You may also use gpg -u YOURKEYID --edit-key FINGERPRINT_OR_USERID_OF_KEY_TO_SIGN If you are using a GUI (e.g. Kleopatra) you will have a drop down box to select the signing key. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From falko.strenzke at mtg.de Tue Oct 10 10:00:18 2023 From: falko.strenzke at mtg.de (Falko Strenzke) Date: Tue, 10 Oct 2023 10:00:18 +0200 Subject: =?UTF-8?Q?Building_GnuPG_=E2=80=93_libassuan_version?= Message-ID: I just tried to build the current master branch of https://dev.gnupg.org/source/gnupg.git When trying to build it, I receive the error *** You need libassuan to build this program. *** This library is for example available at *** https://gnupg.org/ftp/gcrypt/libassuan/ *** (at least version 3.0.0 (API 3) is required). This is my configure command: ./configure --prefix=/opt/gnupg-2.4.3 --sysconfdir=/opt/gnupg-2.4.3/etc --with-libgcrypt-prefix=/opt/libgcrypt --with-libgpg-error-prefix=/opt/libgpg-error --with-npth-prefix=/opt/npth --with-libassuan-prefix=/opt/libassuan3.0-base I built libassuan 3.0-base from the tag https://github.com/gpg/libassuan/tree/libassuan-3.0-base and installed it at the dir shown above. Can anyone give me a hint what can be the reason for still receiving this error message? - Falko -- *MTG AG* Dr. Falko Strenzke Executive System Architect Phone: +49 6151 8000 24 E-Mail: falko.strenzke at mtg.de Web: mtg.de *MTG Exhibitions ? See you in 2023* ------------------------------------------------------------------------ MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany Commercial register: HRB 8901 Register Court: Amtsgericht Darmstadt Management Board: J?rgen Ruf (CEO), Tamer Kemer?z Chairman of the Supervisory Board: Dr. Thomas Milde This email may contain confidential and/or privileged information. If you are not the correct recipient or have received this email in error, please inform the sender immediately and delete this email. Unauthorised copying or distribution of this email is not permitted. Data protection information: Privacy policy -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: VU6kGQEM6h5xNR6v.png Type: image/png Size: 5256 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: DgHSnVm0rvNN0Fu7.png Type: image/png Size: 4906 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4813 bytes Desc: Kryptografische S/MIME-Signatur URL: From msteel00 at proton.me Tue Oct 10 09:47:49 2023 From: msteel00 at proton.me (Marco) Date: Tue, 10 Oct 2023 07:47:49 +0000 Subject: Quit gracefully on wrong password Message-ID: Hi, I'm using GPG to decrypt an encrypted file. The command I'm using is the following: $ gpg -a --decrypt --no-symkey-cache --batch --passphrase "correct_pw" --output file.txt file.txt.enc This works fine when the password is correct. When I try using an incorrect password, however, gpg leaves me in a prompt waiting for further commands: $ gpg -a --decrypt --no-symkey-cache --batch --passphrase "incorrect_pw" --output file.txt file.txt.enc gpg: AES256.CFB encrypted data gpg: encrypted with 1 passphrase gpg: decryption failed: Bad session key ^C gpg: signal Interrupt caught ... exiting where I have to manually interrupt the process using ctrl + c. So my question is: is there a way to just quit the program when the password is incorrect? I need to use this command inside a script which is supposed to be running in background, this behaviour would break the entire pipeline. Thanks in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: From falko.strenzke at mtg.de Wed Oct 11 09:08:23 2023 From: falko.strenzke at mtg.de (Falko Strenzke) Date: Wed, 11 Oct 2023 09:08:23 +0200 Subject: =?UTF-8?Q?Re=3A_Building_GnuPG_=E2=80=93_libassuan_version?= In-Reply-To: References: Message-ID: <7f6cabe3-8fbf-4ce0-a1f7-208192dcc33d@mtg.de> I see now that even https://github.com/gpg/libassuan/tree/libassuan-3.0-base is identifying itself as version "2.5.6-beta1" via its config binary. So I wonder how I can have working version of libassuan for current GnuPG master. - Falko Am 10.10.23 um 10:00 schrieb Falko Strenzke: > > I just tried to build the current master branch of > https://dev.gnupg.org/source/gnupg.git > > When trying to build it, I receive the error > > *** You need libassuan to build this program. > *** This library is for example available at > *** https://gnupg.org/ftp/gcrypt/libassuan/ > *** (at least version 3.0.0 (API 3) is required). > > > This is my configure command: > > ./configure --prefix=/opt/gnupg-2.4.3 > --sysconfdir=/opt/gnupg-2.4.3/etc > --with-libgcrypt-prefix=/opt/libgcrypt > --with-libgpg-error-prefix=/opt/libgpg-error > --with-npth-prefix=/opt/npth > --with-libassuan-prefix=/opt/libassuan3.0-base > > I built libassuan 3.0-base from the tag > https://github.com/gpg/libassuan/tree/libassuan-3.0-base and installed > it at the dir shown above. Can anyone give me a hint what can be the > reason for still receiving this error message? > > - Falko > > -- > > *MTG AG* > Dr. Falko Strenzke > Executive System Architect > > Phone: +49 6151 8000 24 > E-Mail: falko.strenzke at mtg.de > Web: mtg.de > > > *MTG Exhibitions ? See you in 2023* > > ------------------------------------------------------------------------ > > > > MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany > Commercial register: HRB 8901 > Register Court: Amtsgericht Darmstadt > Management Board: J?rgen Ruf (CEO), Tamer Kemer?z > Chairman of the Supervisory Board: Dr. Thomas Milde > > This email may contain confidential and/or privileged information. If > you are not the correct recipient or have received this email in error, > please inform the sender immediately and delete this email. > Unauthorised copying or distribution of this email is not permitted. > > Data protection information: Privacy policy > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > https://lists.gnupg.org/mailman/listinfo/gnupg-users -- *MTG AG* Dr. Falko Strenzke Executive System Architect Phone: +49 6151 8000 24 E-Mail: falko.strenzke at mtg.de Web: mtg.de *MTG Exhibitions ? See you in 2023* ------------------------------------------------------------------------ MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany Commercial register: HRB 8901 Register Court: Amtsgericht Darmstadt Management Board: J?rgen Ruf (CEO), Tamer Kemer?z Chairman of the Supervisory Board: Dr. Thomas Milde This email may contain confidential and/or privileged information. If you are not the correct recipient or have received this email in error, please inform the sender immediately and delete this email. Unauthorised copying or distribution of this email is not permitted. Data protection information: Privacy policy -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: VU6kGQEM6h5xNR6v.png Type: image/png Size: 5256 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: DgHSnVm0rvNN0Fu7.png Type: image/png Size: 4906 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: TnqASzRTfBzl7dWq.png Type: image/png Size: 5256 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: eyCfatfYk3LlDSE3.png Type: image/png Size: 4906 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4813 bytes Desc: Kryptografische S/MIME-Signatur URL: From wk at gnupg.org Wed Oct 11 14:20:42 2023 From: wk at gnupg.org (Werner Koch) Date: Wed, 11 Oct 2023 14:20:42 +0200 Subject: Building GnuPG =?utf-8?Q?=E2=80=93?= libassuan version In-Reply-To: <7f6cabe3-8fbf-4ce0-a1f7-208192dcc33d@mtg.de> (Falko Strenzke's message of "Wed, 11 Oct 2023 09:08:23 +0200") References: <7f6cabe3-8fbf-4ce0-a1f7-208192dcc33d@mtg.de> Message-ID: <87v8bd1hb9.fsf@jacob.g10code.de> Hi Falko, On Wed, 11 Oct 2023 09:08, Falko Strenzke said: > I see now that even https://github.com/gpg/libassuan/tree/libassuan-3.0-base > is identifying itself as version "2.5.6-beta1" via its config binary. So I > wonder how I can have working version of libassuan for current GnuPG master. I am travelling, so only a short reply. Please do not use the github mirror - I am not sure whether it is always up to date. Better use the https://dev.gnupg.org mirror or just the plain git:// mirror. You should simply checkout "master" and not a specific tag. Current development goes into master and at least for me it works. Current HEAD is at 16b6b7753229a41fb3b4bf77d34873db8f3cb682. You need to get the latest libassuan master, build and install it and also the latest libgpg-error. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From kloecker at kde.org Wed Oct 11 12:39:20 2023 From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=) Date: Wed, 11 Oct 2023 12:39:20 +0200 Subject: Building GnuPG =?UTF-8?B?4oCT?= libassuan version In-Reply-To: <7f6cabe3-8fbf-4ce0-a1f7-208192dcc33d@mtg.de> References: <7f6cabe3-8fbf-4ce0-a1f7-208192dcc33d@mtg.de> Message-ID: <3258432.aeNJFYEL58@daneel> On Mittwoch, 11. Oktober 2023 09:08:23 CEST Falko Strenzke wrote: > I see now that even > https://github.com/gpg/libassuan/tree/libassuan-3.0-base is identifying > itself as version "2.5.6-beta1" via its config binary. So I wonder how I > can have working version of libassuan for current GnuPG master. Use libassuan master. libassuan-3.0-base marks the branch point where the development of libassuan 3.0 split off of the further development of libassuan 2. Obviously, at this point the version was still 2.x. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: This is a digitally signed message part. URL: From falko.strenzke at mtg.de Wed Oct 11 15:26:27 2023 From: falko.strenzke at mtg.de (Falko Strenzke) Date: Wed, 11 Oct 2023 15:26:27 +0200 Subject: =?UTF-8?Q?Re=3A_Building_GnuPG_=E2=80=93_libassuan_version?= In-Reply-To: <87v8bd1hb9.fsf@jacob.g10code.de> References: <7f6cabe3-8fbf-4ce0-a1f7-208192dcc33d@mtg.de> <87v8bd1hb9.fsf@jacob.g10code.de> Message-ID: <727a12d8-2d7b-4e0d-8d3d-bd7458285b46@mtg.de> Thanks Werner and Ingo. With the current master of libassuan I can indeed build gnupg. - Falko Am 11.10.23 um 14:20 schrieb Werner Koch: > Hi Falko, > > On Wed, 11 Oct 2023 09:08, Falko Strenzke said: >> I see now that evenhttps://github.com/gpg/libassuan/tree/libassuan-3.0-base >> is identifying itself as version "2.5.6-beta1" via its config binary. So I >> wonder how I can have working version of libassuan for current GnuPG master. > I am travelling, so only a short reply. > > Please do not use the github mirror - I am not sure whether it is always > up to date. Better use thehttps://dev.gnupg.org mirror or just the > plain git:// mirror. > > You should simply checkout "master" and not a specific tag. Current > development goes into master and at least for me it works. > Current HEAD is at 16b6b7753229a41fb3b4bf77d34873db8f3cb682. > > You need to get the latest libassuan master, build and install it and > also the latest libgpg-error. > > > Shalom-Salam, > > Werner > -- *MTG AG* Dr. Falko Strenzke Executive System Architect Phone: +49 6151 8000 24 E-Mail: falko.strenzke at mtg.de Web: mtg.de ------------------------------------------------------------------------ MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany Commercial register: HRB 8901 Register Court: Amtsgericht Darmstadt Management Board: J?rgen Ruf (CEO), Tamer Kemer?z Chairman of the Supervisory Board: Dr. Thomas Milde This email may contain confidential and/or privileged information. If you are not the correct recipient or have received this email in error, please inform the sender immediately and delete this email. Unauthorised copying or distribution of this email is not permitted. Data protection information: Privacy policy -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4813 bytes Desc: Kryptografische S/MIME-Signatur URL: From leo.moseley at icloud.com Wed Oct 11 19:53:18 2023 From: leo.moseley at icloud.com (Leo Moseley) Date: Wed, 11 Oct 2023 17:53:18 +0000 (UTC) Subject: Key import, trust, set Message-ID: <93732684-7fc6-4f4a-b5de-8eb6a9fc3b2c@me.com> Hello.I have an import question in regard to making a key pair under GNU+Linux, uploaded it to a key server, have imported it in Windows 11 and set trust to Ultimate but how do I set it as mine, like as in my default key? I do not have that type of experience so any and all help is immensely appreciated.Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From mjambor at suse.cz Sat Oct 14 12:06:17 2023 From: mjambor at suse.cz (Martin Jambor) Date: Sat, 14 Oct 2023 12:06:17 +0200 Subject: Can preferred order of decryption keys be specified? Message-ID: Hello, I intend to encrypt stuff for myself using two keys. One of the keys is on a Yubikey and (probably because it is the default-key for signing?) it is always tried first, even though the second one is on-disk and the agent already knows its pass-phrase. This means that when decrypting this stuff on machines that know about both keys but the Yubikey is not inserted I get an unnecessary message to insert a card with serial number XY even when it is not necessary. When using the throw-keyids option, this gets quite a bit worse and the dialog appears six times before the correct key is tried and succeeds. Is there a way to specify a preferred decryption key (that is different from the default signing key)? Incidentally, does anybody know how to convince emacs EasyPG to pass --no-throw-keyids to GPG? :-) Thank you, Martin From wk at gnupg.org Mon Oct 16 09:56:21 2023 From: wk at gnupg.org (Werner Koch) Date: Mon, 16 Oct 2023 09:56:21 +0200 Subject: Can preferred order of decryption keys be specified? In-Reply-To: (Martin Jambor's message of "Sat, 14 Oct 2023 12:06:17 +0200") Message-ID: <87jzrnyp96.fsf@jacob.g10code.de> On Sat, 14 Oct 2023 12:06, Martin Jambor said: > Is there a way to specify a preferred decryption key (that is different > from the default signing key)? Although we meanwhile have a way to set preferences for ssh keys [1] we don't have this for decryption keys. :-( > Incidentally, does anybody know how to convince emacs EasyPG to pass > --no-throw-keyids to GPG? :-) Elisp is easy to modify ;-). One other idea: Replace the throw-keyid in gpg.conf by --8<---------------cut here---------------start------------->8--- [getenv no_throw_keyid NO_THROW_KEYID] [if $no_throw_keyid -z ] throw-keyid [fi] --8<---------------cut here---------------end--------------->8--- and then have Emacs to set the NO_THROW_KEYID envvar to 1 or so. Shalom-Salam, Werner [1] In the respective .key file you may put this name/value: *** Use-for-ssh If given and the value is "yes" or "1" the key is allowed for use by gpg-agent's ssh-agent implementation. This is thus the same as putting the keygrip into the 'sshcontrol' file. Only one such item should exist. If another non-zero value between 1 and 99999 is used, this is taken to establish the order in which the keys are returned to ssh; lower numbers are returned first. If a negative value is used this overrides currently active (inserted) cards and thus allows to prefer on-disk keys over inserted cards. A value of -1 has the highest priority; values are capped at -999 and have a lower priority but still above the positive values, inserted cards or the order in sshcontrol. -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From gnupg at shoran-und-alira.de Mon Oct 16 14:02:10 2023 From: gnupg at shoran-und-alira.de (Frank Lindner) Date: Mon, 16 Oct 2023 14:02:10 +0200 (CEST) Subject: libgcrypt 1.10.2 compile on AIX POWER Message-ID: <1291647865.5178.1697457730690@email.df.eu> Hello, it's been a while and I just tried to compile a new version of GnuPG and needed libraries. I am having troubles with libgcrypt 1.10.2. /opt/freeware/bin/bash ../libtool --tag=CC --mode=compile xlclang++ -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -I/opt/freeware/include -qmaxmem=16384 -DSYSV -D_AIX -D_AIX32 -D_AIX41 -D_AIX43 -D_AIX51 -D_AIX52 -D_AIX53 -D_AIX61 -D_AIX71 -D_AIX72 -D_ALL_SOURCE -DFUNCPROTO=15 -O2 -I/opt/freeware/include -fno-delete-null-pointer-checks -Wall -MT mpi-bit.lo -MD -MP -MF .deps/mpi-bit.Tpo -c -o mpi-bit.lo mpi-bit.c libtool: compile: xlclang++ -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -I/opt/freeware/include -qmaxmem=16384 -DSYSV -D_AIX -D_AIX32 -D_AIX41 -D_AIX43 -D_AIX51 -D_AIX52 -D_AIX53 -D_AIX61 -D_AIX71 -D_AIX72 -D_ALL_SOURCE -DFUNCPROTO=15 -O2 -I/opt/freeware/include -fno-delete-null-pointer-checks -Wall -MT mpi-bit.lo -MD -MP -MF .deps/mpi-bit.Tpo -c mpi-bit.c -DPIC -o .libs/mpi-bit.o warning: 1540-5200 The option "-fno-delete-null-pointer-checks" is not supported. 1 warning generated. Assembler: .libs/mpi-bit$1.s: line 48: Error In Syntax 1500-067: (S) asm statement generates errors in assembler output. make: The error code from the last command is 1. Stop. make: The error code from the last command is 1. Stop. make: The error code from the last command is 2. Stop. error: Bad exit status from /var/tmp/rpm-tmp.XU_aeb (%build) Currently I have no ideas how to track down this problem any further. My latest successful build was 1.9.4. Any ideas? Is sticking with LTS version (1.8.x) a viable solution? Kind regards Frank From gnupg at shoran-und-alira.de Mon Oct 16 15:25:22 2023 From: gnupg at shoran-und-alira.de (Frank Lindner) Date: Mon, 16 Oct 2023 15:25:22 +0200 (CEST) Subject: libgcrypt 1.10.2 compile on AIX POWER In-Reply-To: <1291647865.5178.1697457730690@email.df.eu> References: <1291647865.5178.1697457730690@email.df.eu> Message-ID: <970069812.12433.1697462722695@email.df.eu> It seems I found my mistake. By accident the compiler was set to xlclang++, which is not the correct one I suppose. Changing this back to cc/xlC did throw the well know issue of 'keyword inline unknown'. And for that I think I found a solution for AIX. Adding the -qlanglvl=extc99 compile option to my environment worked for 1.8.10. For 1.10.2 I now run into the following: >---- start ---< /opt/freeware/bin/bash ../libtool --tag=CC --mode=link cc -I/opt/freeware/include -qmaxmem=16384 -qlanglvl=extc99 -DSYSV -D_AIX -D_AIX32 -D_AIX41 -D_AIX43 -D_AIX51 -D_AIX52 -D_AIX53 -D_AIX61 -D_AIX71 -D_AIX72 -D_ALL_SOURCE -DFUNCPROTO=15 -O2 -I/opt/freeware/include -no-install -L/opt/freeware/lib64 -L/opt/freeware/lib -Wl,-blibpath:/opt/freeware/lib64:/opt/freeware/lib:/usr/lib:/lib -Wl,-bmaxdata:0x80000000 -o hashtest hashtest.o ../src/libgcrypt.la ../compat/libcompat.la -L/opt/freeware/lib -lgpg-error -lpthread libtool: link: cc -I/opt/freeware/include -qmaxmem=16384 -qlanglvl=extc99 -DSYSV -D_AIX -D_AIX32 -D_AIX41 -D_AIX43 -D_AIX51 -D_AIX52 -D_AIX53 -D_AIX61 -D_AIX71 -D_AIX72 -D_ALL_SOURCE -DFUNCPROTO=15 -O2 -I/opt/freeware/include -Wl,-blibpath:/opt/freeware/lib64:/opt/freeware/lib:/usr/lib:/lib -Wl,-bmaxdata:0x80000000 -o hashtest hashtest.o -L/opt/freeware/lib64 -L/opt/freeware/lib -L../src/.libs -lgcrypt ../compat/.libs/libcompat.a -lgpg-error -lpthread -Wl,-blibpath:/opt/freeware/src/packages/BUILD/libgcrypt-1.10.2/src/.libs:/opt/freeware/lib:/opt/freeware/lib64:/opt/freeware/lib:/usr/lib:/lib source='t-kdf.c' object='t_kdf-t-kdf.o' libtool=no DEPDIR=.deps depmode=xlc /opt/freeware/bin/bash ../build-aux/depcomp cc -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -I/opt/freeware/include -D_THREAD_SAFE -qmaxmem=16384 -qlanglvl=extc99 -DSYSV -D_AIX -D_AIX32 -D_AIX41 -D_AIX43 -D_AIX51 -D_AIX52 -D_AIX53 -D_AIX61 -D_AIX71 -D_AIX72 -D_ALL_SOURCE -DFUNCPROTO=15 -O2 -I/opt/freeware/include -c -o t_kdf-t-kdf.o `test -f 't-kdf.c' || echo './'`t-kdf.c /opt/freeware/bin/bash ../libtool --tag=CC --mode=link cc -I/opt/freeware/include -D_THREAD_SAFE -qmaxmem=16384 -qlanglvl=extc99 -DSYSV -D_AIX -D_AIX32 -D_AIX41 -D_AIX43 -D_AIX51 -D_AIX52 -D_AIX53 -D_AIX61 -D_AIX71 -D_AIX72 -D_ALL_SOURCE -DFUNCPROTO=15 -O2 -I/opt/freeware/include -no-install -L/opt/freeware/lib64 -L/opt/freeware/lib -Wl,-blibpath:/opt/freeware/lib64:/opt/freeware/lib:/usr/lib:/lib -Wl,-bmaxdata:0x80000000 -o t-kdf t_kdf-t-kdf.o ../src/libgcrypt.la ../compat/libcompat.la -L/opt/freeware/lib -lgpg-error -lpthread -lpthread libtool: link: cc -I/opt/freeware/include -D_THREAD_SAFE -qmaxmem=16384 -qlanglvl=extc99 -DSYSV -D_AIX -D_AIX32 -D_AIX41 -D_AIX43 -D_AIX51 -D_AIX52 -D_AIX53 -D_AIX61 -D_AIX71 -D_AIX72 -D_ALL_SOURCE -DFUNCPROTO=15 -O2 -I/opt/freeware/include -Wl,-blibpath:/opt/freeware/lib64:/opt/freeware/lib:/usr/lib:/lib -Wl,-bmaxdata:0x80000000 -o t-kdf t_kdf-t-kdf.o -L/opt/freeware/lib64 -L/opt/freeware/lib -L../src/.libs -lgcrypt ../compat/.libs/libcompat.a -lgpg-error -lpthread -Wl,-blibpath:/opt/freeware/src/packages/BUILD/libgcrypt-1.10.2/src/.libs:/opt/freeware/lib:/opt/freeware/lib64:/opt/freeware/lib:/usr/lib:/lib ld: 0711-317 ERROR: Undefined symbol: .gcry_kdf_open ld: 0711-317 ERROR: Undefined symbol: .gcry_kdf_compute ld: 0711-317 ERROR: Undefined symbol: .gcry_kdf_final ld: 0711-317 ERROR: Undefined symbol: .gcry_kdf_close ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more information. make: The error code from the last command is 8. >---- end ---< Which looks somehow vaguely familiar. Any tips? Kind regards Frank From wk at gnupg.org Wed Oct 18 10:26:09 2023 From: wk at gnupg.org (Werner Koch) Date: Wed, 18 Oct 2023 10:26:09 +0200 Subject: libgcrypt 1.10.2 compile on AIX POWER In-Reply-To: <970069812.12433.1697462722695@email.df.eu> (Frank Lindner's message of "Mon, 16 Oct 2023 15:25:22 +0200 (CEST)") References: <1291647865.5178.1697457730690@email.df.eu> <970069812.12433.1697462722695@email.df.eu> Message-ID: <87h6moxroe.fsf@jacob.g10code.de> On Mon, 16 Oct 2023 15:25, Frank Lindner said: > Changing this back to cc/xlC did throw the well know issue of 'keyword > inline unknown'. I am not aware of that problem. We are Libgcrypt and the entire GnuPG suite on AIX for decades. The configure script should detect whether inline is supported by the compiler. I also wonder why and from where did you tool all the compiler options. How did you invoked configure and make? Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From felix.klee at inka.de Tue Oct 24 05:38:52 2023 From: felix.klee at inka.de (Felix E. Klee) Date: Tue, 24 Oct 2023 11:38:52 +0800 Subject: Finding all files encrypted with a certain key Message-ID: For the purpose of re-encryption with a new key, I?d like to find all files that are encrypted with my key BEF6EFD38FE8DCA0. All encrypted files, independent of key, have the extension `.gpg`. How do I do that for a massive directory tree? From andrewg at andrewg.com Tue Oct 24 11:11:52 2023 From: andrewg at andrewg.com (Andrew Gallagher) Date: Tue, 24 Oct 2023 10:11:52 +0100 Subject: Finding all files encrypted with a certain key In-Reply-To: References: Message-ID: On 24 Oct 2023, at 04:38, Felix E. Klee wrote: > > For the purpose of re-encryption with a new key, I?d like to find all > files that are encrypted with my key BEF6EFD38FE8DCA0. All encrypted > files, independent of key, have the extension `.gpg`. > > How do I do that for a massive directory tree? Hi, Felix. GNU `file` will print the encryption key ID: ``` andrewg at fum:~$ file hidden_service/private_key.gpg hidden_service/private_key.gpg: PGP RSA encrypted session key - keyid: 6B090693 14549D4B RSA (Encrypt or Sign) 4096b . ``` That keyid is the encryption subkey, so you can grep file?s batch output for its short ID, e.g.: ``` file *.gpg | grep $SHORT_ENC_SUBKEY_ID ``` Note that due to file?s use of whitespace, you can?t grep for the long ID unless you mangle it accordingly. If you don?t have GNU file, you can try `gpg ?list-packets` instead, but this will be slower as gpg will parse the entire file. Also, it only parses one file at a time, and the encryption key ID is output on STDERR. You can invoke it in a bash loop like this: ``` find . -name '*.gpg' -print0 | while read -r -d '' file; do echo -n "$file: " gpg --list-packets "$file" 2>&1 >/dev/null done | grep $SHORT_ENC_SUBKEY_ID ``` A -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From andrewg at andrewg.com Tue Oct 24 11:18:34 2023 From: andrewg at andrewg.com (Andrew Gallagher) Date: Tue, 24 Oct 2023 10:18:34 +0100 Subject: Finding all files encrypted with a certain key In-Reply-To: References: Message-ID: Apologies to the `file` authors, it?s a BSD utility, not GNU. A On 24 Oct 2023, at 10:11, Andrew Gallagher via Gnupg-users wrote: > > Signed PGP part > On 24 Oct 2023, at 04:38, Felix E. Klee wrote: >> >> For the purpose of re-encryption with a new key, I?d like to find all >> files that are encrypted with my key BEF6EFD38FE8DCA0. All encrypted >> files, independent of key, have the extension `.gpg`. >> >> How do I do that for a massive directory tree? > > Hi, Felix. > > GNU `file` will print the encryption key ID: > > ``` > andrewg at fum:~$ file hidden_service/private_key.gpg > hidden_service/private_key.gpg: PGP RSA encrypted session key - keyid: 6B090693 14549D4B RSA (Encrypt or Sign) 4096b . > ``` > > That keyid is the encryption subkey, so you can grep file?s batch output for its short ID, e.g.: > > ``` > file *.gpg | grep $SHORT_ENC_SUBKEY_ID > ``` > > Note that due to file?s use of whitespace, you can?t grep for the long ID unless you mangle it accordingly. > > If you don?t have GNU file, you can try `gpg ?list-packets` instead, but this will be slower as gpg will parse the entire file. Also, it only parses one file at a time, and the encryption key ID is output on STDERR. You can invoke it in a bash loop like this: > > ``` > find . -name '*.gpg' -print0 | while read -r -d '' file; do > echo -n "$file: " > gpg --list-packets "$file" 2>&1 >/dev/null > done | grep $SHORT_ENC_SUBKEY_ID > ``` > > A > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From wk at gnupg.org Tue Oct 24 11:20:25 2023 From: wk at gnupg.org (Werner Koch) Date: Tue, 24 Oct 2023 11:20:25 +0200 Subject: Finding all files encrypted with a certain key In-Reply-To: (Felix E. Klee's message of "Tue, 24 Oct 2023 11:38:52 +0800") References: Message-ID: <8734y04bs6.fsf@jacob.g10code.de> On Tue, 24 Oct 2023 11:38, Felix E. Klee said: > For the purpose of re-encryption with a new key, I?d like to find all > files that are encrypted with my key BEF6EFD38FE8DCA0. All encrypted > files, independent of key, have the extension `.gpg`. > > How do I do that for a massive directory tree? AMybe something like this encrypted-to-me-p.sh --8<---------------cut here---------------start------------->8--- #/bin/sh gpg -d --status-fd 1 -o /dev/null 2>/dev/null "$1" | awk ' $1=="[GNUPG:]" && $2=="ENC_TO" && $3=="BEF6EFD38FE8DCA0" {print $1; exit 0}' --8<---------------cut here---------------end--------------->8--- find /foo -type f -name '*.gpg' -print0 | xargs -0 -n1 encrypted-to-me-p.sh Best done with a keyring which does not hold any keys. Does not catch files which have hidden recipients. Note that you need to test for the subkey because that is the only information available in the encrypted files. Using --list-packets or pgpdump might be better but those have no stable API. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 243 bytes Desc: not available URL: From gnupg at raf.org Wed Oct 25 02:13:44 2023 From: gnupg at raf.org (raf) Date: Wed, 25 Oct 2023 11:13:44 +1100 Subject: Finding all files encrypted with a certain key In-Reply-To: References: Message-ID: On Tue, Oct 24, 2023 at 11:38:52AM +0800, "Felix E. Klee" wrote: > For the purpose of re-encryption with a new key, I?d like to find all > files that are encrypted with my key BEF6EFD38FE8DCA0. All encrypted > files, independent of key, have the extension `.gpg`. > > How do I do that for a massive directory tree? With my rawhide (rh) program (github.com/raforg/rawhide) you can do it with something like this: rh /path '"*.gpg" && "*PGP*encrypted*BEF6EFD3 8FE8DCA0*".what' That looks under /path for files whose names end in .gpg and whose file(1) output would contain the given glob pattern, but no file(1) processes are created. The output of file(1) for an encrypted file looks something like: file.gpg: PGP RSA encrypted session key - keyid: 49C40F3A BA227C81 RSA (Encrypt or Sign) 4096b . It can also be done with find(1) of course, but it's a little slower because it needs additional processes for each encrypted file: find /path -name '*.gpg' \ -execdir /bin/sh -c 'file {} | grep -q "PGP.*encrypted.*BEF6EFD3 8FE8DCA0"' \; \ -print But the extra time is probably immaterial when followed by re-encryption. While testing these, I just noticed that /usr/bin/file on my macOS-10.14 laptop shows a different keyid to what libmagic shows. That's bizarre. For some encrypted files of mine, /usr/bin/file (v5.33) shows 3A0FC449 817C22BA but libmagic/rh shows 49C40F3A BA227C81 for the same files. A more recent version of file (v5.45) installed via macports shows the same as libmagic/rh. So choose your version of file(1) wisely. :-) Also, in case you need to re-encrypt regularly, I recommend assigning some label to the key and putting it in the filename (e.g. blah.gpg.key23). Then you don't need to look inside the file, and if it takes a long time to re-encrypt lots of files, you can easily see how it's progressing. cheers, raf From felix.klee at inka.de Wed Oct 25 04:54:20 2023 From: felix.klee at inka.de (Felix E. Klee) Date: Wed, 25 Oct 2023 10:54:20 +0800 Subject: Finding all files encrypted with a certain key In-Reply-To: <8734y04bs6.fsf@jacob.g10code.de> References: <8734y04bs6.fsf@jacob.g10code.de> Message-ID: On Tue, Oct 24, 2023 at 5:21?PM Werner Koch wrote: > encrypted-to-me-p.sh > --8<---------------cut here---------------start------------->8--- > #/bin/sh > gpg -d --status-fd 1 -o /dev/null 2>/dev/null "$1" | awk ' > $1=="[GNUPG:]" && $2=="ENC_TO" && $3=="BEF6EFD38FE8DCA0" {print $1; exit 0}' > --8<---------------cut here---------------end--------------->8--- Thank you! I modified that a bit, to make it more readable to me and fix a little bug: The second `$1` doesn?t expand to the file name. Also, I had to pass `--pinentry-mode cancel`. Otherwise it would ask me for the PIN of my smartcard. See below for my version. What I don?t like is the `2>/dev/null` because that may mask actual error messages. I specified `--quiet`. That works to some extend, but I still get: gpg: decryption failed: No secret key I wonder how to get rid of that. My version: #/bin/sh filename=$1 enc_sub_key=04FDF78D1679DD94 gpg --decrypt \ --pinentry-mode cancel \ --status-fd 1 \ --quiet \ --output /dev/null "$1" | awk -v filename="$filename" \ -v enc_sub_key="$enc_sub_key" \ ' $1=="[GNUPG:]" && $2=="ENC_TO" && $3==enc_sub_key { print filename exit 0 }' From felix.klee at inka.de Wed Oct 25 05:00:36 2023 From: felix.klee at inka.de (Felix E. Klee) Date: Wed, 25 Oct 2023 11:00:36 +0800 Subject: Finding all files encrypted with a certain key In-Reply-To: References: Message-ID: On Wed, Oct 25, 2023 at 10:08?AM raf via Gnupg-users wrote: > > How do I do that for a massive directory tree? > > With my rawhide (rh) program (github.com/raforg/rawhide) you can do it > with something like this: > > rh /path '"*.gpg" && "*PGP*encrypted*BEF6EFD3 8FE8DCA0*".what' Very interesting, may look into that. But first working with Werner?s solution. > Also, in case you need to re-encrypt regularly, I recommend assigning > some label to the key and putting it in the filename (e.g. > blah.gpg.key23). I may do that. From felix.klee at inka.de Wed Oct 25 05:01:30 2023 From: felix.klee at inka.de (Felix E. Klee) Date: Wed, 25 Oct 2023 11:01:30 +0800 Subject: Finding all files encrypted with a certain key In-Reply-To: References: Message-ID: On Tue, Oct 24, 2023 at 5:12?PM Andrew Gallagher wrote: > GNU `file` will print the encryption key ID: Interesting. I wonder if there is any disadvantage of using `file` over Werner?s proposal. From falko.strenzke at mtg.de Wed Oct 25 13:01:39 2023 From: falko.strenzke at mtg.de (Falko Strenzke) Date: Wed, 25 Oct 2023 13:01:39 +0200 Subject: Pinentry problem with different home dir Message-ID: <632bd9d2-451b-4c2d-a6b7-8ba5e2da5ced@mtg.de> I am trying to run GnuPG with a different home directory by setting the environment variable GNUPGHOME. However, in that case, for instance when trying to generate a key, in that case I get the error gpg: DBG: chan_4 <- ERR 67108949 No pinentry gpg: agent_genkey failed: No pinentry Key generation failed: No pinentry I wonder what makes the difference. The only relevant files I found in my normal home directory are those under ~/.gnupg. But there seems to be no agent configuration file in that directory. Can anyone give me an advice what I can try to get the GnuPG Agent pinentry working with different home directory specified via GNUPGHOME? - Falko -- *MTG AG* Dr. Falko Strenzke Executive System Architect Phone: +49 6151 8000 24 E-Mail: falko.strenzke at mtg.de Web: mtg.de ------------------------------------------------------------------------ MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany Commercial register: HRB 8901 Register Court: Amtsgericht Darmstadt Management Board: J?rgen Ruf (CEO), Tamer Kemer?z Chairman of the Supervisory Board: Dr. Thomas Milde This email may contain confidential and/or privileged information. If you are not the correct recipient or have received this email in error, please inform the sender immediately and delete this email. Unauthorised copying or distribution of this email is not permitted. Data protection information: Privacy policy -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4813 bytes Desc: Kryptografische S/MIME-Signatur URL: From gnupg at raf.org Wed Oct 25 15:27:18 2023 From: gnupg at raf.org (raf) Date: Thu, 26 Oct 2023 00:27:18 +1100 Subject: Finding all files encrypted with a certain key In-Reply-To: References: Message-ID: On Wed, Oct 25, 2023 at 11:01:30AM +0800, "Felix E. Klee" wrote: > On Tue, Oct 24, 2023 at 5:12?PM Andrew Gallagher > wrote: > > GNU `file` will print the encryption key ID: > > Interesting. I wonder if there is any disadvantage of using `file` over > Werner's proposal. I don't think so. The version you are quoting didn't use find(1) as well, so it doesn't search recursively, but apart from that, using file would be simpler (no decryption, and no need to think about pinentry, and no need to access keys). If the files you are searching for are gigabytes in size, and there are many of them, decrypting them to find the key would be too slow, unless I've misunderstood something. file would read much less of each file. No, gpg would die with SIGPIPE as soon as awk terminates, so they probably read a similar amount. And they both use multiple additional processes for each candidate file (either sh+file+grep or sh+gpg+awk). cheers, raf From wk at gnupg.org Wed Oct 25 15:35:48 2023 From: wk at gnupg.org (Werner Koch) Date: Wed, 25 Oct 2023 15:35:48 +0200 Subject: Pinentry problem with different home dir In-Reply-To: <632bd9d2-451b-4c2d-a6b7-8ba5e2da5ced@mtg.de> (Falko Strenzke's message of "Wed, 25 Oct 2023 13:01:39 +0200") References: <632bd9d2-451b-4c2d-a6b7-8ba5e2da5ced@mtg.de> Message-ID: <87jzra25aj.fsf@jacob.g10code.de> On Wed, 25 Oct 2023 13:01, Falko Strenzke said: > Can anyone give me an advice what I can try to get the GnuPG Agent > pinentry working with different home directory specified via > GNUPGHOME? Run it this way: mkdir /foo/bar cd /foo/bar GNUPGHOME=`pwd` gpg-agent --daemon ~/bin/gnupg-setup-tests With gnupg-setup-tests being: --8<---------------cut here---------------start------------->8--- #!/bin/sh SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) export SSH_AUTH_SOCK cat >setup-tests.ini <<'EOF' PS1="$(echo "$PS1" | sed 's,\\\$ $,(GnuPGTest)\\\$ ,')" export HISTCONTROL=ignoreboth export HISTFILE=$(pwd)/.bash_history EOF exec bash --init-file setup-tests.ini --8<---------------cut here---------------end--------------->8--- That is a pretty conevient setup and allows to keep test around and easily switch to them. The pinentry is searched at $(gpgconf -L bindir)/pinentry In case you have a special setup you may put a gpg-agent.conf into $GNUPGHOME and use the pinentry-program option. "gpg -v" shou.d show which pinetry is launched, in case of problems, the gpg-agent.conf should show/log an error. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From wk at gnupg.org Wed Oct 25 15:29:17 2023 From: wk at gnupg.org (Werner Koch) Date: Wed, 25 Oct 2023 15:29:17 +0200 Subject: Finding all files encrypted with a certain key In-Reply-To: (Felix E. Klee's message of "Wed, 25 Oct 2023 10:54:20 +0800") References: <8734y04bs6.fsf@jacob.g10code.de> Message-ID: <87o7gm25le.fsf@jacob.g10code.de> Hi, hit the sent key combination by accident. The last para should have read: I think it is time to make things like this easier. Actually re-encrypt support has been on our feature list for many years. Every time I want to tackle this I stop at the decision on whether to also handle the large-file-on-server case or just do the simple re-encrypt-a-copy. Feature I'd like to have are: - Select whether anything should be done at all for a message. - Add new public keys (to encrypt the session key) - Add new symmetric keys - Remove existing public keys - Remove unknown keys (hidden keys) - Remove symmetric keys Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From wk at gnupg.org Wed Oct 25 15:22:37 2023 From: wk at gnupg.org (Werner Koch) Date: Wed, 25 Oct 2023 15:22:37 +0200 Subject: Finding all files encrypted with a certain key In-Reply-To: (Felix E. Klee's message of "Wed, 25 Oct 2023 10:54:20 +0800") References: <8734y04bs6.fsf@jacob.g10code.de> Message-ID: <87sf5y25wi.fsf@jacob.g10code.de> On Wed, 25 Oct 2023 10:54, Felix E. Klee said: > Thank you! I modified that a bit, to make it more readable to me and fix > a little bug: The second `$1` doesn?t expand to the file name. Also, I Upoi caught me, I didn't test the posted version. > gpg: decryption failed: No secret key > > I wonder how to get rid of that. grep -v on stderr ;-). I think it is time to make things like this easier. Actually re-encrypt support has been on our feature list for many years. Every time I want to tackle this I stop at the descsion on whether to to also handle the large file on server shall be re-encrypted ot on teh simple re-encrypt a copy. > > My version: > > #/bin/sh > > filename=$1 > enc_sub_key=04FDF78D1679DD94 > > gpg --decrypt \ > --pinentry-mode cancel \ > --status-fd 1 \ > --quiet \ > --output /dev/null "$1" | > awk -v filename="$filename" \ > -v enc_sub_key="$enc_sub_key" \ > ' > $1=="[GNUPG:]" && > $2=="ENC_TO" && > $3==enc_sub_key { > print filename > exit 0 > }' > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > https://lists.gnupg.org/mailman/listinfo/gnupg-users -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From mcr at sandelman.ca Thu Oct 26 00:51:59 2023 From: mcr at sandelman.ca (Michael Richardson) Date: Wed, 25 Oct 2023 18:51:59 -0400 Subject: Pinentry problem with different home dir In-Reply-To: <87jzra25aj.fsf@jacob.g10code.de> References: <632bd9d2-451b-4c2d-a6b7-8ba5e2da5ced@mtg.de> <87jzra25aj.fsf@jacob.g10code.de> Message-ID: <3089715.1698274319@dyas> Werner Koch via Gnupg-users wrote: > On Wed, 25 Oct 2023 13:01, Falko Strenzke said: >> Can anyone give me an advice what I can try to get the GnuPG Agent >> pinentry working with different home directory specified via >> GNUPGHOME? > Run it this way: > mkdir /foo/bar cd /foo/bar GNUPGHOME=`pwd` gpg-agent --daemon > ~/bin/gnupg-setup-tests The gpg-agent dependancy that came a few years ago has really been a PITA. I would really like some way to tell GPG that it really needs to ignore all of *my* (personal) setup, because I'm wearing a different personality now. [like code signing] > In case you have a special setup you may put a gpg-agent.conf into > $GNUPGHOME and use the pinentry-program option. "gpg -v" shou.d show > which pinetry is launched, in case of problems, the gpg-agent.conf > should show/log an error. I guess I'd really like that to just happen with some --I-really-want-isolated-gnupg option. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 658 bytes Desc: not available URL: From jcb62281 at gmail.com Thu Oct 26 04:38:55 2023 From: jcb62281 at gmail.com (Jacob Bachmeyer) Date: Wed, 25 Oct 2023 21:38:55 -0500 Subject: Finding all files encrypted with a certain key In-Reply-To: References: Message-ID: <6539D13F.6010407@gmail.com> raf via Gnupg-users wrote: > [...] > While testing these, I just noticed that /usr/bin/file > on my macOS-10.14 laptop shows a different keyid to > what libmagic shows. That's bizarre. > > For some encrypted files of mine, /usr/bin/file (v5.33) > shows 3A0FC449 817C22BA but libmagic/rh shows 49C40F3A > BA227C81 for the same files. A more recent version of > file (v5.45) installed via macports shows the same as > libmagic/rh. So choose your version of file(1) wisely. :-) > You have an endianness-mismatch issue somewhere. The octets are reversed in each 32-bit group between the samples. -- Jacob From felix.klee at inka.de Thu Oct 26 05:29:38 2023 From: felix.klee at inka.de (Felix E. Klee) Date: Thu, 26 Oct 2023 11:29:38 +0800 Subject: Finding all files encrypted with a certain key In-Reply-To: <87sf5y25wi.fsf@jacob.g10code.de> References: <8734y04bs6.fsf@jacob.g10code.de> <87sf5y25wi.fsf@jacob.g10code.de> Message-ID: On Wed, Oct 25, 2023 at 9:23?PM Werner Koch wrote: > > gpg: decryption failed: No secret key > > > > I wonder how to get rid of that. > > grep -v on stderr ;-). Thanks, I was thinking about that. But I think simply using find, as suggested by Andrew and raf, is sufficient and simple. > I think it is time to make things like this easier. Actually > re-encrypt support has been on our feature list for many years. That would be fancy. Personally, I?m happy with a bit of shell scripting. My use case is rather simple, and I don?t need to do re-encryption very often. From wk at gnupg.org Thu Oct 26 08:53:05 2023 From: wk at gnupg.org (Werner Koch) Date: Thu, 26 Oct 2023 08:53:05 +0200 Subject: Pinentry problem with different home dir In-Reply-To: <3089715.1698274319@dyas> (Michael Richardson's message of "Wed, 25 Oct 2023 18:51:59 -0400") References: <632bd9d2-451b-4c2d-a6b7-8ba5e2da5ced@mtg.de> <87jzra25aj.fsf@jacob.g10code.de> <3089715.1698274319@dyas> Message-ID: <87r0lhzxgu.fsf@jacob.g10code.de> On Wed, 25 Oct 2023 18:51, Michael Richardson said: > The gpg-agent dependancy that came a few years ago has really been a PITA. a few years = 20 years [1] > I would really like some way to tell GPG that it really needs to ignore all > of *my* (personal) setup, because I'm wearing a different personality now. Use a different home directory. Actually running gpg --homedir /somewhere -s something should be enough but the agent and dirmngr started on the fly won't be killed until you rmdir /somewhere. Or just use -u to select a different signing key. For example in ~/.gitconfig --8<---------------cut here---------------start------------->8--- [user] name = "Werner Koch" email = "wk at gnupg.org" signingkey = C1D34B69219E4AEEC0BA1C21E3FDFF218E45B72B [commit] gpgsign --8<---------------cut here---------------end--------------->8--- Salam-Shalom, Werner [1] "Noteworthy changes in version 1.9.0 (2003-08-05)" -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From kloecker at kde.org Thu Oct 26 10:35:25 2023 From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=) Date: Thu, 26 Oct 2023 10:35:25 +0200 Subject: Pinentry problem with different home dir In-Reply-To: <632bd9d2-451b-4c2d-a6b7-8ba5e2da5ced@mtg.de> References: <632bd9d2-451b-4c2d-a6b7-8ba5e2da5ced@mtg.de> Message-ID: <5725461.DvuYhMxLoT@daneel> On Mittwoch, 25. Oktober 2023 13:01:39 CEST Falko Strenzke wrote: > I am trying to run GnuPG with a different home directory by setting the > environment variable GNUPGHOME. However, in that case, for instance when > trying to generate a key, in that case I get the error > > gpg: DBG: chan_4 <- ERR 67108949 No pinentry > gpg: agent_genkey failed: No pinentry > Key generation failed: No pinentry I'm wondering why you have problems with something that I'm using almost daily while working on Kleopatra. I do GNUPGHOME=/somewhere gpg ... or GNUPGHOME=/somewhere kleopatra ... all of the time. I think you need to tell us the commands you are using. And the output of `gpg --version`. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: This is a digitally signed message part. URL: From falko.strenzke at mtg.de Thu Oct 26 11:12:24 2023 From: falko.strenzke at mtg.de (Falko Strenzke) Date: Thu, 26 Oct 2023 11:12:24 +0200 Subject: Pinentry problem with different home dir In-Reply-To: <5725461.DvuYhMxLoT@daneel> References: <632bd9d2-451b-4c2d-a6b7-8ba5e2da5ced@mtg.de> <5725461.DvuYhMxLoT@daneel> Message-ID: <6135da36-d1ee-4c06-8c29-d4c53d8677dd@mtg.de> Hi Ingo, actually I could solve the problem now by placing the gpg-agent.conf with the specification of the pinentry program into the folder I specify as GNUPGHOME. I still don't understand why this is necessary, as my normal home directory doesn't contain this file. But it is working for me now. - Falko Am 26.10.23 um 10:35 schrieb Ingo Kl?cker: > On Mittwoch, 25. Oktober 2023 13:01:39 CEST Falko Strenzke wrote: >> I am trying to run GnuPG with a different home directory by setting the >> environment variable GNUPGHOME. However, in that case, for instance when >> trying to generate a key, in that case I get the error >> >> gpg: DBG: chan_4 <- ERR 67108949 No pinentry >> gpg: agent_genkey failed: No pinentry >> Key generation failed: No pinentry > I'm wondering why you have problems with something that I'm using almost daily > while working on Kleopatra. I do > GNUPGHOME=/somewhere gpg ... > or > GNUPGHOME=/somewhere kleopatra ... > all of the time. > > I think you need to tell us the commands you are using. And the output of > `gpg --version`. > > Regards, > Ingo > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > https://lists.gnupg.org/mailman/listinfo/gnupg-users -- *MTG AG* Dr. Falko Strenzke Executive System Architect Phone: +49 6151 8000 24 E-Mail: falko.strenzke at mtg.de Web: mtg.de ------------------------------------------------------------------------ MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany Commercial register: HRB 8901 Register Court: Amtsgericht Darmstadt Management Board: J?rgen Ruf (CEO), Tamer Kemer?z Chairman of the Supervisory Board: Dr. Thomas Milde This email may contain confidential and/or privileged information. If you are not the correct recipient or have received this email in error, please inform the sender immediately and delete this email. Unauthorised copying or distribution of this email is not permitted. Data protection information: Privacy policy -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4813 bytes Desc: Kryptografische S/MIME-Signatur URL: From steffen at sdaoden.eu Thu Oct 26 18:01:36 2023 From: steffen at sdaoden.eu (Steffen Nurpmeso) Date: Thu, 26 Oct 2023 18:01:36 +0200 Subject: Pinentry problem with different home dir In-Reply-To: <87r0lhzxgu.fsf@jacob.g10code.de> References: <632bd9d2-451b-4c2d-a6b7-8ba5e2da5ced@mtg.de> <87jzra25aj.fsf@jacob.g10code.de> <3089715.1698274319@dyas> <87r0lhzxgu.fsf@jacob.g10code.de> Message-ID: <20231026160136.33qrg%steffen@sdaoden.eu> Werner Koch via Gnupg-users wrote in <87r0lhzxgu.fsf at jacob.g10code.de>: |On Wed, 25 Oct 2023 18:51, Michael Richardson said: ... |Use a different home directory. Actually running | gpg --homedir /somewhere -s something |should be enough but the agent and dirmngr started on the fly won't be |killed until you rmdir /somewhere. It would really be nice if one would be able to avoid those extras for simple operations. It is one reason why i still use 1.4.23, all those surroundings that i really do not need (unless i would need them), and that get auto-started and are then laying around. Other than that it justs works here, with three different homedir's (pgp with "mutilated" non-exportable etc. private key -- thanks again for this non-standard but super user helpful possibility!, pgp-nosecrets with only the public key for encryption, and then the usually non-available full thing. Works for years without any issues at all. |Or just use -u to select a different signing key. For example in |~/.gitconfig ... |[user] | name = "Werner Koch" | email = "wk at gnupg.org" | signingkey = C1D34B69219E4AEEC0BA1C21E3FDFF218E45B72B I did not know it even works with quotes. Never used quotes here. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) From gnupg at raf.org Fri Oct 27 01:28:25 2023 From: gnupg at raf.org (raf) Date: Fri, 27 Oct 2023 10:28:25 +1100 Subject: Finding all files encrypted with a certain key In-Reply-To: References: <8734y04bs6.fsf@jacob.g10code.de> <87sf5y25wi.fsf@jacob.g10code.de> Message-ID: On Thu, Oct 26, 2023 at 11:29:38AM +0800, "Felix E. Klee" wrote: > On Wed, Oct 25, 2023 at 9:23?PM Werner Koch wrote: > > > gpg: decryption failed: No secret key > > > > > > I wonder how to get rid of that. > > > > grep -v on stderr ;-). > > Thanks, I was thinking about that. But I think simply using find, as > suggested by Andrew and raf, is sufficient and simple. rh intead of find+n*(sh+file+grep) is even simpler (but I'm biased). :-) > > I think it is time to make things like this easier. Actually > > re-encrypt support has been on our feature list for many years. > > That would be fancy. Personally, I?m happy with a bit of shell > scripting. My use case is rather simple, and I don?t need to do > re-encryption very often. Yeah. I think gpg -d ... | gpg -e -r ... is simple enough. I use that (in a "recrypt" python script) for annual key rollover re-encryptions of many database backups. cheers, raf From gnupg at raf.org Fri Oct 27 01:34:46 2023 From: gnupg at raf.org (raf) Date: Fri, 27 Oct 2023 10:34:46 +1100 Subject: Finding all files encrypted with a certain key In-Reply-To: <6539D13F.6010407@gmail.com> References: <6539D13F.6010407@gmail.com> Message-ID: On Wed, Oct 25, 2023 at 09:38:55PM -0500, Jacob Bachmeyer via Gnupg-users wrote: > raf via Gnupg-users wrote: > > [...] > > While testing these, I just noticed that /usr/bin/file > > on my macOS-10.14 laptop shows a different keyid to > > what libmagic shows. That's bizarre. > > > > For some encrypted files of mine, /usr/bin/file (v5.33) > > shows 3A0FC449 817C22BA but libmagic/rh shows 49C40F3A > > BA227C81 for the same files. A more recent version of > > file (v5.45) installed via macports shows the same as > > libmagic/rh. So choose your version of file(1) wisely. :-) > > You have an endianness-mismatch issue somewhere. The octets are reversed in > each 32-bit group between the samples. > > -- Jacob Well spotted! Thanks. The actual endianness wouldn't have changed, but file's presentation of it much have been fixed (to match gpg output) between those versions. cheers, raf