From mario at codehack.org Mon May 16 23:26:45 2005 From: mario at codehack.org (Mario Fuerderer) Date: Tue May 17 00:22:56 2005 Subject: GPA and OpenPGP Cryptocard Message-ID: <20050516232645.5651d46d.mario@codehack.org> Hello everyone, I just got my new smartcard reader and the OpenPGP Crypto Card today. The installation went quite smooth as well as the personalization of the smartcard itself. So crypting files using the smartcard and GnuPG (version 1.4.1) works just as simple as going the normal way with a locally stored encryption key. But unfortunately any application using GPGME (just like GPA and Sylpheed) don't seem to work with this new setup. It just hangs up when i try to crypt/sign a file. A `ps aux | grep gpg` shows the following command, during the hang: gpg --no-sk-comment --status-fd 8 --no-tty --charset utf8 -- enable- progress-filter --command-fd 9 --sign --detach --armor -- textmode For me the issue seems to be gpgme-specific, because any tool depending on gpgme hangs while other applications which speak to gpg "natively" work just like a charm... Thank you in advance for your help! mario -- Mario F?rderer From john at johnrshannon.com Sun May 29 14:50:49 2005 From: john at johnrshannon.com (John R. Shannon) Date: Tue May 31 14:34:10 2005 Subject: gnupg-1.4.1 Message-ID: <200505290650.54771.john@johnrshannon.com> Test problems: 1. Algorithm name returned by gpg is uppercase and script checks for lowercase name 2. Incorrect algorithm matching (eg., idea for BLOWFISH) Fix: --- checks/conventional.test.orig 2003-12-31 12:00:35.000000000 -0700 +++ checks/conventional.test @@ -11,26 +11,30 @@ done algos="3des" -if have_cipher_algo "idea"; then +if have_cipher_algo "IDEA"; then algos="$algos idea" fi -if have_cipher_algo "cast5"; then - algos="$algos idea" +if have_cipher_algo "CAST5"; then + algos="$algos cast5" fi -if have_cipher_algo "blowfish"; then - algos="$algos idea" +if have_cipher_algo "BLOWFISH"; then + algos="$algos blowfish" fi -if have_cipher_algo "aes"; then +if have_cipher_algo "AES"; then algos="$algos aes aes192 aes256" fi -if have_cipher_algo "twofish"; then +if have_cipher_algo "TWOFISH"; then algos="$algos twofish" fi -- John R. Shannon john@johnrshannon.com john.r.shannon@saic.com john.r.shannon@us.army.mil shannonjr@NetBSD.org -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1458 bytes Desc: not available Url : /pipermail/attachments/20050529/7123d8ca/smime.bin From bernhard at intevation.de Tue May 31 18:01:33 2005 From: bernhard at intevation.de (Bernhard Reiter) Date: Tue May 31 17:57:20 2005 Subject: can't add new keys In-Reply-To: <1114201356.5155.10.camel@3e6b2337.rev.stofanet.dk> References: <1110699241.5912.9.camel@3e6b3687.rev.stofanet.dk> <20050329135359.GD29777@intevation.de> <1112193648.5922.40.camel@3e6b2703.rev.stofanet.dk> <20050401103057.GK15905@intevation.de> <1114201356.5155.10.camel@3e6b2337.rev.stofanet.dk> Message-ID: <20050531160133.GD20045@intevation.de> On Fri, Apr 22, 2005 at 10:22:36PM +0200, Duncan Lithgow wrote: > > The hkp http interface might not have been build. > > Did you build yourself? > > > > For my Debian gpg 1.2.5 I can > > do gpg --recv KEYNUMER > > and have > > keyserver subkeys.pgp.net > > in my .gnupg/gpg.conf > > Sorry, I don't understand your reply, I'm new to linux and gpg. Is that > something I should install? Sorry form my side, too. I have missed your reply. First: What GNU/Linux distribution are you using? E.g. Redhat, Mandriva or Debian Some persons will have packaged gpa and gpg for you. Usually that is the one that creates the distribution. This person might have missed that it needs to set a special option when building the gnupg package which contains the command line version "gpg". -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050531/f18d2755/attachment.pgp From bernhard at intevation.de Tue May 31 18:03:22 2005 From: bernhard at intevation.de (Bernhard Reiter) Date: Tue May 31 17:59:05 2005 Subject: GPA and OpenPGP Cryptocard In-Reply-To: <20050516232645.5651d46d.mario@codehack.org> References: <20050516232645.5651d46d.mario@codehack.org> Message-ID: <20050531160322.GE20045@intevation.de> Hi Mario, On Mon, May 16, 2005 at 11:26:45PM +0200, Mario Fuerderer wrote: > I just got my new smartcard reader and the OpenPGP Crypto Card > today. The installation went quite smooth as well as the > personalization of the smartcard itself. So crypting files using the > smartcard and GnuPG (version 1.4.1) works just as simple as going the > normal way with a locally stored encryption key. But unfortunately any > application using GPGME (just like GPA and Sylpheed) don't seem to work > with this new setup. It just hangs up when i try to crypt/sign a file. you could try gnupg-1.4.2rc1 which was released recently and see if the problems persist. If so, can you also check the debugging output? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050531/af4c66ce/attachment.pgp From mario at codehack.org Tue May 31 19:06:22 2005 From: mario at codehack.org (Mario Fuerderer) Date: Tue May 31 19:02:35 2005 Subject: GPA and OpenPGP Cryptocard In-Reply-To: <20050531160322.GE20045@intevation.de> References: <20050516232645.5651d46d.mario@codehack.org> <20050531160322.GE20045@intevation.de> Message-ID: <20050531190622.5927644b.mario@codehack.org> Hi Bernhard, On Tue, 31 May 2005 18:03:22 +0200 Bernhard Reiter wrote: > you could try gnupg-1.4.2rc1 which was released recently > and see if the problems persist. I just tried using the following constellation: - sylpheed 1.9.12 - GnuPG 1.4.2rc1 - GPGME 0.9.0 - GPA 0.7.0 unfortunately I experienced the same problem again. For me it looks like gpg is waiting for the passphrase/pin, that should be supplied by sylpheed/gpa. But in fact, the tools liked against gpgme, don't even prompt for a passphrase/pin... > If so, can you also check the debugging output? Here it comes: (...snip...) gpgme_debug: level=5 posix-io.c:135: closing fd 7 posix-io.c:72: fd 6: about to read 79 bytes posix-io.c:79: fd 6: got 79 bytes fd 6: got `gpg (GnuPG) 1.4.2rc1 NOTE: THIS IS A DEVELOPMENT VERSION! It is only intended f' posix-io.c:135: closing fd 6 posix-io.c:157: set notification for fd 7 posix-io.c:157: set notification for fd 9 posix-io.c:157: set notification for fd 10 posix-io.c:157: set notification for fd 11 posix-io.c:157: set notification for fd 12 posix-io.c:157: set notification for fd 13 posix-io.c:157: set notification for fd 14 posix-io.c:157: set notification for fd 15 posix-io.c:135: closing fd 9 posix-io.c:135: closing fd 10 posix-io.c:135: closing fd 12 posix-io.c:135: closing fd 15 posix-io.c:329: gpgme:select on [ r7 w13 r14 ] posix-io.c:375: select OK [ r7 w13 ] posix-io.c:72: fd 7: about to read 1024 bytes posix-io.c:79: fd 7: got 30 bytes fd 7: got `[GNUPG:] PROGRESS stdin ? 0 0 ' posix-io.c:93: fd 13: about to write 126 bytes fd 13: write `Content-Type: text/plain; charset=US-ASCII^M Content-Disposition: inline^M Content-Transfer-Encoding: quoted-printable^M ^M test^M ' posix-io.c:101: fd 13: wrote 126 bytes posix-io.c:329: gpgme:select on [ r7 w13 r14 ] posix-io.c:375: select OK [ w13 ] posix-io.c:135: closing fd 13 wait.c:160: setting fd 13 (item=0x8303718) done posix-io.c:329: gpgme:select on [ r7 r14 ] posix-io.c:375: select OK [ r7 ] posix-io.c:72: fd 7: about to read 1024 bytes posix-io.c:79: fd 7: got 32 bytes fd 7: got `[GNUPG:] PROGRESS stdin ? 126 0 ' posix-io.c:329: gpgme:select on [ r7 r14 ] posix-io.c:375: select OK [ r7 ] posix-io.c:72: fd 7: about to read 1024 bytes posix-io.c:79: fd 7: got 53 bytes fd 7: got `[GNUPG:] CARDCTRL 3 D2760001240101010001000004C70000 ' posix-io.c:329: gpgme:select on [ r7 r14 ] posix-io.c:375: select OK [ r7 ] posix-io.c:72: fd 7: about to read 1024 bytes posix-io.c:79: fd 7: got 78 bytes fd 7: got `[GNUPG:] NEED_PASSPHRASE_PIN OPENPGP 1 [GNUPG:] GET_HIDDEN passphrase.pin.ask ' posix-io.c:329: gpgme:select on [ r7 w11 r14 ] posix-io.c:375: select OK [ w11 ] wait.c:160: setting fd 11 (item=0x8303398) done posix-io.c:329: gpgme:select on [ r7 r14 ] posix-io.c:375: select OK [ ] posix-io.c:329: gpgme:select on [ r7 r14 ] posix-io.c:375: select OK [ ] posix-io.c:329: gpgme:select on [ r7 r14 ] posix-io.c:375: select OK [ ] posix-io.c:329: gpgme:select on [ r7 r14 ] posix-io.c:375: select OK [ ] posix-io.c:329: gpgme:select on [ r7 r14 ] posix-io.c:375: select OK [ ] posix-io.c:329: gpgme:select on [ r7 r14 ] posix-io.c:375: select OK [ ] posix-io.c:329: gpgme:select on [ r7 r14 ] posix-io.c:375: select OK [ ] posix-io.c:329: gpgme:select on [ r7 r14 ] posix-io.c:375: select OK [ ] posix-io.c:329: gpgme:select on [ r7 r14 ] (...snip...) Mario -- Mario F?rderer From kuenne at rentec.com Tue May 31 20:37:44 2005 From: kuenne at rentec.com (Karsten =?utf-8?q?K=C3=BCnne?=) Date: Tue May 31 21:16:12 2005 Subject: S/MIME signing fails on a SUSE 9.3 system Message-ID: <200505311437.53327.kuenne@rentec.com> Hi, I have trouble signing kmail messages with S/MIME on a freshly installed SUSE 9.3 system. The relevant SW versions are: gpg2-1.9.14-6.2 gpgme-1.0.2-3 pinentry-0.7.1-4 If I try to sign a message with S/MIME I only get a popup telling me "Signing failed: No pinentry". But pinentry is installed and works fine (I tried it from the command line) and I also have no trouble signing with OpenPGP/MIME. With OpenPGP/MIME the pinentry window pops up and asks me for the passphrase and everything works, but with S/MIME it fails. Following is the bottom of the debug log: ... [client at fd 5 connected] 5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: -> Home: ~/.gnupg 5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: -> Config: /home2/kuenne/.gnupg/gpgsm.conf 5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: -> AgentInfo: /tmp/gpg-CLY3PY/S.gpg-agent:25887:1 5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: -> DirmngrInfo: [not set] 5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: -> GNU Privacy Guard's S/M server 1.9.14 ready 4 - 2005-05-31 14:24:11 gpgsm[32713.0x807faa8] DBG: <- [EOF] [client at fd 4 disconnected] 5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: <- OPTION display=:0.0 5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: -> OK 5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: <- OPTION lc-ctype=en_US.UTF-8 5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: -> OK 5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: <- OPTION lc-messages=en_U S.UTF-8 5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: -> OK 5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: <- OPTION include-certs 1 5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: -> OK 5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: <- RESET 5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: -> OK 5 - 2005-05-31 14:24:11 gpgsm[32715.0x807faa8] DBG: <- SIGNER C56D2498E0CB350DCD84F0B6585D50789C9DA837 5 - 2005-05-31 14:24:11 gpgsm[32715]: DBG: connection to agent established 5 - 2005-05-31 14:24:12 gpgsm[32715]: certificate is good 5 - 2005-05-31 14:24:12 gpgsm[32715]: CRLs not checked due to --disable-crl-checks option 5 - 2005-05-31 14:24:12 gpgsm[32715.0x807faa8] DBG: -> OK 5 - 2005-05-31 14:24:12 gpgsm[32715.0x807faa8] DBG: <- INPUT FD=27 5 - 2005-05-31 14:24:12 gpgsm[32715.0x807faa8] DBG: -> OK 5 - 2005-05-31 14:24:13 gpgsm[32715.0x807faa8] DBG: <- OUTPUT FD=33 5 - 2005-05-31 14:24:13 gpgsm[32715.0x807faa8] DBG: -> OK 5 - 2005-05-31 14:24:13 gpgsm[32715.0x807faa8] DBG: <- SIGN --detached 5 - 2005-05-31 14:24:13 gpgsm[32715]: DBG: adding certificates at level 1 5 - 2005-05-31 14:24:13 gpgsm[32715]: error creating signature: No pinentry 5 - 2005-05-31 14:24:13 gpgsm[32715.0x807faa8] DBG: -> ERR 67108949 No pinentry 5 - 2005-05-31 14:24:17 gpgsm[32715.0x807faa8] DBG: <- [EOF] [client at fd 5 disconnected] And this is my gpgsm.conf: agent-program /usr/bin/gpg-agent dirmngr-program /usr/bin/dirmngr disable-crl-checks ###+++--- GPGConf ---+++### debug-level basic log-file socket:///home2/kuenne/.gnupg/log-socket ###+++--- GPGConf ---+++### Tue 31 May 2005 02:23:02 PM EDT # GPGConf edited this configuration file. # It will disable options before this marked block, but it will # never change anything below these lines. The gpg-agent is running and GPG_AGENT_INFO is set correctly. Does anybody know what's going on here? Karsten. -- Oliver's Law: Experience is something you don't get until just after you need it. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050531/9810724b/attachment.pgp