Your question is really “How do I encrypt to a key without gpg balking at the fact that the key is untrusted?” One answer is you could sign the key. gpg –edit-key YOUR_RECIPIENT sign yes save The other is you could tell gpg to go ahead and trust. gpg –encrypt –recipient YOUR_RECIPIENT –trust-model always YOUR_FILE
You don’t need PyCrypto or PyMe, fine though those packages may be – you will have all kinds of problems building under Windows. Instead, why not avoid the rabbit-holes and do what I did? Use gnupg 1.4.9. You don’t need to do a full installation on end-user machines – just gpg.exe and iconv.dll from the … Read more
My approach is git rebase –exec “git commit –amend –no-edit -n -S” -i 8fd7b22 All commits started from the next after 8fd7b22 will be rebased with no changes except signing. To change all commits started from the very first one you may use –root (since Git v1.7.12): git rebase –exec “git commit –amend –no-edit -n … Read more
You can try to call the JAVA API of BouncyCastle.org. Its documentation mentions: The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. You have here an example of openpgp ByteArrayHandler. There might be some incompatibility between BouncyCastle encryption and GnuGP encryption though, since BouncyCastle does not use GnuPG, but rather implements OpenPGP … Read more
Incoming signatures always point to a UID. UIDs cannot be modified, only revoked. If you want to change one, it will have to get signed again. If you revoke a UID, you will lose all incoming signatures. UIDs are simple strings usually adhering to the pattern Name (comment) <mail@example.org>, and the signature is created over … Read more
Since git 2.19.1, gpg2 is supported! gpg-agent can handle automatic signing now, remembering your passphrase This should make it easier to use gpg to sign commits automatically. To be exact, git version 2.19.1 has at least gpg 2.2.9. These instructions were tested on Windows 7, Windows 8.1, Windows 10, Arch Linux and Fedora 29. Steps … Read more
See https://emacs.stackexchange.com/questions/233/ for the same question. The signature check failed because you don’t have the new key (the old signature key expired on Sep 23). The new key is available from the usual GPG key-servers, comes with Emacsā„26.3, and can also be obtained by installing the package gnu-elpa-keyring-update.
Git never gets hold of the GnuPG passphrase. You must rely on GnuPG’s capabilities of caching passphrases, which happens through gpg-agent which are easily set up by editing ~/.gnupg/gpg-agent.conf (hidden somewhere in your AppData folder in Windows). Set default-cache-ttl to the number of seconds the passphrase is cached after each invocation of GnuPG. maximum-cache-ttl sets … Read more
I have added GPG_TTY=$(tty) export GPG_TTY to my ~/.bash_profile file. Now it is working. See also https://github.com/Homebrew/homebrew-core/issues/14737#issuecomment-309848851
Exported secret keys are encrypted by default, however –export-options export-reset-subkey-passwd will produce an unprotected export: When using the –export-secret-subkeys command, this option resets the passphrases for all exported subkeys to empty. This is useful when the exported subkey is to be used on an unattended machine where a passphrase doesn’t necessarily make sense. Defaults to … Read more