Page MenuHome GnuPG
Feed Advanced Search

Nov 20 2014

colinkeenan added a comment to T1764: NET::ERR_CERT_AUTHORITY_INVALID.

I don't get the message while signed in of course, but going incognito
or the next day, the message is back.

How is any browser supposed to trust a self-signed certificate if the
issuer is unknown to the browser? Is there something I can add to my
OS that will let it know you are the issuer?

I have seen this issue before, even on bank sites, going back 5 years
at least. I would like to know if there is a general solution.

Nov 20 2014, 5:59 PM · gpgweb
colinkeenan added a comment to T1764: NET::ERR_CERT_AUTHORITY_INVALID.

You have marked this resolved so may not look at it anymore. I should
not have made this seem to be a Chrome issue. Firefox is the same and
their detailed message is more helpful:

bugs.gnupg.org uses an invalid security certificate.

The certificate is not trusted because it is self-signed.
The certificate is only valid for the following names:
www.g10code.com, g10code.com, ftp.g10code.com, bugs.g10code.com,

git.g10code.com

(Error code: sec_error_unknown_issuer)

Nov 20 2014, 5:48 PM · gpgweb
colinkeenan added a comment to T1763: gpg ... delete key failed: Unknown system error.

I understand you may not have time to work on this since it's not the
bug I thought.

I hope you will just answer one question for me though.

Having imported my key in the system-wide keyring defined in my
gpg.conf, can I safely do without the local pubring.gpg?

Or, is it necessary for some reason that I import my public key back
into the local pubring.gpg so that there will be a double listing of
my key when I do gpg -k?

Nov 20 2014, 12:47 AM · gnupg (gpg20), Bug Report, gnupg

Nov 19 2014

colinkeenan added a comment to T1763: gpg ... delete key failed: Unknown system error.

I am finally understanding what is going on with the duplicate listing
of my key, and now wonder if I have screwed something up with the
procedure that "fixed" the double key.

The reason for getting my public key listed twice as an output to 'gpg
-k' is that it first listed the contents of ~/.gnupg/pubring.gpg (just
my key) then listed the contents of /etc/pacman.d/gnupg/pubring.gpg
which also had my key in it. The reason it listed
/etc/pacman.d/gnupg/pubring.gpg is that was the keyring defined in my
gpg.conf.

My procedure that successfully got rid of the duplicate listing has
actually made my ~/.gnupg/pubring.gpg file empty! So, I don't get a
duplicate because gpg -k only lists the contents of
/etc/pacman.d/gnupg/pubring.gpg.

Will this work as is or should I try to put my public key back into
~/.gnupg/pubring.gpg?

Nov 19 2014, 11:25 PM · gnupg (gpg20), Bug Report, gnupg
colinkeenan added a comment to T1763: gpg ... delete key failed: Unknown system error.

I figured out the steps that led to the duplicate entry in the first
place. After editing ~/.gnupg/gpg.conf to include

keyring /etc/pacman.d/gnupg/pubring.gpg

I generated the key

gpg --gen-key

Then did

sudo pacman-key --import /home/colin/.gnupg

I've filed a bug against pacman-key, but I think it translates to

sudo gpg --homedir /etc/pacman.d/gnupg/ --no-permission-warning --
import /home/colin/.gnupg

And, this is what lead to the duplicate entry. Does it make sense this
would lead to a duplicate entry? Is it a bug of gpg, or is it supposed
to do that for some reason?

Nov 19 2014, 7:36 PM · gnupg (gpg20), Bug Report, gnupg
colinkeenan added a comment to T1764: NET::ERR_CERT_AUTHORITY_INVALID.

You say Chrome should be able to handle it, but it's not. I am using
the most up-to-date version of Chrome available for Linux: Version
40.0.2214.6 dev (64-bit), and it is not handling the certificate
properly. The wording of the "advanced" message indicates this is the
fault of my operating system. If this is a bug of Arch Linux, what
package would I file the bug against?

Nov 19 2014, 5:02 PM · gpgweb
colinkeenan added a comment to T1763: gpg ... delete key failed: Unknown system error.

After reading your suggestion, I realized using the fingerprint would
be the same as deleting the secret key for "Colin N Keenan" instead of
"Colin Keenan". Since I had made a backup of .gnupg while it was
showing a duplicate public key for "Colin Keenan", I realized that's
what I wanted to do anyway. So, I solved the issue by

gpg --delete-secret-key "Colin N Keenan"
gpg --delete-key "Colin N Keenan"
cp .gnupg/pubring.gpg .gnupg-backup
rm -r .gnupg
cp -r .gnupg-backup .gnupg

But still, this seems like a bug. Is there a better way to remove a
duplicate entry? Also, why is it allowed to have a duplicate entry?

Nov 19 2014, 4:49 PM · gnupg (gpg20), Bug Report, gnupg
colinkeenan set Version to Nov 18, 2014 on T1764: NET::ERR_CERT_AUTHORITY_INVALID.
Nov 19 2014, 5:07 AM · gpgweb
colinkeenan added projects to T1764: NET::ERR_CERT_AUTHORITY_INVALID: gpgweb, Bug Report.
Nov 19 2014, 5:07 AM · gpgweb
colinkeenan added projects to T1763: gpg ... delete key failed: Unknown system error: gnupg, Bug Report.
Nov 19 2014, 4:26 AM · gnupg (gpg20), Bug Report, gnupg
colinkeenan added a comment to T1763: gpg ... delete key failed: Unknown system error.

Nov 19 2014, 4:26 AM · gnupg (gpg20), Bug Report, gnupg
colinkeenan set Version to 2.0.26 on T1763: gpg ... delete key failed: Unknown system error.
Nov 19 2014, 4:26 AM · gnupg (gpg20), Bug Report, gnupg