Being an elliptic curves fan for whatever reason (NSA-aware, early adopter, bored geek,…) you are forced to compile GnuPG for yourself or use Debian experimental.
sudo make -f build-aux/speedo.mk native INSTALL_PREFIX="/usr/local"
actually works well.
Use if oficial variant is not functional.
start sudo from your regular user (this is important step to have SUDO_USER environment variable set)
export MY_CHROOT=/data/virtuals/schroot-deb-experimental sudo -E su echo -e "My Chroot:\t$MY_CHROOT\nWhoAmI:\t\t$(whoami)\nSUDO_USER:\t$SUDO_USER" mkdir -p $MY_CHROOT chown $SUDO_USER $MY_CHROOT
aptitude install schroot debootstrap
cat <<EOF >>/etc/schroot/schroot.conf [experimental] description=Debian experimental directory=$MY_CHROOT groups=sbuild,root,$SUDO_USER users=$SUDO_USER root-groups=root,sbuild EOF
debootstrap jessie $MY_CHROOT echo "proc $MY_CHROOT/proc proc defaults 0 0" >> /etc/fstab mount proc $MY_CHROOT/proc -t proc echo "sysfs $MY_CHROOT/sys sysfs defaults 0 0" >> /etc/fstab mount sysfs $MY_CHROOT/sys -t sysfs echo "/home/$SUDO_USER/.gnupg/ $MY_CHROOT/home/$SUDO_USER/.gnupg/ none bind 0 0" >> /etc/fstab mount "$MY_CHROOT/home/$SUDO_USER/.gnupg/" cp /etc/hosts $MY_CHROOT/etc/hosts cp /proc/mounts $MY_CHROOT/etc/mtab grep $SUDO_USER /etc/passwd >> $MY_CHROOT/etc/passwd egrep ^$SUDO_USER /etc/group >> $MY_CHROOT/etc/group mkdir -p $MY_CHROOT/home/$SUDO_USER chown $SUDO_USER $MY_CHROOT/home/$SUDO_USER
Debian experimental is not an distro variant, its just a bunch of packages in the repo.
chroot $MY_CHROOT /bin/bash
/etc/apt/sources.list.d/experimental.list apt-get update apt-cache policy gnupg2 apt-get -t experimental install gnupg2 apt-get install bash-completion
BACKUP="/home/$SUDO_USER/.gnupg-$(date +%F).backup.tbz" tar cjvf $BACKUP /home/$SUDO_USER/.gnupg/ chmod 400 $BACKUP ### TRIPLECHECK YOUR HAVE AN BACKUP !!! (there are big changes in gpg 2.1 and might need to reimport some keys or downgrade)
schroot -p -c chroot:experimental -- gpg2 --version gpg (GnuPG) 2.1.1 libgcrypt 1.6.2 ...
schroot -p -c chroot:experimental ... gives you an full shell access
sudo -E su
root@DebExp@azur:/usr/bin$ for file in $(dpkg -L gnupg2 gnupg-agent dirmngr|grep bin); do [ -f $file ] && echo "mv $file $file.ORIG ;ln -s /usr/local/bin/run-deb-exp.sh $file";done mv /usr/sbin/applygnupgdefaults /usr/sbin/applygnupgdefaults.ORIG ;ln -s /usr/local/bin/run-deb-exp.sh /usr/sbin/applygnupgdefaults mv /usr/sbin/addgnupghome /usr/sbin/addgnupghome.ORIG ;ln -s /usr/local/bin/run-deb-exp.sh /usr/sbin/addgnupghome mv /usr/bin/gpg2 /usr/bin/gpg2.ORIG ;ln -s /usr/local/bin/run-deb-exp.sh /usr/bin/gpg2 mv /usr/bin/gpgconf /usr/bin/gpgconf.ORIG ;ln -s /usr/local/bin/run-deb-exp.sh /usr/bin/gpgconf mv /usr/bin/gpgparsemail /usr/bin/gpgparsemail.ORIG ;ln -s /usr/local/bin/run-deb-exp.sh /usr/bin/gpgparsemail mv /usr/bin/kbxutil /usr/bin/kbxutil.ORIG ;ln -s /usr/local/bin/run-deb-exp.sh /usr/bin/kbxutil mv /usr/bin/watchgnupg /usr/bin/watchgnupg.ORIG ;ln -s /usr/local/bin/run-deb-exp.sh /usr/bin/watchgnupg mv /usr/bin/gpg-agent /usr/bin/gpg-agent.ORIG ;ln -s /usr/local/bin/run-deb-exp.sh /usr/bin/gpg-agent mv /usr/bin/gpg-connect-agent /usr/bin/gpg-connect-agent.ORIG ;ln -s /usr/local/bin/run-deb-exp.sh /usr/bin/gpg-connect-agent mv /usr/bin/gpgkey2ssh /usr/bin/gpgkey2ssh.ORIG ;ln -s /usr/local/bin/run-deb-exp.sh /usr/bin/gpgkey2ssh mv /usr/bin/symcryptrun /usr/bin/symcryptrun.ORIG ;ln -s /usr/local/bin/run-deb-exp.sh /usr/bin/symcryptrun mv /usr/bin/dirmngr /usr/bin/dirmngr.ORIG ;ln -s /usr/local/bin/run-deb-exp.sh /usr/bin/dirmngr mv /usr/bin/dirmngr-client /usr/bin/dirmngr-client.ORIG ;ln -s /usr/local/bin/run-deb-exp.sh /usr/bin/dirmngr-client
cat /usr/local/bin/run-deb-exp.sh #!/bin/bash # schroot -p -c chroot:experimental -- gpg2 "$@" CHROOT_PREFIX="/data/virtuals/schroot-deb-experimental" export LD_LIBRARY_PATH="${CHROOT_PREFIX}/lib/x86_64-linux-gnu:${CHROOT_PREFIX}/usr/lib/x86_64-linux-gnu:${LD_LIBRARY_PATH}" ${CHROOT_PREFIX}/usr/bin/$(basename $0) "$@"
in case you went into trouble with your keydb (like “invalid packet”/“key not found” errors) fix it by reimporting your keys from backup: ! notice that export is using gpg1 with homedir where backup is, while import is made by gpg2.1
gpg --homedir /home/ruza/.gnupg-BACKUP/ --output F7EEAF5998070C1D_pub.gpg --armor --export-secret-key 0xF7EEAF5998FFFC1D gpg --homedir /home/ruza/.gnupg-BACKUP/ --output F7EEAF5998070C1D_pub.gpg --armor --export 0xF7EEAF5998FFFC1D gpg-chrooted --import F7EEAF5998FFFC1D_pub.gpg gpg-chrooted --allow-secret-key-import --import F7EEAF5998FFFC1D_priv.gpg
finally configure all your software to use /usr/bin/gpg2 (/usr/bin/gpg is default). no longer need to start gpg-agent. it is started automagically (… did you've read that “What's new in 2.1” article?)
path to gpg is configurable in enigmail .. verify in enigmail Console
path to gpg in gajim seems to be hardcoded .. do cd /usr/bin/ && mv gpg gpg.ORIG && ln -s /usr/bin/gpg2 gpg
gpg2 --expert --edit-key 0xKEYID
gpg> addkey Please select what kind of key you want: (3) DSA (sign only) (4) RSA (sign only) (5) Elgamal (encrypt only) (6) RSA (encrypt only) (7) DSA (set your own capabilities) (8) RSA (set your own capabilities) (10) ECC (sign only) (11) ECC (set your own capabilities) (12) ECC (encrypt only) (13) Existing key Your selection? 12 Please select which elliptic curve you want: (1) Curve 25519 (2) NIST P-256 (3) NIST P-384 (4) NIST P-521 (5) Brainpool P-256 (6) Brainpool P-384 (7) Brainpool P-512 Your selection? 1 gpg: WARNING: Curve25519 is not yet part of the OpenPGP standard. Use this curve anyway? (y/N) y Key is valid for? (0) 3y Key expires at Tue 09 Jan 2018 08:31:25 AM CET Is this correct? (y/N) y Really create? (y/N) y We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: agent_genkey failed: Unknown elliptic curve gpg: Key generation failed: Unknown elliptic curve