Help for testing GPG installation
I have switched over to GPG from PGP recently. I need a volunteer who can try out a few exercises reg. encryption, decryption, siging etc. This will take only a few exchanges by email for about a week. Can someone help me please ? My GPG Public key is accessible from :: http://algolog.tripod.com/publikey.htm Please send me an encrypted message (using my GPG public key), to start with. Thank you, partha drpartha AT gmail DOT com -- View this message in context: http://old.nabble.com/Help-for-testing-GPG-installation-tp29894544p29894544.html Sent from the GnuPG - User mailing list archive at Nabble.com. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Gnupg-users Digest, Vol 85, Issue 3
We figured it out. We needed an extra parameter to get the passphrase to be entered from a file into the command line. C:\Program Files\GNU\GnuPG\gpg2 --batch --passphrase-file C:\Program Files\GNU\GnuPG\pass.txt -du Username per...@email.ca -o C:\RPTS%3%2%1.zip C:\RPTS%3%2%1.pgp Tammy Collier, DCIS, MCTS Systems Administrator, Information Technology direct: 604 864 6578 cell: 778 549 0148 email: tcoll...@prospera.ca Urgent email, 24 hours a day: pcu...@prospera.ca -Original Message- From: gnupg-users-boun...@gnupg.org [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of gnupg-users-requ...@gnupg.org Sent: Tuesday, October 05, 2010 11:03 AM To: gnupg-users@gnupg.org Subject: Gnupg-users Digest, Vol 85, Issue 3 Send Gnupg-users mailing list submissions to gnupg-users@gnupg.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.gnupg.org/mailman/listinfo/gnupg-users or, via email, send a message with subject or body 'help' to gnupg-users-requ...@gnupg.org You can reach the person managing the list at gnupg-users-ow...@gnupg.org When replying, please edit your Subject line so it is more specific than Re: Contents of Gnupg-users digest... Today's Topics: 1. Decrypting a file with a passphrase via command line (Tammy Collier) 2. import key to smart cards (koladina) 3. Re: import key to smart cards (Werner Koch) 4. schedule batch file (Lee Elcocks) 5. How to delete a signature from a key with delsig? (Max Burley) 6. Re: How to delete a signature from a key with delsig? (Daniel Kahn Gillmor) -- Message: 1 Date: Mon, 4 Oct 2010 14:29:27 -0700 From: Tammy Collier tcoll...@prospera.ca To: gnupg-users@gnupg.org Subject: Decrypting a file with a passphrase via command line Message-ID: 51a6a48f9624a443a50033df6ff29bf7a09...@mail01.fvecu.com Content-Type: text/plain; charset=us-ascii I have gpg2 installed and I get prompted for the passphrase when I try to decrypt the file. If I enter in the passphrase and don't log out it doesn't prompt me the next time as it is cached, but I need to disconnect from the RDP connection so that's not an option. I can figure out how to put the passphrase into the command line so that it does not require user intervention. Help? Tammy Collier, DCIS, MCTS Systems Administrator, Information Technology Prospera Credit Union | Insurance direct: 604 864 6578 cell: 778 549 0148 toll-free: 1 888 440 4480 fax: 604 864 6556 web: prospera.ca http://prospera.ca/ email: tcoll...@prospera.ca mailto:tcar...@prospera.ca Urgent email, 24 hours a day: pcu...@prospera.ca mailto:pcu...@prospera.ca This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you receive this email in error, please immediately notify the sender. Please note that this financial institution neither accepts nor discloses confidential member account information via email. This includes password related inquiries, financial transaction instructions and address changes. -- next part -- An HTML attachment was scrubbed... URL: /pipermail/attachments/20101004/a072fa9f/attachment-0001.htm -- Message: 2 Date: Tue, 05 Oct 2010 13:18:00 +0200 From: koladina kolad...@web.de To: gnupg-users@gnupg.org Subject: import key to smart cards Message-ID: 4cab0968.3080...@web.de Content-Type: text/plain; charset=UTF-8 Hello eyeryone, I?ve got a special question concerning GnuPG and smart card My question is: How can I import a (sec-pub-)key which was generated on a crypto stick (containing an integrated smart card) into another crypto stick? A crypto stick like: http://www.privacyfoundation.de/crypto_stick/crypto_stick_english/ Normaly it should work by using the keytocard-command: http://www.gnupg.org/howtos/card-howto/en/ch05.html#id2523191 But in my case (and I guess I?m not the only one) the process can?t conclude. See my example here: ___ office:~ home$ gpg2 --edit-key F4C8 gpg (GnuPG/MacGnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. pub 2048R/F4C8 created: 2010-02-17 expires: never usage: SC trust: ultimate validity: ultimate sub 2048R/DAE5 created: 2010-02-17 expires: never usage: A sub 2048R/BD84 created: 2010-02-17 expires: never usage. E [ultimate] (1).
Re: Encrypt Error - There is no assurance this key belongs to the named user
On 10/05/2010 09:57 PM, Larry Brower wrote: Have you verified it is trusted on the system you are trying to use it on? Perhaps the key isn't trusted. This is not about trust for this key -- it is about validity. The point is that the key does not have a valid binding to its User ID, so encrypting to the User ID isn't going to work without prompting. If the User ID + Key have been certified by some third party whose certifications you're happy to rely on (and whose key already has a valid binding to its user ID), you should mark that third party as fully trusted. Then their certifications will be acceptable, and the target key will have a valid binding to its User ID. Note that you'll need at least one key in your keyring to be marked as ultimate ownertrust, in order to get the chain started someplace. Usually, you'd mark your own key with ultimate ownertrust, since (presumably) you know for sure which key is yours. hth, --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help for testing GPG installation
On 10/6/2010 1:34 AM, drpartha wrote: I have switched over to GPG from PGP recently. I need a volunteer who can try out a few exercises reg. encryption, decryption, siging etc. This will take only a few exchanges by email for about a week. Can someone help me please ? My GPG Public key is accessible from :: http://algolog.tripod.com/publikey.htm Please send me an encrypted message (using my GPG public key), to start with. Thank you, partha drpartha AT gmail DOT com FYI, trying to obfuscate your e-mail address in any fashion is pointless since the spammers can reconstruct it just as easily as anyone else. It's particularly pointless to do so in your own e-mail message. :) In any case, this group can help with your PGP technique practice: http://tech.groups.yahoo.com/group/PGPNET/ hope this helps, Doug -- Breadth of IT experience, and| Nothin' ever doesn't change, depth of knowledge in the DNS. | but nothin' changes much. Yours for the right price. :) | -- OK Go http://SupersetSolutions.com/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Remove key from an encrypted file?
On 10/06/2010 01:19 PM, Benjamin Bressman wrote: If I use GnuPG to encrypt a file with multiple keys is it possible to remove one of those keys at a later date? it's possible, but it's a bit clumsy. you could use gpgsplit to handle the situation: mkdir cleandir cd cleandir gpgsplit $message rm 0X-001.pk_enc (make sure this is the one you want to remove!) cat * $message if you're not sure which pk_enc packet is the one you want, you can see which key belongs to which with gpg --list-packets. If $keyID is the 16 hex-digit ID you want to strip out, then the following should work: for foo in *-001.pk_enc ; do if [ $keyID = \ $( gpg --list-packets $foo | grep ^:pubkey | sed 's/.*keyid //' ) ]; then rm $foo fi done (these scripts are untested -- please test and verify before using them in production!) Let's say I encrypt sensitive information so that three users could decrypt it, but one of those users leaves the organization at some point. Could I just remove that key's access to the file, or would I need to decrypt the file and then re-encrypt it with only the desired keys? you could also do this, though it would require you knowing one of the keys. note that neither method will protect you if the user in question has a local copy of the encrypted file that still has the old info. I'm assuming the file encryption is symmetric using a random key, and then that random key is encrypted asymmetrically once for each of the multiple keys, but let me know if that's not the case. yes, this is right. What you're calling the random key is known as the session key. Each of the *-001.pk_enc is a Public-Key Encrypted Session Key Packet: http://tools.ietf.org/html/rfc4880#section-5.1 hth, --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Remove key from an encrypted file?
On 10/6/2010 1:19 PM, Benjamin Bressman wrote: If I use GnuPG to encrypt a file with multiple keys is it possible to remove one of those keys at a later date? Possible? Probably. Practical? Probably not. Your best bet is to re-encrypt the material to the remaining two keys. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Remove key from an encrypted file?
On Oct 6, 2010, at 1:19 PM, Benjamin Bressman wrote: If I use GnuPG to encrypt a file with multiple keys is it possible to remove one of those keys at a later date? Let's say I encrypt sensitive information so that three users could decrypt it, but one of those users leaves the organization at some point. Could I just remove that key's access to the file, or would I need to decrypt the file and then re-encrypt it with only the desired keys? You can remove a single key's access to the file, but it might not work the way you intended. I'm assuming the file encryption is symmetric using a random key, and then that random key is encrypted asymmetrically once for each of the multiple keys, but let me know if that's not the case. That is correct. An encrypted message consists of several OpenPGP packets, concatenated together. So for example, if I encrypt a file to Alice, Baker, and Charlie's keys, I'll end up with something that looks like this (somewhat simplified - see RFC-4880 for the actual bits): (session key encrypted to Alice) + (session key encrypted to Baker) + (session key encrypted to Charlie) + (encrypted data) If I wanted to remove Alice's access to the file, I could just strip off her packet, thus leaving: (session key encrypted to Baker) + (session key encrypted to Charlie) + (encrypted data) Now, Alice won't be able to decrypt that file. However (and this is the potential gotcha), it does not affect any copies of the file that Alice already has. So if you encrypt your data for three users, and one of those users makes a copy of the encrypted file before you strip his access, that user can still decrypt since he's working off a copy that still has the session key encrypted to him. Note that this isn't a problem specific to stripping a single key from a file. The same problem exists when re-encrypting to the remaining people. Either way, if Alice makes a copy before you strip or re-encrypt, she has the file and can decrypt it. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
encryption automation
Hello all I am trying to automate gnupg and im really struggling with the batch file in trying to use, please could somebody help me? for test purposes i have created a drop folder in the root of C: C:\outgoingdropfolder i want to be able to drop any type of file in here with any file name, GPG to encrypt the file and place the encrypted version of that file in another location (for test purposes this is C:\encryptedfolder) this is the command ive placed into a batch cd C:\program files (x86)\gnu\gnupg gpg --batch --yes --output C:\encryptedfiles\*.gpg -e -u leeelcockstokey -r leeelcocksfromkey C:\outgoingdropfolder\* What i need the automation to do is the following for example I drop the file lee.txt into drop folder, GPG then encrypts it and places into encrypted files folder called lee.txt.gpg I have the batch running every minute on windows scheduler. I want to drop any file into the drop folder and GPG to output the encyrpted file with the same name. The file names will be different everytime. Any help with this greatly appreciated Lee Elcocks ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[no subject]
Hello all I am trying to automate gnupg and im really struggling with the batch file in trying to use, please could somebody help me? for test purposes i have created a drop folder in the root of C: C:\outgoingdropfolder i want to be able to drop any type of file in here with any file name, GPG to encrypt the file and place the encrypted version of that file in another location (for test purposes this is C:\encryptedfolder) this is the command ive placed into a batch cd C:\program files (x86)\gnu\gnupg gpg --batch --yes --output C:\encryptedfiles\*.gpg -e -u leeelcockstokey -r leeelcocksfromkey C:\outgoingdropfolder\* What i need the automation to do is the following for example I drop the file lee.txt into drop folder, GPG then encrypts it and places into encrypted files folder called lee.txt.gpg I have the batch running every minute on windows scheduler. I want to drop any file into the drop folder and GPG to output the encyrpted file with the same name. The file names will be different everytime. Any help with this greatly appreciated Lee Elcocks ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users