date:20140927

agent, ssh-support, loading keys

2014-09-27 Thread Matthew Monaco

Hello,

I use the agent with ssh-support. I have one problematic scenario. When using
ansible (basically a parallel ssh client) and my key hasn't been loaded into the
agent already, I am asked by pinentry for my password for every connection. Even
if I kill ansible, it seems that the agent/pinentry already have the requests
queued up so I'm asked anyway.

1) Is this behavior intentional? Why does pinentry continue to ask me to unlock
my SSH key after I've done it once? Is the ordering really strict?

2) ssh-add isn't loading my key into the agent. When I use it, pinentry isn't
called and a subsequent SSH attempt will invoke pinentry. In the meantime I've
simply resorted to $(ssh localhost true) prior to calling ansible in some
scripts, but is there a more explicit way?


Thanks!



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Symmetric & Encrypt in One

2014-09-27 Thread MFPA

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Saturday 27 September 2014 at 5:00:29 PM, in
, Hauke Laging wrote:


> Am Sa 27.09.2014, 16:11:09 schrieb MFPA:

>> If I just try:-

>> echo "$PW" | gpg --passphrase-fd 0 --symmetric
>> --output file.gpg file

>> it symmetrically encrypts but I cannot find a
>> passphrase that works for decryption.

> I quote the man page for "--passphrase-fd n":

> "[...] Note that this passphrase is only used if the
> option --batch has also been given. This is different
> from gpg."

Good spot, although it didn't work for me with or withour --batch.

A spot of web searching [0] lead me to try "printf pass\npass" instead
of "echo pass" because the passphrase needs to be entered twice.


The following works for me:-

printf pass\npass | gpg --batch --passphrase-fd 0 -a --symmetric
- --output file.gpg file

And, Hauke, it worked without the "--batch" as well when I tried.
Maybe I just got lucky.


[0] search term: echo to stdin.
The fourth result was





- --
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

We're all shipwrecked on this idea that everything has to be explained.
-BEGIN PGP SIGNATURE-

iPQEAQEKAF4FAlQm6yZXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5pJ0EEAKJJ3IUQQiZocxj8fEkiWZ5WQwcrGoueyBXV
B67zhAbBkAk/nsoV9z/LIupdaRdiGylOp55Rc0cbMQ4f0SlZkLGPvXEs99BasETh
f3ze/rdk8PXetU5oANXD1p1ny+V0pONoTkXY7YbTTSZ0GOmhP42fbyZeWMgFH926
q5+ufzBP
=avtf
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

2014-09-27 Thread MFPA

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Saturday 27 September 2014 at 3:31:38 PM, in
, Werner Koch wrote:


> On Sat, 27 Sep 2014 16:21,
> 2014-667rhzu3dc-lists-gro...@riseup.net said:

>> And I wonder whether 1.4.x could cope with RSA subkeys
>> on an ECC main key.

> No, it won't be able to handle such a key.  It is not
> possible to verify the user-id and subkey binding
> signatures which are done by the primary key.

I already tried to import an ECC key with 1.4.18, to see what would
happen. This was an ECC main key with an ECC subkey.

It imported the ECC main key, and warned me the user-id was
non-selfsigned.

But it would not import the ECC subkey, and the output simply told me
"skipped subkey". I suppose this would be because, as you said, the
subkey binding signature could not be verified.


- --
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

All generalisations are dangerous, even this one.
-BEGIN PGP SIGNATURE-

iPQEAQEKAF4FAlQm3+VXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5pLb8EAL1dVRxvGOcu07oqGxP5ve4RigzBXiXkPmZk
3bk/ehg7UUgY4I3hfZrv7WauU0QKWufd8laaYJw1YLhLVD9tnq6HaxkJrC6jXEUs
jK2LtE6YzpGp+Ak895qh4QVLrSFQR4Z69F9/CqXmHXbliL12ztYEeRPV8KBZ4Pen
sBRLdly0
=OQ37
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Symmetric & Encrypt in One

2014-09-27 Thread Hauke Laging

Am Sa 27.09.2014, 16:11:09 schrieb MFPA:

> If I just try:-
> 
> echo "$PW" | gpg --passphrase-fd 0 --symmetric  --output file.gpg file
> 
> it symmetrically encrypts but I cannot find a passphrase that works
> for decryption.

I quote the man page for "--passphrase-fd n":

"[...] Note that this passphrase is only used if the option --batch has 
also been given. This is different from gpg."


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Symmetric & Encrypt in One

2014-09-27 Thread MFPA

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Saturday 27 September 2014 at 2:18:34 PM, in
,
Sam M wrote:


> Hello.

> I'd like to encrypt a file with a password as well as
> multiple public keys. Is this possible?

Yes.


> Will this
> command below work?

> echo "$PW" | gpg2 --batch --passphrase-fd 0 --symmetric
> --encrypt --recipient 432E170D279095 --recipient
> 07EAE49ADBCBE671 --always-trust --output file.gpg file

It didn't when I tried (substituting gpg for gpg2, using keys that are
on my keyring, trying various echo strings). At least, I could not
decrypt it using a passphrase of "$PW" or $PW or PW or "PW".

If I just try:-

echo "$PW" | gpg --passphrase-fd 0 --symmetric  --output file.gpg file

it symmetrically encrypts but I cannot find a passphrase that works
for decryption.

The following works for me, using GnuPD 1.4.18 on Windows XP:-

gpg --symmetric --passphrase string --encrypt --recipient 0xkeyID --output 
file.gpg file







- --
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

When you're caffeinated, all is right with the world
-BEGIN PGP SIGNATURE-

iPQEAQEKAF4FAlQm05pXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5ppLsD/RxK140ghf1FZKrBXK2Jz9ni8xYZKiWpoDjL
0dZRS3y6E1bjF5Uo5XykaSn2vsqtXyHEuzrBcTJQkGbyRhKpd+yi/GrVClsvHyf4
Mthojf7QImUEyPJUGUgQa5bKiyti/jHNKwmjhzBDA97rInH9jgkI+7hZY1DqZ0yd
gDnBG09H
=NPUt
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

2014-09-27 Thread Werner Koch

On Sat, 27 Sep 2014 16:21, 2014-667rhzu3dc-lists-gro...@riseup.net said:

> And I wonder whether 1.4.x could cope with RSA subkeys on an ECC main
> key.

No, it won't be able to handle such a key.  It is not possible to verify
the user-id and subkey binding signatures which are done by the primary
key.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New beta

2014-09-27 Thread MFPA

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi

On Thursday 25 September 2014 at 7:12:12 PM, in
, Murphy wrote:

> On 09/25/2014 01:06 PM, MFPA wrote:
>> Other than whether GnuPG 1.x locks up on encountering
>> the unrecognised key type when trying to encrypt, or
>> whether it errors out, or just uses the next
>> encryption-capable subkey. I think this can only be
>> tested with the public key.

> Also here are the public keys for Grumpy from both gpg
> and gpg2.1

Thanks.

Using GnuPG 1.4.18, I succcessfully signed with and encrypted to
Grumpy's key.

GnuPG output for signing:-

  C:\Documents and Settings\Administrator\Desktop\Scribble_Pad>gpg
   --local-user grumpy --clearsign test.txt

  gpg: using character set `utf-8'
  gpg: can't handle public key algorithm 19
  gpg: no secret subkey for public subkey 0x4EB8453C635A015B -
  ignoring

  You need a passphrase to unlock the secret key foruser: "Grumpy
  (RSA) "

  2048-bit RSA key, ID 0x0C6C60ECF7CD83F4, created 2014-09-24

  gpg: writing to `test.txt.asc'

  gpg: RSA/SHA512 signature from: "0x0C6C60ECF7CD83F4 Grumpy (RSA)
  "

The file was signed with the main key after not recognising the secret
subkey. Signature verified OK.

GnuPG output for encryption(+signing):-

  C:\Documents and Settings\Administrator\Desktop\Scribble_Pad>gpg
  --local-user gr umpy --clearsign test.txt

  gpg: using character set `utf-8'
  gpg: can't handle public key algorithm 19
  gpg: no secret subkey for public subkey 0x4EB8453C635A015B -
  ignoring

  You need a passphrase to unlock the secret key for user: "Grumpy
  (RSA) "
  2048-bit RSA key, ID 0x0C6C60ECF7CD83F4, created 2014-09-24

  File `test.txt.asc' exists. Overwrite? (y/N) y
  gpg: writing to `test.txt.asc'
  gpg: RSA/SHA512 signature from: "0x0C6C60ECF7CD83F4 Grumpy (RSA)
  "

File was encrypted to the older, encryption-capable, RSA subkey.
Decrypted OK (and the signature was good).

So, it would seem that adding ECC signing subkeys to an RSA key does
not completely break compatibility with GnuPG 1.4.18: the 1.4.x user
can still encrypt to the non-ecc subkey and can sign with the main
key. Obviously ECC signatures could not be checked with 1.4.x.

Presumably, it would still work if the ECC subkey were an
encryption-capable subkey. But I have not seen this in action.

And I wonder whether 1.4.x could cope with RSA subkeys on an ECC main
key.

- --
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

Learning without thought is naught;
 thought without learning is dangerous.
-BEGIN PGP SIGNATURE-

iPQEAQEKAF4FAlQmx+tXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5plNQD/39jYLv3f3TumrDZ0HFDpFXTLWEDI0tAVRpy
DrYXdBl+4LUIaAajw6IKC14BssCCmkswhz2CHbSnzVRrly1kc1j/AZgKrhVNnptK
UyE/FH1v8rps51fY2D6Fe4XLiEGHE5MgeET9KdqYyQ5WVSOBkDVYQOt3LixBb/eB
HK+Yx4Jo
=bush
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Symmetric & Encrypt in One

2014-09-27 Thread Sam M

Hello.

I'd like to encrypt a file with a password as well as multiple public keys.
Is this possible? Will this command below work?

echo "$PW" | gpg2 --batch --passphrase-fd 0 --symmetric --encrypt
--recipient 432E170D279095 --recipient 07EAE49ADBCBE671 --always-trust
--output file.gpg file

Thanks.

Sam
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Kleopatra Ultimate trust CA Cert Signing Authority

2014-09-27 Thread Sudhir Khanger

Hello,

I am not sure if this is related to GnuPG but searching for following text 
takes me to, from what I understand, a GnuPG commit [1].

Kleopatra keeps asking following.

Do you ultimately trust
"CN=CA Cert Signing Authority
 OU=http:\x2fwww.cacert.org
 O=Root CA
 EMail=supp...@cacert.org
to correctly certify user certificates?

[1] http://osdir.com/ml/encryption.gpg.cvs/2006-09/msg00036.html

-- 
Regards,
Sudhir Khanger,
www.sudhirkhanger.com,
www.github.com/donniezazen,
5577 8CDB A059 085D 1D60  807F 8C00 45D9 F5EF C394.

signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

agent, ssh-support, loading keys

Re: Symmetric & Encrypt in One

Re: New beta

Re: Symmetric & Encrypt in One

Re: Symmetric & Encrypt in One

Re: New beta

Re: New beta

Symmetric & Encrypt in One

Kleopatra Ultimate trust CA Cert Signing Authority

9 matches

Site Navigation

Mail list logo

Footer information