Re: About encrypting files

2016-09-17 Thread Robert J. Hansen 
> However, i just wonder how my files are encrypted.

The data is encrypted with a symmetric cipher, then the symmetric key is
encrypted with the recipient's public key.

It's possible to do purely symmetric encryption, but this isn't the default.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Signing and symmetrically encrypting files

2016-09-17 Thread Arbiel (gmx) 
Hi Bernhard

I eventually changed my mind as I have'nt found out how to extract the
source document from a signed one.

So I decided to procede with detached signatures applied, as you
suggest, on the source documents and not on the crypted ones.
Regarding asymmetric versus symmetric cryptography, I stick with the
latter one, which allows me to crypt a document only once with a single
key, a "document-key", and either transfert the asymmetrically crypted
document-key to recipients whom I know their public keys, or its
symmetrically crypted value with a permanent password specific to each
of the others recipients I share their passwords with. I don't know yet
how to share and manage these passwords.

I finally download on the public server an archive containing the
document-key symmetrically-crypted document, the clear document
signature and the bunch of asymmetrically or symmetrically crypted
document-keys, and send messages, "release notifications", to inform the
recipients a new document has been released on the server.

I'm still wondering how each of them will know the specific file they
have to uncrypted to get the document-key. That is, I haven't yet
figured out whether or not to keep the list of recipient secret. I can
obviously consider to provide the information in the
release-notification e-mail, but I don't know if e-mail clients can
handle symmetrically crypted messages.

Thank's again for your help.

Le 15/09/2016 à 09:11, Bernhard Reiter a écrit :
> Hi Arbiel,
> 
> Am Mittwoch 14 September 2016 17:28:59 schrieb Arbiel (gmx):
>> Asymmetric encryption requires the recipients to use my public key to
>> get access the documents, whereas symmetric encryption only requires
>> them to key in the encryption key. 
> 
> for decryption, only the private key of the recipient is needed.
> Typing in that passphrase is as difficult (or easy) as typing in the 
> symmetric 
> key. Of course asymmetric crypto would need them to create a key-pair first.
> But symmetric encryption has the problem of you needing to transfer the keys 
> each time.
> 
>> Obviously the recipients who are not 
>> confident enough with using asymmetric encryption won't be able to
>> verify the authentity of the documents, but this a least drawback.
>>
>> However, if I can't sign and encrypt in a single step, I'll sign and
>> then symmetrically encrypt the signed document, or the other way around.
> 
> Usually you sign first and then encrypt. This way the signature stay 
> verifiable even after decryption.
> 
>> I forgot to write that I want the process (sign and encrypt) to procede
>> without any keyboard-typing.
> 
> A passphrase is not needed for asymmetric encryption.
> It is only needed to unlock your private key for signing.
> If you want to build an automated system, one way is to just have a private 
> key without passphrase (and secure the system). There are other ways of 
> course.
> 
>> My previous message seems to have been a HTML message. I unchecked the
>> control and hope this answer is a clear text message
> 
> Yes, it is. :)
> 
> 
> Best Regards,
> Bernhard
> 
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

About encrypting files

2016-09-17 Thread Thn64394 
Hi,
I always use GpgEX and Kleopatra to encrypt my files.
However, i just wonder how my files are encrypted.
Will my files be encrypted with the symmetric cryptography first, then use the 
Public-key cryptography to encrypt symmetric key?
Or, the whole of my files are encrypted with the Public-key cryptography?

Thank you,
Adam___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Call gpg with gpgme

2016-09-17 Thread Le Roy Francis 
My snippet works just fine if not for the pinentry. Is there a way of
avoiding the pinentry pop-up and enter the pin in STDIN ? Is gpg
--pinentry-mode loopback of any use ?

Thanks.
FLR.

Le 17/09/2016 à 13:59, Le Roy Francis a écrit :
> I have found another way, as my project is based on node js. I use the
> child_process package to launch gpg. I have already wrote a function to
> generate a new key pair directly in a smart card. Nonetheless, if I fail
> to create a node js function good enough for my needs, I give your
> solution a try.
> 
> Thanks. 
> FLR. 
> 
> Le 17 sept. 2016, à 13:32, Werner Koch  > a écrit:
> 
> On Fri, 16 Sep 2016 20:45, thecisso...@hotmail.fr said:
> 
> Hi, how can I interface directly with gpg via gpgme like in the
> gpgme_op_edit. Is gpgme_op_spawn of any use in this case ? Is
> there an
> equivalent of gpgme_op_assuan_transact_ext for GPG ?
> 
> 
> Yes, you need to implement the callback for gpgme_op_edit (or
> gpgme_op_interact in the forthcoming 1.7).  You probably want to build
> an FSM for this.  If you encounter an unknown keyword simply send a LF,
> which is what you would have done on the command line too to use the
> default answer.
> 
> For an example on how to build such a thing, check out the file
> src/gpgmeedit.c from GPA.
> 
> gpgme_op_spawn is of no use for you.
> 
> 
> Shalom-Salam,
> 
>Werner
> 
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: :-(( Re: smart card no longer works

2016-09-17 Thread Philip Jackson 
On 16/09/16 22:09, Stephan Beck wrote:
> Sorry for the delayed response.
> It's not enough to simply copy and paste all the files into the new
> ~/.gnupg directory, as you write you did in your previous mail. You have
> to run gpg2 with the --import option to import your public key and then
> (having your smartcard inserted and doing a gpg2 --card-status) generate
> key stubs for the secret subkeys on the new system.From what you say, it
> seems that you haven't done this. It's my wild guess that things may
> have gone wrong there.

Thank you Stephan - got it working.  For the record, I did not undo
anything that I had previously done. Just left the installation as it
was then did :

gpg2 --import /path-to-my-key/mykey.asc
inserted smartcard
gpg2 --card-status

then run tests. Can now sign and encrypt emails, sign and encrypt and
decrypt files although verify on its own causes me a problem but I
shouldn't think that is connected with the smartcard.

Thanks.
Philip




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Call gpg with gpgme

2016-09-17 Thread Le Roy Francis 
I have found another way, as my project is based on node js. I use the 
child_process package to launch gpg. I have already wrote a function to 
generate a new key pair directly in a smart card. Nonetheless, if I fail to 
create a node js function good enough for my needs, I give your solution a try.

Thanks.
FLR.

Le 17 sept. 2016, à 13:32, Werner Koch > 
a écrit:

On Fri, 16 Sep 2016 20:45, thecisso...@hotmail.fr said:
 Hi, how can I interface directly with gpg via gpgme like in the
 gpgme_op_edit. Is gpgme_op_spawn of any use in this case ? Is there an
 equivalent of gpgme_op_assuan_transact_ext for GPG ?

Yes, you need to implement the callback for gpgme_op_edit (or
gpgme_op_interact in the forthcoming 1.7).  You probably want to build
an FSM for this.  If you encounter an unknown keyword simply send a LF,
which is what you would have done on the command line too to use the
default answer.

For an example on how to build such a thing, check out the file
src/gpgmeedit.c from GPA.

gpgme_op_spawn is of no use for you.


Shalom-Salam,

   Werner

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Call gpg with gpgme

2016-09-17 Thread Werner Koch 
On Fri, 16 Sep 2016 20:45, thecisso...@hotmail.fr said:
> Hi, how can I interface directly with gpg via gpgme like in the
> gpgme_op_edit. Is gpgme_op_spawn of any use in this case ? Is there an
> equivalent of gpgme_op_assuan_transact_ext for GPG ?

Yes, you need to implement the callback for gpgme_op_edit (or
gpgme_op_interact in the forthcoming 1.7).  You probably want to build
an FSM for this.  If you encounter an unknown keyword simply send a LF,
which is what you would have done on the command line too to use the
default answer.

For an example on how to build such a thing, check out the file
src/gpgmeedit.c from GPA.

gpgme_op_spawn is of no use for you.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpfqdTTtcVD6.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users