Re: symmetric encryption is not working

2018-01-07 Thread Philip Jackson 
On 06/01/18 06:27, Charles E. Blair wrote:
> However, the command
> 
> gpg testfile.gpg yields the message
> 
>> gpg: WARNING: no command supplied.  Trying to guess what you mean ...
>> gpg: AES encrypted data
>> gpg: encrypted with 1 passphrase
> and creates a plaintext file without asking for
> a passphrase.

It would seem that the command '-d' is missing.

gpg -d testfile.gpg

works for me. And requests the password before decrypting.

Philip

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Import keys from .gnupg folder

2018-01-07 Thread Robert J. Hansen 
> Yes, that is possible. However, you could also just copy the directory
> in your new home directory. Upgrading from 2.0 to 2.2 will do the right
> thing.

Obligatory drum beating: I wrote a tool, Sherpa, to help ease migration
between different GnuPG versions.

https://rjhansen.github.io/sherpa/



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Import keys from .gnupg folder

2018-01-07 Thread Teemu Likonen 
Michael Singh [2018-01-05 22:39:42-08] wrote:

> I was a bit ignorant to the nuances of importing/exporting GPG keys, and
> as a result I simply copied the.gnupg folder from my home directory and
> wiped my hard drive. Is it possible to import these keys on another
> installation from this folder? The public key is on a public key-server,
> and I have the private keys in the folder.
>
> The version of GPG on RHEL7.4 is 2.0.22, while Arch happens to be on
> 2.2.4-1. Would this be problematic?

Gpg 2.0 uses secring.gpg file for its secret keyring. Gpg 2.1 uses
private-keys-v1.d directory for secret keyring but 2.1 automatically
converts the old secring.gpg to the new format.

-- 
/// Teemu Likonen   - .-..    //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How do you find out the Keygrip of a v3 key?

2018-01-07 Thread MFPA 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Friday 5 January 2018 at 2:37:12 PM, in
,
Kristian Fiskerstrand wrote:-


> I'd start with libgcrypt's gcry_pk_get_keygrip()

Thanks. Any pointers how I could invoke that from Windows?

- --
Best regards

MFPA  

An obstinate man does not hold opinions. They hold him.
-BEGIN PGP SIGNATURE-

iNUEARYKAH0WIQSWDIYo1ZL/jN6LsL/g4t7h1sju+gUCWlIquV8UgAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0OTYw
Qzg2MjhENTkyRkY4Q0RFOEJCMEJGRTBFMkRFRTFENkM4RUVGQQAKCRDg4t7h1sju
+qcfAP9d+uOqsdihf1PFQfi2HAZ35/LJjC7TcfbeNd3GJPjbegD/cjqYYLg9fqmC
5nSGkekIXtsFT7Lmialc7zYMptkIPgWJApMEAQEKAH0WIQRSX6konxd5jbM7JygT
DfUWES/A/wUCWlIquV8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0NTI1RkE5Mjg5RjE3Nzk4REIzM0IyNzI4MTMw
REY1MTYxMTJGQzBGRgAKCRATDfUWES/A/zneD/9E47CnKIaUAUOGsoVJ0/UOhlj8
MzkEZUTOCnxb7zdcnYpkAHAZYc1u6YV/fcv1HJ984lsD29yBdpJsRFhHL4QbqOIF
W8tVEprkgJ0YBMhQqOkjOBEgkhwZHGU/OR0Uok8Ivk7Eco6NC7Gvs3rjV6IkTBX1
loxQ17nB/UatGN2sn9EGkvN3vy6FunZIpRfYXrToQA8/EQYqnXbN1LFLNn/oyR4l
DrFJz1mJOifmlJKM2lUEVZCWPkmT3MxKH3JXazY6nJ0sKP3CSquCdIu3wIyKSy5H
LOTwl9pCEdne5TjzQsBDKpinFzMv3VDJe+9Tlt4P1y4US4JIEJF9X5uY2dAF1ZuR
QAm6x/gYkijU5rp2mJrEvXVzzN+jfM5l/Q75mUtx7walsMT6j1/EZAFevxMGXe/1
7ob0zQQdafvIXEqIkdQs1GRHdGUHNegZNuSoHLwM/9t1grVKtoGdOM4XuHgtRP1/
BAVvCBsUW4AdVgEFfsTKZmSqPmmAGYiNs//KZ1jtZzGbDvOcAGR8VIY4HG0d5SLw
4NZjfPV+ZpBOrfW3xFFucaGZRRUPDOrgO5ONqWKbcyL+d9aD6H8e7S6VregD5EtT
7yy1ScRw/A5IgR1FowoMaiiT7w0xyjYLQFMkMH9qGPVr2zkWcGQKuX1Ft1W3Pxhg
oIkXoF1WmBLhY71eCg==
=za7N
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Import keys from .gnupg folder

2018-01-07 Thread Peter Lebbing 
On 06/01/18 07:39, Michael Singh wrote:
> Is it possible to import these keys on another
> installation from this folder?

Yes, that is possible. However, you could also just copy the directory
in your new home directory. Upgrading from 2.0 to 2.2 will do the right
thing.

If you already have a .gnupg dir there, but you didn't do anything
worthwhile with GnuPG yet, you can just move that to a backup location,
and throw away the backup once you're confident everything works.

However, it is good practice to remove the file "random_seed". This file
should be specific to a single location and not shared.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: symmetric encryption is not working

2018-01-07 Thread Peter Lebbing 
On 06/01/18 06:27, Charles E. Blair wrote:
> and creates a plaintext file without asking for
> a passphrase.

Your gpg-agent is probably caching the passphrase. You can evict the
cache with:

gpgconf --reload gpg-agent

After that, it will prompt you for the passphrase again.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Import keys from .gnupg folder

2018-01-07 Thread Michael Singh 

Hi all,

I was a bit ignorant to the nuances of importing/exporting GPG keys, and 
as a result I simply copied the.gnupg folder from my home directory and 
wiped my hard drive. Is it possible to import these keys on another 
installation from this folder? The public key is on a public key-server, 
and I have the private keys in the folder.


The version of GPG on RHEL7.4 is 2.0.22, while Arch happens to be on 
2.2.4-1. Would this be problematic?


--
Michael Singh

M: 914-266-0601
W: www.wadadli.me
F: 5E0E FD46 4592 1682 A4B6 5F62 761E 4940 A177 3B38


Sent via Migadu.com, world's easiest email hosting

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

symmetric encryption is not working

2018-01-07 Thread Charles E. Blair 
   I have been using gpg (GnuPG) 2.1.18 on a debian linux
for several years.  In the last few days, I have noticed
that symmetric encryption is not working.

The command

gpg -c --cipher-algo AES testfile

creates testfile.gpg after asking for a passphrase.

However, the command

gpg testfile.gpg yields the message

> gpg: WARNING: no command supplied.  Trying to guess what you mean ...
> gpg: AES encrypted data
> gpg: encrypted with 1 passphrase

and creates a plaintext file without asking for
a passphrase.


-- 
My e-mail service is unreliable.
Please try again if no reply in a few days.

gpg: F7C9 B577 1E5D C732 63F1  A9D2 A399 D202 50E8 50D1

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Upgrading from gpg1 to gpg2: lots of trouble, need help

2018-01-07 Thread gnupg 
Daniel Kahn Gillmor wrote:

> On Thu 2017-12-21 16:19:00 +1100, raf wrote:
> > Sorry, I thought I already did. The 4th point above does not
> > work. When the public-facing host connects via ssh to the
> > key management host, and runs gpg, instead of it successully
> > connecting to the existing gpg-agent process that I started
> > minutes earlier, it starts a new gpg-agent process which
> > doesn't know the passphrase and so the decryption fails.
> >
> > Here are the gpg-agent processes after I start the first gpg-agent
> > process and preset the passphrase:
> >
> >   /usr/bin/gpg-agent --homedir /etc/thing/.gnupg --allow-preset-passphrase \
> > --default-cache-ttl 3600 --max-cache-ttl 3600 --daemon -- /bin/bash 
> > --login
> >
> > Here are the gpg-agent processes after an inoming ssh connection that
> > attempts to use gpg:
> >
> >   /usr/bin/gpg-agent --homedir /etc/thing/.gnupg --allow-preset-passphrase \
> > --default-cache-ttl 3600 --max-cache-ttl 3600 --daemon -- /bin/bash 
> > --login
> >   gpg-agent --homedir /etc/thing/.gnupg --use-standard-socket --daemon
> >
> > That second gpg-agent process should not exist. The gpg
> > process that caused it to be started should have connected
> > to the existing gpg-agent process. The sockets for it
> > existed but perhaps there was some reason why it didn't use
> > them.
> >
> > There must be some reason why gpg thinks it needs to start
> > gpg-agent. Perhaps it's because it's a different "user
> > session". They are from two different ssh connections after
> > all.
> 
> this is the part that i'm unable to reproduce.
> 
> Are both of these processes running as the same user account?

Yes. They are both owned by the user I am calling "thing".

> does something at some point destroy or mask the standard socket created
> by the first process, so that a new gpg invocation decides to start up a
> new instance of gpg-agent?

Nothing that I am aware of. The sockets are still there in the
file system. However, as soon as the incoming ssh connection
runs gpg which starts its own new gpg-agent, the original
screen+sudo+gpg-agent+bash "session" can no longer decrypt the
data. It's behaving "as if" the new gpg-agent has taken over the
sockets so connections via them no longer access the first
gpg-agent that knows the passphrase but rather access the second
gpg-agent that doesn't know the passphrase. I'm not saying that
that is what is happening, just that such behaviour might look
like what I'm seeing.

> if your old session was being terminated, then you'd expect the first
> agent to actually disappear.  that's not happening.
> 
> and neither of these agents is beign launched by systemd, because if it
> were it would have a --supervised .
> 
> > But when I su to the user in question, I get:
> >
> >   > systemctl --user is-enabled gpg-agent.service gpg-agent.socket 
> > gpg-agent-ssh.socket gpg-agent-extra.socket gpg-agent-browser.socket
> >   Failed to connect to bus: No such file or directory
> >
> > But it still reports as enabled with --global.
> > Maybe that's enough. I don't know.
> 
> are you su'ing with a login shell (i.e. with - or -l or --login), or
> not?

I would have used "-" but I was only using su for the purpose of
checking the systemctl's gpg-agent enabled status. I just tried
it again with "-" and got the same result as above.

For the actual decryption, I'm using sudo. From the original
post, the command to set things up contains something like:

  /usr/bin/screen -- \
  /usr/bin/sudo -u thing --set-home -- \
  /usr/bin/gpg-agent --homedir /etc/thing/.gnupg \
--allow-preset-passphrase \
--default-cache-ttl 3600 \
--max-cache-ttl 3600 \
--daemon $gpg_agent_info -- \
  /bin/bash --login

So the sudo doesn't have "-i" for a login shell (because
gpg-agent is run instead) but bash is run with "--login".

> > I am completely failing to understand what's going on here. :-)
> > Is systemd handling the sockets or not? There's no /run/user
> > directory for this user so probably not. Maybe I don't
> > understand --user and --global or systemd in general.
> 
> why is there no /run/user for this user?  if you're running a modern
> version of systemd, and your user has actually started a session, there
> should be a /run/user created automatically.

I don't know why. It's systemd 232-25+deb9u1.

>--dkg

The main thing is that you can't reproduce the behaviour that
I'm seeing with the incoming ssh connection running gpg.

I take that as a good sign. It means that what I am trying to do
should work. When I get back to work, I'll do some tracing and
get a better look at what is happening when the incoming ssh
connection runs gpg and compare it to gpg when run from the
screen session before the incoming ssh connection takes place
(while it still works and can decrypt data).

Thanks,
raf


___
Gnupg-users mailing list
Gnupg-users@gnupg.org