Re: Unknown key in gpg-agent
Hi Werner, Am Di den 25. Aug 2020 um 14:12 schrieb Werner Koch: > Just to be sure, you quoted the ampersand, right. It works for me and > some GnuPG components are using it a lot. Just a quick test: ~> gpg --version gpg (GnuPG) 2.2.20 libgcrypt 1.8.6 ... ~> gpg --list-secret-keys /home/klaus/.gnupg/pubring.gpg -- sec> rsa4096/0x79D0B06F4E20AF1C 2011-05-16 [C] [verfällt: 2050-12-31] Schl.-Fingerabdruck = 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C Keygrip = E9CAF66DDA858EE60D654C864BB8E12E41C78242 ... ~> gpg -k \ gpg: keydb_search failed: Invalid argument gpg: error reading key: Invalid argument Sure I did use quoting for "&". Gruß Klaus -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Password Decript GPG public key
ved...@nym.hush.com wrote: > > > On 8/25/2020 at 3:21 PM, "Stefan Claas" wrote: > > > >Maybe he could try to use a secret key without a passphrase and > >give then the secret key personally to his friend? > > = > > And just have the ascii armored text of the secret key as the passphrase for > the symmetrically encrypted text? > > There still needs to be a way to 'enter' it as the 'passphrase'. If the OP > doesn't mind saving it in a file-decsriptor way, > that would work, but it would work the same as the secret key had a > passphrase, or even if it was an unpublished public key. Well, as we know GnuPG uses hybrid encryption when using public key encryption, so why use then direct symmetric encryption with a passphrase, if the shown workflow would work also with GnuPG? What I have shown would allow a group of people to use the same secret-key, among them, without having a public key to share (found on a keyservers ...) and without using a passphrase (preferably on an offline device). Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Password Decript GPG public key
On 8/25/2020 at 3:21 PM, "Stefan Claas" wrote: >Maybe he could try to use a secret key without a passphrase and >give then the secret key personally to his friend? = And just have the ascii armored text of the secret key as the passphrase for the symmetrically encrypted text? There still needs to be a way to 'enter' it as the 'passphrase'. If the OP doesn't mind saving it in a file-decsriptor way, that would work, but it would work the same as the secret key had a passphrase, or even if it was an unpublished public key. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Password Decript GPG public key
vedaal via Gnupg-users wrote: > > > On 8/24/2020 at 8:36 AM, "Guille De La Torre via Gnupg-users" > wrote: > > > is it possible to create a key for symmetric encryption > >in such a way that the person who has my public key does not need > >to enter a password? to decrypt. > > = > No. and Yes.8^) > > It is not possible that the person does not have to enter 'anything' to > decrypt. Maybe he could try to use a secret key without a passphrase and give then the secret key personally to his friend? A workflow like this can be done with sequoia-pgp, have not tested with GnuPG. msg.txt: The quick brown fox jumps over the lazy dog. sq key generate -c cv25519 -e key No user ID given, using direct key signature -BEGIN PGP PRIVATE KEY BLOCK- Comment: 2E44 985D 3FAC 531F 029F F0EC 005C 8853 963C B85E xVgEX0VhThYJKwYBBAHaRw8BAQdAl00Pc6ZL/UvWA4z9Auvv9iA2HICkZfwJzOwe 6Yg3+8UAAQDqa37jLZ3yzxZVm46R6Kg3vs2thHLjVLdOHa9Bp+LC+RLpwocEHxYK ABgFgl9FYU4FiQWkj70CCwkCFQoCmwECHgEAIQkQAFyIU5Y8uF4WIQQuRJhdP6xT HwKf8OwAXIhTljy4Xg4EAQD61fVvaPLLhoglET9SR16mjUQumIgU/LdGs7gSS0nm kQD+M6GvdSjckDpf/cFutnir8OmOrg6ILpvFFrRVhVqPQQzHWARfRWFOFgkrBgEE AdpHDwEBB0BtUk9+bJA8zfYDht94kfQjmEitlykWjccx5LWh7VHJOQABAJiL7HXP KF+H2XfrbCspU1y15mdbk0o84qlTlPDBMGV9ELfCwDgEGBYKABIFgl9FYU4FiQWk j70CmwICHgEAmAkQAFyIU5Y8uF52oAQZFgoABgWCX0VhTgAhCRCSUbL52YRWFhYh BDnBZTfNWRsc6RHMj5JRsvnZhFYWUqMBAOlBob9vZLRf78Y2G0ReyrraIr5WnBzV NDKr6lIHuUINAQDOqSHYXJNZ9i6kT9mu7INTAD0U9j8WlsTHDEYHkiMhBxYhBC5E mF0/rFMfAp/w7ABciFOWPLhe5iwBAJxet8cZZI6YfE1qz1pUXSF/XBV/RR0pP6B4 dBYnOgy/AQDJaac+/9o/Rg7MSRMATSZFABhq0gc5NfPXP7J3VA9IAMddBF9FYU4S CisGAQQBl1UBBQEBB0CdQ3BFqAUfHsJCqsCUpupbfXaJqivk26ywapJ4zhgXRAMB CAkAAP9y3NMZM/14jHYw2rkJSS7nGF+QwEAMrFu8StTtkfcI+BF2woEEGBYKABIF gl9FYU4FiQWkj70CmwwCHgEAIQkQAFyIU5Y8uF4WIQQuRJhdP6xTHwKf8OwAXIhT ljy4XsiSAQCwrxIxD4wlh0Q67hksQlp4Tjn0Yq4onRbMQdMqmBHcawD/TnloezC8 ipZshjOeeimN6XXhyg/oJNj2K3+DKJIf4w4= =qQ2b -END PGP PRIVATE KEY BLOCK- sq encrypt --recipient-key-file key < msg.txt > msg_enc.txt msg_enc.txt: -BEGIN PGP MESSAGE- wV4DOqgrJ15WGrUSAQdAtkxy/GVuxw6MLOZerr2HTLcXlsouSxEiCEp2SZw0UiYw nNK5qmhvslxZErJ3WMsmjGmwqFLTKYAh132HkH9fSDlCF9i1Qv/cGEf0Q2E0F98h 0mcBsvCcpBjLqFzQSEslEOPWEqW3CHbMi6pMZxfU/CcGwNZKfd7m6ccgi3505t41 OuAs/KtlF/qZbyy75mRmDoU8+3SaT9nasQsobFcuET1e4Es3yJZ3RKOdmLE3+FJO u7gYo4wnDfUc =YTSR -END PGP MESSAGE- sq decrypt --secret-key-file key < msg_enc.txt > output.txt Encrypted using AES with 256-bit key Compressed using ZIP output.txt: The quick brown fox jumps over the lazy dog. Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why does gpg -k write to tofu.db?
On Tue, 11 Aug 2020 14:56, Brian Minton said: > Why does gpg -k need to write to the tofu db? I should mention that gpg > is running at 100% cpu in the R state. Before starting the gpg -k I was not able to replicate it but I must say that I don't have a large useful tofu.db. AFAICS, gpg sometimes updates the tofu.db to track expired bindings. You can have a closer look at hi8t by running gpg -k --debug trust or to disable updates by using gpg -k --dry-run I suspect that the TOFU database scheme is not well suited for large number of keys. In particular not if several gpg processes are running. I also don't like that it stores meta data of all signatures ever verified. Revamping the tofu stuff is on my list but I have not yet found the time (as usual). The Tofu information should be stored along the key and not in a separate database with all its transaction overhead. The optional keyboxd we will provide in 2.3 may help to solve the problems. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Unknown key in gpg-agent
On Fri, 14 Aug 2020 14:31, Klaus Ethgen said: > However, `gpg --list-keys --list-options show-unusable-subkeys > --with-keygrip` does not display this keygrip. You can also use gpg -k \ to list a key. And with gpgsm use gpgsm -k --with-ephemeral-keys \ to see whether there is such a key. > Is there any posibility to export that key or get info about that key, > find it whatever? Make a backup of the key and if sometime in the future you run into decrypt problems (or trying to connect to some rareley used server) restore it. > So, ssh-add does not show the key (as well as KEYINFO --ssh-list) and > gpg doesnt show the key. What could have put that key there when it is > none of that commands? A canceled or crashed key generation or import might be the culprit. > By the way, using '' does not work with gpg to select a key for > listing by keygrip. Just to be sure, you quoted the ampersand, right. It works for me and some GnuPG components are using it a lot. Just a quick test: $ ~/b/gnupg-2.2/g10/gpg -k \&1BFC2CF9BC9C265E6D3CC6B966C883722C5256C8 gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! pub ed25519 2020-08-24 [SC] [expires: 2030-06-30] 6DAA6E64A76D2840571B4902528897B826403ADA uid [ultimate] Werner Koch (dist signing 2020) using my development version of 2.2 but I can't remember that we ever had a regression. It is a bit slow on a larger keyring, though. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users