encryption failed: No dirmngr

2023-03-29 Thread Fourhundred Thecat via Gnupg-users 

Hello,

I am getting this error:

$ gpg --lock-never --no-verbose --batch --yes --pinentry-mode loopback -e -r 
'n...@domain.com' -o zz.gpg zz
gpg: failed to start the dirmngr '/usr/bin/dirmngr': No such file or directory
gpg: connecting dirmngr at '/var/lib/asterisk/.gnupg/S.dirmngr' failed: No such 
file or directory
gpg: error retrieving 'n...@domain.com' via WKD: No dirmngr
ogpg: n...@domain.com: skipped: No dirmngr
gpg: zz: encryption failed: No dirmngr
.
this is on a server where gpg worked before without problems. I don't want to 
use any dirmanager,
they encryption key is stored locally, and is trusted (I can see it with gpg 
--list-public-keys)

I just need to simply encrypt a file with given public key.
Without any daemons, without any external servers or services, without checking 
any revocation certificates.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: symmetric encryption of '[stdin]' failed

2022-10-15 Thread Fourhundred Thecat via Gnupg-users 

> On 15/10/2022 14.36, Robert J. Hansen via Gnupg-users wrote:

Why does gpg-agent interject itself into symmetric encryption at all?


Where in that command line do you specify a passphrase?

You don't.

gpg-agent is getting fired up in order to ask you what passphrase to use
for the symmetric encryption.


why can't gpg accept passphrase in the terminal?

Why does it need to start a daemon?

gpg-agent is supposed to be used for managing private and public keys.
At least that's what the man page says.

Besides, when I use "gpg -c file", it works fine. I =get asked for
passphrase (via pinentry, I think)

so I am not sure what you mean by "Where in that command line do you
specify a passphrase"


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

symmetric encryption of '[stdin]' failed

2022-10-15 Thread Fourhundred Thecat via Gnupg-users 

Hello,

I am trying to pipe output of tar command to gpg, and encrypt symmetrically:

  tar --zstd -cf - zz/ | gpg -c -o /tmp/zz.tar.zstd.gpg

this fails with following errors:

  gpg: problem with the agent: Inappropriate ioctl for device
  gpg: error creating passphrase: Operation cancelled
  gpg: symmetric encryption of '[stdin]' failed: Operation cancelled

The same command works when I change symmetric to public key encryption:

  tar --zstd -cf - zz/ | gpg -e -o /tmp/zz.tar.zstd.gpg

Why does gpg-agent interject itself into symmetric encryption at all?
What role does it want to play? Does it want to remember the passphrase?

Anyways, how can I encrypt with symmetric when input comes from pipe?

thank you,

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

gpg --list-packets asks for passphrase

2022-09-20 Thread Fourhundred Thecat via Gnupg-users 

Hello,

when I do: "gpg --list-packets file.gpg" on public key encrypted file, I
am asked for passphrase.

I am asking gpg to display info about encrypted message, not to decrypt it.

Why am I prompted for passphrase?

thank you,

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: use text pinentry in the console

2022-02-23 Thread Fourhundred Thecat via Gnupg-users 

> On 2022-02-23 08:40, jman wrote:


I think you can set that with an env var in your ~/.bashrc:
export PINENTRY_USER_DATA=ncurses

and the pinentry chooser will be `/usr/bin/pinentry-ncurses`.

As a further option, I use the basic `tty` pinentry chooser and I set
this in my ~/.bashrc:
export PINENTRY_USER_DATA=tty


thank you, but exporting PINENTRY_USER_DATA=ncurses or
PINENTRY_USER_DATA=tty has no effect

I still get the popup gtk pinenetry dialog..

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: use text pinentry in the console

2022-02-23 Thread Fourhundred Thecat via Gnupg-users 

> On 2022-02-23 11:40, Klaus Ethgen wrote:

Am Di den 22. Feb 2022 um 17:28 schrieb Fourhundred Thecat via Gnupg-users:


How can I confugure so that the ncurses (text based) dialog is used
instead ?


You should be able to call it this way:
env -u DISPLAY gpg -c foo


that works!

thank you


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: use text pinentry in the console

2022-02-22 Thread Fourhundred Thecat via Gnupg-users 

> On 2022-02-23 07:05, Fourhundred Thecat via Gnupg-users wrote:

 > On 2022-02-22 18:57, john doe via Gnupg-users wrote:

On 2/22/2022 5:28 PM, Fourhundred Thecat via Gnupg-users wrote:

$ update-alternatives --config pinentry


What I would like to achieve is, that only when I call gog from the
commandline, (gpg -c foo.txt) is the text-based pinentry called


also, I tried adding an alias:

 gpg='gpg --pinentry-mode loopback'

but then, I have another problem. When I use

  gpg -c foo.txt

it only asks for password once, not twice. I would like to be asked
twice, to make sure the password is correct


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: use text pinentry in the console

2022-02-22 Thread Fourhundred Thecat via Gnupg-users 

> On 2022-02-22 18:57, john doe via Gnupg-users wrote:

On 2/22/2022 5:28 PM, Fourhundred Thecat via Gnupg-users wrote:


How can I confugure so that the ncurses (text based) dialog is used
instead ?

I am using gpg 2.2.12 on Debian 10


On Debian you need to use:

$ update-alternatives --config pinentry


thank you, but changing this globally unfortunately causes problem with
thunderbird/enigmail. I get this error when trying to open encrypted mail:

Your GnuPG installation is configured to use the console for pinentry.
However, when using Enigmail you need a graphical version of pinentry.

This is a system setup or configuration error that prevents Enigmail
from working properly and cannot be fixed automatically.

What I would like to achieve is, that only when I call gog from the
commandline, (gpg -c foo.txt) is the text-based pinentry called

thank you



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

use text pinentry in the console

2022-02-22 Thread Fourhundred Thecat via Gnupg-users 

Hello,

when I type a gpg command in the terminal, such as:

  gpg -c foo

the GUI pinentry dialog pops up to ask for password (I guess its
pinentry-gtk-2)

How can I confugure so that the ncurses (text based) dialog is used
instead ?

I am using gpg 2.2.12 on Debian 10

thank you

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

2020-06-30 Thread Fourhundred Thecat 

> On 2020-06-30 13:27, Ralph Seichter via Gnupg-users wrote:

* Fourhundred Thecat:


Show us a body of your work which proves you have the necessary
skills to critique the GnuPG authors' work. Until you do, your
"judgment" is moot.


An idea should be considered on its own merit.


What "idea" would that be, exactly?


You should counter my criticism with facts, instead of attacking me
personally.


I am not attacking you. Read what I wrote in this thread. I just doubt
that you have enough knowledge about the motivation behind and the inner
workings of GnuPG to offer your "critique" (which I consider personal
dislike for certain behaviour) until you convince me otherwise.

Based on what you wrote so far, you are just some random person behind a
pseudonym. What are your credentials in this field? What qualification
do you have that would enable you to call the work of other people "bad
design" with actual justification? Have you designed and maintained
software on the scale of GnuPG, for decades, with a worldwide user base,
dealing with security, usability and compatibility issues, having to
find some compromise between the various aspects?


You can either reply with counterargument, or ignore my messages in
this thread.


You can either tell people why your opinion should matter, or live with
being called out for not doing so.


We are moving in circles. Looks like you have no real arguments, and
keep repeating same stuff all over again.

I see no benefit for anybody in continuing this discussion.

But thanks to everybody who participated. It helped me to get an idea
about this community.

Cheers,

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

2020-06-30 Thread Fourhundred Thecat 

> On 2020-06-30 12:26, Ralph Seichter via Gnupg-users wrote:

* Fourhundred Thecat:


I am basing my judgment on universal principles, that apply not only
to gpg or other software, but design of any systems in general.


Universal principles, oh my. In other words, you don't know nearly
enough about the finer points of GnuPG design goals, don't know much
about the challenges of evolutionary software design, and thus don't
know too well what you are talking about, universally speaking.

Show us a body of your work which proves you have the necessary skills
to critique the GnuPG authors' work. Until you do, your "judgment" is
moot.


An idea should be considered on its own merit. You should counter my
criticism with facts, instead of attacking me personally.

I stand behind my statement, that it is a sign of bad design, when gpg
does not work on a read-only filesystem.

You can either reply with counterargument, or ignore my messages in this
thread.

Cheers,


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

2020-06-30 Thread Fourhundred Thecat 

> On 2020-06-30 08:55, Ralph Seichter via Gnupg-users wrote:

* Fourhundred Thecat:



What insight do you have in the design and development of GnuPG; in its
goals and restrictions? There is a difference between you not liking
something for a personal reason, and objectively "bad design". You are
entitled to your opinion of course, but unless you can demonstrate the
skills to come up with a better design for free software that offers the
same functionality as GnuPG, that opinion does not mean so much.


I am basing my judgment on universal principles, that apply not only to
gpg or other software, but design of any systems in general.

One such principle is a having distinct modes of operation for:

1) maintenance (read/write operations)
2) general use (read-only operations)

In case of gpg, there is one mode where you generate your key pair,
change configuration files, or any other read-write operation.

But for general usage, there is no reason for the key pair to need to be
writable.

Take a car, as an analogy:

Imagine what a mess it would be, if you tried to design a car where the
engine can be replaced while you are driving. I have no experience
designing cars, but that does not prevent me from seeing this would be
bad design specification. Maintenance and usage are two different modes,
and should not be mixed.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

2020-06-29 Thread Fourhundred Thecat 

> On 2020-06-29 19:16, Ralph Seichter via Gnupg-users wrote:



I am protesting the fact, that gpg can no longer be used without the
agent.


Whining about a design detail of free software? Get a grip.


There are more examples of bad design.

In fact, gpg epitomizes a perfect anti-UNIX design. (See Eric S. Raymond
for details, what UNIX philosophy means)

For instance, even for basic operations (encrypt, decrypt), where no
modifications to my key pair are necessary, gpg still requires my
~/.gnupg/ to be writable (cannot me on read-only filesystem)

That is another example of hard-requiring something, that it does not
need (same as agent for symmetric decryption)

gpg is considered a core component of linux and other systems. This is
not some solitaire gui app, that I can choose to ignore.

That is why I a m giving here my honest feedback.

I believe this project is going in the wrong direction, and bad design
decisions are being made.



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

2020-06-29 Thread Fourhundred Thecat 

> On 2020-06-29 14:42, Dmitry Alexandrov wrote:

Fourhundred Thecat <400the...@gmx.ch> wrote:

I am protesting the fact, that gpg can no longer be used without the agent.


Yet you have not described the reason behind it so far, have you?  Why are you 
sure, that the issue, that make gpg-agent fail to start in your case, is hard 
to resolve?


I don't have gpg-agent installed, on this particular server, where I
need to decrypt one file.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

2020-06-29 Thread Fourhundred Thecat 

> On 2020-06-28 21:47, Ingo Klöcker wrote:

On Freitag, 26. Juni 2020 09:33:15 CEST Fourhundred Thecat wrote:

I have file encrypted with symmetric cipher (aes256) and not signed.

How can I decrypt it without using gpg agent ?


Use openssl. Or another simple program offering symmetric encryption/
decryption with AES.


how can I use openssl, to decrypt a file that has been encrypted with
gpg (symmetrically, aes256).

Can openssl read the gpg format/header ?
Can openssl decrypt gpg file ?

thanks,


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

2020-06-28 Thread Fourhundred Thecat 

> On 2020-06-28 22:24, Robert J. Hansen wrote:

I remember a time, when gpg was a simple, cleanly design utility that
worked.


GnuPG adopted gpg-agent in large part to clean up GnuPG's design.  GnuPG
was introduced in GnuPG 1.9.0, released in August *2003*.

You've ignored GnuPG development for so long you're surprised by a
change introduced seventeen years ago.  That's on you.


excuse me, gpg-agent might have been introduced in 2003, but it was
optional. Until not long ago, it was still possible to decrypt file with
password, without having the agent.

Also, I would like to add, I am not protesting the existence of the
agent. I actually use it on my desktop/gui. I am protesting the fact,
that gpg can no longer be used without the agent.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

2020-06-28 Thread Fourhundred Thecat 

> On 2020-06-28 16:07, Werner Koch wrote:

On Fri, 26 Jun 2020 09:33, Fourhundred Thecat said:


How can I decrypt it without using gpg agent ?


You can't the agent is a cornerstone of gpg and is thus required.


I thought the agent is for manipulating the private key.

But why do I need the agent, when no secret key is involved? I simply
want to decrypt a password-encrypted file. What possible useful role
would agent play?

Seems to me that this is a terrible design, that gpg is basically
unusable without agent. Why should I need some monstrosity running as
daemon, when I just want to decrypt file?

I remember a time, when gpg was a simple, cleanly design utility that
worked.

Imagine the maintainers of ls decided, that ls will no longer work,
unless ls-daemon is running.

What happened to this project?


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

decrypt aes256 encrypted file without gpg-agent

2020-06-26 Thread Fourhundred Thecat 

Hello,

I have file encrypted with symmetric cipher (aes256) and not signed.

How can I decrypt it without using gpg agent ?

I get these errors:

$ gpg -d file.gpg
gpg: failed to start gpg agent
...
gpg: decryption failed: no secret key

as I said above, there is no secret key involved here. It is symmetric
and not signed.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

decrypt file in batch mode

2019-11-08 Thread Fourhundred Thecat 
Hello,

I have a file which has been encrypted with a symmetric cipher (using a
passphrase).

How can I decrypt this file in batch mode, without gpg-agent ?

$ gpg --lock-never --no-verbose --batch --yes -d zz.gpg

gpg: AES256 encrypted data
gpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory
gpg: can't connect to the agent: No such file or directory
gpg: problem with the agent: No agent running
gpg: encrypted with 1 passphrase
gpg: decryption failed: No secret key

Why does gpg look for secret key ?
This is symmetric encryption. What does it need secret key for ?

Any way to circumvent this ?

thanks,


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: encrypt file in batch mode

2019-11-04 Thread Fourhundred Thecat 
On 04/11/2019 17.12, Werner Koch wrote:
> On Mon,  4 Nov 2019 16:49, Fourhundred Thecat said:
>> Imagine the authors of "cat" or "ls" decided that these utilities no
>
> Separation of duties is an important part of the Unix philosophy.  Thus
> we use gpg-agent to handle the operations which require private keys and
> also for some minor things which benefit from being implemented in a
> daemon.

Excuse me, but taking a core system utility and making it dependent on a
daemon running at all times is not Unix philosophy.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: encrypt file in batch mode

2019-11-04 Thread Fourhundred Thecat 
On 04/11/2019 12.34, Werner Koch wrote:
> On Sun,  3 Nov 2019 08:31, Fourhundred Thecat said:
>
>> $ gpg --list-secret-keys
>> gpg: can't connect to the agent: No such file or directory
>> gpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory
>
> Your system is not properly installed.  It is missing the gpg-agent
> which is a mandatory part of GnuPG.  Except for some esoteric commands
> there is no way to use gpg without gpg-agent.  The gpg-agent is used for
> private keys as well as to provide a couple of other information like a
> useful iteration count for the S2K mechanism.

Yes, that is exactly the problem. Why should simple operations require
gpg agent ?

Imagine the authors of "cat" or "ls" decided that these utilities no
longer work without cat-agent or ls-agent.

What will be next? gpg will not work without gnome desktop ?






___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: encrypt file in batch mode

2019-11-03 Thread Fourhundred Thecat 
On 03/11/2019 07.52, Tony Lane via Gnupg-users wrote:
> On 11/3/19 1:24 AM, Fourhundred Thecat wrote:
>
>> But it makes no sense. This particular private key has no passphrase. So
>> shouldn't signing work in batch mode as well ?
> Are you sure? Try to --edit-key and select that key (not the cert key).
> Then passwd, for the empty passphrase. Don't forget to save.

I am sure the private key has no passphrase. Everything worked fine with
same private key on gpg 1.4.12

But now, I cannot even list keys from secring.gpg

$ gpg --list-secret-keys
gpg: can't connect to the agent: No such file or directory
gpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory

Same error when I try "--edit-key"

  failed to start agent '/usr/bin/gpg-agent': No such file or directory


The only thing that works is "gpg --list-packets secring.gpg"

$ gpg --list-packets secring.gpg | grep protect

I believe this shows that secret key is not password protected

If it was, it would have:
  protect count:
  protect IV:

>> Also, I still get an error when trustdb.gpg is not writable.
>> --lock-never
> Be careful with that option. The docs say this:
>> This option should be used only in very special environments
>> Improper usage of this option may lead to data and key corruption.
> Is there a chance that's what's happening here?

well, if trustdb.gpg is not writable, how could it lead to corruption.
That's the whole point. I want read-only access to trustdb.gpg, because
I don't want to make any changes.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: encrypt file in batch mode

2019-11-03 Thread Fourhundred Thecat 
On 02/11/2019 22.52, Brian C via Gnupg-users wrote:
> I can answer why the passphrase is needed: You are using the -s option
> which tells gpg to sign the file, which requires your private key.

You are right. It works when I remove "-s".

But it makes no sense. This particular private key has no passphrase. So
shouldn't signing work in batch mode as well ?

Also, I still get an error when trustdb.gpg is not writable.

I am specifically using "--no-auto-check-trustdb" and "--lock-never",
but these options do not seem to have any effect.

Here is full syntax I am using now:

gpg --no-auto-check-trustdb --lock-never --no-verbose --batch --yes
--pinentry-mode loopback -e -r u...@domain.com -o zz.gpg zz

The above works, if trustdb.gpg is writable. It fails if it is not:

gpg: Fatal: can't open '/var/lib/asterisk/.gnupg/trustdb.gpg': Operation
not permitted

Why does gpg need trustdb.gpg to be writable? I am not asking to change
any trust settings. I just need simply to encrypt file.

thanks,

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: encrypt file in batch mode

2019-11-02 Thread Fourhundred Thecat 
On 02/11/2019 16.51, Tony Lane via Gnupg-users wrote:
> On 11/2/19 10:35 AM, Fourhundred Thecat wrote:
>
>> how can I simply encrypt a file in "batch mode", ie in a script, without
>> user interaction, without need for the user to type password, without
>> gpg agent?
>
> gpg --batch --yes --passphrase="pw" --pinentry-mode loopback -o zz -esr 
> u...@domain.com zz.gpg

Unfortunately, this does not work. I get same error as before (pasted
below).

Also, what is the purpose of --passphrase="pw", when I want to encrypt
using public key ?


$ gpg --batch --yes --passphrase="pw" --pinentry-mode loopback -o zz.gpg
-esr u...@domain.com zz

gpg: starting migration from earlier GnuPG versions
gpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory
gpg: can't connect to the agent: No such file or directory
gpg: error: GnuPG agent unusable. Please check that a GnuPG agent can be
started.
gpg: migration aborted
gpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory
gpg: can't connect to the agent: No such file or directory
gpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory
gpg: can't connect to the agent: No such file or directory
gpg: keydb_search failed: No agent running
gpg: no default secret key: No agent running
gpg: zz: sign+encrypt failed: No agent running

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

encrypt file in batch mode

2019-11-02 Thread Fourhundred Thecat 
Hello,

how can I simply encrypt a file in "batch mode", ie in a script, without
user interaction, without need for the user to type password, without
gpg agent?

Below are the errors that I get when running:

$ gpg --lock-never -e -s -r u...@domain.com --output zz zz.gpg

What is the reason why simple operations should not be possible without
gpg-agent ?

gpg: starting migration from earlier GnuPG versions
gpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory
gpg: can't connect to the agent: No such file or directory
gpg: error: GnuPG agent unusable. Please check that a GnuPG agent can be
started.
gpg: migration aborted
gpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory
gpg: can't connect to the agent: No such file or directory
gpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory
gpg: can't connect to the agent: No such file or directory
gpg: keydb_search failed: No agent running
gpg: no default secret key: No agent running
gpg: gpg.conf.gpg: sign+encrypt failed: No agent running

my version: gpg (GnuPG) 2.2.12

thanks,


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg on read-only filesystem

2019-10-27 Thread Fourhundred Thecat 
On 22/10/2019 17.54, Friedhelm Waitzmann wrote:
> A solution for the verify use case: Just read the manual
> ()
> and use “--no-auto-check-trustdb”.

thanks, but using the "--no-auto-check-trustdb" does not help. I still
get the error:

$ gpg --verify --no-auto-check-trustdb file.sig
gpg: assuming signed data in 'file'
gpg: Signature made 2019-10-24T21:33:21 CEST
gpg:using RSA key 88B5AAEE121345AA
gpg: Fatal: can't open '/home/testuser/.gnupg/trustdb.gpg': Operation
not permitted


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpg on read-only filesystem

2019-10-20 Thread Fourhundred Thecat 
Hello,

how can I use gpg without agent ?
Also, how can I use gpg as root, when / is mounted read-only?

I understand the advantages of gpg agent, and I am happily using it as
user on my desktop.

But, on my remote server , I don't want to use any agent. I don't need
any program remembering my passwords, and I don't need any fancy
password prompts.

I just need basic function (decrypt .gpg file)

Also, I consider it good practice to have / mounted read-only, and I
don't understand why gpg would need to open trustdb.gpg in rw mode, when
using  simple operations such as gpg --verify.

gpg: Fatal: can't open '/root/.gnupg/trustdb.gpg': Operation not permitted

In older versions of gpg, it complained abut missing agent and readonly
filesystem, but it still worked.

Now on gpg 2.2.12 I am unable to use it even for the simplest operations.

In short, it seems to me very bad design decisions have been made, which
have rendered gpg basically unusable.

Has this been done intentionally? gpg is part of core infrastructure. It
should be simple and functional. Any fancy "features" should be
implemented as option, not forced.

How am I supposed to use gpg now ?

I would appreciate any feedback from this community.

Below are the errors I am getting.

# gpg --batch -d zz.gpg
gpg: failed to create temporary file
'/root/.gnupg/.#lk0x5608d3406ed0.buster64-dev.14763': Read-only file
system
gpg: keyblock resource '/root/.gnupg/pubring.kbx': Read-only file system
gpg: AES256 encrypted data
gpg: failed to create temporary file
'/root/.gnupg/.#lk0x5608d3407f60.buster64-dev.14763': Read-only file
system
gpg: can't connect to the agent: Read-only file system
gpg: problem with the agent: No agent running
gpg: encrypted with 1 passphrase
gpg: decryption failed: No secret key

thanks,

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg on read-only filesystem

2017-10-11 Thread Fourhundred Thecat 
> On 2017-10-10 15:48, Daniel Kahn Gillmor wrote:
>
>  You could try the following:
> 
> export GNUPGHOME=$(mktemp -d)
> gpg -d file.gpg
> rm -rf "$GNUPGHOME"

thank you, that works.

But it still starts the gpg-agent.

How can I use gpg without the agent ?

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gnupg on read-only filesystem

2017-10-10 Thread Fourhundred Thecat 
Hello,

I am using gnupg 2.1.18-6 on Debian Stretch.

My root partition (/) is mounted read-only and I cannot use gpg as root,
because gpg wants to start gpg-agent and write to /root/.gnupg/

ie:

  gpg -d file.gpg

  gpg: error creating keybox '/root/.gnupg/pubring.kbx': Read-only file
system
  gpg: keyblock resource '/root/.gnupg/pubring.kbx': Read-only file system
  gpg: can't connect to the agent: IPC connect call failed
  gpg: problem with the agent: No agent running
  gpg: decryption failed: No secret key

With gpg version 1, I could use --lock-never and --no-use-agent and it
worked on read-only filesystem.

How can I use gpg version 2 on read-only filesystem and without agent ?

thanks,

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users