Re: one key/pair for multiple email accounts

[eMyListsDDg]

Hello MFPA,

Tuesday, July 8, 2014, 3:27:49 PM, you wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512

> Hi


> On Monday 7 July 2014 at 10:49:23 PM, in
> , eMyListsDDg wrote:


>> i have mulitple email accounts and in the past had
>> generated a key/pair for each, each with its own unique
>> passphrase. i'm rethinking that approach.

>> curious how other uses in this situation manage their
>> gnupg?

> I use multiple email addresses and frequently change some of them. I
> have included no "real" name or valid email address in my key's
> user-id: the way I use email addresses would otherwise require
> multiple keys and/or an accumulation of redundant UIDs (if the keys
> were on keyservers - otherwise I could just delete the redundant
> UIDs).

> Also, I happen to believe that:-
>  (1) knowing an email address or a (sufficiently unique) name should
>  enable somebody to find a key to use for encryption.
>  (2) access to a public key should not of itself compromise the
>  privacy of the key "owner" by leaking additional personal data
>  about said "owner."

> My current solution achieves (2) nut not (1).

> There are two down sides to this approach. Firstly, the lack of email
> address makes it harder for other people to use my key. Secondly, if I
> wanted to participate in the web of trust, the lack of "real" name
> would make it difficult.


good points. thanks for the insight. i see some tweaks i'll incorporate.



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: one key/pair for multiple email accounts

[eMyListsDDg]

@Kristian
@TheFuzzyWhirlpoolThunderstorm
@Micha

appreciate all the replies. all good insights. i've got a better picture in my 
head of how to manage my keys now. 



> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512

> On 07/08/2014 11:15 AM, The Fuzzy Whirlpool Thunderstorm wrote:
>> On Tue, Jul 08, 2014 at 10:54:18AM +0200, Kristian Fiskerstrand
>> wrote:
>>> Wouldn't necessarily be to _hide_ anything either. I tend to use
>>> it as a role-based approach, e.g. I have an own key for my work
>>> address (that is barely used at all, but it _is_ available). The
>>> primary reason for this is that I have that key located on the
>>> company computer which is under the control of the IT department,
>>> not me, so wouldn't want to use my own personal keys for that.
>> There is no limitation of how many keys can be associated with a
>> single mail address. You may generate one key for each computer you
>> are using and tell your contacts to encrypt the messages with a
>> specified key.

> If you are talking about subkeys here, that works nicely for signing
> keys, not so much for multiple encryption subkeys.


>> For example, on a private subject - you may use the key stored on
>> your private computer, so that the sender will ensure that you read
>> the encrypted message on your private pc not on your public
>> system.

>> If privacy isn't absolutely needed, you may use the key stored on
>> your public system managed by another administrator. Your key is
>> safe, as long as you protect it with an uncrackable passphrase. The
>> system administrator may gain access to your private key file, but 
>> not to your private key usage right.


> What is to stop them from installing a keylogger if they wanted to?

>> One last thing to remember: if you don't trust the system, don't
>> store any private key on it. That's a bit paranoid, but it's better
>> to be safe than to trust and regret later.

> Thats not paranoid, that is good security management.





-- 
Bill
Key fingerprint = DB4D 251B FE8A BDCD 2BE4  E889 13F1 78D0 A386 B32B


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

one key/pair for multiple email accounts

[eMyListsDDg]

in practice, do users of gnupg find that having multiple email account id's 
added to one key/pair using that key/pair to sign and/or encrypt emails & files 
more efficient to manage?

i have mulitple email accounts and in the past had generated a key/pair for 
each, each with its own unique passphrase. i'm rethinking that approach.

curious how other uses in this situation manage their gnupg?



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: howto revoke a key that has no secret key

[eMyListsDDg]

> Am Di 01.07.2014, 09:29:57 schrieb eMyListsDDg:
>> somehow i managed to send a key id to a key server that has no
>> secret-key. so i would like to remove it.

>> gpg --output keyrevoke.asc  --gen-revoke 0x

>> doesn't work since there is no secret key.

>> at a loss as to how to remove/revoke this key

> Your question is unclear (at least to me).

> 1) You cannot remove a certificate from a keyserver. Not even with the
> private key.

> 2) You can delete a key from your keyring but without the private 
> mainkey you cannot revoke the key. Guess what the consequences would be
> if everyone (i.e. those without the private key) could revoke a key...

i found my error and the priv key. i had created this pair on a linux vm some 
time ago and had forgotten that. back then when i exported it and imported into 
a win machine something didn't quite take. i'm in the process of updating the 
db, and getting things in sync.

appreciate your reply and help


-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: howto revoke a key that has no secret key

[eMyListsDDg]

> Am Di 01.07.2014, 09:29:57 schrieb eMyListsDDg:
>> somehow i managed to send a key id to a key server that has no
>> secret-key. so i would like to remove it.

>> gpg --output keyrevoke.asc  --gen-revoke 0x

>> doesn't work since there is no secret key.

>> at a loss as to how to remove/revoke this key

> Your question is unclear (at least to me).

> 1) You cannot remove a certificate from a keyserver. Not even with the
> private key.


> 2) You can delete a key from your keyring but without the private 
> mainkey you cannot revoke the key. Guess what the consequences would be
> if everyone (i.e. those without the private key) could revoke a key...

well i managed to create a pub key without a priv key. that is, it only has a 
pub part. thats what gpa key manager is telling me.

so i thought i would remove it and recreate a new key pair for that email addr.

if you or someone can tell me how i can create a priv key for that email 
address that i created with only a pub key? i don't know how i did that with 
the gpa key manager.

hope that clarifies it a bit





-- 
Bill
Key fingerprint = DB4D 251B FE8A BDCD 2BE4  E889 13F1 78D0 A386 B32B


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

howto revoke a key that has no secret key

[eMyListsDDg]

somehow i managed to send a key id to a key server that has no secret-key. so i 
would like to remove it.

gpg --output keyrevoke.asc  --gen-revoke 0x 

doesn't work since there is no secret key.

at a loss as to how to remove/revoke this key


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

"this key has only a public part"

[eMyListsDDg]

Hello Gnupg-users,

i used gpg4win 2.0.20 gpa 0.9.4 to create a key pair for one of my email accnts.

only it says under tech details, "this key has only a public part". 

i tested an email, it was encrypted but i can't decrypt it.  i thought it would 
auto create the key pairs pub/priv ?

can i fix this?


-- 
Bill
Key fingerprint = DB4D 251B FE8A BDCD 2BE4  E889 13F1 78D0 A386 B32B


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: not recognizing my passphrase after moving from XP to Win7

[eMyListsDDg]

Hello Henry & Johan,

appreciate your advice. and a lot of information you took the time to write. 

i think i mentioned i found the error, more or less my own eyes and the size of 
the text in my pw database. one char off resembling another. i doubt i would 
have found that error if not for your help.

i exported everything and imported my keys to one of my linuxmint vm's, and 
will begin soon to using thunderbird for all email. 

thanks again for all the help!

wb










Thursday, July 11, 2013, 9:14:03 AM, you wrote:

> On 07/08/2013 03:42 AM, eMyListsDDg wrote:
>> Hello Henry,

>> i copied the 32-bit XP gnupg dir contents to this dir on Win 7-64bit

>> from:C:\Documents and Settings\\Application Data\gnupg

>> to:  C:\Users\\AppData\Roaming\gnupg\


> That is the correct folder.  I have no idea on what Windows
> 7 does with the Documents and Settings folder but I created
> dummy keys and then replaced everything in that folder
> except for the random_seed file (created when I createdd
> the dummy keys) on Windows 7 for the administrative user
> and me (yes, two accounts per each Windows 7 system).
> They work.  I can create symmetric enciphered files,
> public key enciphered files, and detached signatures files
> and decipher, decipher, and verify respectively.

>> there is a sub-dir C:\Documents and Settings\\Application 
>> Data\gnupg\private-keys-v1.d 
>> that is empty. did i miss getting my priv keys copied over? 

> NO, but as Peter said you may have been better off NOT copying
> the random_seed file even though I do change mine with hexedit
> But for someone to say that I am simply not random they have
> never saw my sleeping hours, trips to the store, etc.  I am
> as about as random as you can get.  For somebody to say that
> human beings are simply not random assumes the idea that all
> human beings are alike which I can tell you is not true.  I
> can attest to that as both a Psychologist and giving testimony
> in a court of law and can tell you that none of the witnesses
> experienced the exact same event in the same way.  Humans simply
> do NOT see or experience the same event the same way.  Yet we
> all assume that is the case.  I can also back that statement up
> with my Psychology degree and years of experience with
> experiments in perception and learning theory.  I can remember
> that episode of MASH where the Ferret experienced events one way
> and Hawkeye a completely different way.  Believe it or not
> that is the norm, not the exception.  I can assure you I have
> NO plan of what gets replaced in a random_seed file and I
> certainly don't make the mistake of making sure I don't
> replace a nibble with the very same thing. The replacements
> are all over the file with no plans of how to move.  It is
> pure serendipity.  The files may or may not get the same
> changes but so far a hexcmp always gives me the first byte
> that is different and it is never the same.  It is just as
> random as any RNG.  Normally I use hexedit with two or more
> malware that have the same size in a given time period.  I
> have much more trust in hexcmp than even sha256sum to test
> whether two files are the same or not.

> There will be more on this in a separate post and it will
> delve into even Physics of the large (galaxies) and the
> small.  But the big point was GNUPG DID NOT CREATE A
> random_seed FILE FOR ME ON WINDOWS SEVERAL YEARS BACK.
> What is it using when it isn't there.

> Since you are using the keys in only one place, e.g., you are
> moving from Windows XP to Windows 7 permanently then there
> may not be an issue with just copying random_seed.  I wouldn't
> know.  My work-around below may make that a moot point anyway.

>> nope, do not use Outlook. i use "TheBat! v5.1.6.2" on my windows machine, 
>> have for years. 

>> i thought too, as you did, maybe the mailer program was the issue. but i went
>> to commandline, encrypted a small test text file with my email key. that 
>> succeeded.
>> but couldn't decrypt it. returns invalid key. no matter i typed in key or 
>> pasted
> from my main password database app.

> Somebody else just had an issue this way.  Resign all of YOUR
> keys with the highest level of trust and see if that helps.
> Yeah, I know.  It sounds dumb but there is a slim chance it
> will work.  But if you cannot edit your keys because it does
> not accept your pass-phrase I would say you are hosed and will
> need to export everything that is yours (public, private and
> trust) from Windows XP and then import them on Windows 7.
> Note that I said you will almost HAVE to do that anyway if
> your Windows XP is 32 bit and Windows 7 is  64 bit.  In that
> case don't 

Re: not recognizing my passphrase after moving from XP to Win7

[eMyListsDDg]

Hello Henry,



> On 07/07/2013 03:10 AM, eMyListsDDg wrote:
>> now i'm finding out after moving from XP to Win7 that i can't
>> edit my keys or decrypt email test messages. 

>> the passphrases to decrypt i have aren't working from command
>> line or my email app.

>> during migration i copied all the files from
>> \\gnupg dir on XP to my new machine.

> Where do you put them on Windows 7?  It is hard to see where
> they are at for me but I just did a dummy key create on
> Windows 7 and then copied all of my keys sans the
> random_seed file over the newly created files  I cannot see
> it right now on Linux due to all of the shortcuts not showing
> up the same way with NTFS mounted RO on Linux.
> You didn't say what email program you are using so I assume
> Outlook which may or may not make a difference.

i copied the 32-bit XP gnupg dir contents to this dir on Win 7-64bit

from:C:\Documents and Settings\\Application Data\gnupg

to:  C:\Users\\AppData\Roaming\gnupg\


there is a sub-dir C:\Documents and Settings\\Application 
Data\gnupg\private-keys-v1.d  that is empty. did i miss getting my priv keys 
copied over? 

nope, do not use Outlook. i use "TheBat! v5.1.6.2" on my windows machine, have 
for years. 

i thought too, as you did, maybe the mailer program was the issue. but i went 
to commandline, encrypted a small test text file with my email key. that 
succeeded. but couldn't decrypt it. returns invalid key. no matter i typed in 
key or pasted from my main password database app. 



>> is there command line opt for gpg2 to run to sync my key
>> ring or am out of luck after moving to new machine and have
>> to create new key pairs?

> I don't have extensive testing but I copied my keys from 32 bit
> Ubuntu to 32 bit OpenSuSE and Windows XP.  I just changed the
> XP to Windows 7 but I am using 32 bit Windows 7.  I did the same
> there but I do modify the random_seed file with hexedit for
> each key-ring which some people object to.  From my point of
> view that is far better than just having each key-ring having
> the same random_seed file.  But for Windows 7 I just left the
> newly created random_seed file in place but copied over all
> the other files.  I have two systems with Windows 7 32 bit on
> both of them (should have gone with 64 bit - no such thing
> as PAE on Windows).

> I don't think you can just copy for Windows XP 32 bit to
> Windows 7 64 bit.  Is that what you have?  If it is what you
> have you may need to do a export / import.  I can say I have
> had no problems with my Windows 7 32 bit but I only ran one
> test which was to verify a file with a detached signature
> file.  I can do the following but I don't read email AT ALL
> on Windows (I get lots of malware in my email - the wannabee
> hackers think they can catch me off guard):

either i changed the password and forgot to update my password database or, as 
you mentioned, copying from 32-bit XP to 64-bit win is likely the issues.

i'm scanning my backup synology host to see if i have the saved old xp dir's 
and (maybe?) i can do an import of them.  otherwise i'll just consider this a 
bust and recreate new key/pairs.

now that you mentioned it, as i have a few linux vm's running i could start 
using for email. a few of those vm's have gpg & mail client support already.


**edit update:

after copying and importing keys to one of my linux vm's and trying numerous 
times to decrypt a simple text file. i found my error. 
it was user error as one char that i thought was a certain char wasn't. an 
alpha char looked like a char i was typing and it was a numerical char. gee, 
toss these older eyes of mine away!! 

if you hadn't helped with your suggestions i doubt i would have found this 
error. the other reply was about my keyboard. turns out, user error typo. text 
really small in my password database .. i'll change that!

appreciate your help!



> 1. Encipher a file with my public key on Linux and decipher
>it on Windows.

> 2. Symmetrically encipher a file with the TWORISH cipher on
>Linux and decipher it on Windows.

> 3. Do the same as the previous two but do the ciphering on
>Windows and deciphering on Linux.

> Let me know if it would help to do that (a personal message
> would be fine).  After that I could stand by for some tests
> using email by enciphering, signing and both.

that may help and appreciate the offer. let me see if i can find the old backed 
up dir and see if gnupg will import that

> HHH


> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



-- 
Bill
Key fingerprint = DB4D 251B FE8A BDCD 2BE4  E889 13F1 78D0 A386 B32B


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: not recognizing my passphrase after moving from XP to Win7

[eMyListsDDg]

Hello Johan,

i checked that. chars are typing correctly. i keep all passwords in a password 
database. i copied/pasted & typed what i thought should be the correct 
passphrase. gpg2 returns "invalid". 

keyboard is a new microsoft sidewinder x4 but chars/keys are mapping fine with 
it.


appreciate your help and insight



> On 7-7-2013 5:10, eMyListsDDg wrote:

>> now i'm finding out after moving from XP to Win7 that i can't edit my keys 
>> or decrypt email test messages. 

> Perhaps you accidentily changed the keyboard layout? Non-US versions of
> windows activate those pesky "dead keys" by default. Even Ubuntu seems
> to do that now :-(

> If your password contains chars like " ' ~ ets. you may have this problem.




-- 
Bill
Key fingerprint = DB4D 251B FE8A BDCD 2BE4  E889 13F1 78D0 A386 B32B


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

not recognizing my passphrase after moving from XP to Win7

[eMyListsDDg]

now i'm finding out after moving from XP to Win7 that i can't edit my keys or 
decrypt email test messages. 

the passphrases to decrypt i have aren't working from command line or my email 
app.

during migration i copied all the files from \\gnupg dir on XP to 
my new machine.

is there command line opt for gpg2 to run to sync my key ring or am out of luck 
after moving to new machine and have to create new key pairs?



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

getting gnupg keys from old computer to new

[eMyListsDDg]

i used the wingnupg to install gnupg on a notebook i'm retiring. i mainly used 
the app and keys for my email client, "thebat".


i've installed gnupg on the new notebook, how do i get the keys from the old 
computer into gnupg on the new computer?

tia








___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: libkleo.dll can't load within TheBat! or be registered

[eMyListsDDg]

Hello MFPA,


yep, that path to the .exe file.

i'll post on TB forum.

thx


> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512

> Hi


> On Monday 16 August 2010 at 9:08:12 AM, in
> , Werner Koch wrote:


>> Please check the source code to see what is going
>> wrong.

>> Ooops - No source code? - Then please ask the makers of
>> The Bat.

> You could also try asking on The Bat! User Discussion List, in case
> anybody else has issues when they select "OpenPGP Key Manager" from
> the menu. FWIW, TB! manages to open GPGshell's key manager for me
> without issue. (I'm guessing you have double-checked the "path to
> GnuPG external key manager" is set correctly in TB! at
> Options | OpenPGP | OpenPGP Preferences | Files tab.)




-- 
Bill
Key fingerprint = DB4D 251B FE8A BDCD 2BE4  E889 13F1 78D0 A386 B32B


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

libkleo.dll can't load within TheBat! or be registered

[eMyListsDDg]

i use TheBat! for my email client. and Gpg4win ver 2.0.3.

gpg4win seems to work fine except when trying to load up kleopatra.exe from 
within TheBat! 

///[error msg]/
kleopatra.exe - Unable to Locate Component

this application has failed to start because libkleo.dll was not found. 
Re-installing the application may fix this problem


and ...

///[error msg]/
RegSvr32 libkleo.dll

returns, libkleo.dll was loaded, but the DllRegisterServer entry point was not 
found

This file can not be registered



what, the libkleo.dll is not a .dll or .ocx file  ??



  

-- 
Key fingerprint = DB4D 251B FE8A BDCD 2BE4  E889 13F1 78D0 A386 B32B


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: upgrading from 1.4.7 to 2.0.14

[eMyListsDDg]

should we uninstall 1.4.7 prior to upgrading to 2.0.xx or does the 
win-installer take care of that.

thanks


> On Fri, 28 May 2010 13:18, matthew...@aol.com said:

>>  I would like to know where one can get gpg 2.0.14 complied for windows?

>   http://www.gpg4win.org

> Please wait until Sunday - I am currently preparing a new release.  The
> included GnuPG version is 2.0.14 with a couple of fixes to make it close
> to 2.0.15.


> Shalom-Salam,
>Werner



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: upgrading from 1.4.7 to 2.0.14

[eMyListsDDg]

thanks for the reply. i'll install and give it a try ...



> -BEGIN PGP SIGNED MESSAGE-
> Hash: RIPEMD160

> Hi,

>> i have gnuPG 1.4.7 currently installed on windows xp
>> i want to install gnuPG 2.0.14
>> question: will there be any compatibility issues with my current keys, etc? 

> None that I know of. I had no troubles to use and edit old and new keys.

> Olav
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2.0.14 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

> iQGcBAEBAwAGBQJL/0+fAAoJEKGX32tq4e9WMFUL+wZfl9tp2p2i9U81pz3w1rE3
> UznqXAfa1MLmh7RaL1P7Ln9Emh1uo+DwNlldvDfMGINriGCWiAsi4YBma2nQDxFQ
> ChGbBHWecpd6Imjmpet/rwqtPvsXcmPbHMbYQvZIGB2F2jPoSG3/CPGgdVYDU14Y
> Xk2CxibzJ46WoWG1jpHjkVySj2vG8S+Ix1IhcuMzvxscqr8t3RG+r9KvrFLy6cWa
> PQTYpVOpGxbY1QZ0G6AwhMs7l2D+vnRZkI0aclbNLCSY8+jbnrPY/h7DEOdPfCCS
> IOu7c1uS35Ekjwz5m4ujp/U8BQvOeMO2ekpP48HmPqKYj589RPPsa6nm/pj6ZlUc
> OPcb2cTrsjWjzwIbUSvHqpatqwFSwYcTMbM0F6GgnH1AYB66Rr25HpiEfDO+ygMc
> EOCeO/rYQMIUBqI0dnRH721bjb0uNTwvc479csVnK1ToTCuusTxJfeLb32uPiqEI
> USBB+NdNUoww3XaqiuFxoucej1iPwPfj1PGhCTa5Wg==
> =QDV5
> -END PGP SIGNATURE-





___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: upgrading from 1.4.7 to 2.0.14

[eMyListsDDg]

that i did not realize Charly, thank you for bringing that to my attention


> Olav Seyfarth wrote the following on 5/28/10 1:07 AM:
>> Hi,

>>> i have gnuPG 1.4.7 currently installed on windows xp
>>> i want to install gnuPG 2.0.14
>>> question: will there be any compatibility issues with my current keys, etc?

>> None that I know of. I had no troubles to use and edit old and new keys.

>> Olav


> No problems with the keys per se, but I am referring here to the 'etc?'
> in your question.

> GnuPG 2.0.14 will require the configuration and use of gpg-agent, that
> will cache (without writing it to disk) the passphrase of your secret key.

> Thus, for the value you'll set to gpg-agent's cache, you will not have
> to type your passphrase, after you have typed it once for decrypting,
> and once for signing.
> 
> and others.

> Charly






___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

upgrading from 1.4.7 to 2.0.14

[eMyListsDDg]

i have gnuPG 1.4.7 currently installed on windows xp

i want to install gnuPG 2.0.14


question: will there be any compatibility issues with my current keys, etc? 
  

-- 
Best regards,


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users