Howto override "encrypt-to KEYHERE" in gpg.conf?
I have imported a new / additional primary key (0x2A5D250B1C9BE7D1) to my keyring. But my default-key in gpg.conf is not changed: $ egrep '^(default-key|encrypt-to) ' ~/.gnupg/gpg.conf default-key 040B8410C3F36C1E encrypt-to 040B8410C3F36C1E My goal is to run gpg commands that entirely ignore my default-key and encrypt-to key in ~/.gnupg/gpg.conf. Consider: $ echo hello |gpg2 --encrypt -v --default-key gn...@baz.com --recipient gn...@baz.com > /dev/null gpg: using subkey 0xAC725930854EA1D6 instead of primary key 0x040B8410C3F36C1E gpg: using pgp trust model gpg: using subkey 0x6EADCB57CF0962B3 instead of primary key 0x2A5D250B1C9BE7D1 gpg: automatically retrieved 'gn...@baz.com' via Local gpg: This key belongs to us gpg: reading from '[stdin]' gpg: writing to stdout gpg: RSA/AES256 encrypted for: "0x6EADCB57CF0962B3 Bob S Lorem " gpg: RSA/AES256 encrypted for: "0xAC725930854EA1D6 Robert S Lorem " $ [...] Now comment out this line: "encrypt-to 040B8410C3F36C1E" in gpg.conf: $ echo hi|gpg2 --encrypt -v --default-key gn...@baz.com --recipient gn...@baz.com > /dev/null gpg: using pgp trust model gpg: using subkey 0x6EADCB57CF0962B3 instead of primary key 0x2A5D250B1C9BE7D1 gpg: automatically retrieved 'gn...@baz.com' via Local gpg: This key belongs to us gpg: reading from '[stdin]' gpg: writing to stdout gpg: RSA/AES256 encrypted for: "0x6EADCB57CF0962B3 Bob S Lorem " $ How can I change the "echo hi ..." pipeline above and get the same results without editing ~/.gnupg/gpg.conf? -- thanks, Tom -- The primary private (secret) keys are saved offline, and not present in ~/.gnupg. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Why are my expiration dates different?
When I run the command: gpg --list-secret-keys /home/repo-owner/.gnupg/secring.gpg --- sec 2048R/X 2014-10-30 [expires: 2016-10-29] It shows the expiration date as: [expires: 2016-10-2. But then when I edit the key with: gpg --edit-key X gpg (GnuPG) 1.4.16; Copyright (C) 2013 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. pub 2048R/X created: 2014-10-30 expires: 2017-10-31 usage: SC trust: ultimate validity: ultimate sub 2048R/X created: 2014-10-30 expires: 2017-10-31 usage: E The keys show: expires: 2017-10-31 (which is what I expected). I had done to extend: # extend the expiration date on your key (Be sure to review sub keys). $ gpg --edit-key gpg> expire gpg> save # extend the expiration date on your sub key $ gpg --edit-key gpg> key gpg> expire gpg> save I just want to be safe that my key expiration was updated properly. Thank you in advance. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key Questions regarding expiration and backing up
> On 14 Oct 2016, at 19:11, g...@noffin.com wrote: >> >> Hi there - pretty new with GPG, but have been getting going with it >> without much issue. I'm just curious about a few best practices and so >> on. >> >> 1) Should you set an expiration on your secret key? Or do most people >> just >> secure it appropriately (with no expiration)? > > Secret keys don't have expiration dates, only public keys. Best practice > is to set an expiration date of a year or two in the future on the primary > key, and either the same or shorter on your subkeys (I use the same expiry > myself, for simplicity). > > The reason for this is that you may lose your secret material or forget > your password, and you don't want stale keys hanging around on the > internet forever with no indication that they are no longer usable. > >> 2) If you do have the secret key expire, and I have a backup of it (file >> format) - And for some reason I forget to extend it before expiration - >> can I still extend it? > > Yes. Just edit the public key and republish. The expiration date only > informs other people that their software should stop using the key - it > doesn't prevent you from doing anything. > > Andrew > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > So for clarification then: If there are no expiry dates on secret keys, what does this output mean then? #gpg --list-secret-keys sec 2048R/ 2014-10-30 [expires: 2017-10-31] And my next question is then... When I exported my secret key and moved it to another machine - why did the contents of the export to file change between the extension of the expiration date? (I exported before and after to test). Thanks in advance! ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Secret key Questions regarding expiration and backing up
Hi there - pretty new with GPG, but have been getting going with it without much issue. I'm just curious about a few best practices and so on. 1) Should you set an expiration on your secret key? Or do most people just secure it appropriately (with no expiration)? 2) If you do have the secret key expire, and I have a backup of it (file format) - And for some reason I forget to extend it before expiration - can I still extend it? I did a few tests exporting a secret key before and after extending the expiration date - and obviously the file contents changed. I just want to be sure that I have a good backup of it, however follow best practices. Thank you. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
how can I export secret key as .p12?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! (sorry if it is a repeated question but I can't find gpgsm for Win) How can I export my secret key as a .p12 file? (I'm working on Windows 7) Thanks! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkznzy0ACgkQoJCTUJhiBD8kswCgwqixu2LFeBMmMcOBN/krWG2W UssAoJJtpS2tLkvxoAN981hbTLNKG88a =gjAh -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Using single subkey for both signing and encryption?
Hi, I just have a basic question about subkeys. When I create an RSA subkey I only have the option to create one for signing or encryption, not both. Why is that? There's nothing different about the keys themselves, is there? Is there supposed to be some increased security to doing it this way? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Expired Subkey - How to extend expiry using GPG command line
Thanks a ton This worked like a charm I've updated my subkeys Regards Subu Charly Avital - [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote the following on 6/20/05 8:13 AM: Hi I have a key where the sub key has expired Is there a way to extend the validity of the *sub key* using GPG command line interface p.s. - As of now I am little hesitant to set up GPG shell etc - learn these and then do the sub key edit - so would prefer a straight sub - key editing Thanks in adv -- Subu gpg --edit-key [key ID] then Command key N where N is the subkey's index. e.g. if the subkey whose validity you want to extend is the first listed subkey, or if it is the only listed subkey, then the command would be Command key 1 this will put a * after the word sub, indicating that this particular subkey has been selected. then Command expire and follow the prompts. Hope this works for you, it works for me (Macintosh OS X 10.4.1) Charly -- http://www.fastmail.fm - Access your email from home and the web ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What happened to the Win32 version of gnupg
Or are you looking for v1.4.2? At the moment, there is only a release candidate of that version and AFAIK there will be no Win32 build of it until a final is released. Shouldn't be a big deal, v1.4.1 is just fine. I thought that there *is* a win 32 version of 1.4.2 somewhere Am I wrong ? Thanks Subu Mark Kirchner - [EMAIL PROTECTED] wrote: On Monday, June 13, 2005, 5:26:07 PM, Rogier wrote: I tried to install enigmail to thunderbird on my win2k PC, and found that a repurted Win32 version of gnupg was nowhere to be found. Hm, what about http://www.gnupg.org/(en)/download/index.html#auto-ref-1 or (from the above address) ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.1.exe Or are you looking for v1.4.2? At the moment, there is only a release candidate of that version and AFAIK there will be no Win32 build of it until a final is released. Shouldn't be a big deal, v1.4.1 is just fine. Regards, Mark Kirchner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
How to set word wrap in GPG ?
Hi I'm sorry if I am repeating this question I use Win XPP, Mozilla 1.7.8 , Enigmail, GPG 1.4.1 My Mozilla word Wrap is set to 72 characters How do I set word wrap in GPG , Enigmail ? TIA subu ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to set word wrap in GPG ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Thanks for the reply Patrick Brunschwig - [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: Hi I'm sorry if I am repeating this question I use Win XPP, Mozilla 1.7.8 , Enigmail, GPG 1.4.1 My Mozilla word Wrap is set to 72 characters How do I set word wrap in GPG , Enigmail ? You can't set any word wrapping in GPG or Enigmail. What's the problem with the 72 characters? Many a time I get bad signatures when I have long lines sticking out in the quoted text. This may just a coincidence, but I presently think otherwise. So I wish to be clear about the wrapping issue The way I look at it is ~~~ Step 1 - The message is signed as is (without wrapping), by enigmail + GPG Step 2 - then My Mozilla mailer wraps it - at 72 chars (or whatever ..) which means some spaces may be added / words may be broken etc - - and if steps 1 and 2 are sequential there is a chance that I'll get bad sigs on my posts Thanks Subu -Patrick -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: key : http://www.geocities.com/mail_to_subu/pubkey.txt Comment: key : http://maniams2.tripod.com/Sign/pubkey.txt Comment: fingerprint 174E F2B0 C7D2 5AED 0FEC EE1D 686C D1C8 0BE4 6FA2 iD8DBQFCo0SdaGzRyAvkb6IRAjwUAKCBD12HLHrWLxq53P7ef/AR93FzTwCfbM2Z 2qL5I+HF+PEUSDSQcTCZ0vM= =3+EP -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Two Request ~~ Can some one give me the correct entry I should place in my config file for the best key-server Can I have an option that practically helps me to search thru several key servers .. i.e. search the second (specified keyserver) if the first (specified keyserver) did not have the key, use the third (keyserver ..) if the second did not have the key and so on TIA Subu Dan Mundy - [EMAIL PROTECTED] wrote: The fastest and most reliable keyserver I have come across is this: website usage - http://pgpkeys.pca.dfn.de/ gpg --keyserver usage - hkp://pgpkeys.pca.dfn.de/ These keyservers synchronize very often (i.e. instantaneously) with other keyservers. The website also looks very cool =P. So these would be my choice. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: key : http://www.geocities.com/mail_to_subu/pubkey.txt Comment: key : http://maniams2.tripod.com/Sign/pubkey.txt Comment: fingerprint 174E F2B0 C7D2 5AED 0FEC EE1D 686C D1C8 0BE4 6FA2 iD8DBQFCoF6qaGzRyAvkb6IRAqmNAKCMvYL7OSgniZFuijtKcxHtzxwVcACdFjPC vNFgOB6jrlRvziZN3N6YhwY= =Q0Tj -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: IBM to Provide Security w/o Sacrificing Privacy Using Hash
Hi Alex Thanks for your good, informative reply I'll try and catch up with the recommended reading Subu Alex Mauer - [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: I thought that two *non* identical names - as in case below will *not* create the same hash If it will, what is the probability ? The probability of this happening is extremely low. For a 128-bit hash, such as md5, the probability is 1 in 2^128 (1 in 340,282,366,920,938,463,463,374,607,431,768,211,456) For a 160-bit hash, such as sha-1 which PGP uses, the probability is 1 in 2^160, 1 in 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976). [.] ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: KMail and smartcard - what is a stub secret key ?
Hi I'm new here Sorry to butt in For gpg it makes no difference whether the key is on the disk or on the card. This is because we create a stub- secret key for every card key. gpg -K will show you the serial number of the cards associated with that secret key. what is a stub secret key ? I thought that If I keep my keyring on a USB drive, there would be *no trace of it* on the Hard Disk Somehow your answer seems to imply that the Hard Disk has some info about keys on other drives TIA Subu Werner Koch - [EMAIL PROTECTED] wrote: On Tue, 24 May 2005 06:41:24 +0200, Chris said: How can I use the smartcard in KMail? I cannot choose its keys in the Identity management. Does gpg -K list your key? This is what Kmail displays. You are using a decent Kmail (with all the crypto tabs in the configuration dialog and the requirement for gpg-agent)? Using a key from the harddrive does work without problems. For gpg it makes no difference whether the key is on the disk or on the card. This is because we create a stub- secret key for every card key. gpg -K will show you the serial number of the cards associated with that secret key. If you generated the card key on another machine, please run gpg --card-status once on the new machine to create such a stub key. Shalom-Salam, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Newbie question : GPgee and GPGshell etc..
Hi I visited the Win PT link from gnupg.org site. This link http://www.stud.uni-hannover.de/~twoaday/winpt.html has the following 1. http://www.stud.uni-hannover.de/~twoaday/sipfone-exe.zip - Windows binary 2. http://www.equipmente.de/gnupt-int.exe - graphicall installer which seems to have additional stuff + WinPt, but an older version of WinPT 3. and other links ... Now my question --- - which is the most stable release of WinPT (pl. note I am a newbie) ? - Is it preferable I have the latest release (i.e.) with all loophole plugged http://www.stud.uni-hannover.de/~twoaday/winpt-0.9.92-exe.zip or have the latest stable version which might be something else TIA Kurt Fitzner - [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: which one of these - GPGshell - WinPT - GPGee is better for a starter with GPG First of all, let's get some definitions down because it can become confusing. WinPT is both an application and a group of tools. The application, Windows Privacy Tray, sits in the Windows task tray and gives you a GnuPG interface from there. The group of tools is the tray application bundled along with GnuPG itself. This distinction will become important later... for now, though, when I say WinPT I mean the tray application, not the group of tools. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users