Re: decrypt aes256 encrypted file without gpg-agent

[Ralph Seichter via Gnupg-users]

* Fourhundred Thecat:

> Looks like you have no real arguments, and keep repeating same stuff
> all over again.

*You* accusing *me* of not having real arguments is just precious. :-)

> I see no benefit for anybody in continuing this discussion.

At last, we can agree on something.

-Ralph

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Fourhundred Thecat]

> On 2020-06-30 13:27, Ralph Seichter via Gnupg-users wrote:

* Fourhundred Thecat:


Show us a body of your work which proves you have the necessary
skills to critique the GnuPG authors' work. Until you do, your
"judgment" is moot.


An idea should be considered on its own merit.


What "idea" would that be, exactly?


You should counter my criticism with facts, instead of attacking me
personally.


I am not attacking you. Read what I wrote in this thread. I just doubt
that you have enough knowledge about the motivation behind and the inner
workings of GnuPG to offer your "critique" (which I consider personal
dislike for certain behaviour) until you convince me otherwise.

Based on what you wrote so far, you are just some random person behind a
pseudonym. What are your credentials in this field? What qualification
do you have that would enable you to call the work of other people "bad
design" with actual justification? Have you designed and maintained
software on the scale of GnuPG, for decades, with a worldwide user base,
dealing with security, usability and compatibility issues, having to
find some compromise between the various aspects?


You can either reply with counterargument, or ignore my messages in
this thread.


You can either tell people why your opinion should matter, or live with
being called out for not doing so.


We are moving in circles. Looks like you have no real arguments, and
keep repeating same stuff all over again.

I see no benefit for anybody in continuing this discussion.

But thanks to everybody who participated. It helped me to get an idea
about this community.

Cheers,

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Dmitry Alexandrov]

Fourhundred Thecat <400the...@gmx.ch> wrote:
> In fact, gpg epitomizes a perfect anti-UNIX design. (See Eric S. Raymond for 
> details, what UNIX philosophy means)

> I believe this project is going in the wrong direction, and bad design 
> decisions are being made.

Was not it you who have just complained about introduction of gpg-agent, that 
is about switching from a solid rock tool to a set of independent programs that 
are communicating via textual streams — in other words, about GPGv2 be much 
more UNIX-wayish that GPGv1?

> There are more examples of bad design.

> For instance, even for basic operations (encrypt, decrypt) ‹…› gpg still 
> requires my ~/.gnupg/ to be writable (cannot me on read-only filesystem)

Heh.  Use of files as a temporal storage medium or just unique entities for 
anything from sockets to boolean flags, and therefore a need for writable FS to 
store them, is a hallmark of UNIX-way design.

You might believe that UNIX-way design is a bad design, of course, and that GPG 
should have joined the trend of moving _away_ from it before it had became a 
mainstream (cf. systemd, Wayland, etc); but saying ‘UNIX’ to mean ‘cool’ looks 
funny as hell.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Robert J. Hansen]

> I am basing my judgment on universal principles, that apply not only to
> gpg or other software, but design of any systems in general.

There is no such universal playbook.  It simply does not exist.

In his book _Lila_ the philosopher Robert M. Pirsig wrote that morality
is not a set of universal principles, so much as it is what emerges from
the interplay of conflicting principles that are at odds with each other.

You can say the same about software engineering.  There are no universal
principles, only rules of thumb that are often at odds with each other.

Learn about GnuPG's design and why it is the way it is, _then_ judge it.
 To loftily decree there exist universal principles and thus you don't
need to learn the specifics before judging is little different from the
judge who decrees that murder is illegal and so doesn't need to learn
whether the accused was acting in self-defense.

> Imagine what a mess it would be, if you tried to design a car where the
> engine can be replaced while you are driving. I have no experience
> designing cars, but that does not prevent me from seeing this would be
> bad design specification.

I'm an amateur auto racer, and this sounds like an *awesome* idea.  In
virtually all races pit crews are required to not touch the car until
it's stopped moving, entirely for safety reasons: when there's a
thousand-kilo piece of metal in motion, it's wise to require people to
stay clear of it.  If you could figure out a way to make it safe to make
changes to a car in motion, you'd have every NASCAR and SCCA team
beating a path to your door.

Your "universal principles", well -- aren't.



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Dmitry Alexandrov]

Fourhundred Thecat <400the...@gmx.ch> wrote:
> In case of gpg, there is one mode where you generate your key pair, change 
> configuration files, or any other read-write operation.
>
> But for general usage, there is no reason for the key pair to need to be 
> writable.

Sure.  So there is none:

$ chmod a-w $GNUPGHOME/pubring.kbx $GNUPGHOME/private-keys-v1.d/*
$ echo foo | gpg -qe --default-recipient-self | gpg -qd
foo


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Johan Wevers]

On 30-06-2020 12:10, Werner Koch via Gnupg-users wrote:

>> Do not break backwards compatibility if you want all people to upgrade.
> 
> Do not update so that the bad guys can exploit your legacy software ;-)
> 
> There are well documented reasons what we don't support MDC and PGP3
> keys anymore - it was complex to support and virtually impossible to
> make sure that the message has not been tampered with.

Not supporting encryption anymore I can understand, but by removing
decryption ability which makes old mail archives unusable you can't
realistically expect people to abandon 1.4 completely.

Complex, nah, you can always put the v3 key code in a separate set of
functions that are called when a v3 header is detected. Maybe not the
cleanest design but for code that is probably not going to see any
changes it would work.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Ralph Seichter via Gnupg-users]

* Fourhundred Thecat:

>> Show us a body of your work which proves you have the necessary
>> skills to critique the GnuPG authors' work. Until you do, your
>> "judgment" is moot.
>
> An idea should be considered on its own merit.

What "idea" would that be, exactly?

> You should counter my criticism with facts, instead of attacking me
> personally.

I am not attacking you. Read what I wrote in this thread. I just doubt
that you have enough knowledge about the motivation behind and the inner
workings of GnuPG to offer your "critique" (which I consider personal
dislike for certain behaviour) until you convince me otherwise.

Based on what you wrote so far, you are just some random person behind a
pseudonym. What are your credentials in this field? What qualification
do you have that would enable you to call the work of other people "bad
design" with actual justification? Have you designed and maintained
software on the scale of GnuPG, for decades, with a worldwide user base,
dealing with security, usability and compatibility issues, having to
find some compromise between the various aspects?

> You can either reply with counterargument, or ignore my messages in
> this thread.

You can either tell people why your opinion should matter, or live with
being called out for not doing so.

-Ralph

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Fourhundred Thecat]

> On 2020-06-30 12:26, Ralph Seichter via Gnupg-users wrote:

* Fourhundred Thecat:


I am basing my judgment on universal principles, that apply not only
to gpg or other software, but design of any systems in general.


Universal principles, oh my. In other words, you don't know nearly
enough about the finer points of GnuPG design goals, don't know much
about the challenges of evolutionary software design, and thus don't
know too well what you are talking about, universally speaking.

Show us a body of your work which proves you have the necessary skills
to critique the GnuPG authors' work. Until you do, your "judgment" is
moot.


An idea should be considered on its own merit. You should counter my
criticism with facts, instead of attacking me personally.

I stand behind my statement, that it is a sign of bad design, when gpg
does not work on a read-only filesystem.

You can either reply with counterargument, or ignore my messages in this
thread.

Cheers,


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Ralph Seichter via Gnupg-users]

* Fourhundred Thecat:

> I am basing my judgment on universal principles, that apply not only
> to gpg or other software, but design of any systems in general.

Universal principles, oh my. In other words, you don't know nearly
enough about the finer points of GnuPG design goals, don't know much
about the challenges of evolutionary software design, and thus don't
know too well what you are talking about, universally speaking.

Show us a body of your work which proves you have the necessary skills
to critique the GnuPG authors' work. Until you do, your "judgment" is
moot.

> Take a car, as an analogy: [...]

Unrelated nonsense. Was that really the best you could come up with?

-Ralph

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Werner Koch via Gnupg-users]

On Tue, 30 Jun 2020 00:55, Johan Wevers said:

>> Do not use 1.4 unless you have to decrypt old non-MDC protected data or
>> data encrypted to a legacy v3 key.
>
> Do not break backwards compatibility if you want all people to upgrade.

Do not update so that the bad guys can exploit your legacy software ;-)

There are well documented reasons what we don't support MDC and PGP3
keys anymore - it was complex to support and virtually impossible to
make sure that the message has not been tampered with.  See the
discussion around EFFail of MUAs using gpg in a brittle and insecure
way.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Fourhundred Thecat]

> On 2020-06-30 08:55, Ralph Seichter via Gnupg-users wrote:

* Fourhundred Thecat:



What insight do you have in the design and development of GnuPG; in its
goals and restrictions? There is a difference between you not liking
something for a personal reason, and objectively "bad design". You are
entitled to your opinion of course, but unless you can demonstrate the
skills to come up with a better design for free software that offers the
same functionality as GnuPG, that opinion does not mean so much.


I am basing my judgment on universal principles, that apply not only to
gpg or other software, but design of any systems in general.

One such principle is a having distinct modes of operation for:

1) maintenance (read/write operations)
2) general use (read-only operations)

In case of gpg, there is one mode where you generate your key pair,
change configuration files, or any other read-write operation.

But for general usage, there is no reason for the key pair to need to be
writable.

Take a car, as an analogy:

Imagine what a mess it would be, if you tried to design a car where the
engine can be replaced while you are driving. I have no experience
designing cars, but that does not prevent me from seeing this would be
bad design specification. Maintenance and usage are two different modes,
and should not be mixed.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Ralph Seichter via Gnupg-users]

* Fourhundred Thecat:

>> Whining about a design detail of free software? Get a grip.
>
> There are more examples of bad design.

Are there now? GnuPG is software that has evolved since its introduction
in 1997. Can you show me any meaningful software of yours that has been
evolving over 23 years and has what you consider "good design"? It
should be interesting.

> In fact, gpg epitomizes a perfect anti-UNIX design. (See Eric
> S. Raymond for details, what UNIX philosophy means)

Ha, now you're trying to teach your grandma to suck eggs. ;-) Besides,
quoting ESR is a somewhat risky business. He said and wrote a lot over
the decades, much of which I consider nonsense.

> I believe this project is going in the wrong direction, and bad design
> decisions are being made.

What insight do you have in the design and development of GnuPG; in its
goals and restrictions? There is a difference between you not liking
something for a personal reason, and objectively "bad design". You are
entitled to your opinion of course, but unless you can demonstrate the
skills to come up with a better design for free software that offers the
same functionality as GnuPG, that opinion does not mean so much.

-Ralph

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Robert J. Hansen]

> In fact, gpg epitomizes a perfect anti-UNIX design. (See Eric S. Raymond
> for details, what UNIX philosophy means)

Mmmhmm.

> For instance, even for basic operations (encrypt, decrypt), where no
> modifications to my key pair are necessary, gpg still requires my
> ~/.gnupg/ to be writable (cannot me on read-only filesystem)

Again, you're criticizing a design before learning why that design is
the way it is.

> That is another example of hard-requiring something, that it does not
> need (same as agent for symmetric decryption)

You don't understand the design, which means you don't know what the
system needs and/or doesn't need.  You're not displaying judgment here,
you're displaying prejudice.

> That is why I a m giving here my honest feedback.

You are of course welcome to give what feedback you like.  I
respectfully suggest that if you start by learning why these various
tradeoffs were made, it will allow you to make better criticisms that
will be taken more seriously by the development team.



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Fourhundred Thecat]

> On 2020-06-29 19:16, Ralph Seichter via Gnupg-users wrote:



I am protesting the fact, that gpg can no longer be used without the
agent.


Whining about a design detail of free software? Get a grip.


There are more examples of bad design.

In fact, gpg epitomizes a perfect anti-UNIX design. (See Eric S. Raymond
for details, what UNIX philosophy means)

For instance, even for basic operations (encrypt, decrypt), where no
modifications to my key pair are necessary, gpg still requires my
~/.gnupg/ to be writable (cannot me on read-only filesystem)

That is another example of hard-requiring something, that it does not
need (same as agent for symmetric decryption)

gpg is considered a core component of linux and other systems. This is
not some solitaire gui app, that I can choose to ignore.

That is why I a m giving here my honest feedback.

I believe this project is going in the wrong direction, and bad design
decisions are being made.



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[raf via Gnupg-users]

Werner Koch via Gnupg-users wrote:

> On Mon, 29 Jun 2020 13:07, vedaal said:
> 
> > otherwise , just use GnuPG 1.4.x , and unless you ever need an
> 
> Do not use 1.4 unless you have to decrypt old non-MDC protected data or
> data encrypted to a legacy v3 key.
> 
> Shalom-Salam,
> 
>Werner

Sadly, there are other reasons that make it seem (to me)
as though I still need 1.4. :-(

I assume the answer must be no, but is there any chance
that --pinentry-mode loopback could be made to prompt
again when the wrong passphrase is entered? If it did
that, I'd be happy to stop using 1.4 on my mac laptop.

Alternatively, is there a pinentry program that works
inside vim and all/most variants of gvim (at least
X11/motif and MacVim)? Preferably available via
macports, but not necessarily.

I can't seem to find one. I've tried pinentry-curses
and pinentry-tty on debian-10 with gpg-2.2.12 but
neither prompt for the passphrase when invoked inside
vim or gvim, and the file is not decrypted.

Hopefully, I'm just ignorant and there is a solution
to my ergonomic issues (other than using loopback
and typing long passphrases very slowly and carefully).

cheers,
raf


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Johan Wevers]

On 29-06-2020 19:40, Werner Koch via Gnupg-users wrote:

> Do not use 1.4 unless you have to decrypt old non-MDC protected data or
> data encrypted to a legacy v3 key.

Do not break backwards compatibility if you want all people to upgrade.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Dmitry Alexandrov]

Fourhundred Thecat <400the...@gmx.ch> wrote:
> I am protesting the fact, that gpg can no longer be used without the agent.

Yet you have not described the reason behind it so far, have you?  Why are you 
sure, that the issue, that make gpg-agent fail to start in your case, is hard 
to resolve?


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Dmitry Alexandrov]

Fourhundred Thecat <400the...@gmx.ch> wrote:
>> On 2020-06-29 14:42, Dmitry Alexandrov wrote:
>> Fourhundred Thecat <400the...@gmx.ch> wrote:
>>> I am protesting the fact, that gpg can no longer be used without the agent.
>>
>> Yet you have not described the reason behind it so far, have you?  Why are 
>> you sure, that the issue, that make gpg-agent fail to start in your case, is 
>> hard to resolve?
>
> I don't have gpg-agent installed, on this particular server, where I need to 
> decrypt one file.

Ah, so itʼs in fact very easy to resolve — just install gpg-agent. :-)


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Ralph Seichter via Gnupg-users]

* Fourhundred Thecat:

> I am protesting the fact, that gpg can no longer be used without the
> agent.

Whining about a design detail of free software? Get a grip.

-Ralph

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Peter Lebbing]

On 29/06/2020 18:38, Fourhundred Thecat wrote:
> I don't have gpg-agent installed, on this particular server, where I
> need to decrypt one file.

You could try installing sequioa-pgp[1], an alternative but also libre
OpenPGP implementation (still in its infancy). It requires a Rust build
environment to compile.

Or just bite the bullet and install gpg-agent. If you also need
unattended decryption, there are ways to programmatically pass the
passphrase to it. Although many people make security theater of their
unattended decryption methods, it requires thought to design unattended
decryption that isn't trivial to bypass once the attacker has read
access to storage, or perhaps some other form of access that is
definitely within scope of your threat model.

HTH,

Peter.

[1] https://gitlab.com/sequoia-pgp/sequoia

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Werner Koch via Gnupg-users]

On Mon, 29 Jun 2020 13:07, vedaal said:

> otherwise , just use GnuPG 1.4.x , and unless you ever need an

Do not use 1.4 unless you have to decrypt old non-MDC protected data or
data encrypted to a legacy v3 key.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[vedaal via Gnupg-users]

On 6/29/2020 at 12:40 PM, "Fourhundred Thecat" <400the...@gmx.ch> wrote:

>I don't have gpg-agent installed, on this particular server, where 
>I
>need to decrypt one file.

=
Try this very long workaround :

[1] Install a fake homedirectory
[2] Install a fake keyring (1 public and secret key that you never use)

Then try this command:

gpg --agent-program --no-use-agent --passphrase yourpassphrasestring --decrypt 
filename

This is a way of making the --no-use-agent option active.
GnuPG still needs a homedirectory and a keyring before trying to use the 
passphrase to decrypt

(n.b.  I have not actually tried the above, so am unsure if it is effective)

otherwise , just use GnuPG 1.4.x , and unless you ever need an elliptic key, it 
should do everything you want.

vedaal



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Fourhundred Thecat]

> On 2020-06-29 14:42, Dmitry Alexandrov wrote:

Fourhundred Thecat <400the...@gmx.ch> wrote:

I am protesting the fact, that gpg can no longer be used without the agent.


Yet you have not described the reason behind it so far, have you?  Why are you 
sure, that the issue, that make gpg-agent fail to start in your case, is hard 
to resolve?


I don't have gpg-agent installed, on this particular server, where I
need to decrypt one file.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Werner Koch via Gnupg-users]

On Sun, 28 Jun 2020 16:24, Robert J. Hansen said:

> GnuPG sees the symmetrically encrypted message and knows it needs to
> recover/derive a key.  It calls gpg-agent, which in turn calls pinentry.

In addition gpg-agent also takes care of caching passphrases which makes
even symmetrically encryption more convenient.  It is also used to
figure out a suitable number of hash iteration to make new symmetric
passphrase encryption stronger - this can't be done by a plain command
line tool.

In theory it is possible to pass a set of option to avoid the use of
gpg-agent for plain symmetric encryption but as soon as any pubkey key
is used as an alternative to the symmetric encryption the agent is
required to check whether a private key exists.  From engineering and
security POVs it does not make sense to special case very rare use
cases.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Fourhundred Thecat]

> On 2020-06-28 21:47, Ingo Klöcker wrote:

On Freitag, 26. Juni 2020 09:33:15 CEST Fourhundred Thecat wrote:

I have file encrypted with symmetric cipher (aes256) and not signed.

How can I decrypt it without using gpg agent ?


Use openssl. Or another simple program offering symmetric encryption/
decryption with AES.


how can I use openssl, to decrypt a file that has been encrypted with
gpg (symmetrically, aes256).

Can openssl read the gpg format/header ?
Can openssl decrypt gpg file ?

thanks,


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Robert J. Hansen]

> excuse me, gpg-agent might have been introduced in 2003, but it was
> optional. Until not long ago, it was still possible to decrypt file with
> password, without having the agent.

If you were using GnuPG 1.4, yes.  GnuPG 2.0 and later have always used
gpg-agent.

If you want a gpg-agent free version of GnuPG, use version 1.4.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Fourhundred Thecat]

> On 2020-06-28 22:24, Robert J. Hansen wrote:

I remember a time, when gpg was a simple, cleanly design utility that
worked.


GnuPG adopted gpg-agent in large part to clean up GnuPG's design.  GnuPG
was introduced in GnuPG 1.9.0, released in August *2003*.

You've ignored GnuPG development for so long you're surprised by a
change introduced seventeen years ago.  That's on you.


excuse me, gpg-agent might have been introduced in 2003, but it was
optional. Until not long ago, it was still possible to decrypt file with
password, without having the agent.

Also, I would like to add, I am not protesting the existence of the
agent. I actually use it on my desktop/gui. I am protesting the fact,
that gpg can no longer be used without the agent.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Stefan Claas]

Ingo Klöcker wrote:
 
> On Freitag, 26. Juni 2020 09:33:15 CEST Fourhundred Thecat wrote:
> > I have file encrypted with symmetric cipher (aes256) and not signed.
> > 
> > How can I decrypt it without using gpg agent ?
> 
> Use openssl. Or another simple program offering symmetric encryption/
> decryption with AES.

Well, the OP could use sequoia pgp, to decrypt his file(s) ...

Regards
Stefan

-- 
my 'hidden' service gopherhole:
gopher://iria2xobffovwr6h.onion

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Robert J. Hansen]

> I thought the agent is for manipulating the private key.

It's also responsible for calling pinentry, which is how GnuPG receives
passphrases.  It's a pluggable component: on Windows you get a Windows
pinentry that uses a Windows look and feel, on KDE you get a Qt one that
looks like a KDE app, on GNOME you get a GTK one that looks like a GNOME
app, and so on.

GnuPG sees the symmetrically encrypted message and knows it needs to
recover/derive a key.  It calls gpg-agent, which in turn calls pinentry.

> But why do I need the agent, when no secret key is involved? I simply
> want to decrypt a password-encrypted file. What possible useful role
> would agent play?
> 
> Seems to me that this is a terrible design...

Let's be clear: you're passing judgment on a design without first
learning what the design is.

> I remember a time, when gpg was a simple, cleanly design utility that
> worked.

GnuPG adopted gpg-agent in large part to clean up GnuPG's design.  GnuPG
was introduced in GnuPG 1.9.0, released in August *2003*.

You've ignored GnuPG development for so long you're surprised by a
change introduced seventeen years ago.  That's on you.



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Ingo Klöcker]

On Freitag, 26. Juni 2020 09:33:15 CEST Fourhundred Thecat wrote:
> I have file encrypted with symmetric cipher (aes256) and not signed.
> 
> How can I decrypt it without using gpg agent ?

Use openssl. Or another simple program offering symmetric encryption/
decryption with AES.

GnuPG is a tool for public key encryption. The fact that it can also be used 
for symmetric encryption doesn't mean that it's the best tool for symmetric 
encryption. You want to decrypt files without using gpg-agent? Then don't use 
gpg.

Regards,
Ingo


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Fourhundred Thecat]

> On 2020-06-28 16:07, Werner Koch wrote:

On Fri, 26 Jun 2020 09:33, Fourhundred Thecat said:


How can I decrypt it without using gpg agent ?


You can't the agent is a cornerstone of gpg and is thus required.


I thought the agent is for manipulating the private key.

But why do I need the agent, when no secret key is involved? I simply
want to decrypt a password-encrypted file. What possible useful role
would agent play?

Seems to me that this is a terrible design, that gpg is basically
unusable without agent. Why should I need some monstrosity running as
daemon, when I just want to decrypt file?

I remember a time, when gpg was a simple, cleanly design utility that
worked.

Imagine the maintainers of ls decided, that ls will no longer work,
unless ls-daemon is running.

What happened to this project?


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Werner Koch via Gnupg-users]

On Fri, 26 Jun 2020 09:33, Fourhundred Thecat said:

> How can I decrypt it without using gpg agent ?

You can't the agent is a cornerstone of gpg and is thus required.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[Dmitry Alexandrov]

ved...@nym.hush.com wrote:
> can GPG2 be made to work from only the command-line without a pine entry 
> window

| '--pinentry-mode MODE'
|  Set the pinentry mode to MODE.  Allowed values for MODE are:
| ‹…›
|  loopback
|   Redirect Pinentry queries to the caller.  Note that in
|   contrast to Pinentry the user is not prompted again if he
|   enters a bad password.
— (info "(gnupg) GPG Esoteric Options")


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: decrypt aes256 encrypted file without gpg-agent

[vedaal via Gnupg-users]

On 6/26/2020 at 4:54 AM, "Fourhundred Thecat" <400the...@gmx.ch> wrote:
>
>Hello,
>
>I have file encrypted with symmetric cipher (aes256) and not 
>signed.
>
>How can I decrypt it without using gpg agent ?
>
>I get these errors:
>
>$ gpg -d file.gpg
>gpg: failed to start gpg agent
>...
>gpg: decryption failed: no secret key

=

Also can't get it without using agent.  
Tried using option of --no-use-agent  and gpg2 says 'obsolete option, has no 
effect'.
The option of --no-default-keyring doesn't help if the home directory is not 
open.

Agent will not start unless home directory is open  ( my home directory is in 
an encrypted container)
Once the home directory is there (when I unencrypted mine), agent starts, and a 
pinentry window opens asking for the symmetric passphrase, 

When I unencrypt the home directory, but not the keyring, 
gpg will still decrypt when using the option of --no-default-keyring

(feature request:  can GPG2 be made to work from only the command-line without 
a pine entry window, and without gpg-agent?)

TIA

vedaal


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

decrypt aes256 encrypted file without gpg-agent

[Fourhundred Thecat]

Hello,

I have file encrypted with symmetric cipher (aes256) and not signed.

How can I decrypt it without using gpg agent ?

I get these errors:

$ gpg -d file.gpg
gpg: failed to start gpg agent
...
gpg: decryption failed: no secret key

as I said above, there is no secret key involved here. It is symmetric
and not signed.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users