Thanks Friedhelm, That is a lot to think about. I'll study ..
Best regards, Roland On 31/10/2018 01:33, gnupg-users-requ...@gnupg.org wrote: > Date: Mon, 29 Oct 2018 04:18:31 +0100 > From: Friedhelm Waitzmann <gnupgmlusers.fw...@xoxy.net> > To: gnupg-users@gnupg.org > Subject: Re: gpg troubles > Message-ID: <20181029031830.ga24...@kugelfisch.zuhause.test> > > Roland Siemons (P) at Fri., 2018-10-12: > >> 3/ Assisted remotely by some of you, I was able to sort out a very >> strange problem with decryption. The solution was found by manipulating >> my key from inside the gpg shell using the command line. I am not very >> experienced with the command line. A major difficulty for those for whom >> this is not daily bread and butter is that mistakes are easily made. >> Hence the great value of GUIs. >> 4/ I observed some unclarities in the GnuPG manual >> (www.gnupg.org/gph/en/manual.html), here below under A. > This is the GnuPG privacy handbook rather than the GnuPG manual. > I suggest that you read the GnuPG manual > (<https://www.gnupg.org/documentation/manuals/gnupg/>) also, as > it is the definitve instruction how to use GnuPG. > >> And perhaps also >> some bugs in gpg, here below under B (please consider). Here is my >> experience: >> A/ I tried to revoke some subkeys, following the said manual (heading >> "Revoking key components"). gpg pretended to do the job. Everything >> looked fine. But it did'nt! After several hours of analysis (up to >> checking if GnuPG was installed consistently on my system), I found the >> issue: After the revkey procedure it is necessary to command "quit". > A better way of committing the changes is typing in ?save?. > > Please see the GnuPG manual > (<https://www.gnupg.org/documentation/manuals/gnupg/OpenPGP-Key-Management.html#OpenPGP-Key-Management>). > > For the ?--edit-key? main command (given at the command line) it > lists the sub commands (to be typed into the edit key command > shell): > > save > > Save all changes to the keyrings and quit. > > quit > > Quit the program without updating the keyrings. > >> Instead of quitting, gpg then asks "do you want to save yr changes" (or >> something like that). > This is to remind you that you are about to discard your changes. > >> And only then the subkeys were revoked. The said >> manual does mention the command "quit" only once, and not even in a >> general place explaining the operations of gpg, and in fact without any >> explanation as to the impact of that command. > The GnuPG manual (not the privacy handbook) mentions both of > ?save? and ?quit? and explains the difference. > >> Of course I am happy to >> have found out, but let's hope that I remember when after perhaps 2 >> years time I have to use gpg shell again.... > Just remember to read the GnuPG manual also. > >> B/ It is not at all clear to me how to start the gpg shell. > This isn't a general (?the?) GnuPG shell for all GnuPG commands, > it is a shell for the limited set of ?--edit-key? sub commands. > That is, the ?--edit-key? specified at the GnuPG invocation > command line lets GnuPG run an interactive interpreter for the > ?--edit-key? subcommands that have to be typed in. > >> For example: >> 1/ if (under the CMD terminal) I command "gpg -K", the lists of private >> keys is returned, > Generating this list doesn't need to ask the user to type any sub > commands, so there is no ?--list-secret-keys? shell. > >> but I am also returned to CMD, that is, kicked out of >> the gpg shell. > If GnuPG has written this list into its standard output channel, > the job is done, thus GnuPG terminates, nobody is ?kicked out?. > >> 2/ if (CMD) I command "gpg --edit-key X" (where X is key identifier), I >> do indeed enter the gpg shell, the screen showing "gpg>". > You enter the shell that recognizes the limited set of the > ?--edit-key? sub commands. > >> That all may be allright, HOWEVER: >> 3/ if (CMD) I command "gpg", the return is: "gpg: WARNING: no command >> supplied.? Trying to guess what you mean ... <RETURN> gpg: Go ahead and >> type your message . <RETURN> > Please read the GnuPG manual > (<https://www.gnupg.org/documentation/manuals/gnupg/GPG-Commands.html#GPG-Commands>): > > ?gpg may be run with no commands. In this case it will perform > a reasonable action depending on the type of file it is given > as input (an encrypted message is decrypted, a signature is > verified, a file containing keys is listed, etc.).? > > So GnuPG expects that you type in an encrypted message, a > detached signature, a clear?signed message, a public key block, etc. > >> Then if I type a gpg command, everything stalls. > Here you cannot type a GnuPG command, because GnuPG wants input, > i.e. data. As you haven't specified any input file on the > command line, GnuPG wants this data through its standard input > channel, that is, typed in from the keyboard. > >> No results whatsoever. > Unless the end of data is signalled (by typing the end?of?file > character, with UNIX usually control d, with MS Windows perhaps > control z), GnuPG repeats reading input lines. > >> Even the command "quit" gives no results. > This ?quit? is counted an input line of data, too. > >> So I force quit by Ctrl-C. >> So, in general, how to start the gpg shell? > You don't in general start the GnuPG shell. You put a command on > the invocation command line. This command may or may not be an > interactive command. > > If it is (as with ?--edit-key?), GnuPG starts a sub command shell > (as with ?--edit-key?) to read and execute further sub commands. > > If it is not (as with ?--list-keys?, ?--sign?, ?--encrypt?, > etc.), GnuPG may (as with ?--sign?, ?--encrypt?, ?--decrypt?, > etc.) expect input to process, or may not (as with ?--list-keys?, > etc.) expect any input. > > Please remember: GnuPG is not a program, that does what you > mean. It is a program, that does exactly what you command it to > do. Thus you must know how to command GnuPG to do what you want > it to do for you. > > > Regards > Friedhelm > -- Roland Siemons Haaksbergerstraat 205 ENSCHEDE t: O645616734
0xAEEC5E2ED87628F5.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users