Encrypt from memory to disc?
I have an application where I have data in memory that needs to be encrypted without ever being written to disc, even temporarily. Using PGP I can run "pgp -feat" and then pipe the data to the pgp process. That works very well. I have to do the same thing for GPG, but I can't figure out how to send data to GPG directly from memory. Any suggestions greatly appreciated. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Subkey revocation means losing signatures?
I am a bit confused about the gnupg behaviour in case of revoking a subkey or uid. Since uids are actually signed by others in combination my public key. Does it mean revoking a subkey or uid rsults in loss of signatures I have collected over the time? How to proceed in such a case? -- Luqman Munawar Mail: [EMAIL PROTECTED] ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Modifying an uid, can it be done?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ismael Valladolid Torres wrote: > I edit my own public key: > > Of course I can add new uids using the adduid command: > > [ultimate] (1) Ismael Valladolid <[EMAIL PROTECTED]> > [ unknown] (2) Ismael Valladolid Torres (Oberthur Card Systems) > <[EMAIL PROTECTED]> > [ unknown] (3). Ismael Valladolid Torres <[EMAIL PROTECTED]> > > Looks like it would be enough deleting uid 1 and setting uid 2 and > primary, then it would "look like" I had edited the first uid. However > in that case I lose the "ultimate" tag to the left of the primary key. > What does this tag mean here? Which way to have this tag for the new > uids created? > UIDs *should* be self-signed upon creation. Trying signing your key with itself and updating the trust database. - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 |X Against HTML email & vCards http://tinyurl.com/cc9up| / \ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQ1SeurMAAH8MeUlWAQgZsQgAmIpcUfYSh0WL9ZnMqGHoZkBsuL2s23eD Ti1e7Btt1N0vjNZgBwzES+kFTqw4XlzQ8zSFSdaaa8bijhGtoJxTOGyQG12NUP9N 2tpb21p0F9J9C3zK6hJAkylcmagBjatAW4RcmHwjhHDIl0fAjvjVnHSwXUcv8wER bzzJLCptVHaahAADmwR6i9KDLlwIPBNtwHkMZ+3Z7idcLaEbBD2GObmp4tsjfrBa ZE9WgZSRQLgwwmHuOG5WSeEI0my1qefqy0NoMuj1T3DDCD2j5pbisrVTtrwUrASa l1Ix1FkhHWgyPuNp+LZHjK1ctHpLsVk58N+A0KhULSzkm44VtkTKPQ== =mVzT -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encrypt from memory to disc?
On Mon, Oct 17, 2005 at 09:55:57PM -0700, Steve Leibel wrote: > I have an application where I have data in memory that needs to be > encrypted without ever being written to disc, even temporarily. > > Using PGP I can run "pgp -feat" and then pipe the data to the pgp > process. That works very well. > > I have to do the same thing for GPG, but I can't figure out how to > send data to GPG directly from memory. > > Any suggestions greatly appreciated. Pipe the data to "gpg -r recipient -e -o outfile.gpg" The recipient may be specified as either a key ID or an e-mail address (if it is unique in the public keyring). G'luck, Peter -- Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If there were no counterfactuals, this sentence would not have been paradoxical. pgphyzdIp3doZ.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Keyserver communications errors on Cygwin's GnuPG
$ gpg --send-keys DE721AF4 7 [main] gpg 1908 fixup_mmaps_after_fork: WARNING: VirtualProtectEx to return to previous state in parent failed for MAP_PRIVATE address 0x93, Win32 error 87 6921 [main] gpg 1908 fixup_mmaps_after_fork: WARNING: VirtualProtect to copy protection to child failed forMAP_PRIVATE address 0x93, Win32 error 87 18071 [main] gpg 1908 fixup_mmaps_after_fork: ReadProcessMemory (2nd try) failed for MAP_PRIVATE address 0x93, Win32 error 87 C:\cygwin\bin\gpg.exe (1908): *** recreate_mmaps_after_fork_failed 5 [main] gpg 1576 fork_parent: child 1908 died waiting for dll loading gpg: keyserver communications error: general error gpg: keyserver send failed: general error Is this to be reported to GnuPG developers or to Cygwin developers? Cordially, Ismael -- http://lamediahostia.blogspot.com/ signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver communications errors on Cygwin's GnuPG
On Tue, 18 Oct 2005 10:49:22 +0200, Ismael Valladolid Torres said: > Is this to be reported to GnuPG developers or to Cygwin developers? That seems to be a Cygwin problem. Salam-Shalom, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Emacs interface to gpg
On Mon, 17 Oct 2005 14:11:36 -0700, Patrik Jonsson said: > I just started using gpg and was looking around for an emacs mode to > encrypt/decrypt files during load and save. There are a few vague > references to crypt++, but they are all stale web sites and messages The standard these days is pgg.el. It has been used with Gnus for a long time and IIRC is now part of the standard GNU Emacs. Shalom-Salam, Werner pgpGjO937npFZ.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Emacs interface to gpg
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
> Patrik Jonsson writes:
>
> > I just started using gpg and was looking around for an emacs mode to
> > encrypt/decrypt files during load and save. There are a few vague
> > references to crypt++, but they are all stale web sites and messages
> > from years ago. I finally managed to locate something that looked like
> > the crypt++ web site, which had a notice that development on crypt++ had
> > ceased and that instead crypt.el from xemacs should be used. However, I
> > downloaded the current version of xemacs and found no crypt.el.
> >
>
> The latest version (via Google) is at
> http://freefriends.org/~karl/crypt++/crypt++.el
>
> Be sure and read the notes, as setup is slightly different if you're
> using Emacs or XEmacs.
Yeah, this is what I looked at. It doesn't seem to understand public-key
encryption using gpg. I've been trying to hack the gpg arguments to
allow public-key encoding. So far, I've got:
*** c:/Documents and Settings/Patrik/My Documents/crypt++.elTue Oct 18
02:11:38 2005
- --- c:/software/emacs-20.7/site-lisp/crypt++.el Tue Oct 18 02:11:46 2005
***
*** 955,962
crypt-encryption-magic-regexp
crypt-encryption-magic-regexp-inverse
(or crypt-encryption-file-extension "\\(\\.gpg\\)$")
"gpg" "gpg"
! '("--batch" "--quiet" "-c" "-o" "-" "--passphrase-fd" "0")
! '("--batch" "--quiet" "-o" "-" "--passphrase-fd" "0")
"GPG"
nil
t
- --- 955,964
crypt-encryption-magic-regexp
crypt-encryption-magic-regexp-inverse
(or crypt-encryption-file-extension "\\(\\.gpg\\)$")
"gpg" "gpg"
! '("--batch" "--quiet" "-a" "-e" "-o" "-" "-r" "d516e69f"
"--passphrase-fd" "0")
! '("--batch" "--quiet" "-d" "--passphrase-fd" "0")
"GPG"
nil
t
This almost works. I can find a new file test.gpg, write it and save. It
(unnecessarily) asks for a passphrase and produces an encrypted file.
I'm then able to find that file, give the passphrase and get a decrypted
file in the buffer. However, if I try to save again I get the question
"save as a plain file?". The correct answer to this question appears to
be yes, this saves the file encrypted again. However, if you think that
an encrypted file is not plain and answer no you'd get an error saying
"encoding failed!" and from that point on further saves would fail.
There appears to be some hacking done to get the public-key stuff
working correctly with PGP and I haven't been able to figure it out.
Does anyone have any further insights?
Regards,
/Patrik
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDVL0XT+KvsdUW5p8RAoKTAKCXs+EYgJExUJaxbTaCT23gqqQ4JgCgn48Y
1gdHJRMO2/Ium9os3zQqGEg=
=Gjpa
-END PGP SIGNATURE-
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Emacs interface to gpg
On Tue, Oct 18, 2005 at 11:12:26AM +0200, Werner Koch wrote: > On Mon, 17 Oct 2005 14:11:36 -0700, Patrik Jonsson said: > > > I just started using gpg and was looking around for an emacs mode to > > encrypt/decrypt files during load and save. There are a few vague > > references to crypt++, but they are all stale web sites and messages > > The standard these days is pgg.el. It has been used with Gnus for a > long time and IIRC is now part of the standard GNU Emacs. It isn't part of the standard GNU Emacs distribution yet, but it is part of GNU Emacs CVS, and will be part of GNU Emacs 22. cheers sascha -- Parents strongly cautioned -- this posting is intended for mature audiences over 18. It may contain some material that many parents would not find suitable for children and may include intense violence, sexual situations, coarse language and suggestive dialogue. pgpXH5um3zU4r.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg not running in shell script. Need Help
Hi I need help in running gpg command through shell script in Informatica. This is what I tried I have a shell script which will decrypt the file. It is running fine when I ran the same script from $ prompt. The same is not running when I ran through Informatica as a command. I also initialized the PATH session in the script. But nothing is working. Am I missing any thing? Appreciate any help. Siva Shell Script content #!/bin/ksh . /home/apinf/.profile PATH=$PATH:/pwrctr/siva/ ; export PATH DIR=/pwrctr/siva/ cd $DIR echo "Decrypt Started" echo "Password" | gpg -v --passphrase-fd 0 /pwrctr/siva/GEINDSYS.cyc.pgp echo "Decrypt Successful" ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Automation of GPG processing
Hello, I need to automate an encryption process. When I execute the command below to process the encryption I am getting the prompt from GPG asking if I really sure that this key belong to the recipient. gpg --output [output.gpg] --recipient [public_key_name --encrypt [file_to_encrypt.txt] After that I need to enter "Y" in order to continue. But, it should be a fully automated process. What should I do, so it will not ask me any quesions? Thank you in advance, Stas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
PGP Zip with a single file?
I'm using GNUPG to decrypt files that were created as PGP Zip archives using PGP Desktop. If there are multiple files in the archive then GNUPG extracts a TAR file, and I have no problem processing it from there. The problem is when there is only one file in the PGP Zip archive it can have a filename completely different than the filename of the archive file, which would be just fine if it were still stored in a TAR file, but when GNUPG decrypts the archive it outputs the original file, not a TAR file. PGP Desktop still displays the original file name when you open the archive, is there any way to get this file name using GNUPG? Thanks, Joe _ FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP Zip with a single file?
On Mon, Oct 17, 2005 at 04:39:04PM -0500, Joe Lynch wrote: > I'm using GNUPG to decrypt files that were created as PGP Zip archives > using PGP Desktop. If there are multiple files in the archive then GNUPG > extracts a TAR file, and I have no problem processing it from there. The > problem is when there is only one file in the PGP Zip archive it can have a > filename completely different than the filename of the archive file, which > would be just fine if it were still stored in a TAR file, but when GNUPG > decrypts the archive it outputs the original file, not a TAR file. PGP > Desktop still displays the original file name when you open the archive, is > there any way to get this file name using GNUPG? I'm having an awful problem understanding exactly what the problem is here. When you make a PGP Zip archive with one file in it it is not tarred up? If so, then it's just the file itself, no? David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Subkey revocation means losing signatures?
On Tue, Oct 18, 2005 at 09:08:07AM +0200, Realos wrote: > I am a bit confused about the gnupg behaviour in case of revoking a > subkey or uid. Since uids are actually signed by others in combination > my public key. > > Does it mean revoking a subkey or uid rsults in loss of signatures I > have collected over the time? How to proceed in such a case? Revoking a subkey loses nothing (except the subkey). Revoking a user ID loses any signatures on that user ID - after all, those people signed that user ID, and by revoking it you say that you, the owner, does not treat the user ID as valid any longer. If you don't treat it as valid, why should anyone else? David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Subkey revocation means losing signatures?
Le Tue 18/10/2005, David Shaw disait > On Tue, Oct 18, 2005 at 09:08:07AM +0200, Realos wrote: > > I am a bit confused about the gnupg behaviour in case of revoking a > > subkey or uid. Since uids are actually signed by others in combination > > my public key. > > > > Does it mean revoking a subkey or uid rsults in loss of signatures I > > have collected over the time? How to proceed in such a case? > > Revoking a subkey loses nothing (except the subkey). Revoking a user > ID loses any signatures on that user ID - after all, those people > signed that user ID, and by revoking it you say that you, the owner, > does not treat the user ID as valid any longer. If you don't treat it > as valid, why should anyone else? But you can sign the new user Id with the old one saying "yes I'm the same person, only with a different address". -- Erwan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Subkey revocation means losing signatures?
On Tue, Oct 18, 2005 at 07:21:30PM +0200, Erwan David wrote: > Le Tue 18/10/2005, David Shaw disait > > On Tue, Oct 18, 2005 at 09:08:07AM +0200, Realos wrote: > > > I am a bit confused about the gnupg behaviour in case of revoking a > > > subkey or uid. Since uids are actually signed by others in combination > > > my public key. > > > > > > Does it mean revoking a subkey or uid rsults in loss of signatures I > > > have collected over the time? How to proceed in such a case? > > > > Revoking a subkey loses nothing (except the subkey). Revoking a user > > ID loses any signatures on that user ID - after all, those people > > signed that user ID, and by revoking it you say that you, the owner, > > does not treat the user ID as valid any longer. If you don't treat it > > as valid, why should anyone else? > > But you can sign the new user Id with the old one saying "yes I'm > the same person, only with a different address". You're talking about adding a new user ID. The original question was regarding revoking an existing user ID. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Subkey revocation means losing signatures?
Le Tue 18/10/2005, David Shaw disait > On Tue, Oct 18, 2005 at 07:21:30PM +0200, Erwan David wrote: > > > > But you can sign the new user Id with the old one saying "yes I'm > > the same person, only with a different address". > > You're talking about adding a new user ID. The original question was > regarding revoking an existing user ID. yes adding a new one and revoking the old one. The original question was about modifyuing the uid. -- Erwan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Automation of GPG processing
You need to set the trust model to what works for your needs in the gpg.conf file and sign and trust the recipients key. --- Stas Rirak <[EMAIL PROTECTED]> wrote: > > Hello, > > I need to automate an encryption process. When I > execute the command > below to process the encryption I am getting the > prompt from GPG asking > if I really sure that this key belong to the > recipient. > > gpg --output [output.gpg] --recipient > [public_key_name --encrypt > [file_to_encrypt.txt] > > After that I need to enter "Y" in order to continue. > But, it should be a > fully automated process. What should I do, so it > will not ask me any > quesions? > > Thank you in advance, > Stas > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Subkey revocation means losing signatures?
Le Tue 18/10/2005, Erwan David disait > Le Tue 18/10/2005, David Shaw disait > > On Tue, Oct 18, 2005 at 07:21:30PM +0200, Erwan David wrote: > > > > > > But you can sign the new user Id with the old one saying "yes I'm > > > the same person, only with a different address". > > > > You're talking about adding a new user ID. The original question was > > regarding revoking an existing user ID. > > yes adding a new one and revoking the old one. The original question was > about modifyuing the uid. Sorry it seems I mixed two different discussions. -- Erwan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Gnupg-users Digest, Vol 25, Issue 16
Can GnuPG import X.509 certificate/pubkey ? Thanks Mike Zhou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, October 18, 2005 2:55 AM To: gnupg-users@gnupg.org Subject: Gnupg-users Digest, Vol 25, Issue 16 Send Gnupg-users mailing list submissions to gnupg-users@gnupg.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.gnupg.org/mailman/listinfo/gnupg-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Gnupg-users digest..." Today's Topics: 1. Re: Bogus Key on Keyservers (Nicholas Cole) 2. Re: Bogus Key on Keyservers (Tad Marko) 3. Re: Bogus Key on Keyservers (John W. Moore III) 4. new (2005-10-16) keyanalyze results (+sigcheck) (Jason Harris) 5. gpg not running in shell script. Need Help (Kanakadandila, Sivaramakrishna (GE Consumer & Industrial)) 6. Make GnuPG create files with .pgp extension (Ismael Valladolid Torres) 7. Modifying an uid, can it be done? (Ismael Valladolid Torres) 8. Re: Modifying an uid, can it be done? (Erwan David) 9. Emacs interface to gpg (Patrik Jonsson) 10. Encrypt from memory to disc? (Steve Leibel) -- Message: 1 Date: Sun, 16 Oct 2005 18:09:27 +0100 (BST) From: Nicholas Cole <[EMAIL PROTECTED]> Subject: Re: Bogus Key on Keyservers To: gnupg-users@gnupg.org Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=iso-8859-1 --- Tad Marko <[EMAIL PROTECTED]> wrote: > > You can't. That's like asking how you can stop > other people from > > printing out badges that say "I am Tad Marko" and > pinning them to their > > shirts. > > I'm not asking for that. I want them to not say that > a given key goes > to [EMAIL PROTECTED] > > > Besides, if you could do that, what would stop > someone else from > > deleting YOUR key off of the keyserver or flagging > THEIR key as the real > > Tad Marko? > > An email verification step? The problem is, that IF the email infrastructure was secure enough to be trusted, there would be no need for pgp/gpg/smime at all. An email verification step is not, and cannot be, 100% secure. Of course, in many cases, email is not re-routed, server admins can be trusted, email systems are not broken in to - to the extent that email without additional security is largely trusted as "good enough". But, in fact, if someone is willing to forge a key with your name on, it is probably one of those times that email may well not be "good enough". Hence the need to rely on key fingerprints, not on the email system. Best, Nicholas ___ To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com -- Message: 2 Date: Sun, 16 Oct 2005 15:25:50 -0500 From: Tad Marko <[EMAIL PROTECTED]> Subject: Re: Bogus Key on Keyservers To: gnupg-users@gnupg.org Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=us-ascii On Sun, Oct 16, 2005 at 06:09:27PM +0100, Nicholas Cole wrote: > > --- Tad Marko <[EMAIL PROTECTED]> wrote: > > An email verification step? > > > The problem is, that IF the email infrastructure was > secure enough to be trusted, there would be no need > for pgp/gpg/smime at all. An email verification step > is not, and cannot be, 100% secure. > > Of course, in many cases, email is not re-routed, > server admins can be trusted, email systems are not > broken in to - to the extent that email without > additional security is largely trusted as "good > enough". > > But, in fact, if someone is willing to forge a key > with your name on, it is probably one of those times > that email may well not be "good enough". Hence the > need to rely on key fingerprints, not on the email > system. > > Best, > > Nicholas Right, which is the reason for the continued need to let people know your key signature via a trusted means. But, if someone was wanting to hassle you by creating scads of bogus keys on keyservers, it still makes it that much more difficult for people to obtain the correct key. If someone were more sophisticated, as you suggest, it seems that it is even more imperative for someone to be able to get the bogus keys out of view. Tad -- Message: 3 Date: Sun, 16 Oct 2005 16:37:09 -0400 From: "John W. Moore III" <[EMAIL PROTECTED]> Subject: Re: Bogus Key on Keyservers To: Tad Marko <[EMAIL PROTECTED]> Cc: GnuPG Users List Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Tad Marko wrote: > Right, which is the reason for the c
Re: Emacs interface to gpg
Patrik Jonsson <[EMAIL PROTECTED]> writes: > I just started using gpg and was looking around for an emacs mode to > encrypt/decrypt files during load and save. There are a few vague > references to crypt++, but they are all stale web sites and messages > from years ago. I finally managed to locate something that looked like > the crypt++ web site, which had a notice that development on crypt++ had > ceased and that instead crypt.el from xemacs should be used. However, I > downloaded the current version of xemacs and found no crypt.el. > > Can anyone tell me what's going on with this? It seems like such an > OBVIOUS thing that I'm really surprised, given that people have written > emacs modes for every conceivable and inconceivable need, it's so hard > to find information. I had a hard time finding information as well. mailcrypt works with GNU Emacs. Nic Ferrier ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
