Incompatibility between GnuPG encryption and the Bouncy Castle encryption.
Hi, I have created RSA key as well as its subkey for encryption using GnuPG. Now I encrypted a file using JAVA library functions given by Bouncy Castle (a pgp library in JAVA which claims to adhere to rfc 2440). I also encrypted the same file using the GnuPG commands from command line. The following are the results of the pgpdump for both of them... PGPdump for GnuPG:-- PGPdump Results Old: Public-Key Encrypted Session Key Packet(tag 1)(140 bytes) Newversion(3) Key ID - 0xB84434E8A6EACCA8 Pub alg - RSA Encrypt orSign(pub 1) RSA m^e mod n(1024 bits) - 88 74 a9 7c bb 85 c6 1d 19 82 55ec 72 86 93 4d 74 52 94 a4 c1 e7 9f bd b9 9d 8c 82 da 08 d1 db 71 09 4fde 40 77 16 95 7f 52 14 11 23 c0 61 68 61 eb 43 c7 80 ac 6b 36 df 65 99e7 f8 14 78 1f d7 3f 18 41 10 aa 5e df 59 a2 eb 49 39 c2 d6 4a a8 be 07fe 9a ae 7b 95 2e 90 e1 30 3f 47 9c bb 96 f1 1d 17 9b 6b 6c a6 5b 4d 57f0 fa de 6b c9 51 aa 36 e6 81 87 3d c0 ff c6 b6 5b 8c 66 6d 1f -> m= sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02New: Symmetrically Encrypted and MDC Packet(tag 18)(168 bytes) Ver 1Encrypted data [sym alg is specified in pub-key encrypted session key](plain text + MDC SHA1(20 bytes)) PGPdump for BouncyCastle:-- PGPdump Results Old: Public-Key Encrypted Session Key Packet(tag 1)(140 bytes) Newversion(3) Key ID - 0xB84434E8A6EACCA8 Pub alg - RSA Encrypt orSign(pub 1) RSA m^e mod n(1024 bits) - af db e9 49 ce f1 f5 d5 c1 ab a359 39 f2 a6 6e 05 2f 99 9d 79 87 cf 19 3a 9f ad 15 da 8d 83 ee a9 36 72c3 23 42 33 70 2f 40 69 03 2f 9c 18 44 bb 20 b2 5c 5e 09 fd ad c4 16 6139 07 a1 a7 ab 1d 0c 06 69 d5 81 8d 2c 65 ae 89 b6 db 5d e0 5e 4d 6e d8ae 7b f1 3b f1 52 a3 52 24 a0 55 2c 43 47 66 cd 92 a1 3e c5 c2 38 4c 025d e6 59 bf b3 6d 09 a0 9b cc 63 46 ec 7a cf f6 7f 62 f9 1a 86 -> m= sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02New: Symmetrically Encrypted and MDC Packet(tag 18)(155 bytes) Ver 1Encrypted data [sym alg is specified in pub-key encrypted session key](plain text + MDC SHA1(20 bytes)) I am also attaching the encrypted files.. When I use GnuPG to decrypt the file encrypted using Bouncy Castle Libraries, the file gets decrypted correctly. But if I use Bouncy Castle to decrypt the file encrypted using GnuPG, I get an exception stating illegal key size. The following is the stacktrace for the program. org.bouncycastle.openpgp.PGPException: Exception starting decryption java.security.InvalidKeyException: *Illegal key size *at javax.crypto.Cipher.a(Unknown Source) at javax.crypto.Cipher.init(Unknown Source) at javax.crypto.Cipher.init(Unknown Source) at org.bouncycastle.openpgp.PGPPublicKeyEncryptedData.getDataStream(Unknown Source) at org.bouncycastle.openpgp.PGPPublicKeyEncryptedData.getDataStream(Unknown Source) at bouncyCastlePGP.BcDecrypt.decrypt_bc(BcDecrypt.java:130) The statement giving exception is supposed to give a decrypted stream using the secret key. But the same decryption program using Bouncy Castle decrypts correctly the file encrypted using Bouncy Castle libraries. The only difference I could observe in the dumps of both the files is the packet size of New packet(tag 18).(Highlighted) Can that make a difference? Plz help me . or is it that GnuPG donot follow the rfc2440?? Thanks, -- Bhushan. encrypted_using_GnuPG.txt.gpg Description: Binary data encrypted_using_BouncyCastle.txt.gpg Description: Binary data ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Wildcards in uids?
I have recently started using suffixed e-mail addresses and am wondering if I might need to add suffixes I am using to my key - or if I can add something that would catch them all. If I need to add them individually, it may be better to add the ones I need to as I need them, but if a catch-all is possible, please advise me as to how I need to specify it. -- Phil Reynolds o mail: [EMAIL PROTECTED] |L_ \ / Web: http://www.tinsleyviaduct.com/phil/ (_)- \/ Waltham 66, Emley Moor 69, Droitwich 79, Windows 95 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Wildcards in uids?
On Wed, Jun 04, 2008 at 04:13:00PM +0100, Phil Reynolds wrote: > > I have recently started using suffixed e-mail addresses and am wondering > if I might need to add suffixes I am using to my key - or if I can add > something that would catch them all. > > If I need to add them individually, it may be better to add the ones I > need to as I need them, but if a catch-all is possible, please advise me > as to how I need to specify it. Sorry, there is no way within GnuPG to do such a thing. It's frequently doable outside of GnuPG via your mail program, but you'd have to consult the documentation for that program to learn how. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Am I Missing Something?
On Thu, May 29, 2008 at 2:51 PM, John W. Moore III <[EMAIL PROTECTED]> wrote: > > Make certain that on the 'OpenPGP' > 'Preferences' > 1st Tab that the > Path to gpg.exe is correct. I am not using Windows so I can't say for sure about *.exe. I am using Linux and Mozilla Thunderbird. I uninstalled and reinstalled Enigmail on my Mozilla Thunderbird just to be make sure the "plugin" worked properly. I then looked at my keys generated on my system: [EMAIL PROTECTED]:~/.gnupg$ gpg --list-keys /home/cwilliams/.gnupg/pubring.gpg -- pub 1024D/C4B187CB 2008-05-29 uid Carlos Williams <[EMAIL PROTECTED]> sub 8446g/6B90B444 2008-05-29 ***I don't know if I should be publicly posting the info above...Is that bad to show in public?*** Anyways - Enigmail does not find my key. I installed the most recent version on my Linux / Thunderbird system... I am fairly lost on why this is not working for me...any suggestions? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Am I Missing Something?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Jun 4, 2008 at 6:02 PM, Carlos Williams wrote: > On Thu, May 29, 2008 at 2:51 PM, John W. Moore III > wrote: >> >> Make certain that on the 'OpenPGP' > 'Preferences' > 1st Tab that the >> Path to gpg.exe is correct. > > I am not using Windows so I can't say for sure about *.exe. I am using > Linux and Mozilla Thunderbird. on linux it's /usr/bin/gpg (or /usr/bin/gpg2) > > I uninstalled and reinstalled Enigmail on my Mozilla Thunderbird just > to be make sure the "plugin" worked properly. > > I then looked at my keys generated on my system: > > [EMAIL PROTECTED]:~/.gnupg$ gpg --list-keys > /home/cwilliams/.gnupg/pubring.gpg > -- > pub 1024D/C4B187CB 2008-05-29 > uid Carlos Williams > sub 8446g/6B90B444 2008-05-29 > > ***I don't know if I should be publicly posting the info above...Is > that bad to show in public?*** this are no confidential information > > Anyways - Enigmail does not find my key. I installed the most recent > version on my Linux / Thunderbird system... > > I am fairly lost on why this is not working for me...any suggestions? > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > Do you see my signature (or from other person on this list) in thunderbird ??? _-Arnaud-_ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) Comment: http://getfiregpg.org iQEcBAEBAgAGBQJIRtphAAoJEFgy9SDyxO8hrqUH+gLpf4MHe12NndEfnovqyygA WC5xxR1X2PJrk82ls9MA0KoRlRJ5l/SLHkwqiFMGJm2qHhx2WHB/8bqdPR9OZqgv Ocn3tOKnNRs9bBsD8+tcSgOdUNsiTxD9eIukENRT2ZG2Rf8OppVFhK4bbRZZdYXw SkgW+H4xJtQG9DoJN7us9JxDKDpOxbZ3N5DD9WPMh7TEukv40L1hWUlF6KV5UFJ0 7jVz8jw9IYfpO8ZYj8SFM3Zgj/qqXdySBOArygYoUr6+g1UcedBtej4XwylqFwRD EFkpN/8DfxsQ+jTr6/FnXeZRo+uTsFaERvOW9EJMqCweOEsKmjWrSVOCP+PcdaQ= =oRXJ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Am I Missing Something?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You may give a try to FireGPG (an extension to Firefox) that allow to use gpg in the Gmail interface... it's really easy http://getfiregpg.org/index.php?page=home&lang=en It will show if the mail are signed even if it's not your mail is not configured for gpg so you will be able to see if gpp is well configured, then we can try to find out other solution _-Arnaud-_ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) Comment: http://getfiregpg.org iQEcBAEBAgAGBQJIRt4hAAoJEFgy9SDyxO8htNYH/0V1pAS9KASRUHdMcSsh/DBe SudmfVC+cZsnHVJ0Pp45dPQWusZhe0ahAjkhGHCTAfGcJRPDeV+6f0fBiq3eyihB le5ts0dy6KZfuIA/eT7tG5FYBci0Ab2fOolp+DKNXs5dZEnbOnDI6aI+Mv/fGeHB X09RafVlIqEnYtFnKy6j0hjx0o0+YRSy0i8lbwBYkSzWeQxil/fpM6tLQUXIXdpO dx++tPVs41jvzYmLb16h7LNNWpNFZhdzABr46+aB5qHTxJkik6ak4jGJTHhJnyAP ZCQiqmNHDNxtK5zARTlRFFHyp/9MlbwpwZyd5m6aLAkcCZxJIN4DDKTaNKg+pmE= =xGpQ -END PGP SIGNATURE- On Wed, Jun 4, 2008 at 8:20 PM, Carlos Williams <[EMAIL PROTECTED]> wrote: > On Wed, Jun 4, 2008 at 2:09 PM, Arnaud Ongenae <[EMAIL PROTECTED]> wrote: > >> Do you see my signature (or from other person on this list) in Thunderbird >> ??? > > I am not using this email on Mozilla Thunderbird. I am strictly using > the web mail aspect of Gmail on this account. I am testing this out on > a separate account. > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Wildcards in uids?
On Wed, Jun 04, 2008 at 01:08:40PM -0400, David Shaw wrote: > On Wed, Jun 04, 2008 at 04:13:00PM +0100, Phil Reynolds wrote: > > > > I have recently started using suffixed e-mail addresses and am wondering > > if I might need to add suffixes I am using to my key - or if I can add > > something that would catch them all. > > > > If I need to add them individually, it may be better to add the ones I > > need to as I need them, but if a catch-all is possible, please advise me > > as to how I need to specify it. > > Sorry, there is no way within GnuPG to do such a thing. It's > frequently doable outside of GnuPG via your mail program, but you'd > have to consult the documentation for that program to learn how. I think you may have misunderstood the query. I use suffixed e-mail addresses - I introduced them to help me sort mail as well as spot the leaky organisations. That part is absolutely working. However, do I need to add these addresses as uids to my key if I wish to sign or encrypt mail where I am using them as From: addresses? Is a "catch all suffixes" uid possible if that is the case? If so, how do I specify it? It is nothing, as far as I can see, to do with my mail programs (either of them). It is more to do with key administration. If not, presumably I simply sign/decrypt using my existing key? -- Phil Reynolds o mail: [EMAIL PROTECTED] |L_ \ / Web: http://www.tinsleyviaduct.com/phil/ (_)- \/ Waltham 66, Emley Moor 69, Droitwich 79, Windows 95 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Wildcards in uids?
On Wed, Jun 04, 2008 at 07:23:00PM +0100, Phil Reynolds wrote: > On Wed, Jun 04, 2008 at 01:08:40PM -0400, David Shaw wrote: > > On Wed, Jun 04, 2008 at 04:13:00PM +0100, Phil Reynolds wrote: > > > > > > I have recently started using suffixed e-mail addresses and am wondering > > > if I might need to add suffixes I am using to my key - or if I can add > > > something that would catch them all. > > > > > > If I need to add them individually, it may be better to add the ones I > > > need to as I need them, but if a catch-all is possible, please advise me > > > as to how I need to specify it. > > > > Sorry, there is no way within GnuPG to do such a thing. It's > > frequently doable outside of GnuPG via your mail program, but you'd > > have to consult the documentation for that program to learn how. > > I think you may have misunderstood the query. > > I use suffixed e-mail addresses - I introduced them to help me sort mail > as well as spot the leaky organisations. That part is absolutely > working. > > However, do I need to add these addresses as uids to my key if I wish to > sign or encrypt mail where I am using them as From: addresses? > > Is a "catch all suffixes" uid possible if that is the case? If so, how do > I specify it? It is nothing, as far as I can see, to do with my mail > programs (either of them). It is more to do with key administration. I think I did understand the query. You have email addresses like "[EMAIL PROTECTED]", "[EMAIL PROTECTED]", and so on. The question was is a "catch all suffixes" UID possible. The answer to that question is no. That said, I'm not sure why you think this is a necessary thing to do. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Incompatibility between GnuPG encryption and the Bouncy Castle encryption.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bhushan Jain escribió: > Hi, > > I have created RSA key as well as its subkey for encryption using GnuPG. > Now I encrypted a file using JAVA library functions given by Bouncy > Castle (a pgp library in JAVA which claims to adhere to rfc 2440). I > also encrypted the same file using the GnuPG commands from command line. > The following are the results of the pgpdump for both of them... ... > Plz help me . > or is it that GnuPG donot follow the rfc2440?? All I know about this is GnuPG can be set to different compatibility modes, like: openpgp, pgp2, pgp8, rfc1991, rfc2440, rfc4880, and some others. Reading GnuPG manual, it states: "INTEROPERABILITY GnuPG tries to be a very flexible implementation of the OpenPGP standard. In particular, GnuPG implements many of the optional parts of the standard, such as the SHA-512 hash, and the ZLIB and BZIP2 compression algorithms. It is important to be aware that not all OpenPGP programs implement these optional algorithms and that by forcing their use via the --cipher-algo, --digest-algo, - --cert-digest-algo, or --compress-algo options in GnuPG, it is possible to create a perfectly valid OpenPGP message, but one that cannot be read by the intended recipient. There are dozens of variations of OpenPGP programs available, and each supports a slightly different subset of these optional algorithms. For example, until recently, no (unhacked) version of PGP supported the BLOWFISH cipher algorithm. A message using BLOWFISH simply could not be read by a PGP user. By default, GnuPG uses the standard OpenPGP preferences system that will always do the right thing and create messages that are usable by all recipients, regardless of which OpenPGP program they use. Only override this safe default if you really know what you are doing. If you absolutely must override the safe default, or if the preferences on a given key are invalid for some reason, you are far better off using the --pgp6, --pgp7, or --pgp8 options. These options are safe as they do not force any particular algorithms in violation of OpenPGP, but rather reduce the available algorithms to a "PGP-safe" list." So, maybe the cipher algorithm you are using with GnuPG is not supported in rfc2440, and the solution would be to change the preferences settings to rfc2440 compatible. I hope this helps. Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJIRvP5AAoJEMV4f6PvczxAozgH/3bFLpB1JXfCQZvBBXGOmvfh sFUWVRyo8AQlNx5A4lpl2m6IV36kMzJ3YWmgIeSCsoYmPtD2SswS82j1selIaz7n 2SoLLYjfsagHnREOaP4uqENySse/5Sz+cALMD3WJ7VHTtFWG1HanENVH1IdQBjwW AG8stUf0pfUef6mh8buqhRU5GfEO8uONnH6kB4nislcYVnfTH2JgVYz7OPGNqBc1 eS1owiKg3ycUh/WO2xAeshn0sp6Tv5Ch/zE1ibMymuswYHdFnNcQR0JM67XfAds0 1ZiLIV7qPiV+5BBhKHe7L2aywX0hnjWzUs/BEBoMBQc3UIEDrtmfbMOT8kv0Lro= =e1GL -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Am I Missing Something?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arnaud Ongenae wrote: > You may give a try to FireGPG (an extension to Firefox) that allow to > use gpg in the Gmail interface... it's really easy > > http://getfiregpg.org/index.php?page=home&lang=en > > It will show if the mail are signed even if it's not your mail is not > configured for gpg so you will be able to see if gpp is well > configured, then we can try to find out other solution I think it may be working now. I tried everything over from scratch on my gmail account and it looks like it found me key. Is there a way to test this with you guys on the list? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIRxNJkox9aWcei0oRAlxrAJ4xlS1fGx4BCoEbyLS+9tM5bQN9XwCeLE/t xJPxlA2yD6oGctR1pkJjQeA= =La8n -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Wildcards in uids?
On Wed, Jun 04, 2008 at 03:18:00PM -0400, David Shaw wrote: > I think I did understand the query. You have email addresses like > "[EMAIL PROTECTED]", "[EMAIL PROTECTED]", and so on. > The question was is a "catch all suffixes" UID possible. The answer > to that question is no. > > That said, I'm not sure why you think this is a necessary thing to > do. Should I wish to sign, or should somebody wish to send me something encrypted, to some address with a suffix, my key will need a uid containing that suffix, as far as I can see. Therefore, should it prove necessary, I will presumably have to add such uids as necessary to the key. On the whole, I think this will probably only rarely, if ever, be needed. But, if it is, at least I know now. -- Phil Reynolds o mail: [EMAIL PROTECTED] |L_ \ / Web: http://www.tinsleyviaduct.com/phil/ (_)- \/ Waltham 66, Emley Moor 69, Droitwich 79, Windows 95 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Wildcards in uids?
On Wed, 4 Jun 2008, Phil Reynolds wrote: On Wed, Jun 04, 2008 at 03:18:00PM -0400, David Shaw wrote: I think I did understand the query. You have email addresses like "[EMAIL PROTECTED]", "[EMAIL PROTECTED]", and so on. The question was is a "catch all suffixes" UID possible. The answer to that question is no. That said, I'm not sure why you think this is a necessary thing to do. FWIW, I would think you would want to separate signing as well as emailing, to as much as possible maintain isolation and confidentiality of whatever you are doing with those suffixed email addresses? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Am I Missing Something?
Carlos Williams wrote: > I think it may be working now. I tried everything over from scratch on > my gmail account and it looks like it found me key. Is there a way to > test this with you guys on the list? It /looks/ like Enigmail is working. Looks is the best anyone can tell at the moment. Had you sent your key to the keyservers, folks could've verified the signature you had on this last message. Until then, ie until it is available: 1) See if the original message in your Sent folder verifies OK 2a) Send yourself a signed message and see if that verifies when you receive it. 2b) You can also send yourself an encrypted message. Until your public key is available, there is nothing others can help you with -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net "what's the key to success?"/ "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Automating Decryption using gpg --batch --passphrase-file or gpg --batch --passphrase-fd 0
Hi Hardeep! Thanks for your reply. I did try your suggestion and It didn't work. It still throwing the same error . Can you tell more about the key setup? What kind of procedure i need to follow so i can run gpg in SQL Job? Thanks - Original Message From: Hardeep Singh <[EMAIL PROTECTED]> To: guk guk <[EMAIL PROTECTED]> Sent: Wednesday, June 4, 2008 6:27:09 PM Subject: Re: Automating Decryption using gpg --batch --passphrase-file or gpg --batch --passphrase-fd 0 Hi The first method is incorrect. Correct usage of --passphrase-fd is as below: gpg --batch --decrypt --passphrase-fd 0 --output output.csv output.csv.pgp wrote: > > Hi ! > > I tried to automate decryption of pgp files by running this command line in > windows xp > gpg --batch --passphrase-fd 0 < passphrase.txt --output "OUTPUT.CSV" > --decrypt "OUTPUT.CSV.pgp" > or > gpg --batch --passphrase-file passphrase.txt --output "OUTPUT.CSV" > --decrypt "OUTPUT.CSV.pgp" > > but it's always failed. > It always throw an error > gpg: encrypted with 2048-bit RSA key, ID , created 2008-05-08 > gpg: public key decryption failed: bad passphrase > gpg: decryption failed: secret key not available > > I'm using gnupg 1.4.9. > Can anybody help me please? > Thanks > > > > > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -- Hardeep Singh ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Am I Missing Something?
On 4-Jun-08, at 18:12 , Carlos Williams wrote: I think it may be working now. I tried everything over from scratch on my gmail account and it looks like it found me key. Is there a way to test this with you guys on the list? Your message was signed but your key does not seem to e in any public key server. You need to send it to a keyserver so others can use your public key. use gnupg2 --keyserver hkp://subkeys.pgp.net --send-keys [key IDs] Similar to--export but sends the keys to a keyserver. Fingerprints may be used instead of key IDs. Option--keyserver must be used to give the name of this keyserver. Don’t send your complete keyring to a keyserver --- select only those keys which are new or changed by you. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Am I Missing Something?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bill Royds escribió: > > On 4-Jun-08, at 18:12 , Carlos Williams wrote: > >> I think it may be working now. I tried everything over from scratch on >> my gmail account and it looks like it found me key. Is there a way to >> test this with you guys on the list? > > Your message was signed but your key does not seem to e in any public > key server. You need to send it to a keyserver so others can use your > public key. > > use gnupg2 --keyserver hkp://subkeys.pgp.net --send-keys [key IDs] > > > Similar to--export but sends the keys to a keyserver. Fingerprints may > be used instead of key > IDs. Option--keyserver must be used to give the name of this keyserver. > Don’t send your complete > keyring to a keyserver --- select only those keys which are new or > changed by you. *IF* he is using enigmail, it would easier to open the key management window, right click the key, and select "upload to key server"... -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJIR2nfAAoJEMV4f6PvczxAzQgIAK3LAQViiENp1WpQFgLsyYHV Xls0GvKc9oFApgbj0Oe2fKGVHVuuoT87MRgUYnoW4Ot91k/KUY0oBkxlC9MmPQC9 HISd/lnhazhb+oQhNqS/V7P25gugRekOdZ/j5rVmNFk8RWoOciLfRIMUWkzK+1TU u6YQiUzcMdEZAIG51pBDau67Jutpw4eOjSLYO2FGhHQN6UMCQ0VTAbcTnqk8YiR7 kMKvjW7OzSpVJVrr3CKsrGoTRvIEy0/wlpufCatQpkLPJf3zqY0ydcsW3xl7dkyt gx8ZuYjtuDe8gz8Q7Sk4RK/e1mKFpxi9SdtdadsF32Diji3oFSq7UifG3QHv8+4= =wiKC -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Automating Decryption using gpg --batch --passphrase-file or gpg --batch --passphrase-fd 0
guk guk wrote: > I tried to automate decryption of pgp files by running this command line in > windows xp > gpg --batch --passphrase-fd 0 < passphrase.txt --output "OUTPUT.CSV" > --decrypt "OUTPUT.CSV.pgp" > or > gpg --batch --passphrase-file passphrase.txt --output "OUTPUT.CSV" > --decrypt "OUTPUT.CSV.pgp" The general form is gpg --batch --passphrase-file --output --decrypt The first is wrong gpg --batch --passphrase-fd 0 --output <> --decrypt <> < The second looks correct, the quotes around the filenames are generally unneeded on Win32, but shouldn't break things. > but it's always failed. It always throw an error > gpg: encrypted with 2048-bit RSA key, ID , created 2008-05-08 > gpg: public key decryption failed: bad passphrase The bad passphrase error points to your passphrase file being at fault. Check that your passphrase file is the same exact length as the passphrase. Use DIR at a command prompt or any program that will do a hex dump for you. A (hex 0x0d0a) at the end of the passphrase in the file will cause the passphrase to fail. (0x0a) alone seems to work as well as no line ending at all. notepad can be used to create the file without line endings. These problems go away by removing the passphrase from the key. And remove the charade that things are all that secure when the passphrase is in a file readable by anyone with enough access. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?"/ "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Am I Missing Something?
Carlos Williams wrote the following on 6/4/08 6:12 PM: [...] > I think it may be working now. I tried everything over from scratch on > my gmail account and it looks like it found me key. Is there a way to > test this with you guys on the list? Carlos, As you have already been answered by John, your e-mail looks like a signed one, and an attempt to verify the signature outputs: gpg: Signature made Wed Jun 4 18:12:25 2008 EDT using DSA key ID 671E8B4A gpg: requesting key 671E8B4A from hkp server keyserver.linux.it gpg: no valid OpenPGP data found. gpg: Total number processed: 0 gpg: Can't check signature: No public key I have tried to find your key on key servers other than the one indicated above, without results. The only key I have found who is listed to someone named carlos williams is: carlos williams <[EMAIL PROTECTED]> 1024 bit DSA key 8C73D5AB, created: 1997-08-27 That's not the key used to sign your message. If you want recipients of your signed e-mails to be able to verify your signature, you should upload your public key to a public server, or to send your key directly and exclusively to your selected correspondents. In the present case, this is a mailing list, so either you upload you key to a keyserver, or you attach your public key (OpenPGP/Attach My Public Key) to a message posted to the list, which will leave out people who are not subscribed to this list. Best regards, Charly MacOS 10.5.3 - MacBook Intel C2Duo - GnuPG 1.4.9 - GPG2 2.0.9 - Thunderbird 2.0.0.14 - Enigmail 0.96a ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
