Re: ...key belongs to ...

2010-05-30 Thread Doug Barton 
On 5/29/2010 5:58 PM, Michael D. Berger wrote:
> I went to the account in which the key pair was generated
> and tried to sign the key.  I got that the key is already
> signed.  Was there perhaps something in the export of
> the public key that might have gone wrong?  Or, perhaps,
> is there some other signing that is necessary?

You need to sign the PUBLIC key on the keyring of the account that is
doing the encryption.


hth,

Doug

-- 

... and that's just a little bit of history repeating.
-- Propellerheads

Improve the effectiveness of your Internet presence with
a domain name makeover!http://SupersetSolutions.com/


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: upgrading from 1.4.7 to 2.0.14

2010-05-30 Thread eMyListsDDg 
that i did not realize Charly, thank you for bringing that to my attention


> Olav Seyfarth wrote the following on 5/28/10 1:07 AM:
>> Hi,

>>> i have gnuPG 1.4.7 currently installed on windows xp
>>> i want to install gnuPG 2.0.14
>>> question: will there be any compatibility issues with my current keys, etc?

>> None that I know of. I had no troubles to use and edit old and new keys.

>> Olav


> No problems with the keys per se, but I am referring here to the 'etc?'
> in your question.

> GnuPG 2.0.14 will require the configuration and use of gpg-agent, that
> will cache (without writing it to disk) the passphrase of your secret key.

> Thus, for the value you'll set to gpg-agent's cache, you will not have
> to type your passphrase, after you have typed it once for decrypting,
> and once for signing.
> 
> and others.

> Charly






___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: upgrading from 1.4.7 to 2.0.14

2010-05-30 Thread eMyListsDDg 
thanks for the reply. i'll install and give it a try ...



> -BEGIN PGP SIGNED MESSAGE-
> Hash: RIPEMD160

> Hi,

>> i have gnuPG 1.4.7 currently installed on windows xp
>> i want to install gnuPG 2.0.14
>> question: will there be any compatibility issues with my current keys, etc? 

> None that I know of. I had no troubles to use and edit old and new keys.

> Olav
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2.0.14 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

> iQGcBAEBAwAGBQJL/0+fAAoJEKGX32tq4e9WMFUL+wZfl9tp2p2i9U81pz3w1rE3
> UznqXAfa1MLmh7RaL1P7Ln9Emh1uo+DwNlldvDfMGINriGCWiAsi4YBma2nQDxFQ
> ChGbBHWecpd6Imjmpet/rwqtPvsXcmPbHMbYQvZIGB2F2jPoSG3/CPGgdVYDU14Y
> Xk2CxibzJ46WoWG1jpHjkVySj2vG8S+Ix1IhcuMzvxscqr8t3RG+r9KvrFLy6cWa
> PQTYpVOpGxbY1QZ0G6AwhMs7l2D+vnRZkI0aclbNLCSY8+jbnrPY/h7DEOdPfCCS
> IOu7c1uS35Ekjwz5m4ujp/U8BQvOeMO2ekpP48HmPqKYj589RPPsa6nm/pj6ZlUc
> OPcb2cTrsjWjzwIbUSvHqpatqwFSwYcTMbM0F6GgnH1AYB66Rr25HpiEfDO+ygMc
> EOCeO/rYQMIUBqI0dnRH721bjb0uNTwvc479csVnK1ToTCuusTxJfeLb32uPiqEI
> USBB+NdNUoww3XaqiuFxoucej1iPwPfj1PGhCTa5Wg==
> =QDV5
> -END PGP SIGNATURE-





___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: ...key belongs to ...

2010-05-30 Thread Daniel Eggleston 
On Sun, 30 May 2010 00:58:57 + (UTC)
"Michael D. Berger"  wrote:

> On Sat, 29 May 2010 19:46:29 -0500, John Clizbe wrote:
> 
> > Michael D. Berger wrote:
> >> On a Linux box, in encrypting a file with gpg, I get this query:
> >> 
> >>It is NOT certain that the key belongs to the person named in
> >> the user ID.  If you *really* know what you are doing, you may
> >> answer the next question with yes.
> >> 
> >>Use this key anyway? (y/N) n
> >> 
> >> Now in the context in which this is being used, there is no
> >> uncertainty regarding key ownership, and the encryption is part of
> >> a bash script. The query stops the script.
> >> 
> >> Therefore, how can I prevent this query?
> > 
> > The easiest is to either
> > 
> > a) (l)sign the key
> > 
> > or
> > 
> > b) add '--trust-model always' to the command line
> 
> I went to the account in which the key pair was generated
> and tried to sign the key.  I got that the key is already
> signed.  Was there perhaps something in the export of
> the public key that might have gone wrong?  Or, perhaps,
> is there some other signing that is necessary?
> 
> Thanks again.
> Mike.
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

You got that it's already signed because it's self signed. Your error
is akin to the message a web browser gives you when the site has a
self-signed certificate. There is no guarantee that the certificate
comes from the entity it says it does.  i.e. you have nothing but the
"word" of the certificate confirming its identity.

You need to go into the account performing the encryption, import the
public key in question if you haven't already, and sign it *there*.
Basically, confirming to gpg that you have independently verified this
key and know it to be valid.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: ...key belongs to ...

2010-05-30 Thread Ingo Klöcker 
On Sunday 30 May 2010, Daniel Eggleston wrote:
> On Sun, 30 May 2010 00:58:57 + (UTC)
> 
> "Michael D. Berger"  wrote:
> > On Sat, 29 May 2010 19:46:29 -0500, John Clizbe wrote:
> > > Michael D. Berger wrote:
> > >> On a Linux box, in encrypting a file with gpg, I get this query:
> > >>It is NOT certain that the key belongs to the person named in
> > >> 
> > >> the user ID.  If you *really* know what you are doing, you may
> > >> answer the next question with yes.
> > >> 
> > >>Use this key anyway? (y/N) n
> > >> 
> > >> Now in the context in which this is being used, there is no
> > >> uncertainty regarding key ownership, and the encryption is part
> > >> of a bash script. The query stops the script.
> > >> 
> > >> Therefore, how can I prevent this query?
> > > 
> > > The easiest is to either
> > > 
> > > a) (l)sign the key
> > > 
> > > or
> > > 
> > > b) add '--trust-model always' to the command line
> > 
> > I went to the account in which the key pair was generated
> > and tried to sign the key.  I got that the key is already
> > signed.  Was there perhaps something in the export of
> > the public key that might have gone wrong?  Or, perhaps,
> > is there some other signing that is necessary?
> 
> You got that it's already signed because it's self signed. Your error
> is akin to the message a web browser gives you when the site has a
> self-signed certificate. There is no guarantee that the certificate
> comes from the entity it says it does.  i.e. you have nothing but the
> "word" of the certificate confirming its identity.
> 
> You need to go into the account performing the encryption, import the
> public key in question if you haven't already, and sign it *there*.
> Basically, confirming to gpg that you have independently verified
> this key and know it to be valid.

Since signing requires a private key on the encryption box it might be 
easier to set the (owner) trust of the public key to be used for 
encryption to ultimate.


Regards,
Ingo


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users