Re: Terminology - certificate or key ?

[John Lane]

> I have to admit to being extremely annoyed with the state of the language we 
> use.  OpenPGP is hard enough to learn without having to be confused by 
> multiple names for the same algorithms, confusing usage of "certificate", 
> "key", and "Key", and every other bit of linguistic tomfoolery we seem to 
> have accumulated.

I agree wholeheartedly with this sentiment. Thanks for confirming what I
hoped was the case.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

[John Lane]

> [1] http://www.ietf.org/mail-archive/web/openpgp/current/msg07712.html
> 
> [2] ftp://ftp.pgpi.org/pub/pgp/6.5/docs/english/IntroToCrypto.pdf
> 
Great link [1], very interesting. I think the language used hasn't
helped the uptake of this technology. The other thing mentioned in there
is trust vs validitity which made my head spin more than my grandad's
Poitín! [2] is on my reading list now :)


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: automate pga clipboard

[Stephan Beck]

Hi,

tim.dcl...@gmail.com:
> i am using GPA 0.9.9 to encrypt text file data. i copy/paste my text
> into the clipboard and hit encrypt. Im prompted to choose public key.
> After choosing, i get the following results (less the blah blahs).
> 
> I would like to do this from a command line so i can do unattended. can
> this be done? does anyone have examples of syntax?
> 
> -BEGIN PGP MESSAGE-
> Version: GnuPG v2
> blah..
> blah..
> blah..
> -END PGP MESSAGE-

I never have used any automated mode with gnupg and usually I use a
smartcard, but, generally speaking, you have to use the --batch option
and provide your passphrase via command line.
Maybe
gpg2 --batch --passphrase-file [passphrasefile] --recipient [uid or
fingerprint of recipient's key] --sign --encrypt [yourtext.txt]

But I'm not sure. Please (more expert people) correct me if I am wrong.

Cheers,

Stephan



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

[Werner Koch]

On Thu, 29 Sep 2016 12:23, gn...@jelmail.com said:

> * A Public-Key packet starts a series of packets that forms an OpenPGP
> key (sometimes called an OpenPGP certificate).

In OpenPGP this is called a "keyblock".  The term certificate is used
only for some special thinks (revocation certificate).  Certificate also
has the bad connotation that a third party issues this; which is not the
case for common OpenPGP use cases

An OpenPGP keyblock is very different from an X.509 certificate.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpjxUOT04usK.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

[Peter Lebbing]

On 29/09/16 17:17, Robert J. Hansen wrote:
> I have to admit to being extremely annoyed with the state of the language we 
> use.

IMO, TOFU has just made it even worse.

I tried to be really strict, talk about ownertrust and validity. Always trying
to keep them separate. Personally avoiding the word "trust" without the "owner-"
prefix.

Then we get Trust On First Use, which... increases or establishes validity of a
key on the first use...

Ugh.

I suppose, in this case, that's what you get when you import a term from outside
of the ecosystem. If invented here, it would be Validity On First Use.

Peter.

PS: A while ago I said "I think it might be worth it to file a bug report if you
see the word 'trust' used for validity in the official documentation that
accompanies GnuPG." Then I read the new documentation on TOFU, and mentally
tagged it WONTFIX. It's just undoable with that terminology.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: gpg: signing failed: Inappropriate ioctl for device Error Message on Linux

[Justus Winter]

Hello,

please don't drop the mailing list when replying.

Jim Ernst  writes:
>> I am currently testing keys I created using gpg version 2 2.1.15 (libgcrypt 
>> 1.7.3) and I am trying to encrypt a file using a shell script in a LINUX 
>> environment. I am getting the following error when the command is executed:
>>
>> gpg: signing failed: Inappropriate ioctl for device
>>
>> Has anyone encountered this issue ?
>
> Yes.  https://bugs.gnupg.org/gnupg/issue2680
>
> Was the "echo test | gpg2 --sign --armor -u $USER" the method for fixing the 
> issue ? I am running on a Linux box .

No.  You were asking if anyone else has encountered the issue, and I
replied by pointing you to the bug report of someone who also
encountered the issue.

The problem is that either there is no graphical pinentry, or there is,
but it cannot execute e.g. due to DISPLAY not being set, *and* the
fallback pinentry failed to open the terminal due to the fact that stdin
of the gpg process is not connected to a terminal.  The latter can
happen for example when gpg is used in a pipe.

Justus


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

[Robert J. Hansen]

> In OpenPGP this is called a "keyblock".

Where can I find this usage documented?  In almost 25 years in the PGP
community I've heard the word "key" used >95% of the time, "certificate"
<5% of the time, and this is literally the first time I've heard the
word "keyblock".

Also see:

https://www.gnutls.org/manual/html_node/OpenPGP-certificates.html
https://www.gpg4win.org/doc/en/gpg4win-compendium_12.html
http://www.pgpi.org/doc/pgpintro/
https://tools.ietf.org/html/rfc6091

All of these are well-respected authorities (Gnutls, GnuPG, PGP
Corporation, and the IETF) using the certificate terminology.

I have been unable to find reputable uses of "keyblock" in a five-minute
Google search.  If this is the officially approved language, could you
please point me to where it's documented?

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

[Kristian Fiskerstrand]

On 09/30/2016 02:46 PM, Robert J. Hansen wrote:
>> In OpenPGP this is called a "keyblock".
> 
> Where can I find this usage documented?  In almost 25 years in the PGP
> community I've heard the word "key" used >95% of the time, "certificate"
> <5% of the time, and this is literally the first time I've heard the
> word "keyblock".
> 

I'd start with -BEGIN PGP PUBLIC KEY BLOCK- :)

-- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

Ubi mel ibi apes
Where there's honey, there are bees



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: recording and retrieving "secrets" into gpg files

[Arbiel (gmx)]

Hi

Thank you Andrew.

In the material I've been ready lately, all examples are written in a
programming language and I only have abilities in bash scripting.

Can somebody, please, direct me toward a url where they provide bash
scripting examples.

Arbiel

Le 28/09/2016 à 15:25, Andrew Gallagher a écrit :
> On 28/09/16 12:44, Arbiel (gmx) wrote:
>> Hi
>>
>> Seahorse (distributed within Ubuntu) allows for the storing and
>> retrieving of "secrets", as passwords, into what I understand to be
>> gpg keyrings, or at the least, files.
> 
> Seahorse stores passwords in the Gnome keyring, which is not related to
> PGP -- it uses symmetric encryption based on an iterative password
> hash. Try the docs for "gnome-keyring"?
> 
> A
> 
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg: signing failed: Inappropriate ioctl for device Error Message on Linux

[Werner Koch]

On Fri, 30 Sep 2016 14:37, jus...@g10code.com said:

> fallback pinentry failed to open the terminal due to the fact that stdin
> of the gpg process is not connected to a terminal.  The latter can
> happen for example when gpg is used in a pipe.

That does not matter.  The pinentry opens the tty on its own.  To do
this it needs to know the tty.  Fortunately gpg knows the tty or can
take it from the GPG_TTY envvar and passes the name of the tty device
via gpg-agent up to pinentry.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpg3wEOB_V5b.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

[Werner Koch]

On Fri, 30 Sep 2016 14:46, r...@sixdemonbag.org said:

> https://www.gpg4win.org/doc/en/gpg4win-compendium_12.html

We had a long discussion many years ago on how to name the beast.  The
compendium somewhat prioritizes S/MIME and thus we tried to unify the
terms by using "certificate" also for OpenPGP.  I think that experiment
failed because it mixes two entirely different concepts.

The root of the problem might be the concept of "public key" and
"private key".  You need to educate users that these are very different
things but still belong together.  Many users only notice "key",
associate that with password, and notice the passphrase they use to
unprotect the private key.

So for example "lock" and "private key" may be better.  But we can't
change that anymore, as the train left the station a long time ago.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpu8UeW0KZ4B.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Terminology - certificate or key ?

[Robert J. Hansen]

> I'd start with -BEGIN PGP PUBLIC KEY BLOCK- :)

You are technically correct (the best kind of correct!) [1] -- no, wait!  
That's "key block", not "keyblock"!

I'm more technically correct!  I win!  :)

In all seriousness, the only context in which I've seen "key block" has been 
the beginning of an armored certificate, and I've literally never seen 
"keyblock", nor have I ever heard anyone call their certificate a "keyblock" or 
"key block" outside of the narrow context of "look for -BEGIN PGP PUBLIC 
KEY BLOCK-".

[1] https://www.youtube.com/watch?v=hou0lU8WMgo


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

[Kristian Fiskerstrand]

On 09/30/2016 04:24 PM, Robert J. Hansen wrote:
>> I'd start with -BEGIN PGP PUBLIC KEY BLOCK- :)
> 
> You are technically correct (the best kind of correct!) [1] -- no,
> wait!  That's "key block", not "keyblock"!
> 
> I'm more technically correct!  I win!  :)
> 
> In all seriousness, the only context in which I've seen "key block"
> has been the beginning of an armored certificate, and I've literally
> never seen "keyblock", nor have I ever heard anyone call their
> certificate a "keyblock" or "key block" outside of the narrow context
> of "look for -BEGIN PGP PUBLIC KEY BLOCK-".
> 

I for one try to make the distinction, you'll find it back to my signing
policy document[0] (that hasn't been updated for a very long time.., but
doesn't seem like people care too much about things like this today so I
should remove it): "The signed keyblock is uploaded to a randomly chosen
set of keyservers. The signee may hint on what key server or choose to
receive it through mail instead."

References:
[0] https://sumptuouscapital.com/pgp/
-- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

"If you are successful, you may win false friends and true enemies.
Succeed anyway."
(Mother Teresa)



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: recording and retrieving "secrets" into gpg files

[Stephan Beck]

Hi Arbiel,

Arbiel (gmx):
> Hi
> 
> Thank you Andrew.
> 
> In the material I've been ready lately, all examples are written in a
> programming language and I only have abilities in bash scripting.
> 
> Can somebody, please, direct me toward a url where they provide bash
> scripting examples.
[...]
Bash scripting in general?
http://bash-hackers.org

related to gpg? For instance,
https://github.com/Whonix/gpg-bash-lib

Cheers,

Stephan

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

[Mirimir]

On 09/30/2016 08:24 AM, Robert J. Hansen wrote:
>> I'd start with -BEGIN PGP PUBLIC KEY BLOCK- :)
> 
> You are technically correct (the best kind of correct!) [1] -- no, wait!  
> That's "key block", not "keyblock"!
> 
> I'm more technically correct!  I win!  :)
> 
> In all seriousness, the only context in which I've seen "key block" has been 
> the beginning of an armored certificate, and I've literally never seen 
> "keyblock", nor have I ever heard anyone call their certificate a "keyblock" 
> or "key block" outside of the narrow context of "look for -BEGIN PGP 
> PUBLIC KEY BLOCK-".
> 
> [1] https://www.youtube.com/watch?v=hou0lU8WMgo

Well, it's a "key" in a block, with regular line breaks.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

[Ineiev]

On Fri, Sep 30, 2016 at 04:22:39PM +0200, Werner Koch wrote:
> 
> The root of the problem might be the concept of "public key" and
> "private key".  You need to educate users that these are very different
> things but still belong together.

There is one more: "secret key".


signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

[Andrew Gallagher]

The problems always start with the words "public key"...

On 30/09/16 15:22, Werner Koch wrote:
> 
> So for example "lock" and "private key" may be better.

"Lock and key" works for symmetric crypto, because you lock and unlock
with the same key. "Latch and key" is the best analogy I know of to
public key crypto, because anyone can pull a latch closed, but you need
the key to open it again.

It's true that the term "certificate" can imply an unwarranted level of
authority - but that's also true of most things in the real world that
we call "certificates", so I don't think the problem is entirely in the
terminology...! ;-)

Another problem with the signature analogy is that you don't sign with
a "key" in the real world -- but there are other physical objects that
you can "sign" with, such as a signet ring, which is a more intuitive
analogy than "private key". But then what is the "public key" in this
analogy?

There just isn't anything in the physical world that works as a
watertight analogy for the underlying mathematics. The fact that the
same process can be used (with subtle differences) in *both directions*
is where all known analogies come completely unglued...

A




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: gpg: signing failed: Inappropriate ioctl for device Error Message on Linux

[Jim Ernst]

Hi Werner and Justus - thank you for the info !!

Is this issue normally associated with a --passphrase-fd 0 command being used 
with gpg2? I am doing the following:

v_recipient='RECIPIENT'
v_passphrase=`cat  pfile.txt`
   /usr/local/bin/gpg2 --batch --local-user $v_recipient 
--passphrase=$v_passphrase --output $  --sign 

And it is erroring with :

gpg: signing failed: Inappropriate ioctl for device

I was figuring this was not even trying to utilize any kind of STDIN since it 
was in --batch mode and not using the "passphrase-fd 0"

Thanks!!
Jim Ernst

-Original Message-
From: Werner Koch [mailto:w...@gnupg.org]
Sent: Friday, September 30, 2016 10:14 AM
To: Justus Winter 
Cc: Jim Ernst ; gnupg-users@gnupg.org
Subject: Re: gpg: signing failed: Inappropriate ioctl for device Error Message 
on Linux

On Fri, 30 Sep 2016 14:37, jus...@g10code.com said:

> fallback pinentry failed to open the terminal due to the fact that
> stdin of the gpg process is not connected to a terminal.  The latter
> can happen for example when gpg is used in a pipe.

That does not matter.  The pinentry opens the tty on its own.  To do this it 
needs to know the tty.  Fortunately gpg knows the tty or can take it from the 
GPG_TTY envvar and passes the name of the tty device via gpg-agent up to 
pinentry.


Salam-Shalom,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
NOTE: The sender of this email is an independent contractor of Invacare 
Corporation or one of its subsidiaries. CONFIDENTIALITY NOTICE: The information 
in this e-mail message and any attachments may contain privileged, confidential 
or proprietary information, including confidential health information, 
protected by applicable Federal or state laws. Such information is intended 
only for the recipient named above. If you are not the intended recipient, 
please notify the sender immediately, and take notice that any use, disclosure 
or distribution of such information is prohibited by law.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Why GnuPG encrypted file has no icon?

[Rohit P]

When you encrypt multiple files in a folder, GnuPG encrypted files have no 
icon. It is difficult to immediately identify which are the encrypted files.


Any specific reason why encrypted files have no icon?



...

RP
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users