Decrypting symmetrically encrypted text in Command Line (CL) results in error message?
Hello everyone, I've tried to find info regarding this but no real luck so far. It was discussed in the thread "encryption/decryption without files", but I haven't found a reply there that covers 'symmetric decryption'. And yes, I am aware of plaintext, shell, bash, etc. These are generally short text snippets, which can be considered internal, not even confidential (I'm not familiar with the names of levels up to "Ultraviolet Top Secret", but this would barely reach "Just don't forget too many print outs on the tube" level. :) ) We use it mainly for small txt files stored in the cloud, some things sent over Google or stored temporarily in some docs at Google Drive, etc. Anyway, I often use -ac in command line to encrypt these text snippets. I write the text or message, finish with Ctrl+Z (We use Windows at work), and copy the encrypted text. One thing I would like to do is the opposite, however, but I haven't figured out how to, yet. If I want to decrypt a short text snippet, I have to 1. copy the snippet 2. paste it into a txt file 3. save the file 4. use "gpg -d file.txt" (The text is then read in the CL window, I have no interest in this case to save the decrypted text, just read it and e.g. check a reference) Is it possible to replace steps 2 and 3 by pasting in the text in the CL? I've tried "gpg [Enter]", but I always get the message "decryption failed: bad key" as you can see below. Everything below the encrypted message happened automatically when I pasted in the text first time, though next time it did wait for me to supply the passphrase, with same "bad key" result, however. Note that the last line "-END PGP MESSAGE-" disappears. Also, the prompt does not return to the standard ">", until I have done a Ctrl+Z or Ctrl+C. >gpg gpg: Go ahead and type your message ... -BEGIN PGP MESSAGE- Version: GnuPG v1.4.15 (MingW32) jA0ECgMCpM [snip] zHEHXtFP3 =uNdz gpg: TWOFISH encrypted data gpg: encrypted with 1 passphrase gpg: decryption failed: bad key As I wrote in the subject line, this is when using symmetric encryption (as you can see), since we use that in these particular cases. It does work with asymmetric encryption, though the workflow is a bit dodgy even there, I think? The END PGP MESSAGE line disappears here as well and the first failed attempt for the passphrase happened without my input too. >gpg gpg: Go ahead and type your message ... -BEGIN PGP MESSAGE- Version: GnuPG v1.4.15 (MingW32) hQIMA [snip] /HaL1 =ZWgL You need a passphrase to unlock the secret key for user: "Sin Trenton" 4096-bit RSA key, ID 0x0A0A0A0A0A0A0A0A, created 2010-01-01 (subkey on main key ID 0x0A0A0A0A0A0A0A0A) gpg: Invalid passphrase; please try again ... You need a passphrase to unlock the secret key for user: "Sin Trenton" 4096-bit RSA key, ID 0x0A0A0A0A0A0A0A0A, created 2010-01-01 (subkey on main key ID 0x0A0A0A0A0A0A0A0A) gpg: encrypted with 4096-bit RSA key, ID 0x0A0A0A0A0A0A0A0A, created 2010-01-01 "Sin Trenton" ^Z (Ctrl+Z, my input) [The decrypted text appears here after my input] > Thankful for any pointers or help. Best regards, Sin Trenton ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Future inclusion of Threefish in Gnupg?
Hello everyone, Just out of curiousity, are there any plans for including Threefish into GnuPG? Or does it have to be incorprorated into the OpenPGP standard first and *then* perhaps baked into GnuPG? In simple curiousity and because I have a soft spot for Twofish[1] Sin Trenton [1] Soft spots are also known as chinks in your armour, I know, I know... -- Random notes at https://sintrenton.wordpress.com Twitter: @SinTrenton PGP Key: 0xC233169488515CE5 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Future inclusion of Threefish in Gnupg?
On 2014-05-14 21:40, David Shaw wrote: On May 14, 2014, at 9:35 AM, Sin Trenton wrote: Hello everyone, Just out of curiousity, are there any plans for including Threefish into GnuPG? Or does it have to be incorprorated into the OpenPGP standard first and *then* perhaps baked into GnuPG? Yes. GnuPG follows the OpenPGP standard, so any new algorithms would need to go through that process first. David As I suspected. Time to join a lobbying group, then. ;) Thank you. Sin T. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Future of GnuPG 1.x.x?
Hello everyone, My preferred flavour of GnuPG tends to be commandline 1.4.x (I use Ubuntu on one comp, but the others are WinXP), even if I also have Thunderbird/Enigmail, as well. It suits my needs and I have established routines for using it. However, while rummaging through the archiveson this leisurely Saturday, I came across two posts that made things a little unclear to me (quotes and links at the end of the mail). Is the plan to retire 1.x sometime in a not too distant future (I'm not saying that I assume an actual time plan being set)? One post talk about "put into runoff", the other "We will keep maintaining GnuPG-1 versions". The reason I ask is I have tried 2.x and even with various utf-8 settings, signed mail fail verification approx 50% of the time for others as my client does with theirs. English works fine, but it seems mail containing Swedish/Danish/Czech letters (æ, ø, å, ä, ?, ?, ?, etc) get mucked up. Anyway, just curious to know how the thoughts/plans ahead are. Best regards, Sin T. The two posts: == Retiring? == Mon May 14 23:19:03 CEST 2012 http://lists.gnupg.org/pipermail/gnupg-users/2012-May/044319.html "> In one of the recent, longer, threads, it was my understanding > that Werner said that the 1.4.x branch of GnuPG will not be > updated to have ECC capabilities, and may eventually be "put > into runoff" as it were. Werner, may I request that you confirm > or refute that? Right, that is the current plan. Maintaining two stable branches is extremely time and thus cost intensive." == Not retiring? == Tue Mar 27 11:20:14 CEST 2012 http://lists.gnupg.org/pipermail/gnupg-announce/2012q1/000314.html "We will keep maintaining GnuPG-1 versions because they are very useful for small systems and for server based applications requiring only OpenPGP support." ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Future of GnuPG 1.x.x?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello everyone, Sorry I haven't responed earlier, summer, life and all that, but thank you for all your input. Haven't completely solved the thing about ANSI vs UTF-8 / OpenPGP/Enigmail/commandline etc signing, but we who use UTF-8 as default usually manage to verify each others' signatures without problems. As for the future about GnuPG 1.4.x, again, thanks for all the input and you've made me wiser. :) Bests, Sin T. Comment: Old key 0x3B708D7C revoked (1024D) Comment: New key is 0x88515CE5 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (MingW32) iQIcBAEBCAAGBQJQK6fGAAoJEMIzFpSIUVzlSZwQAIrIF5opXGKGNNIo73VZb5X+ TPnkshdhXpH1jQVPJfv+w0qZYy9mqv9CwNZpCiFJ+HgqEJUeYmkyDa0bLLcr3XQK CFaVayYPNHlB/F/DiiWjOkjEL1lJUgNFp44aqjjJKv0IPb2ltoUKSAYObpS0cpoZ WW5znLd+9pBBVJed/JEy11YDgr8tyqL0bdUcZbnPoszi58APL00i26kqiTOt35Rc w0cgrfQPpGxr5gKLSCDnB+PWYLDttovtvM1mA/xVHolT5Bri0VvESHWW/ePNAy/f z7TsUz4rRtP2A0xQM/kQnggsONQP1g2+Of6OVZpYoOAcWidJCZFvGbx9NLJgK5A/ 8TpCIhKtpHsPHcfpNcCPPnskdPbCnm8yuS3+hz6Y3w+OksAv5phiE4EVJHKez/lB nG2KsJxRv8EYyPtv6N0CrLp+mU5c4gFgL8R5O56BqPvgTZuz3YWssW+cFpoCWAwP V2RVsl7+1FjScUyigk1M5yAMbbANSig2rySdiP8knepmUaNGOPj2z0N7MwPaQrVg /t53rhrq13TNry3oo0gJb7H/zb6CKDctzjGVbNrKC7N0ol8CrKlAcbRoPuM7Hs5m IrOR2OSI6/hjS2RAl2WEEu6G6BYBzcybJuTZfAQBXV+tKgLI2T5YD5t7U7FHJako +P3Q7897dfSTkkTviP7e =7QvE -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how vulnerable is "hidden-encrypt-to"
> = > > The one sending the message really is in control here ;-) > The sender can use hidden encrypt to ANY public key. > > i.e. if Alice is sending the message and wants to hide her > identity, > nothing prevents her from using throw-keyid with Bob's public key > instead of her own, or NIST's, or PGP Corporation's, or any onyone > else's. > > If the message is unsigned, the receiver cannot tell, > (assuming it's sent from an appropriately anonymized e-mail > address), > and if it is signed, then the throw -keyid doesn't hide the > sender's identity from the receiver. > > > vedaal I got a bit intrigued by this discussion, having posted a question once relating to it. I'm not sure if this input really shows anything or is of any real contribution to the discussion, but to me it seems all recipients, including your own are hidden for you when you decrypt a message or a file? (You get how many keys, but only ID for each). Note that the file was not signed. So I made a test in my "GPG workshop" (where I have four 'dummy' keys I created just for testing things out). A file was encrypted with --hidden-recipients ( -R ); a friend's key, one of my dummy keys [key four], playing the recipient and sender, plus two keys serving as 'red herrings', random keys I downloaded from The Guardian (UK newspaper) and Deutsche Telekom. I then ran a --decrypt and got this output: gpg: anonymous recipient; trying secret key [key one] ... gpg: anonymous recipient; trying secret key [key two] ... gpg: anonymous recipient; trying secret key [key three] ... gpg: anonymous recipient; trying secret key [key four] ... gpg: cipher algorithm 122 is unknown or disabled gpg: anonymous recipient; trying secret key [key one] ... gpg: anonymous recipient; trying secret key [key two] ... gpg: anonymous recipient; trying secret key [key three] ... gpg: anonymous recipient; trying secret key [key four] ... gpg: anonymous recipient; trying secret key [key one] ... gpg: anonymous recipient; trying secret key [key two] ... gpg: anonymous recipient; trying secret key [key three] ... gpg: anonymous recipient; trying secret key [key four] ... gpg: anonymous recipient; trying secret key [key one] ... gpg: anonymous recipient; trying secret key [key two] ... gpg: anonymous recipient; trying secret key [key three] ... gpg: anonymous recipient; trying secret key [key four] ... gpg: okay, we are the anonymous recipient. gpg: encrypted with RSA key, ID gpg: encrypted with RSA key, ID gpg: encrypted with RSA key, ID gpg: encrypted with RSA key, ID /Sin T. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gnupg-users Digest, Vol 107, Issue 24
On 2012-08-28 08:52, gnupg-users-requ...@gnupg.org wrote: > Message: 3 > Date: Mon, 27 Aug 2012 21:48:54 -0700 > From: mercuryris...@hush.ai > To: gnupg-users@gnupg.org > Subject: Can IPAD or Android Tablets create Keys and use gnupg > Message-ID: <20120828044854.d505010e...@smtp.hushmail.com> > Content-Type: text/plain; charset="utf-8" > > Can IPAD or ANDROID TABLETS create gnupgp private/public keys and use > gnupg or is that still relegated to Windows/Vista, Mac OSX and Linux > on desktop and laptop/notebook computer platforms? For Android the OpenPGP app APG is available. http://thialfihar.org/projects/apg/ Of course, I am certain people on this list may have opinions regarding the wisdom of using it. ;-) The source code is available at https://github.com/thialfihar/apg/tree/master/src/org/thialfihar/android/apg Then again, I must confess I only keep public keys and no private ones on the app. I find it pretty convenient to be able to encrypt notes or files while "on the move/road/run", especially if I need to store them temporarily at a cloud service. Also, my default mail client on Android is K-9 which integrates pretty nicely with the APG, so I can send messages to those friends that are actually using GPG/OpenPGP. (All two of them). BR Sin T. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Can IPAD or Android Tablets create Keys and use gnupg
Sorry, forgot to change the subject line. Running digestive mode for a bit here. BR Sin T. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: new release of GPA
> Just because "you" have decided to cherry pick your definition of the > English word "free" does not make it more or less so. The word not only > can be used to mean "unconstrained", such as you seem to want, but it > can, and in fact more commonly does, also mean "obtainable without any > payment". And you will find both these definitions in the online Free > Dictionary here: https://en.wiktionary.org/wiki/free. Oh, and you > should feel "free" to quote me on that if you like. Well, "he" nor "we" was/were actually the first to use this definition, nor is it actually cherry picking; https://en.wikipedia.org/wiki/Gratis_versus_libre Apart from the two definitions, there is actually an old definition/discussion regarding precisely this, as you can see. :) Sin T. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: new release of GPA
On 2012-10-30, ved...@nym.hush.com wrote: > Thank You WK and all the gnupg support staff, > for developing it, allowing it to be easily downloaded, > and actively maintaining it and improving it!!! May I concur with the former speaker, One, huge, great, amazed Thank You to WK and all contributors for giving us this!! You're greater than Libre Office and sliced bread combined. =o) Sin T. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP goes TV in Germany
Hello, this may be interesting for some of the readers of this list: Monday and Wednesday next week (15th, 17th) my OpenPGP course at Berlin Linux User Group https://www.cryptoparty.in/berlin#belug_monatlich will be visited by three or four German TV crews plus one Ukrainian. So you at least don't have to be (too) afraid that technical nonsense gets broadcasted... ;-) The first report will be on air in the ARD Nachtmagazin on Monday, part of the tagesthemen probably the next day. I do not know yet when N24 and ZDF are going to broadcast this. But I will announce that when I know it here: https://plus.google.com/112439263422984818548 https://www.facebook.com/groups/openpgp.schulungen/http://www.openpgp-schulungen.de/neuigkeiten/ The rather strange reason for that is that they actually wanted to shoot at Cryptoparties but their paranoid organisers (slightly misunderstanding their own aim of making the general public familiar with crypto) didn't allow that. We jump at the chance and change my "once per month with small group" OpenPGP-only event to a complete Cryptoparty offer with one real event per week (with rotating subjects, only one per event). Furthermore we (or at least me for OpenPGP) will offer to teach future instructors for other events and offer them to gain (supervised) experience with our course before they give one on their own. This should help getting more people willing (and qualified) to do that. Obviously I am not really neutral in this assessment but I consider OpenPGP the lead technology for making the public familiar with all the Cryptoparty stuff (crypto on the one hand, anonymization on the other). I will use the remaining time to improve my site http://www.openpgp-schulungen. de/But anyone who understands German is invited to have a look at it and make suggestions for improvements befor it gets hit by the big wave next week... Heading at ten million OpenPGP users in Germany in ten years... Hauke --- As a Scandinavian living just slightly east of Österreich, I can only say "Viel Glück!" :) Will check what I can see online, locally by one of those soon to be criminal as well as for now, strangely legal services, like VPN. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP goes TV in Germany
On 2013-07-14 11:31, Julian H. Stacey wrote: Hi Sin Trenton cc gnupg-users@gnupg.org Please fix you auto indent which failed to prefix "> " to Hauke Laging's post. Cheers, Julian Hi Julian H. Stacey I suspected it would muck up, though I wasn't sure. Unfortunately I replied from my "smart" phone, which we all know are consumer products and not true work tools, unlike PCs. Which we all should prefer anyway. :) Toodle-pip-squeak, Sin T. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Several master keys vs. master key ,and subkeys
On 2013-07-16 10:52, gnupg-users-requ...@gnupg.org wrote: Message: 2 > Date: Tue, 16 Jul 2013 10:09:38 +0200 > From: Werner Koch > To: Martin > Cc: gnupg-users@gnupg.org Subject: Re: Several master keys vs. master key and subkeys > Message-ID: <87k3krj58d@vigenere.g10code.de> Content-Type: text/plain; charset=us-ascii On Tue, 16 Jul 2013 01:16, martin.brochh...@gmail.com said: >This person claims that subkeys are not the best option because: ... >Any reasons why I should stick to GPGs "native" subkey feature? Yes, because that is a core concept of OpenPGP. Sorry if this is wordy, but I want to make sure I cover most details.. :) I thought I had grasped the concept of all various key parts, but now I'm getting a bit unsure.. A GnuPG key has a private key and a public key. When you first create it, you get these two parts, and a different kind of "keys", a primary key (usage: SC), and a sub key for encryption (usage: E). You can add and revoke sub keys, as much as you want, as well as UIDs, for when you change or add mail addresses, Jabber IDs, etc. You can also make a version of your key where the primary key is deleted and you have two sub keys, one for encryption (usage: E) and one for signing (usage: S). But so far, I've always thought that "changing password for a subkey" was changing the password for, say like in the second example above? You have a version B of your key, with a different password than version A (where the primary key is still present)? Not that one particular subkey per se has a different password? If I were to create two different signing subkeys (usage:S), not sure why, but still, I could give them different passwords? If you _can_ assign a separate, different password to a particular subkey, I assume it is done under --edit-key, but how? Just for the record, I use GnuPG 1.4.13 on Windows XP and Linux Mint 14 Nadia. I tend to use commandline 90% of the time, but for text snippets on my work PC, I also use Cryptophane. On my work PC I run it locally (local.bat with set GNUPGHOME=.) from inside a mounted TrueCrypt volume. Cryptophane is also set to 'no-config'. I have four versions of my key (RSA): 1. "Main key", which is only stored offline, and which contains primary key and all past and present subkeys, including revoked ones. (None so far). This key has passphrase A. 2. The key I use, which is kept inside the TrueCrypt file mentioned above. It has my current subkeys for encryption and signing, but not the primary key. This key has passphrase B. 3. A travel key, basically GnuPG 1.4.13 and Cryptophane on a USB thumbdrive. It only has my public key. 4. Same as 3. on my work mobile, using Android and APG 0.8. Only public key present. The reason for 3 and 4 is that I discovered that during the day, I more often want to _encrypt_ something to myself, a file or a short piece of text, in various situations. It can be before uploading a diary note or a customer file to Dropbox or pretty much just anything. Decryption happens later, when at my desk or in more secure environments, using key version 2. This is also based on something that may have been acknowledged on this list more than once; That at the end of the day, you encrypt to yourself much more often than you do to other people, who can't be bothered with encryption anyway. ;) Best, Sin T ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Several master keys vs. master key ,and subkeys
On 2013-07-16 15:32, Werner Koch wrote: You have a version B of your key, with a different password than version A (where the primary key is still present)? Not that one particular subkey per se has a different password? Usually this does not happen because GnuPG < 2.1 has no feature to merge secret subkeys. If I were to create two different signing subkeys (usage:S), not sure why, but still, I could give them different passwords? Yes. The passphrtase protects the secret part of each key. It just happens that gpg always syncs them to work withnthe same passphrase. If you _can_ assign a separate, different password to a particular subkey, I assume it is done under --edit-key, but how? You can't without hacking the code or making advanced use of gpgsplit. Ah, so even if technically simplified, my previous understanding was basically correct. Thank you very much for this clarification, very useful! Okay. I have my public key on all of my boxes because I use it to encrypt the backups (actually I encrypt the backups to several keys). Which is basically the same then, though I may have fewer boxes (3, with mobile included, if we really should count it as a box) :) The reason for 3 and 4 is that I discovered that during the day, I more often want to _encrypt_ something to myself, a file or a short piece of text, in various situations. It can be before uploading a diary note or a customer file to Dropbox or pretty much just That is the cool thing with public key crypto. +1! The day the practical possibilities of this dawned on me was a day of awsumness. Bests Sin T. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
