Secret Key Not Available
Hello, I created an EDI job (Trinary translation/schedule) that pulls down files and it decrypts just fine from the command line as well as if I spawn the EDI job from the command line. However, if I schedule the job in Trinary (kicks off the job by itself) it will not decrypt the file. It comes up with the following: $gpg -batch -passphrase gocatsgo -output out.txt -decrypt 810x12.pgp E:\ew\sv53\recv\tmp_recvecho off Press any key to continue . . . gpg: encrypted with ELG-E key, ID 9B1D9DED gpg: decryption failed: secret key not available I have tried this with both a hard code passphrase (txt) as well as a passphrase file as well and still no luck? Anyone ever run into this by chance? I am wondering if it is something with the different environments or if it is how the Gnupg was installed maybe? $gpg -batch -passphrase gocatsgo -output out.txt -decrypt 810x12.pgp I have also tried $gpg -batch -passphrase-file pass.txt -output out.txt -decrypt 810x12.pgp Again, I can pull up a cmd dos prompt and do those commands and it works just fine. However when schedule and ran in batch in Trinary (EDI translator/schedule) it cannot find the key to decrypt. I have seen some other posts with similar problem when running from WEBMETHODS jobs but none of the posts had anyone answer them so thought I would run it by this news group. Thanks in advance! Tim StebarEDI Systems Analyst Computers Unlimited Billings, MT 59105 DISCLAIMER: This message is confidential, intended only for the named recipient(s) and may contain information that is privileged or exempt from disclosure under applicable law. If you are not the intended recipient(s), you are notified that the dissemination, distribution or copying of this message is strictly prohibited. If you receive this message in error, or are not the named recipient(s), please notify the sender at either the e-mail address or by calling the telephone number associated with this transmission. Please delete this e-mail from your computer (or discard this fax). Thank You. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Import Secret Key
Thomas Chitwood wrote: I need to import an additional secret key to my keyring. I am running gpg 1.4.5. What is the command to do this? I thought it would be gpg --import-secret-keys key id, but that doesn't seen to work. Two problems: 1) There is no --import-secret-keys option. See the manpage for valid commands. 2) How would specifying a key id for a key that hasn't been imported yet work? You can use a key id for keys already on your keyrings or when searching public keyservers, but for importing, you need to pass a path or the key data via standard input. You just want to use gpg --import /path/to/secret-key as you would for importing a public key. You might also want to set the trust level on the imported secret key (via gpg --edit-key $keyid trust). -- ToddOpenPGP - KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~ The only difference between a rut and a grave is the depth. pgpPWsrFAissd.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
verifying signatures with gpgme 1.1.6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi all i do not quite understand how i should interpret the result of `gpgme_op_verify_result(ctx)`. using gpg for my two files `foo` and `bar` i obtain what i expected. $ gpg --verify foo gpg: Signature made Thu 02 Oct 2008 10:32:46 AM CEST using DSA key ID 515E30C7 gpg: Good signature from Ivo Alxneit (work) [EMAIL PROTECTED] gpg: aka Ivo Alxneit (privat, old) [EMAIL PROTECTED] gpg: aka Ivo Alxneit (privat) [EMAIL PROTECTED] - - good signature from trusted key $ gpg --verify bar gpg: Signature made Tue 23 Sep 2008 05:05:00 PM CEST using RSA key ID 70B61F81 gpg: Good signature from Timestamp Service [EMAIL PROTECTED] [uncertain] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 4B 12 BC D5 78 85 11 06 3B 54 31 90 E0 9D F3 06 - - good signature from untrusted key i then use the following code to verify the signatures using gpgme (version 1.1.6) gpgme_op_verify(ctx, sig, NULL, text); result = gpgme_op_verify_result(ctx); s = result-signatures; while (s) { fprintf(stdout, \nsummary=%d\n, s-summary); fprintf(stdout, fpr=%s\n, s-fpr); fprintf(stdout, status=%d\n, s-status); fprintf(stdout, timestamp=%lu\n, s-timestamp); fprintf(stdout, wrong_key_usage=%u\n, s-wrong_key_usage); fprintf(stdout, pka_trust=%u\n, s-pka_trust); fprintf(stdout, chain_model=%u\n, s-chain_model); fprintf(stdout, validity=%d\n, s-validity); fprintf(stdout, validity_reason=%d\n, s-validity_reason); fprintf(stdout, key=%d\n, s-pubkey_algo); fprintf(stdout, hash=%d\n, s-hash_algo); s = s-next; } this seems to work fine. but i do not understand all of the result structure. for `foo` i obtain summary=3 (GPGME_SIGSUM_VALID + GPGME_SIGSUM_GREEN) fpr=D0E3ADE78E893E9CAEC1E2F401DEC213515E30C7 status=0 timestamp=1222936366 wrong_key_usage=0 pka_trust=0 chain_model=0 validity=4 (GPGME_VALIDITY_FULL) validity_reason=0 key=17 hash=2 why not validity=5 (GPGME_VALIDITY_ULTIMTE) as my key hast validity and trust set to ultimate. $ gpg --edit-key 0x515e30c7 Secret key is available. pub 1024D/515E30C7 created: 2002-02-11 expires: never usage: SCA trust: ultimate validity: ultimate sub 2048g/0503D66E created: 2002-02-11 expires: never usage: E for `bar` i obtain summary=0 (??) fpr=4B12BCD5788511063B543190E09DF306 status=0 timestamp=1222182300 wrong_key_usage=0 pka_trust=0 chain_model=0 validity=0 (GPGME_VALIDITY_UNKNOWN) validity_reason=0 key=1 hash=1 why not summary=2 (GPGME_SIGSUM_GREEN) so how ist the correct / intended way to detect a good signature made by an untrusted key? thanks for the help - -- Dr. Ivo Alxneit Laboratory for Solar Technology phone: +41 56 310 4092 Paul Scherrer Institute fax: +41 56 310 2688 CH-5232 Villigen http://solar.web.psi.ch Switzerland gnupg key: 0x515E30C7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Red Hat - http://enigmail.mozdev.org iD8DBQFI5jLxAd7CE1FeMMcRAspKAKCBf4YUy9V5cffTgQuJix07sj8tNgCcDN/k niTLSEktrQOdnaKeRHqERQ4= =E2TX -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret Key Not Available
On Wed, Oct 01, 2008 at 04:45:51PM -0600, Tim Stebar wrote: Hello, I created an EDI job (Trinary translation/schedule) that pulls down files and it decrypts just fine from the command line as well as if I spawn the EDI job from the command line. However, if I schedule the job in Trinary (kicks off the job by itself) it will not decrypt the file. It comes up with the following: $gpg -batch -passphrase gocatsgo -output out.txt -decrypt 810x12.pgp E:\ew\sv53\recv\tmp_recvecho off Press any key to continue . . . gpg: encrypted with ELG-E key, ID 9B1D9DED gpg: decryption failed: secret key not available I have tried this with both a hard code passphrase (txt) as well as a passphrase file as well and still no luck? Anyone ever run into this by chance? I am wondering if it is something with the different environments or if it is how the Gnupg was installed maybe? It's not a question of the passphrase; rather, the key isn't there. If it works from the command line but not from the scheduled job, then I'd check for differences in the environment. Possibly you have two different GPG home directories when run in your two different ways. Check for different GNUPGHOME variables as well as different home directories for your different run methods. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users