Re: Finding all files encrypted with a certain key

[Felix E. Klee]

On Wed, Oct 25, 2023 at 9:23 PM Werner Koch  wrote:
> > gpg: decryption failed: No secret key
> >
> > I wonder how to get rid of that.
>
> grep -v on stderr ;-).

Thanks, I was thinking about that. But I think simply using find, as
suggested by Andrew and raf, is sufficient and simple.

> I think it is time to make things like this easier. Actually
> re-encrypt support has been on our feature list for many years.

That would be fancy. Personally, I’m happy with a bit of shell
scripting. My use case is rather simple, and I don’t need to do
re-encryption very often.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Finding all files encrypted with a certain key

[Jacob Bachmeyer via Gnupg-users]

raf via Gnupg-users wrote:

[...]
While testing these, I just noticed that /usr/bin/file
on my macOS-10.14 laptop shows a different keyid to
what libmagic shows. That's bizarre.

For some encrypted files of mine, /usr/bin/file (v5.33)
shows 3A0FC449 817C22BA but libmagic/rh shows 49C40F3A
BA227C81 for the same files. A more recent version of
file (v5.45) installed via macports shows the same as
libmagic/rh. So choose your version of file(1) wisely. :-)
  


You have an endianness-mismatch issue somewhere.  The octets are 
reversed in each 32-bit group between the samples.



-- Jacob


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Pinentry problem with different home dir

[Michael Richardson]

Werner Koch via Gnupg-users  wrote:
> On Wed, 25 Oct 2023 13:01, Falko Strenzke said:

>> Can anyone give me an advice what I can try to get the GnuPG Agent
>> pinentry working with different home directory specified via
>> GNUPGHOME?

> Run it this way:

> mkdir /foo/bar cd /foo/bar GNUPGHOME=`pwd` gpg-agent --daemon
> ~/bin/gnupg-setup-tests

The gpg-agent dependancy that came a few years ago has really been a PITA.

I would really like some way to tell GPG that it really needs to ignore all
of *my* (personal) setup, because I'm wearing a different personality now.
[like code signing]

> In case you have a special setup you may put a gpg-agent.conf into
> $GNUPGHOME and use the pinentry-program option.  "gpg -v" shou.d show
> which pinetry is launched, in case of problems, the gpg-agent.conf
> should show/log an error.

I guess I'd really like that to just happen with some 
--I-really-want-isolated-gnupg
option.

--
]   Never tell me the odds! | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works| network architect  [
] m...@sandelman.ca  http://www.sandelman.ca/|   ruby on rails[



signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Finding all files encrypted with a certain key

[Werner Koch via Gnupg-users]

Hi,

hit the sent key combination by accident.  The last para should have
read:

I think it is time to make things like this easier.  Actually re-encrypt
support has been on our feature list for many years.

Every time I want to tackle this I stop at the decision on whether to
also handle the large-file-on-server case or just do the simple
re-encrypt-a-copy.

Feature I'd like to have are:

- Select whether anything should be done at all for a message.
- Add new public keys (to encrypt the session key)
- Add new symmetric keys
- Remove existing public keys
- Remove unknown keys (hidden keys)
- Remove symmetric keys



Shalom-Salam,

   Werner


-- 
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein


openpgp-digital-signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Finding all files encrypted with a certain key

[Werner Koch via Gnupg-users]

On Wed, 25 Oct 2023 10:54, Felix E. Klee said:

> Thank you! I modified that a bit, to make it more readable to me and fix
> a little bug: The second `$1` doesn’t expand to the file name. Also, I

Upoi caught me, I didn't test the posted version.

> gpg: decryption failed: No secret key
>
> I wonder how to get rid of that.

grep -v on stderr ;-).

I think it is time to make things like this easier.  Actually re-encrypt
support has been on our feature list for many years.  Every time I want
to tackle this I stop at the descsion on whether to to also handle the
large file on server shall be re-encrypted ot on teh simple re-encrypt a copy.

>
> My version:
>
> #/bin/sh
>
> filename=$1
> enc_sub_key=04FDF78D1679DD94
>
> gpg --decrypt \
> --pinentry-mode cancel \
> --status-fd 1 \
> --quiet \
> --output /dev/null "$1" |
> awk -v filename="$filename" \
> -v enc_sub_key="$enc_sub_key" \
> '
> $1=="[GNUPG:]" &&
> $2=="ENC_TO" &&
> $3==enc_sub_key {
> print filename
> exit 0
> }'
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users

-- 
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein


openpgp-digital-signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Pinentry problem with different home dir

[Werner Koch via Gnupg-users]

On Wed, 25 Oct 2023 13:01, Falko Strenzke said:

> Can anyone give me an advice what I can try to get the GnuPG Agent
> pinentry working with different home directory specified via
> GNUPGHOME?

Run it this way:

mkdir /foo/bar
cd /foo/bar
GNUPGHOME=`pwd` gpg-agent --daemon ~/bin/gnupg-setup-tests

With gnupg-setup-tests being:
--8<---cut here---start->8---
#!/bin/sh

SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
export SSH_AUTH_SOCK
cat >setup-tests.ini <<'EOF'
PS1="$(echo "$PS1" | sed 's,\\\$ $,(GnuPGTest)\\\$ ,')"
export HISTCONTROL=ignoreboth
export HISTFILE=$(pwd)/.bash_history
EOF
exec bash --init-file setup-tests.ini
--8<---cut here---end--->8---

That is a pretty conevient setup and allows to keep test around and
easily switch to them.

The pinentry is searched at

$(gpgconf -L bindir)/pinentry

In case you have a special setup you may put a gpg-agent.conf into
$GNUPGHOME and use the pinentry-program option.  "gpg -v" shou.d show
which pinetry is launched, in case of problems, the gpg-agent.conf
should show/log an error.


Salam-Shalom,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein


openpgp-digital-signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Finding all files encrypted with a certain key

[raf via Gnupg-users]

On Wed, Oct 25, 2023 at 11:01:30AM +0800, "Felix E. Klee"  
wrote:

> On Tue, Oct 24, 2023 at 5:12?PM Andrew Gallagher 
> wrote:
> > GNU `file` will print the encryption key ID:
> 
> Interesting. I wonder if there is any disadvantage of using `file` over
> Werner's proposal.

I don't think so. The version you are quoting didn't
use find(1) as well, so it doesn't search recursively,
but apart from that, using file would be simpler (no
decryption, and no need to think about pinentry, and no
need to access keys). If the files you are searching
for are gigabytes in size, and there are many of them,
decrypting them to find the key would be too slow,
unless I've misunderstood something. file would read
much less of each file. No, gpg would die with SIGPIPE
as soon as awk terminates, so they probably read a
similar amount. And they both use multiple additional
processes for each candidate file (either sh+file+grep
or sh+gpg+awk).

cheers,
raf


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Pinentry problem with different home dir

[Falko Strenzke]

I am trying to run GnuPG with a different home directory by setting the 
environment variable GNUPGHOME. However, in that case, for instance when 
trying to generate a key, in that case I get the error


gpg: DBG: chan_4 <- ERR 67108949 No pinentry 
gpg: agent_genkey failed: No pinentry
Key generation failed: No pinentry

I wonder what makes the difference. The only relevant files I found in 
my normal home directory are those under ~/.gnupg. But there seems to be 
no agent configuration file in that directory.


Can anyone give me an advice what I can try to get the GnuPG Agent 
pinentry working with different home directory specified via GNUPGHOME?


- Falko

--

*MTG AG*
Dr. Falko Strenzke
Executive System Architect

Phone: +49 6151 8000 24
E-Mail: falko.stren...@mtg.de
Web: mtg.de 




MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany
Commercial register: HRB 8901
Register Court: Amtsgericht Darmstadt
Management Board: Jürgen Ruf (CEO), Tamer Kemeröz
Chairman of the Supervisory Board: Dr. Thomas Milde

This email may contain confidential and/or privileged information. If 
you are not the correct recipient or have received this email in error,
please inform the sender immediately and delete this email. Unauthorised 
copying or distribution of this email is not permitted.


Data protection information: Privacy policy 



smime.p7s
Description: Kryptografische S/MIME-Signatur
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users