gpg on open file
Hello, I have a question, I'm not sure it be related to gpg or general to linux : Can I prevent gpg to encrypt open file ? I explain my situation : I have file dropped to filesystem by Windows program with samba share. I take (with a script launch by cron) the file and encrypt it. It may append that gpg take the file during the Windows programm copy it. For the now, I looking to use fuser to check this before encrypt the file but it may be a better way to prevent this. Regards, Fabrice. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: URGENT: GNuPG 1.2.1 - secret keys help
I do have a backup. When I run on a particular directory, the secret key gets listed. I had to cvs it to the server and then I try listing secret keys on the server folder - it fails with the invalid packet error message! I see the file there in the directory, with the same size. It also has read/write permissions on all the files and also the dir. Is there any other permission that I need? -Original Message- From: David Shaw [mailto:ds...@jabberwocky.com] Sent: Monday, March 29, 2010 6:56 AM To: Kannan, Aarthi [Tech] Cc: 'gnupg-users@gnupg.org' Subject: Re: URGENT: GNuPG 1.2.1 - secret keys help On Mar 26, 2010, at 2:05 AM, Kannan, Aarthi [Tech] wrote: Hi, I am using gpg1.2.1. I created a key using gen-key. When I do a -list-keys, it lists my public key fine. When I do a -list-secret-key, I get the following error: gpg: keyring_get_keyblock: read error: invalid packet gpg: keydb_get_keyblock failed: invalid keyring I have read write access to pubring.gpg, secring.gpg, trustdb.gpg random_seed. Am I missing something here? Can you please help, it's urgent - am stuck on this for a while now! Based on the error, it looks like your secret keyring is corrupt. Do you have a backup of it? David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg on open file
Am Montag 29 März 2010 10:04:13 schrieb Fabrice RAFART: Can I prevent gpg to encrypt open file ? I explain my situation : I have file dropped to filesystem by Windows program with samba share. I take (with a script launch by cron) the file and encrypt it. It may append that gpg take the file during the Windows programm copy it. For the now, I looking to use fuser to check this before encrypt the file but it may be a better way to prevent this. I don't think that there is any solution within gpg, simply because gpg cannot (easily) prevent other processes from modifying the file while it reads it. I see two solutions, a usable one and the perfect one: a) Use mandatory locks. That's what I wanted to suggest first. But a short look at the documentation make me think that this may easily become terrible. So better look at b) Create a snapshot volume This requires the file's filesystem to reside on a block device that is handled by the device mapper. Locking a whole volume in order to emulate a reliable file lock looks a bit like overkill but without better solutions... This requires superuser privilege, of course (in contrast to (a)). c) One more comes to my mind: Given that the file resides on a suitables file system (like ext{2,3,4} and probably more) you could make the file immutable (chattr), execute the next step and remove the i bit then. Again: Superuser only. The snapshot's advantage is that is causes the shortest block (if the file has a relevant size) and that applications do not notice this action. If an application is not prepared for being denied access due to mandatory locking or the immutable bit, additional problems may arise. CU Hauke signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg symmetric to Java JCA decryption
On Sun, 21 Mar 2010 22:09, webe...@gmail.com said: No, I don't need OpenPGP, just need symmetric encryption done by a standard command line Unix tool and decryption by means of the Java You still need to define which standard you want to use. The most popular encryption standards are 1. OpenPGP - A command line tool for this is gpg 2. CMS (aka PKCS#7) - A command line too for this is gpgsm. Guess I'll take openssl, looks like this works with Java: Openssl implements several sprotocols, you need to specify which protocol of openssl you use. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: URGENT: GNuPG 1.2.1 - secret keys help
On 3/29/2010 1:16 AM, Kannan, Aarthi [Tech] wrote: I do have a backup. When I run on a particular directory, the secret key gets listed. I had to cvs it to the server and then I try listing secret keys on the server folder - it fails with the invalid packet error message! I see the file there in the directory, with the same size. It also has read/write permissions on all the files and also the dir. Is there any other permission that I need? Did you set the file type to binary in cvs? CVS might be 'fixing' linefeeds or doing some keyword expansion if you didn't. Do the files have the same checksums on your local machine and the server if you run something like md5 file or sha256sum file? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Secret key without public key
Help!! Just last week I was able to decrypt files for our Vendor. I tried this morning and now I get the message below. The only changes that occurred was that another vendor key was added last week. The ELG-E Key is the same the message was encrypted with. Any insight to this message is appreciated. I read a few articles and it stated to delete secret key but I am not comfortable with deleting any key without some kind of guidance since I am a rookie at gpg. Anyway I am confused as to why I would need to delete the secret key when nothing has changed for this vendor. gpg: key 9EDEB618: secret key without public key - skipped gpg: encrypted with ELG-E key, ID BEA2D168 gpg: decryption failed: secret key not available Thank you in advance for any help that you can provide Connie /pre span style=color: rgb(0, 160, 0); font-weight: bold;Please consider the environment before printing this e-mail/spanbr / br / span style=font-size: 8pt;This e-mail, facsimile, or letter and any files or attachments transmitted with it containsbr / information that is confidential and privileged. This information is intended only for the use of the br / individual(s) and entity(ies) to whom it is addressed. If you are the intended recipient, further br / disclosures are prohibited without proper authorization. If you are not the intended recipient, any br / disclosure, copying, printing, or use of this information is strictly prohibited and possibly a br / violation of federal or state law and regulations. If you have received this information in error, br / please notify Children's Medical Center Dallas immediately at 214-456- or via e-mail at br / priv...@childrens.com. Children's Medical Center Dallas and its affiliates hereby claim all br / applicable privileges related to this information./spanbr / br / /html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key without public key
Sorry forgot to mention this is in unix. Also, I do not have a backup to re-import. Larry Brower larry-li...@maxqe.com 3/29/2010 6:59 PM CONNIE RODRIGUEZ wrote: Help!! Just last week I was able to decrypt files for our Vendor. I tried this morning and now I get the message below. The only changes that occurred was that another vendor key was added last week. The ELG-E Key is the same the message was encrypted with. Any insight to this message is appreciated. I read a few articles and it stated to delete secret key but I am not comfortable with deleting any key without some kind of guidance since I am a rookie at gpg. Anyway I am confused as to why I would need to delete the secret key when nothing has changed for this vendor. gpg: key 9EDEB618: secret key without public key - skipped gpg: encrypted with ELG-E key, ID BEA2D168 gpg: decryption failed: secret key not available Thank you in advance for any help that you can provide Connie The actual error is: gpg: encrypted with ELG-E key, ID BEA2D168 gpg: decryption failed: secret key not available It appears that another key being added was not the only thing that occurred and someone has deleted the secret key the message was encrypted to. Do you have a backup to re-import? /pre span style=color: rgb(0, 160, 0); font-weight: bold;Please consider the environment before printing this e-mail/spanbr / br / span style=font-size: 8pt;This e-mail, facsimile, or letter and any files or attachments transmitted with it containsbr / information that is confidential and privileged. This information is intended only for the use of the br / individual(s) and entity(ies) to whom it is addressed. If you are the intended recipient, further br / disclosures are prohibited without proper authorization. If you are not the intended recipient, any br / disclosure, copying, printing, or use of this information is strictly prohibited and possibly a br / violation of federal or state law and regulations. If you have received this information in error, br / please notify Children's Medical Center Dallas immediately at 214-456- or via e-mail at br / priv...@childrens.com. Children's Medical Center Dallas and its affiliates hereby claim all br / applicable privileges related to this information./spanbr / br / /html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key without public key
This is a development box..no backup. Can I copy from the another environment? Larry Brower larry-li...@maxqe.com 3/29/2010 7:06 PM CONNIE RODRIGUEZ wrote: Sorry forgot to mention this is in unix. Also, I do not have a backup to re-import. I figured is was Unix. Without a backup you wont be able to decrypt the file. Are you certain there is no backup? No backup of the system which could have the .gnupg directory? Tape perhaps? /pre span style=color: rgb(0, 160, 0); font-weight: bold;Please consider the environment before printing this e-mail/spanbr / br / span style=font-size: 8pt;This e-mail, facsimile, or letter and any files or attachments transmitted with it containsbr / information that is confidential and privileged. This information is intended only for the use of the br / individual(s) and entity(ies) to whom it is addressed. If you are the intended recipient, further br / disclosures are prohibited without proper authorization. If you are not the intended recipient, any br / disclosure, copying, printing, or use of this information is strictly prohibited and possibly a br / violation of federal or state law and regulations. If you have received this information in error, br / please notify Children's Medical Center Dallas immediately at 214-456- or via e-mail at br / priv...@childrens.com. Children's Medical Center Dallas and its affiliates hereby claim all br / applicable privileges related to this information./spanbr / br / /html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key without public key
Great!! Thank you for your help. I will post on how it went. Larry Brower larry-li...@maxqe.com 3/29/2010 7:15 PM CONNIE RODRIGUEZ wrote: This is a development box..no backup. Can I copy from the another environment? yes if you have the key on another server such as a production box. gpg --export-secret-key -a a-filename-here copy it to the dev box with something like scp then on the dev box gpg --import a-filename-here make sure to remove the file you generated exporting the key. You don't want someone to see copy it ;) shred -f -n 1000 -z -v -u a-filename-here /pre span style=color: rgb(0, 160, 0); font-weight: bold;Please consider the environment before printing this e-mail/spanbr / br / span style=font-size: 8pt;This e-mail, facsimile, or letter and any files or attachments transmitted with it containsbr / information that is confidential and privileged. This information is intended only for the use of the br / individual(s) and entity(ies) to whom it is addressed. If you are the intended recipient, further br / disclosures are prohibited without proper authorization. If you are not the intended recipient, any br / disclosure, copying, printing, or use of this information is strictly prohibited and possibly a br / violation of federal or state law and regulations. If you have received this information in error, br / please notify Children's Medical Center Dallas immediately at 214-456- or via e-mail at br / priv...@childrens.com. Children's Medical Center Dallas and its affiliates hereby claim all br / applicable privileges related to this information./spanbr / br / /html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key without public key
CONNIE RODRIGUEZ wrote: Help!! Just last week I was able to decrypt files for our Vendor. I tried this morning and now I get the message below. The only changes that occurred was that another vendor key was added last week. The ELG-E Key is the same the message was encrypted with. Any insight to this message is appreciated. I read a few articles and it stated to delete secret key but I am not comfortable with deleting any key without some kind of guidance since I am a rookie at gpg. Anyway I am confused as to why I would need to delete the secret key when nothing has changed for this vendor. gpg: key 9EDEB618: secret key without public key - skipped gpg: encrypted with ELG-E key, ID BEA2D168 gpg: decryption failed: secret key not available Thank you in advance for any help that you can provide Connie The actual error is: gpg: encrypted with ELG-E key, ID BEA2D168 gpg: decryption failed: secret key not available It appears that another key being added was not the only thing that occurred and someone has deleted the secret key the message was encrypted to. Do you have a backup to re-import? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key without public key
CONNIE RODRIGUEZ wrote: This is a development box..no backup. Can I copy from the another environment? yes if you have the key on another server such as a production box. gpg --export-secret-key -a a-filename-here copy it to the dev box with something like scp then on the dev box gpg --import a-filename-here make sure to remove the file you generated exporting the key. You don't want someone to see copy it ;) shred -f -n 1000 -z -v -u a-filename-here ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key without public key
CONNIE RODRIGUEZ wrote: Sorry forgot to mention this is in unix. Also, I do not have a backup to re-import. I figured is was Unix. Without a backup you wont be able to decrypt the file. Are you certain there is no backup? No backup of the system which could have the .gnupg directory? Tape perhaps? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key without public key
CONNIE RODRIGUEZ wrote: Great!! Thank you for your help. I will post on how it went. Welcome ;) Just let us know if you have any questions on anything. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key without public key
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I ran a brief test, and was able to recover from this. Before you do anything, I recommend making a backup of ~/.gnupg so you can easily restore it. Here are my results, where 0xae742aaf is my key: #backup ~/.gnupg cp -a ~/.gnupg ~/.gnupg.orig #make and encrypt a test file touch test gpg -e -r 0xae742aaf test That worked fine. Then I moved the public keyring to break things: mv ~/.gnupg/pubring.gpg ~/.gnupg/pubring.gpg.orig gpg test.gpg and it said: gpg: keyring `/home/tyler/.gnupg/pubring.gpg' created gpg: key AE742AAF: secret key without public key - skipped gpg: encrypted with RSA key, ID C6570DCB gpg: decryption failed: secret key not available #export the secret key, because exporting public won't work gpg --export-secret-key -o secret.key 0xae742aaf #delete it so we can re-import gpg --delete-secret-key 0xae742aaf (answer yes to the prompts) gpg --import secret.key The output included: gpg: key AE742AAF: secret key imported gpg: key AE742AAF: public key Tyler Spivey tspiv...@gmail.com imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) gpg: secret keys read: 1 gpg: secret keys imported: 1 once done, the decryption of test.gpg worked fine. Hope this helps. CONNIE RODRIGUEZ wrote: Great!! Thank you for your help. I will post on how it went. Larry Brower larry-li...@maxqe.com 3/29/2010 7:15 PM CONNIE RODRIGUEZ wrote: This is a development box..no backup. Can I copy from the another environment? yes if you have the key on another server such as a production box. gpg --export-secret-key -a a-filename-here copy it to the dev box with something like scp then on the dev box gpg --import a-filename-here make sure to remove the file you generated exporting the key. You don't want someone to see copy it ;) shred -f -n 1000 -z -v -u a-filename-here /prespan style=color: rgb(0, 160, 0); font-weight: bold;Please consider the environment before printing this e-mail/spanbr / br / span style=font-size: 8pt;This e-mail, facsimile, or letter and any files or attachments transmitted with it containsbr / information that is confidential and privileged. This information is intended only for the use of the br / individual(s) and entity(ies) to whom it is addressed. If you are the intended recipient, further br / disclosures are prohibited without proper authorization. If you are not the intended recipient, any br / disclosure, copying, printing, or use of this information is strictly prohibited and possibly a br / violation of federal or state law and regulations. If you have received this information in error, br / please notify Children's Medical Center Dallas immediately at 214-456- or via e-mail at br / priv...@childrens.com. Children's Medical Center Dallas and its affiliates hereby claim all br / applicable privileges related to this information./spanbr / br / /html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users - -- Tyler Spivey - PGP Key ID: 0xae742aaf -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJLsVuWAAoJEPb0SlyudCqv0gUQAIXn8/K4MhgYikjtDodY6GyI 8/Ge07rWrTYcGuxFRAMBhMpRfJ41rTn69WvCJB03QYtIGuunASNGWFvFwnBLvfQ5 ms9A3XJMd4qx0sLyvcOhfJKaQcR26MSHmmuw5n6WxxC9Oc5IhVnEgt+YOn68ye0r rtM2q5VzZwU3cFdwgyfF0nsUPFVVA9e7/RKncURy2qPy8tlDMJCde+c3DCYcPwfi 5fDrHjfzXk6tEdiKeZYpwtNEksOvOdiuolFzwbg8d2i0vvsndzz2GwZgdgRGWg0R pWcRNYss4YRScwwhg4Xpe9w/b0lDAOeqZFT/IzdUIkWDo+gsiil5+t3OBwxWfKtq lSjNZ3Dp4PvAP0Qxfq0XmP6OV4M0oTH8WzLSl7QN47wVRVa9IBw8hyvo0oMsPp04 mC5cKKruaB9EG/sDU7AJ9mjJSF2DE46RzkH3nGGXySacJi+CvUym7mawS3Nqh1Sl DJTIkheTbQ+Mfy+QPHPXY5+g98GXBT0sMVXUCAcYW3ECkIWY+WRRsOKOVcbFVwXp AbwZp6U7x6qw/puP1mAMuYakvoq+d2biE729SY6+dLY8lWIat+ANgEu+KyBsGnS7 ddP8BnrTzHnDSQtSHnk7vCznuhHUhC3w/VKi6knjRJzXp7pwuIHzuSkDS2ue0hcC eOoBBAbNg61BpsLazyma =gVix -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users