Re: set owner trust from a script
Nicolas Rachinsky wrote: Hallo, what is the best way to set the owner trust of a key from a script? I've actually played around with this... To do ownertrust stuff: gpg --list-keys --with-colons --with-fingerprint grep ^fpr The fingerprint format is: fpr:(fingerprint): The ownertrust format is: (fingerprint):(trust): where trust is: 0: (not settable) 1: expired (not sure what this means) 2: undefined 3: none 4: marginal 5: full 6: ultimate 128: disabled If you want to set all valid keys with unspecified trust to marginal trust: gpg --list-keys --with-colons --with-fingerprint `gpg --list-keys \ --with-colons | grep pub:f:.*:-: | sed -r -e \ 's/pub:f:[0-9]+:[0-9]+:([A-F0-9]+):.*/0x\1/'` | grep ^fpr: \ | sed -r -e 's/fpr:([0-9A-F]+):/\1:4:/' | gpg --import-ownertrust Note that this isn't entirely foolproof and may have unintended consequences - make backups of your keyring(s) and trustdb first. I've mainly used it semi-automatically where I check the status of some keys, run the script, and then re-check the status of the keys. HTH, -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 1.4.3 problem with decrypting pgp2.6.3 symmetrically encrypted (Johan Wevers)
Message: 3 Date: Sat, 27 May 2006 15:02:45 +0200 (MET DST) From: Johan Wevers [EMAIL PROTECTED] Subject: Re: 1.4.3 problem with decrypting pgp2.6.3 symmetrically encrypted [EMAIL PROTECTED] wrote: symmetrically encrypted message when the cipher algo is set to anything else besides IDEA in Disastry's version, and 1.4.3 also cannot, and 'assumes' IDEA is used, and upon decryption, I'll try to test this. You'll have to explicitly state the encryption algo used since the pgp 2 file format doesn't specify it anywhere (and assumes just IDEA). here is the symmetrically encrypted file using IDEA: I have no problems decrypting it with gpg (self compiled version on Linux). ok, Thanks! this is very helpful, then the problem is not gnupg, only me ;-) (much easier for me to try to debug my setup ;-) ) Perhaps the Cygwin version is the problem? no, tested on cygwin, and also from gnupg mingw32 pre-compiled binary at the windows command prompt results identical, but *did* find, and workaround the problem the problem was that my gpg.conf had these options: cipher-algo twofish digest-algo SHA256 s2k-cipher-algo twofish s2k-digest-algo SHA256 ( i put them in because i didn't want new keys to be self-signed with sha-1, and because i prefer twofish) once these were # commented out, the file decrypted perfectly with the following gnupg command: gpg --pgp2 --decrypt filename *but* when Disastry's build is configured intentionally to used twofish and sha-256 then there is nothing i can tweak in gnupg to get it to decrypt ;-(( here is the file: -BEGIN PGP MESSAGE- Version: 2.6.3ia-multi06 comment: (symmetric encryption, twofish) (passphrase: s) pgAAACf8AkWW05d5cxJZMREI8uZxtVsHq07rSnCLLYaRYGTBXAi6bw8HJSo= =Z5/z -END PGP MESSAGE- the pgp command to generate this was: pgp -cat filename -jtju if anyone has any ideas on how to decrypt this in gnupg, please post, Thanks! ( i don't consider this a 'problem' in gnupg, and, fwiw, it doesn't decrypt in pgp 9 either, or even in ckt builds, pgp 2.x users are quite happy to communicate only with other pgp 2.x users and don't really need gnupg to try to cover all possiblities to remain compatible (although it *is* compatible with 'ordinary' (classic) pgp 2.x as long as the above listed option types are not used during decryption attempts,) it is also of some interest ;-) that users of Disastry's version may have found a simple way to communicate symmetrically, so that even if someone 'overhears' the passphrase, they will still be unable to decrypt unless they use Disastry's version, and will more likely think, that they were 'misled' into thinking they had the correct passphrase ... vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 1.4.3 problem with decrypting pgp2.6.3 symmetrically encrypted
Hmmm, it indeed fails: I wrote: I'll try to test this. You'll have to explicitly state the encryption algo used since the pgp 2 file format doesn't specify it anywhere (and assumes just IDEA). Encryption: vulcan:~ pgp-2.6.3ia-multi6 -jd -c vraag.txt 3DES chosen for conventional encryption. Pretty Good Privacy(tm) 2.6.3ia-multi06 - Public-key encryption for the masses (c) 1990-96 Philip Zimmermann, Phil's Pretty Good Software. 2002-04-22 International version - for use everywhere (including USA). Current time: 2006/05/29 18:53 GMT PGP is now using 3DES with MD5. You need a pass phrase to encrypt the file. Enter pass phrase: Enter same pass phrase again: Just a moment Ciphertext file: vraag.txt.pgp Decryption with gpg: vulcan:~ gpg --cipher-algo=3des vraag.txt.pgp gpg: assuming 3DES encrypted data gpg: [don't know]: invalid packet (ctb=2b) gpg: WARNING: message was not integrity protected gpg: [don't know]: invalid packet (ctb=45) -- ir. J.C.A. Wevers // Physics and science fiction site: [EMAIL PROTECTED] // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2006-05-28) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2006-05-28/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 76cbf193ff062432a3d7684523813559a541b45c13788576preprocess.keys e856d729f3510315c48dda89b24f13991910853c8179022 othersets.txt 80fd83bb5f12417f03b845256027bdf51592d3b43346076 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee1372index.html ed7bb4434aa2c33c451ef8886d10090484c3fd072291keyring_stats 01fdc4a508e6474d037de0e40d24756eb30b3aa71315313 msd-sorted.txt.bz2 fbd556512f8e3dcdfa694a97264a681635fbb06c26 other.txt a0c981ad3cc8cc4b1ff0f671fe6d5a8ab22c779c1771858 othersets.txt.bz2 e5d0f8e9f0817b7ea58ae919811ac9a10f34d7c55588820 preprocess.keys.bz2 63d4e050fb3214cfa7c0969ea590604d49b1d9f714150 status.txt f1214558e1a308642741aa498813dc26b12ead23209786 top1000table.html 75feab961dccdf1f89f498f1127cb24820d07e2829972 top1000table.html.gz f8e6a492a33b28871730c6c61e51bf18cc556b0b10799 top50table.html fa60f6104db7642535c289218499578ed2c3d0f12544D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpauvaoOe33S.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users