Re: Re: gpg --batch --yes --edit-key trust
On Fri 23/07/10 3:51 PM , Daniel Kahn Gillmor d...@fifthhorseman.net sent:
I need to be able to ultimately trust a public key in batch mode, that I
have downloaded
automatically with wget from an internal server over HTTPS.
I think that you might be confusing trust with validity.
I don't think I'm confused. I need this for verifying digital signatures
only. I'm not encrypting.
If i understand you correctly, I think you want --import-ownertrust.
feed it the equivalent of the output of gpg --export-ownertrust, and
you should be able to do what you're looking for.
You'll need to know the key's full fingerprint, though.
--dkg
Perfect, that'll do me just fine! I've scripted this suggestion:
#!/bin/ksh
#
# Set trust level for a given GPG key
#
AWK=/bin/gawk
[ -x /bin/nawk ] AWK=/bin/nawk
[ $# -ne 2 ] echo Syntax: $0 key trust-level exit 1
gpg --fingerprint --list-keys $1 |\
$AWK -v tmpfile=$TMPFILE -v trustlevel=$2 '
/fingerprint/ { for (i=4; i=NF; i++) fpr=fpr $i }
END {
FS=:
cmd=gpg --export-ownertrust
while (cmd | getline) if ($1!=fpr) print
close(cmd)
print fpr : trustlevel :
}
' | gpg --import-ownertrust
Here's an example of the script in use:
# gpg --import swrepo.pub
gpg: key 61404A7B: public key swrepo server r...@testhost imported
gpg: Total number processed: 1
gpg: imported: 1
# ./set-gpg-trust swrepo server 6
gpg: checking the trustdb
gpg: no ultimately trusted keys found
gpg: setting ownertrust to 6
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Re: Re: gpg --batch --yes --edit-key trust
On Mon 26/07/10 9:01 AM , m...@proseconsulting.co.uk sent:
Perfect, that'll do me just fine! I've scripted this suggestion:
#!/bin/ksh
#
# Set trust level for a given GPG key
#
AWK=/bin/gawk
[ -x /bin/nawk ] AWK=/bin/nawk
[ $# -ne 2 ] echo Syntax: $0 key trust-level exit 1
gpg --fingerprint --list-keys $1 |\
$AWK -v tmpfile=$TMPFILE -v trustlevel=$2 '
/fingerprint/ { for (i=4; i
END {
FS=:
cmd=gpg --export-ownertrust
while (cmd | getline) if ($1!=fpr) print
close(cmd)
print fpr : trustlevel :
}
' | gpg --import-ownertrust
Sorry, -v tmpfile=$TMPFILE was a throw-back to an earlier test, you don't
need to pass that variable to AWK, i.e.
snip
gpg --fingerprint --list-keys $1 |\
$AWK -v trustlevel=$2 '
/snip
And sorry about the formatting. My mail client stripped all the indentation.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
GPG decrypts but 11 bytes header of PGP doenst go and so it file
Hi Im running into strange issue here. 1) I have large set of volume (multiple binary and text files) which are encrypted using PGP CL. and trying to decrypt in GnuPG CL 2) Each binary block file is set of TIFF images appended back to back. and encrypted using PGP CL AES256 cipher. 3) When I decrypt those block files (53) I see file 13, 26, 39 and 51 doens't decrypt properly BUT I dont get any error during decryption. The only way I can verify that decryption didnt work is because I can not see the TIFF images in it and also has same 11 bytes present which are there in encrypted block. im using gpg (GnuPG) 1.4.8 Below is the command im trying to run gpg -vvv --output decryptblock_13 --passphrase 11::02::02-04::103::2010_cidmdp6 -d IMAGEARCHIVENEW_13 gpg: using character set `CP437' :marker packet: PGP :symkey enc packet: version 4, cipher 9, s2k 3, hash 2 salt af0784e63d4be8e0, count 524288 (144) gpg: AES256 encrypted data :encrypted data packet: length: unknown mdc_method: 2 gpg: encrypted with 1 passphrase :literal data packet: mode b (62), created 0, name=imagearchivenew_13, raw data: unknown length gpg: original file name='imagearchivenew_13' gpg: decryption okay -- View this message in context: http://old.nabble.com/GPG-decrypts-but-11-bytes-header-of-PGP-doenst-go-and-so-it-file-tp29213462p29213462.html Sent from the GnuPG - User mailing list archive at Nabble.com. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
BUG 1253 hace 8 horas *** No rule to make target `../cipher/libcipher.a', needed by `gpgsplit'. Stop chatting diegoas
I have one Zone in Solaris 10 and i am trying to install encryptor Gnugp 1.4.10 In the process for installation make i have this messages: make[2]: Entering directory `/usr/local/gnupg-1.4.10/tools' gcc -DHAVE_CONFIG_H -I. -I.. -I../include -I../intl - DLOCALEDIR=\/usr/local/share/locale\ -D_REENTRANT -I/usr/local/include -g - O2 -Wall -MT gpgsplit.o -MD -MP -MF .deps/gpgsplit.Tpo -c -o gpgsplit.o gpgsplit.c mv -f .deps/gpgsplit.Tpo .deps/gpgsplit.Po make[2]: *** No rule to make target `../cipher/libcipher.a', needed by `gpgsplit'. Stop. make[2]: Leaving directory `/usr/local/gnupg-1.4.10/tools' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/local/gnupg-1.4.10' make: *** [all] Error 2 Regards in advance. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: GPG seems broken on FC13 after upgrade.
Thanks for the update. As most of my GnuPG use is via script I normally do not see problems it is when I am trying to resolve problem that I run into issues where the new interface requires X or curses to interact with GnuPG. Of course better error messages about not being able to connect to X would have been very useful when I first noted the problem. -Jim On Wed, 21 Jul 2010 16:33, ds...@jabberwocky.com said: Fedora 13 removed 'gnupg' (i.e. gnupg 1.4.x) and caused the 'gnupg2' (i.e. gnupg 2.x) package to replace it. This breaks all sorts of scripts and things that were written to use 1.4.x. FWIW, the new 2.0.16 may help to mitigate this problem if the --use-standard-socket option is used. The agent will then be started if needed. You can't use this feature if your home directory is NFS mounted or you are not using X. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. Proud partner. Susan G. Komen for the Cure. Please consider our environment before printing this e-mail or attachments. -- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: GPG seems broken on FC13 after upgrade.
I just updated to FC 13 and not gpg fails to work for any user. I get the following messages when I try to decrypt a file and have the DISPLAY set even though I am not using X. gpg --pgp6 EDI997.20100601091546.pgp You need a passphrase to unlock the secret key for user: xyz 2048-bit ELG key, ID ... can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory gpg-agent[2]: command get_passphrase failed: Operation cancelled gpg: cancelled by user gpg: encrypted with 2048-bit ELG key, ID ... gpg: public key decryption failed: General error gpg: decryption failed: No secret key [..] This was not how it worked when I used it prior to upgrading to FC13. I do not want all the pretty stuff and I need it to prompt for a password on the command line like it did prior to the used of pinentry-qt or pinentry-curses. What do I need to fix? I spent 4 hours digging around to just find that if I had a DISPLAY variable set but no X-Server running on my MS Win box, it would not even work. Users of GPG here on Linux will not understand that issue so I will need to keep it running as it did before, but no manuals I found seemed to indicate how to correct it. Fedora 13 made a (in my opinion) bad change in how they handle GnuPG. Previously, there were two packages: 'gnupg' and 'gnupg2'. This makes sense since the two branches of GnuPG are intentionally non-conflicting, and while there is significant overlap, do serve somewhat different purposes. Fedora 13 removed 'gnupg' (i.e. gnupg 1.4.x) and caused the 'gnupg2' (i.e. gnupg 2.x) package to replace it. This breaks all sorts of scripts and things that were written to use 1.4.x. A few people are trying to get this fixed in Fedora. http://lists.fedoraproject.org/pipermail/devel/2010-July/138765.html http://lists.fedoraproject.org/pipermail/devel/2010-July/138781.html David Thanks for the links. If Fedora does not make the needed changes it would seem that the gnupg2 code would at least need to be altered to check for a working X display first, and then try curses. Optimally I think it would be nice to have a config parameter in the /etc/gnupg/gpgconfig file to specify the interface type be it X, curses or command line. I did not see any settings to control that when I dug through the configs and man pages months ago. Proud partner. Susan G. Komen for the Cure. Please consider our environment before printing this e-mail or attachments. -- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: GPG seems broken on FC13 after upgrade.
I was able to get that to work a while back but the main problem I am having is that if I have the display set on the terminal doing the ssh into the host but no X-server (Cygwin/X) running on my PC, then it fails to fall back to text-based password requests, making me spend hours trying to figure out what happened. If the interface is being changed in this manner than it would seem that simple code to check for a responding X-server or if the X-server connection is denied, it would fall back to curses style windows. HP's diagnostic tool stm, installation utility swinstall and OS level tool SAM all have had this logic for 10 years. Just me doing something unexpected when the application was being beta tested that I wanted to bring up with a solution to see if it could improve the new interface to the application. Thanks! -Jim -Original Message- From: Chris Ruff [mailto:jcr...@gmail.com] Sent: Tuesday, July 20, 2010 6:09 PM To: Perry, James J. Cc: gnupg-users@gnupg.org Subject: Re: GPG seems broken on FC13 after upgrade. On 06/01/2010 06:49 PM, Perry, James J. wrote: I just updated to FC 13 and not gpg fails to work for any user. I get the following messages when I try to decrypt a file and have the DISPLAY set even though I am not using X. gpg --pgp6 EDI997.20100601091546.pgp You need a passphrase to unlock the secret key for user: xyz 2048-bit ELG key, ID ... can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory gpg-agent[2]: command get_passphrase failed: Operation cancelled gpg: cancelled by user gpg: encrypted with 2048-bit ELG key, ID ... gpg: public key decryption failed: General error gpg: decryption failed: No secret key This happens when I have a DISPLAY variable set. Without it I get a bad looking curses interface image like below: lqqq k x Please enter the passphrase to unlock the secret key for the OpenPGP x x certificate: x x xyz x x 2048-bit ELG key, ID ...x x created 2010-05-30 (main key ID ...). x x x x x x Passphrase __ x x x x OK Cancel x mqqq j This was not how it worked when I used it prior to upgrading to FC13. I do not want all the pretty stuff and I need it to prompt for a password on the command line like it did prior to the used of pinentry-qt or pinentry-curses. What do I need to fix? I spent 4 hours digging around to just find that if I had a DISPLAY variable set but no X-Server running on my MS Win box, it would not even work. Users of GPG here on Linux will not understand that issue so I will need to keep it running as it did before, but no manuals I found seemed to indicate how to correct it. Thanks! -Jim ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users I'm not sure if this is your exact problem but on my openSuSE 11.2 system Seahorse really made a mess of things. Try running your gpg-agent the old fashion way and export the variables. I'm initializing mine in .xinitrc with an eval statement and relevant arguments b/c seahorse doesn't seem to work correctly with scdaemon. -- __ Chris Ruff email: jcr...@gmail.com gpg key: 0x0621F585 gpg fgpr: E3C4 0E2E AD99 59A2 E4D0 DC1B FD21 25BC 0621 F585 Proud partner. Susan G. Komen for the Cure. Please consider our environment before printing this e-mail or attachments. -- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Can't open PGP file with Gnupg
I'm having an issue opening a file sent to us. They are using pgp commend line version 6.5. We are using GnuPG 2.0.12. When we try to open the file we get the message File contained no openPGdata. Any help you can provide would be greatly appreciated. Brian Cooperider IT Operations Relay Health 8720 Orion Place, Suite 300 Columbus, OH 43240 614-396-4511 614-885-0033 Fax http://www.relayhealth.com http://www.relayhealth.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
file contained no OpenPGPdata
I asked this last week but I don't think it got answered. We have a customer using pgp command line version 6.5. The file they are sending us is giving us the error file contained no OpenPGData We are using GnuPG 2.0.12, GPA 0.9.0. We have not been able to resolve the issue. We are not having any issues with our other customers but are uncertain if anyone else is using the same pgp version. Any help would be greatly appreciated. Brian Cooperider IT Operations Relay Health 8720 Orion Place, Suite 300 Columbus, OH 43240 614-396-4511 614-885-0033 Fax http://www.relayhealth.com http://www.relayhealth.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Can't open PGP file with Gnupg
Thanks Charly for the quick response. We are a windows user. I'll need to verify the exact version of pgp they are using. I won't be able to see if that works until tomorrow but hopefully it does. Brian Cooperider IT Operations Relay Health 8720 Orion Place, Suite 300 Columbus, OH 43240 614-396-4511 614-885-0033 Fax http://www.relayhealth.com -Original Message- From: Charly Avital [mailto:shavi...@mac.com] Sent: Monday, July 26, 2010 10:23 AM To: gnupg-users@gnupg.org Subject: Re: Can't open PGP file with Gnupg Cooperider, Brian wrote the following on 7/20/10 4:48 PM: File contained no openPGdata. GnuPG requires Unix line endings. Maybe, just maybe the file that was created by 6.5 command line (would that be PGP Command line 6.5.8?) is not Unix line ended. You might want to try and convert that file from his current format to Unix line-endings, using a text editor. As a Macintosh user, I would avail myself of BBEdit. I guess that you are a Windows user, I don't know which editor would be available. Just a thought. Charly ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Can't open PGP file with Gnupg
On 7/26/10 10:41 AM, Cooperider, Brian wrote: Thanks Charly for the quick response. We are a windows user. I'll need to verify the exact version of pgp they are using. I won't be able to see if that works until tomorrow but hopefully it does. I believe Charly is in error. The line ending convention is specified in RFC4880, and both GnuPG and PGP conform to that. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Can't open PGP file with Gnupg
On Jul 20, 2010, at 4:48 PM, Cooperider, Brian wrote: I’m having an issue opening a file sent to us. They are using pgp commend line version 6.5. We are using GnuPG 2.0.12. When we try to open the file we get the message File contained no openPGdata. Any help you can provide would be greatly appreciated. I'm happy to take a look at a file to see what exactly is wrong if you're willing/able to send me one. I'd need the key to decrypt it, so either encrypt the test message to my key (99242560), or make a new key for the purpose. Most likely the problem you are having is that PGP version 6.5 is beyond antique at this point. You might try adding the --pgp6 flag to your gpg invocation, which enables some workarounds for various PGP 6-isms, but basically the problem is that PGP 6.5 predates the standard that GnuPG follows. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Can't open PGP file with Gnupg
Robert J. Hansen wrote the following on 7/26/10 10:50 AM: On 7/26/10 10:41 AM, Cooperider, Brian wrote: Thanks Charly for the quick response. We are a windows user. I'll need to verify the exact version of pgp they are using. I won't be able to see if that works until tomorrow but hopefully it does. I believe Charly is in error. The line ending convention is specified in RFC4880, and both GnuPG and PGP conform to that. I possibly am. My very empirical knowledge of crypto does not include RFC's. I remember that in order to have GnuPG import e.g. key blocks generated by prior to Windows and even Macintosh PGP 7.0 releases, I had to convert those key blocks to Unix line-endings. Right now, using PGP Desktop 10.0.2.13, I have no such problem. Another erroneous guessing would be that the file that Brian has been trying to import is not in ASCII format? Charly ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Can't open PGP file with Gnupg
I should be able to send you a test file tomorrow. We will try adding that flag as well. Brian Cooperider IT Operations Relay Health 8720 Orion Place, Suite 300 Columbus, OH 43240 614-396-4511 614-885-0033 Fax http://www.relayhealth.com -Original Message- From: David Shaw [mailto:ds...@jabberwocky.com] Sent: Monday, July 26, 2010 11:08 AM To: Cooperider, Brian Cc: gnupg-users@gnupg.org; Brian Cooperider Subject: Re: Can't open PGP file with Gnupg On Jul 20, 2010, at 4:48 PM, Cooperider, Brian wrote: I'm having an issue opening a file sent to us. They are using pgp commend line version 6.5. We are using GnuPG 2.0.12. When we try to open the file we get the message File contained no openPGdata. Any help you can provide would be greatly appreciated. I'm happy to take a look at a file to see what exactly is wrong if you're willing/able to send me one. I'd need the key to decrypt it, so either encrypt the test message to my key (99242560), or make a new key for the purpose. Most likely the problem you are having is that PGP version 6.5 is beyond antique at this point. You might try adding the --pgp6 flag to your gpg invocation, which enables some workarounds for various PGP 6-isms, but basically the problem is that PGP 6.5 predates the standard that GnuPG follows. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
