Re: Subkey Generation / SmartCard

2017-04-15 Thread David Gueguen via Gnupg-users 
Hello Christoph,


with new gpg version version (>2.15) you can more easily generates sub keys


* Herafter are add subkeys to main keyring $key_id each with RSA1024 and
1 for Sign, 1 for Encrypt, 1 for Auth

 echo $var_pass_poem | gpg2 --no-verbose --pinentry-mode loopback
--batch --no-tty --yes --passphrase-fd 0 --quick-addkey --passphrase ''
$key_id rsa1024 sign 1y

  echo $var_pass_poem | gpg2 --no-verbose --pinentry-mode loopback
--batch --no-tty --yes --passphrase-fd 0 --quick-addkey --passphrase ''
$key_id rsa1024 encrypt 1y

  echo $var_pass_poem | gpg2 --no-verbose --pinentry-mode loopback
--batch --no-tty --yes --passphrase-fd 0 --quick-addkey --passphrase ''
$key_id rsa1024 auth 1y

the " echo $var_pass_poem | " trick allow you to enter the pass poem as
variable and then to not have any keyboard interaction


* Here is the automated keytocard (with keyboard interaction) check that
the exported keys are the good ones ...

  local cmd="key 2\nkeytocard\n1\ny\nkey 2\nkey 3\nkeytocard\n2\ny\nkey
3\nkey 4\nkeytocard\n3\ny\nsave\nY\n"

  echo -e $cmd | gpg2 --no-verbose --command-fd 0 --status-fd 2
--edit-key $key_id



* btw: here is how I generate main keyring:
echo "
Key-Type: $var_key_type
Key-Usage:sign cert
Key-Length:   $var_key_lenght
Subkey-Type:  $var_key_type
Subkey-Usage: encrypt
Subkey-Length:$var_key_lenght
Name-Real:$var_name
Name-Comment: $var_comment
Name-Email:   $var_mail
Keyserver:$var_web_path
Expire-Date:  $var_expiracy
Passphrase:   $var_pass_poem
Preferences:  $var_pref
  " > gen_key_script  # creating SC and E keys
gpg2 --batch --full-gen-key gen_key_script


I am also trying to make gpg card ready to go in a automated way
https://github.com/bourinus/gpg_SmartCard_generation


Hope this helps,
Best rgds,
david


On 14/04/2017 20:47, Christoph J wrote:
> I am trying to batch provision yubikeys.
> 
> Using the --batch, I can generate the initial key, but I am unable to
> add more than a single subkey.
> 
> Is there a way to batch provision subkeys, specifying the usage
> (signing, encryption, auth) without havi

ng to go into --edit-key /
> interactive mode?
> 
> On the same topic, is there a way to do 'keytocard', again without
> having to do --edit-key --> toggle --> keytocard interactively?
> 
> Any insight on this would be most helpful. Thanks!
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Help with decrypting email from command line

2017-04-15 Thread steven345 
Hi all,

I have sent and received encrypted emails before and decrypted them 
successfully. However I have received a few emails from someone that I cannot 
decrypt using my normal gpg2 commands. Normally I receive encrypted 
attachments, but these new encrypted data are inline to the email body. However 
I use an email hosting service that if you provide your keypair, they can 
encrypt/decrypt emails for you, and it works like a charm every time on these 
emails: they successfully decrypt these emails using the same keys and 
passphrase I use on the command line. I've tried many different options and I 
have no clue why I cannot decrypt these emails on the command line. I copy and 
paste the armored email contents into a file then simply decrypt it. But with 
these emails I get "Bad session key" every single time. Since my email hoster 
can decrypt all of these emails, clearly the encrypted data, keys, and 
passphrase are good. I use the same keypair to encrypt and decrypt other data 
no problem, so I'm 
 guessing the sender used some other encryption program/protocol my gpg2 
doesn't support but my email hoster does?? The email header Content-Type shows

multipart/encrypted;
boundary="=_MailMate_B366C6F9-8EA1-4E58-BE07-33C7D5454060_=";
protocol="application/pgp-encrypted"

cat -v shows no weird characters in anything I've copy-pasted from the body of 
the email. It's a standard email:

-BEGIN PGP MESSAGE-

etc.
-END PGP MESSAGE-


Any help would be greatly appreciated.

Some info: 

#~ $ gpg2 -d -v -v  wed
gpg: armor: BEGIN PGP MESSAGE
# off=0 ctb=8c tag=3 hlen=2 plen=13
:symkey enc packet: version 4, cipher 3, s2k 3, hash 2
salt 76D51E30746E495F, count 65536 (96)
gpg: CAST5 encrypted data
# off=15 ctb=c9 tag=9 hlen=2 plen=0 partial new-ctb
:encrypted data packet:
length: unknown
gpg: encrypted with 1 passphrase
gpg: decryption failed: Bad session key


#~ $ gpg2 --version
gpg (GnuPG) 2.1.11
libgcrypt 1.6.5
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2



I then upgraded:

#~ $ gpg2 --version
gpg (GnuPG) 2.1.18
libgcrypt 1.7.6-beta
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/user/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
#~ $ gpg2 -d -v -v  wed
gpg: armor: BEGIN PGP MESSAGE
# off=0 ctb=8c tag=3 hlen=2 plen=13
:symkey enc packet: version 4, cipher 3, s2k 3, hash 2
salt 76D51E30746E495F, count 65536 (96)
gpg: CAST5 encrypted data
gpg: no running gpg-agent - starting '/usr/bin/gpg-agent'
gpg: waiting for the agent to come up ... (5s)
gpg: connection to agent established
gpg: pinentry launched (7500 unknown 0.9.7 ? ? ?)
# off=15 ctb=c9 tag=9 hlen=2 plen=0 partial new-ctb
:encrypted data packet:
length: unknown
gpg: encrypted with 1 passphrase
gpg: pinentry launched (7515 unknown 0.9.7 ? ? ?)
gpg: decryption failed: Bad session key


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users