Re: How to encrypt using public certificate\key

[shaarang tyagi]

Hello Peter,

I am talking about OpenPGP, i want to encrypt a file that follows openpgp
standard so but when i tried with the windows version of Gnupg , i was
getting an error "configuration not correct" (the error was more or less
similar) .
I was encrypting by selecting a certificate which i had imported , i had
also imported its root ca, so certificate chain was fully there but
encryption failed.
Also my certificate does not show up in "openpgp certificates" list , so i
am wondering that maybe the problem is that there is some specific "type"
of certificate is required, although my certificate has "file encryption"
present in its type!

Best Regards,
Shaarang
Show quoted text


On Sep 6, 2017 6:59 PM, "Peter Lebbing"  wrote:

> On 06/09/17 06:37, shaarang tyagi wrote:
> > I have a situation where I need to use GnuPG from command line and
> > encrypt a file using a public certificate or PEM public key
>
> First of all, are we talking about OpenPGP, S/MIME, or both? I notice
> you say PEM public key, which implies the X.509 and S/MIME ecosystem,
> but GnuPG is more commonly used for the OpenPGP ecosystem. The "gpgsm"
> binary of GnuPG does do S/MIME, though.
>
> Peter.
>
> --
> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at 
>
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Configuring dirmngr

[Mario Figueiredo]

On Wed, 06 Sep 2017 13:59:43 -0400
Daniel Kahn Gillmor  wrote:

> after making that configuration file, have you explicitly restarted
> dirmngr?  the simplest way is:
> 
> gpgconf --kill dirmngr
> 

Thank you, Daniel. There was a problem with how I was restarting
dirmngr on my script. You post helped identify it. And problem is
solved.


-- 
Sinceramente / Best regards,

Mário J.G.P. Figueiredo
Luanda, Angola
(email) mar...@gmx.com (alt) kru...@openmailbox.org
(phone) +244 934 535 121


pgphdrCNALNGV.pgp
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to encrypt using public certificate\key

[Mario Castelán Castro]

On 05/09/17 23:37, shaarang tyagi wrote:
> I have a situation where I need to use GnuPG from command line and encrypt
> a file using a public certificate or PEM public key, please note that I
> will not have the private key at this point and encryption needs to be done
> only using public key.
> 
> Let me know if this is possible or not.

You can use the “gpgsm” to operate over X.509 certificates (this covers
your use case).

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Configuring dirmngr

[Daniel Kahn Gillmor]

On Tue 2017-09-05 21:58:44 +0100, Mario Figueiredo wrote:
> I'm having trouble configuring dirmngr to use a default keyserver.
>
> The current configuration file at .gnupg/dirmngr.conf contains this
> single line:
>
> keyserver hkp://pgp.mit.edu
>
> However trying to use --recv-keys always fails:
>
> $ gpg --recv-keys 0x194b631ab2da2888
> gpg: no valid OpenPGP data found.
> gpg: Total number processed: 0

What version of gnupg are you running?

after making that configuration file, have you explicitly restarted
dirmngr?  the simplest way is:

gpgconf --kill dirmngr

then subsequent uses of gpg should automatically spawn a new dirmngr,
which will pick up the new configuration.

hth,

 --dkg


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to encrypt using public certificate\key

[Peter Lebbing]

Hello Shaarang,

On 06/09/17 16:13, shaarang tyagi wrote:
> I am talking about OpenPGP, i want to encrypt a file that follows
> openpgp standard [...]

> I was encrypting by selecting a certificate which i had imported , i had
> also imported its root ca, so certificate chain was fully there but
> encryption failed.

"Root CA", "certificate chain" and your earlier "PEM public key" tell me
you are using certificates from the Cryptographic Message Syntax
ecosystem (to which S/MIME belongs also). These are not OpenPGP
certificates/public keys, and it is simply impossible to encrypt an
OpenPGP message to them. You will need to ask your peer for their
OpenPGP certificate (also called "public key")  before you can send them
an OpenPGP encrypted message.

They are two completely separate and incompatible ecosystems. It just so
happens that GnuPG does have some support for CMS as well, through the
gpgsm binary.

More about starting with OpenPGP is in The GNU Privacy Handbook[1]. That
guide is pretty outdated, though, so don't take its word for gospel.

HTH,

Peter.

[1] 

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Unsubscriing (was: How to encrypt using public certificate\key)

[Peter Lebbing]

On 06/09/17 14:56, BRUCE KAPITO via Gnupg-users wrote:
> Can you please cease and desist sending me emails.  I did not sign up
> for this

*Someone* managed to subscribe your e-mail address, which is usually not
possible without being able to read mail addressed to your e-mail
address (and thus should usually just be you).

Anyway: you're asking your peers, who cannot help you. You can help
yourself by following the link at the bottom of every mail you receive
through the mailing list:

> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

Note you will need to use the exact e-mail address that was subscribed.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to encrypt using public certificate\key

[Peter Lebbing]

On 06/09/17 06:37, shaarang tyagi wrote:
> I have a situation where I need to use GnuPG from command line and
> encrypt a file using a public certificate or PEM public key

First of all, are we talking about OpenPGP, S/MIME, or both? I notice
you say PEM public key, which implies the X.509 and S/MIME ecosystem,
but GnuPG is more commonly used for the OpenPGP ecosystem. The "gpgsm"
binary of GnuPG does do S/MIME, though.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Poldi example usage of gpg-connect-agent fails

[Franck Routier (perso)]

Hi,

I am trying to get into smartcard usage, and would want to allow 
Authentication on my system with an OpenPGP Card (FSFE Fellowship 
smartcard).


As I understand it (I might be wrong), the right pam module is Poldi.

According to the Texinfo page (info poldi), current version is 0.4, and 
lacks the previous poldi-ctrl utility, so I have to create some config 
file manually.


Specifically, here is the example that is given:


   First, the system administrator has to associate the user moritz with
the card's serial number:

 $ echo "D27600012401010100010655 moritz" >> 
/etc/poldi/localdb/users


   Second, the system administrator needs to write the card's key into a
card-specific key file.  Therefore he inserts Moritz' smartcard and
executes:

 $ gpg-connect-agent "/datafile 
/etc/poldi/localdb/keys/D27600012401010100010655" "SCD READKEY 
--advanced OPENPGP.3" /bye



My problem is that the command  gpg-connect-agent "/datafile myfile" 
"SCD READKEY --advanced OPENPGP.3" /bye returns an error:


ERR 100663414 Identifiant incorrect 


Can anyone help me on this ? (or is there a better way to authenticate 
using an OpenPGP smartcard ?) (or is it just a bad idea ?)


Thanks in advance

Franck


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users