Re: Upgrading 2.0.20 to 2.2.24
On Mon, 18 Jun 2018 07:44, skqu...@rushpost.com said: > The format secret keys are stored in changed between 2.0.x and 2.1.x. It > is possible that 2.2.x no longer has the code in it to migrate to the 2.2 still has the migration code. However, once a migration is done it will not be done again. Thus adding a new key with an old version of gpg at least the secret key won't show up in a newer gpg version. > new format, in which case you might need to import secring.gpg manually > and set the trust to ultimate manually as well. Right. The official way to do this is to run gpg --export-secret-key KEYID >FILE using the old version of gpg and then to run gpg --import pgpS16YG0wb2s.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Upgrading 2.0.20 to 2.2.24
On 06/17/2018 05:20 PM, fe...@crowfix.com wrote: > gpg: encrypted with 2048-bit ELG key, ID 18DCDD20A3362105, created > -mm-dd > "Felix Finch (Scarecrow Repairman) " > gpg: decryption failed: No secret key The format secret keys are stored in changed between 2.0.x and 2.1.x. It is possible that 2.2.x no longer has the code in it to migrate to the new format, in which case you might need to import secring.gpg manually and set the trust to ultimate manually as well. -- Shawn K. Quinn http://www.rantroulette.com http://www.skqrecordquest.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Upgrading 2.0.20 to 2.2.24
Hi Felix, > gpg -e dest -r fe...@crowfix.com ... > gpg: encrypted with 2048-bit ELG key, ID 18DCDD20A3362105, created > -mm-dd > "Felix Finch (Scarecrow Repairman) " > gpg: decryption failed: No secret key The key for recipient fe...@crowfix.com that was used to encrypt is not on the machine that's decrypting. See the --list*keys options in gpg(1). --export and --import could also be useful. -- Cheers, Ralph. https://plus.google.com/+RalphCorderoy ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Upgrading 2.0.20 to 2.2.24
I have a seldom-used need to encrypt a few files, and the last time I did was on a gentoo system running 2.0.20. gpg -e dest -r fe...@crowfix.com I have migrated the .gnupg dir to an Ubuntu 18.04 system running 2.2.24, and the gpg command seems to have mutated. The gentoo 2.0.20 command can decrypt what the Ubuntu 2.2.24 command encrypts. But the Ubuntu 2.2.24 command will not decrypt either what it just encrypted or what the gentoo 2.0.20 command encrypted: gpg: encrypted with 2048-bit ELG key, ID 18DCDD20A3362105, created -mm-dd "Felix Finch (Scarecrow Repairman) " gpg: decryption failed: No secret key The enceyption command also seems pickier: gpg: 18DCDD20A3362105: There is no assurance this key belongs to the named user sub elg2048/18DCDD20A3362105 1999-12-06 Felix Finch (Scarecrow Repairman) Primary key fingerprint: E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 Subkey fingerprint: 1A59 C8A1 81FB 6780 641C D17E 18DC DD20 A336 2105 It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes. Use this key anyway? (y/N) Can someone offer an explanation so I don't have to dredge through a zillion changelogs to see why 2.2.24 is pickier? What does it mean to say there is no secret key? -- ... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._. Felix Finch: scarecrow repairman & wood chipper / fe...@crowfix.com GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933 I've found a solution to Fermat's Last Theorem but I see I've run out of room o ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Hard to find alternate source of checksums
Il 16/06/2018 19:48, Jeff Martin ha scritto: > I'm not on Linux. I'm on macOS, which does not come with any built-in > GPG. I must build GPG from source files. The only way to verify the > source files in this situation (I think) is by checksum. You can just fire up a VM booting with an "old enough" distro that you can assume has not been tampered with. Maybe one from an old CD. Once you've bootstrapped the system, it all becomes easy :) BYtE, Diego ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Hard to find alternate source of checksums
NdK wrote: > GPG is usually included I'm not on Linux. I'm on macOS, which does not come with any built-in GPG. I must build GPG from source files. The only way to verify the source files in this situation (I think) is by checksum. On Mon, Jun 11, 2018 at 2:38 AM, NdK wrote: > Il 09/06/2018 19:08, Jeff Martin ha scritto: >> For a fresh install of GnuPG, I was following the integrity check >> directions. I have no prior version for GnuPG. > Why not fetch some (unrelated) live distributions, possibly some older > ones and some newer ones? > > GPG is usually included and you can use it to check the signatures. > > BYtE, > Diego -- Jeff Martin iOS Developer ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Hard to find alternate source of checksums
Lee wrote: > So you still need to find a release announcement on 2 or 3 different > sites to check the signing key fingerprints. You have hit the heart of my problem. I cannot find these 2 or 3 different sites That is why I came to this mailing list: for hints on how to find these other sites. My DDG & Goole searches were not enough. On Mon, Jun 11, 2018 at 9:14 AM, Lee wrote: > On 6/11/18, NdK wrote: >> Il 09/06/2018 19:08, Jeff Martin ha scritto: >>> For a fresh install of GnuPG, I was following the integrity check >>> directions. I have no prior version for GnuPG. >> Why not fetch some (unrelated) live distributions, possibly some older >> ones and some newer ones? >> >> GPG is usually included and you can use it to check the signatures. > > If you're not trusting the checksums listed on the website you're not > trusting the signing key fingerprints listed on the site either. So > you still need to find a release announcement on 2 or 3 different > sites to check the signing key fingerprints. And know enough to make > sure the auto key retrieval function in GPG is turned off in your live > distro > > Lee -- Jeff Martin iOS Developer ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users