Re: How to decrypt a message while preserving the signature?

[Tony Lane via Gnupg-users]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 11/3/19 4:15 AM, Peter Lebbing wrote:
> Werner recently mentioned an undocumented command for this.[1]
> 
> On 27/08/2019 11:30, Werner Koch via Gnupg-users wrote: 
>> You can extra the signature from the encrypted+signed data:
>>
>>   gpg --unwrap -d -o SIG >
>> and then run
>>
>>   gpgv -o SIGNEDFILE SIG && echo verified!
>>

The '--unwrap' option alone seems to work for me. Thanks for sharing this.

> --unwrap is not documented and has the minor problem that it also keeps the
compression layer

Why is keeping the compression layer a problem? Also what other undocumented 
options are out there?
Can they be documented somewhere?
-BEGIN PGP SIGNATURE-

iLgEARMKAB0WIQQWZv6JZKxO310TWtXo8fj9gx4T0wUCXb+0DgAKCRDo8fj9gx4T
0ymVAgkBa9tE9xyhk1sk3Tx+//yoawVxZmAQB3vy1u0QIShHqOPirYHwyQODH/Xw
NLYDpBZK9NthXLN5oq/FbmmBzqXm7H0CB1ditfCuvGdtslwzljGqzs6lbYCSp6N+
9pNGwHPPT5nduCKZSERfvgQRq7nJW/b+2bLU4CwvA28GiLr1LCj0cVqw
=B1yd
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to improve our GUIs (was: We have GOT TO make things simpler)

[raf via Gnupg-users]

Ryan McGinnis via Gnupg-users wrote:

> I might be missing something really obvious here but... what is this
> trying to protect against?

What they say they are trying to protect against, I suppose.
I summarised my understanding of it by saying:

> > It might not address all threats but it certainly seems
> > to solve some very real threats, mainly the threat of
> > someone hacking into your IMAP account and accessing
> > every email you ever received.

> ...Your service provider can
> certainly (and probably does certainly) retain archive or backup copies
> of all emails that enter into and exit your account...

I'm sure they have better things to waste their storage on.
Most IMAP service providers are not the NSA after all. :-)

> ... so encrypting them
> after reception only means that the copy you are accessing is encrypted
> and non-accessible to the provider, but the copy that they archived or
> backed up is just as plaintext as always (or is, more likely, encrypted
> with a key that only they know). 

The point is that it's not accessible to whoever hacks
into your IMAP account. They make it very clear that
that is the problem that they are trying to solve.

> ... E2E is really the only solution that keeps your email provably
> private from all parties concerned other than the recipients. 

Like anything else, E2E is only an actual solution if
it is actually used.

Since E2E for email is demonstrably too hard to achieve
for most people, it doesn't happen except in rare
cases. You can obviously send encrypted emails to all
your correspondents who have accessible keys. E3 allows
you to encrypt the emails that you receive that weren't
sent by senders who are able or willing to encrypt what
they send. The creators of E3 are not pretending that
E3 is an alternative to E2E for the problems that E2E
solves. It complements it (in the sense that it can
encrypt all the emails that weren't encrypted
end-to-end). It's just a tool that solves a particular
privacy problem in an accessible way. It seems like a
good thing.

Of course, making E2E just as accessible must be
possible too but it hasn't happened yet and we've been
waiting a long time. How hard would it be for all email
clients to automatically create a key pair and publish
the public key when you first run it if it can't find
an existing keypair? Pretty soon everyone would have
keypairs. Multiple devices would complicate things,
though.

I expect it would require Google and Microsoft to make
it happen automatically but Microsoft decided to charge
money to encrypt email and Google decided to make money
by analysing email content to improve advertising
effectiveness so I can't see them doing it any time
soon.

cheers,
raf

> On 10/29/2019 7:33 PM, raf via Gnupg-users wrote:
> > Hi,
> >
> > Sorry if this was mentioned before but I've just come
> > across a novel approach to email encryption that
> > doesn't do end-to-end encryption, but rather it
> > encrypts email upon receipt so that an individual can
> > encrypt the email that is stored in their IMAP account
> > as it arrives without the need for every sender to
> > encrypt and without the need for any service provider's
> > involvement (you just need an IMAP account), and it
> > supports reading email from multiple devices, each with
> > their own local private key. Most importantly, it
> > doesn't require the user to know anything about
> > encryption except that they want some.
> >
> > It might not address all threats but it certainly seems
> > to solve some very real threats, mainly the threat of
> > someone hacking into your IMAP account and accessing
> > every email you ever received.
> >
> >   Making It Easier to Encrypt Your Emails
> >   Authors: John S. Koh, Steven M. Bellovin, and Jason Nieh
> >   https://www.usenix.org/publications/login/fall2019/koh [paywall, usenix]
> >
> >   Why Joanie Can Encrypt: Easy Email Encryption with Easy Key Management
> >   EuroSys '19 Proceedings of the Fourteenth EuroSys Conference 2019
> >   Authors: John S. Koh, Steven M. Bellovin, Jason Nieh
> >   https://doi.org/10.1145/3302424.3303980 [paywall, acm]
> >   http://nieh.net/pubs/eurosys2019_e3.pdf [free]
> >
> >   Easy Email Encryption with Easy Key Management
> >   Authors: John S. Koh, Steven M. Bellovin, Jason Nieh
> >   https://mice.cs.columbia.edu/getTechreport.php?techreportID=1639 [free]
> >
> >   Automatically and invisibly encrypt email as soon as it is received on 
> > any trusted device
> >   https://www.helpnetsecurity.com/2019/04/01/easy-email-encryption/ [free]
> >
> > I know this doesn't help with the discussion of
> > improving GUIs to make it easier to encrypt emails that
> > you want to send, but it looks like a promising
> > improvement in privacy that could help many more people
> > than just those that want to encrypt emails that they
> > send. And it's still relevant. I expect that those that
> > want to encrypt any emails that they send might also
> > like all the emails that they 

Re: How to decrypt a message while preserving the signature? [ ref:_00D58dJQM._5004IusPCe:ref ]

[Mark Rousell]

On 04/11/2019 02:12, Mark Rousell wrote:
> The same thing is happening on the mozilla.general mail list at the
> moment although with a company called 'TheFork'. It has also happened
> in the past on mozilla.general with a wholesale cut flowers supplier
> called Avas Flowers.
>
> What happens is that the genuine email helpdesks of these genuine
> companies somehow get subscribed the respective mail list. It isn't
> clear how this subscription happens although it looks like prank-like
> foul play (or a low level DoS) by third parties to me.
>
> Back when this first happened on mozilla.general, I attempted to
> engage with the Avas Flowers helpdesk staff but they seemed utterly
> confused. I am pretty sure that they had not knowingly subscribed to
> mozilla.general. In general, the helpdesk staff of these companies
> seem confused as to what to do and don't seem to be able to
> unsubscribe themselves. And, at least in the case of Avas Flowers on
> mozilla.general, when they were finally unsubscribed they seem to be
> unwillingly re-subscribed soon after.

For what it's worth, I note that both Informa D here on this list and
TheFork (on mozilla.general) are using Salesforce-hosted helpdesks.

(Avas Flowers on mozilla.general (last year) were not on Salesforce, as
I recall. I think they hosted their own CRM/helpdesk software).

-- 
Mark Rousell

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to decrypt a message while preserving the signature? [ ref:_00D58dJQM._5004IusPCe:ref ]

[Mark Rousell]

On 03/11/2019 12:45, Andrew Gallagher wrote:
> Can one of the admins please unsubscribe or mute this recipient? It’s
> getting silly now. Thanks.
>
> Andrew Gallagher
>
>> On 3 Nov 2019, at 12:20, Informa D via Gnupg-users
>>  wrote:
>>
>>  Exmos. Senhores,

The same thing is happening on the mozilla.general mail list at the
moment although with a company called 'TheFork'. It has also happened in
the past on mozilla.general with a wholesale cut flowers supplier called
Avas Flowers.

What happens is that the genuine email helpdesks of these genuine
companies somehow get subscribed the respective mail list. It isn't
clear how this subscription happens although it looks like prank-like
foul play (or a low level DoS) by third parties to me.

Back when this first happened on mozilla.general, I attempted to engage
with the Avas Flowers helpdesk staff but they seemed utterly confused. I
am pretty sure that they had not knowingly subscribed to
mozilla.general. In general, the helpdesk staff of these companies seem
confused as to what to do and don't seem to be able to unsubscribe
themselves. And, at least in the case of Avas Flowers on
mozilla.general, when they were finally unsubscribed they seem to be
unwillingly re-subscribed soon after.

(N.B. Mozilla.general isn't just accessible as a newsgroup; it's also
accessible as a mail list).

-- 
Mark Rousell

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to decrypt a message while preserving the signature? [ ref:_00D58dJQM._5004IusPCe:ref ]

[Ralph Seichter]

* Andrew Gallagher:

> Can one of the admins please unsubscribe or mute this recipient? It’s
> getting silly now. Thanks.

Hooray for email killfiles. ;-) But yeah, unsubscribing would be nice.

-Ralph

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to decrypt a message while preserving the signature?

[Mark H Weaver]

Hi Peter,

Peter Lebbing  wrote:
> Werner recently mentioned an undocumented command for this.[1]
>
> On 27/08/2019 11:30, Werner Koch via Gnupg-users wrote:
>> You can extra the signature from the encrypted+signed data:
>>
>>   gpg --unwrap -d -o SIG >
>> and then run
>>
>>   gpgv -o SIGNEDFILE SIG && echo verified!
>>
>> --unwrap is not documented and has the minor problem that it also keeps the
>> compression layer.  However, gpgv groks that compression layer and works
>> as with a standard signature.  The signature is on SIGNEDFILE which gpgv
>> outputs for you.
[...]
> [1] https://lists.gnupg.org/pipermail/gnupg-users/2019-August/062619.html

Thanks very much Peter, this is what I was looking for.  I'm grateful.

 Regards,
   Mark

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: encrypt file in batch mode [ ref:_00D58dJQM._5004IusOTU:ref ]

[Informa D via Gnupg-users]

Exmos. Senhores,

Recebemos a informação que tiveram hoje a amabilidade de nos transmitir e que 
muito agradecemos.

Vamos imediatamente analisar o caso e responderemos com a máxima brevidade 
possível ao vosso pedido. Assim que for possível, o Serviço de Apoio ao Cliente 
entrará em contacto convosco.

No entanto, caso o vosso contacto esteja relacionado com a necessidade de 
atualizar os dados da vossa empresa na nossa base de dados, notem que poderão 
fazê-lo diretamente e sem demoras.

De facto, as entidades empresariais cujos dados constem da nossa base de dados 
podem consultar, acrescentar e modificar on-line as informações que lhes digam 
respeito, sendo para tal apenas necessário que disponham de uma senha de acesso 
exclusivo a uma zona reservada do nosso site.

Sublinhamos que este acesso para atualização on-line é totalmente gratuito e 
muito fácil, bastando entrar em www.informadb.pt e selecionar, em Feed´Back , " 
Para consultar atualizar os dados de uma empresa diretamente na nossa base de 
dados".

Se necessitarem de mais esclarecimentos sobre o Feed’Back – Serviço de 
Atualização de Dados, estaremos inteiramente disponíveis para os prestar.

Atenciosamente,

Serviço de Apoio ao Cliente

(+351) 213 500 389 - Fax: (+351) 213 151 658
vipclien...@informadb.pt
www.informadb.pt

CONFIDENCIAL. Esta mensagem destina-se a uso exclusivo do(s) destinatário(s) e 
poderá conter informação privada ou confidencial. A leitura, retenção, 
divulgação, cópia, distribuição ou reencaminhamento são proíbidas. Caso a 
receba por engano, solicitamos que nos comunique por e-mail e elimine a 
mensagem do seu sistema sem a reproduzir. Os dados pessoais constantes do 
presente e-mail estão ou serão adicionados à lista de contactos da INFORMA D, 
responsável pelo tratamento de dados, para o podermos contactar sempre que 
necessário . O direito de acesso, retificação, oposição e apagamento, deverá 
ser exercido através do e-mail: protecaodeda...@informadb.pt. Consulte o nosso 
compromisso de privacidade em www.informadb.pt.

CONFIDENTIAL. This message is intended for the exclusive use of the named 
addressee(s) and it may contain private or confidential information. Any 
reading, retention, disclosure, copying, distribution or redirection is 
prohibited. If you are not the intended recipient, please notify us by e-mail 
and delete this message from your system without retaining a copy. The personal 
data included in this e-mail is or will be added to the contact list of INFORMA 
D, acting as data controller, to contact you whenever necessary. You have the 
right of access and the rights to rectification, to object and to erasure 
through the e-mail: protecaodeda...@informadb.pt___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to decrypt a message while preserving the signature? [ ref:_00D58dJQM._5004IusPCe:ref ]

[Andrew Gallagher]

Can one of the admins please unsubscribe or mute this recipient? It’s getting 
silly now. Thanks.

Andrew Gallagher

> On 3 Nov 2019, at 12:20, Informa D via Gnupg-users  
> wrote:
> 
>  Exmos. Senhores,
> 
> Recebemos a informação que tiveram hoje a amabilidade de nos transmitir e que 
> muito agradecemos.
>  
> Vamos imediatamente analisar o caso e responderemos com a máxima brevidade 
> possível ao vosso pedido. Assim que for possível, o Serviço de Apoio ao 
> Cliente entrará em contacto convosco.
>  
> No entanto, caso o vosso contacto esteja relacionado com a necessidade de 
> atualizar os dados da vossa empresa na nossa base de dados, notem que poderão 
> fazê-lo diretamente e sem demoras.
>  
> De facto, as entidades empresariais cujos dados constem da nossa base de 
> dados podem consultar, acrescentar e modificar on-line as informações que 
> lhes digam respeito, sendo para tal apenas necessário que disponham de uma 
> senha de acesso exclusivo a uma zona reservada do nosso site.
>  
> Sublinhamos que este acesso para atualização on-line é totalmente gratuito e 
> muito fácil, bastando entrar em www.informadb.pt e selecionar, em Feed´Back , 
> " Para consultar atualizar os dados de uma empresa diretamente na nossa base 
> de dados".
> 
> Se necessitarem de mais esclarecimentos sobre o Feed’Back – Serviço de 
> Atualização de Dados, estaremos inteiramente disponíveis para os prestar.
>  
> Atenciosamente,
> 
> Serviço de Apoio ao Cliente
> 
> (+351) 213 500 389 - Fax: (+351) 213 151 658
> vipclien...@informadb.pt
> www.informadb.pt
> 
> CONFIDENCIAL. Esta mensagem destina-se a uso exclusivo do(s) destinatário(s) 
> e poderá conter informação privada ou confidencial. A leitura, retenção, 
> divulgação, cópia, distribuição ou reencaminhamento são proíbidas. Caso a 
> receba por engano, solicitamos que nos comunique por e-mail e elimine a 
> mensagem do seu sistema sem a reproduzir. Os dados pessoais constantes do 
> presente e-mail estão ou serão adicionados à lista de contactos da INFORMA 
> D, responsável pelo tratamento de dados, para o podermos contactar sempre 
> que necessário . O direito de acesso, retificação, oposição e apagamento, 
> deverá ser exercido através do e-mail: protecaodeda...@informadb.pt. Consulte 
> o nosso compromisso de privacidade em www.informadb.pt.
> 
> CONFIDENTIAL. This message is intended for the exclusive use of the named 
> addressee(s) and it may contain private or confidential information. Any 
> reading, retention, disclosure, copying, distribution or redirection is 
> prohibited. If you are not the intended recipient, please notify us by e-mail 
> and delete this message from your system without retaining a copy. The 
> personal data included in this e-mail is or will be added to the contact list 
> of INFORMA D, acting as data controller, to contact you whenever necessary. 
> You have the right of access and the rights to rectification, to object and 
> to erasure through the e-mail: protecaodeda...@informadb.pt  
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to decrypt a message while preserving the signature? [ ref:_00D58dJQM._5004IusPUT:ref ]

[Informa D via Gnupg-users]

Exmos. Senhores,

Recebemos a informação que tiveram hoje a amabilidade de nos transmitir e que 
muito agradecemos.

Vamos imediatamente analisar o caso e responderemos com a máxima brevidade 
possível ao vosso pedido. Assim que for possível, o Serviço de Apoio ao Cliente 
entrará em contacto convosco.

No entanto, caso o vosso contacto esteja relacionado com a necessidade de 
atualizar os dados da vossa empresa na nossa base de dados, notem que poderão 
fazê-lo diretamente e sem demoras.

De facto, as entidades empresariais cujos dados constem da nossa base de dados 
podem consultar, acrescentar e modificar on-line as informações que lhes digam 
respeito, sendo para tal apenas necessário que disponham de uma senha de acesso 
exclusivo a uma zona reservada do nosso site.

Sublinhamos que este acesso para atualização on-line é totalmente gratuito e 
muito fácil, bastando entrar em www.informadb.pt e selecionar, em Feed´Back , " 
Para consultar atualizar os dados de uma empresa diretamente na nossa base de 
dados".

Se necessitarem de mais esclarecimentos sobre o Feed’Back – Serviço de 
Atualização de Dados, estaremos inteiramente disponíveis para os prestar.

Atenciosamente,

Serviço de Apoio ao Cliente

(+351) 213 500 389 - Fax: (+351) 213 151 658
vipclien...@informadb.pt
www.informadb.pt

CONFIDENCIAL. Esta mensagem destina-se a uso exclusivo do(s) destinatário(s) e 
poderá conter informação privada ou confidencial. A leitura, retenção, 
divulgação, cópia, distribuição ou reencaminhamento são proíbidas. Caso a 
receba por engano, solicitamos que nos comunique por e-mail e elimine a 
mensagem do seu sistema sem a reproduzir. Os dados pessoais constantes do 
presente e-mail estão ou serão adicionados à lista de contactos da INFORMA D, 
responsável pelo tratamento de dados, para o podermos contactar sempre que 
necessário . O direito de acesso, retificação, oposição e apagamento, deverá 
ser exercido através do e-mail: protecaodeda...@informadb.pt. Consulte o nosso 
compromisso de privacidade em www.informadb.pt.

CONFIDENTIAL. This message is intended for the exclusive use of the named 
addressee(s) and it may contain private or confidential information. Any 
reading, retention, disclosure, copying, distribution or redirection is 
prohibited. If you are not the intended recipient, please notify us by e-mail 
and delete this message from your system without retaining a copy. The personal 
data included in this e-mail is or will be added to the contact list of INFORMA 
D, acting as data controller, to contact you whenever necessary. You have the 
right of access and the rights to rectification, to object and to erasure 
through the e-mail: protecaodeda...@informadb.pt___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: encrypt file in batch mode [ ref:_00D58dJQM._5004IusPVR:ref ]

[Informa D via Gnupg-users]

Exmos. Senhores,

Recebemos a informação que tiveram hoje a amabilidade de nos transmitir e que 
muito agradecemos.

Vamos imediatamente analisar o caso e responderemos com a máxima brevidade 
possível ao vosso pedido. Assim que for possível, o Serviço de Apoio ao Cliente 
entrará em contacto convosco.

No entanto, caso o vosso contacto esteja relacionado com a necessidade de 
atualizar os dados da vossa empresa na nossa base de dados, notem que poderão 
fazê-lo diretamente e sem demoras.

De facto, as entidades empresariais cujos dados constem da nossa base de dados 
podem consultar, acrescentar e modificar on-line as informações que lhes digam 
respeito, sendo para tal apenas necessário que disponham de uma senha de acesso 
exclusivo a uma zona reservada do nosso site.

Sublinhamos que este acesso para atualização on-line é totalmente gratuito e 
muito fácil, bastando entrar em www.informadb.pt e selecionar, em Feed´Back , " 
Para consultar atualizar os dados de uma empresa diretamente na nossa base de 
dados".

Se necessitarem de mais esclarecimentos sobre o Feed’Back – Serviço de 
Atualização de Dados, estaremos inteiramente disponíveis para os prestar.

Atenciosamente,

Serviço de Apoio ao Cliente

(+351) 213 500 389 - Fax: (+351) 213 151 658
vipclien...@informadb.pt
www.informadb.pt

CONFIDENCIAL. Esta mensagem destina-se a uso exclusivo do(s) destinatário(s) e 
poderá conter informação privada ou confidencial. A leitura, retenção, 
divulgação, cópia, distribuição ou reencaminhamento são proíbidas. Caso a 
receba por engano, solicitamos que nos comunique por e-mail e elimine a 
mensagem do seu sistema sem a reproduzir. Os dados pessoais constantes do 
presente e-mail estão ou serão adicionados à lista de contactos da INFORMA D, 
responsável pelo tratamento de dados, para o podermos contactar sempre que 
necessário . O direito de acesso, retificação, oposição e apagamento, deverá 
ser exercido através do e-mail: protecaodeda...@informadb.pt. Consulte o nosso 
compromisso de privacidade em www.informadb.pt.

CONFIDENTIAL. This message is intended for the exclusive use of the named 
addressee(s) and it may contain private or confidential information. Any 
reading, retention, disclosure, copying, distribution or redirection is 
prohibited. If you are not the intended recipient, please notify us by e-mail 
and delete this message from your system without retaining a copy. The personal 
data included in this e-mail is or will be added to the contact list of INFORMA 
D, acting as data controller, to contact you whenever necessary. You have the 
right of access and the rights to rectification, to object and to erasure 
through the e-mail: protecaodeda...@informadb.pt___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to decrypt a message while preserving the signature? [ ref:_00D58dJQM._5004IusPCe:ref ]

[Informa D via Gnupg-users]

Exmos. Senhores,

Recebemos a informação que tiveram hoje a amabilidade de nos transmitir e que 
muito agradecemos.

Vamos imediatamente analisar o caso e responderemos com a máxima brevidade 
possível ao vosso pedido. Assim que for possível, o Serviço de Apoio ao Cliente 
entrará em contacto convosco.

No entanto, caso o vosso contacto esteja relacionado com a necessidade de 
atualizar os dados da vossa empresa na nossa base de dados, notem que poderão 
fazê-lo diretamente e sem demoras.

De facto, as entidades empresariais cujos dados constem da nossa base de dados 
podem consultar, acrescentar e modificar on-line as informações que lhes digam 
respeito, sendo para tal apenas necessário que disponham de uma senha de acesso 
exclusivo a uma zona reservada do nosso site.

Sublinhamos que este acesso para atualização on-line é totalmente gratuito e 
muito fácil, bastando entrar em www.informadb.pt e selecionar, em Feed´Back , " 
Para consultar atualizar os dados de uma empresa diretamente na nossa base de 
dados".

Se necessitarem de mais esclarecimentos sobre o Feed’Back – Serviço de 
Atualização de Dados, estaremos inteiramente disponíveis para os prestar.

Atenciosamente,

Serviço de Apoio ao Cliente

(+351) 213 500 389 - Fax: (+351) 213 151 658
vipclien...@informadb.pt
www.informadb.pt

CONFIDENCIAL. Esta mensagem destina-se a uso exclusivo do(s) destinatário(s) e 
poderá conter informação privada ou confidencial. A leitura, retenção, 
divulgação, cópia, distribuição ou reencaminhamento são proíbidas. Caso a 
receba por engano, solicitamos que nos comunique por e-mail e elimine a 
mensagem do seu sistema sem a reproduzir. Os dados pessoais constantes do 
presente e-mail estão ou serão adicionados à lista de contactos da INFORMA D, 
responsável pelo tratamento de dados, para o podermos contactar sempre que 
necessário . O direito de acesso, retificação, oposição e apagamento, deverá 
ser exercido através do e-mail: protecaodeda...@informadb.pt. Consulte o nosso 
compromisso de privacidade em www.informadb.pt.

CONFIDENTIAL. This message is intended for the exclusive use of the named 
addressee(s) and it may contain private or confidential information. Any 
reading, retention, disclosure, copying, distribution or redirection is 
prohibited. If you are not the intended recipient, please notify us by e-mail 
and delete this message from your system without retaining a copy. The personal 
data included in this e-mail is or will be added to the contact list of INFORMA 
D, acting as data controller, to contact you whenever necessary. You have the 
right of access and the rights to rectification, to object and to erasure 
through the e-mail: protecaodeda...@informadb.pt___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to decrypt a message while preserving the signature?

[Peter Lebbing]

Werner recently mentioned an undocumented command for this.[1]

On 27/08/2019 11:30, Werner Koch via Gnupg-users wrote: 
> You can extra the signature from the encrypted+signed data:
> 
>   gpg --unwrap -d -o SIG  
> and then run
> 
>   gpgv -o SIGNEDFILE SIG && echo verified!
> 
> --unwrap is not documented and has the minor problem that it also keeps the
> compression layer.  However, gpgv groks that compression layer and works
> as with a standard signature.  The signature is on SIGNEDFILE which gpgv
> outputs for you.

HTH,

Peter.

[1] https://lists.gnupg.org/pipermail/gnupg-users/2019-August/062619.html

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: encrypt file in batch mode

[Fourhundred Thecat]

On 03/11/2019 07.52, Tony Lane via Gnupg-users wrote:
> On 11/3/19 1:24 AM, Fourhundred Thecat wrote:
>
>> But it makes no sense. This particular private key has no passphrase. So
>> shouldn't signing work in batch mode as well ?
> Are you sure? Try to --edit-key and select that key (not the cert key).
> Then passwd, for the empty passphrase. Don't forget to save.

I am sure the private key has no passphrase. Everything worked fine with
same private key on gpg 1.4.12

But now, I cannot even list keys from secring.gpg

$ gpg --list-secret-keys
gpg: can't connect to the agent: No such file or directory
gpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory

Same error when I try "--edit-key"

  failed to start agent '/usr/bin/gpg-agent': No such file or directory


The only thing that works is "gpg --list-packets secring.gpg"

$ gpg --list-packets secring.gpg | grep protect

I believe this shows that secret key is not password protected

If it was, it would have:
  protect count:
  protect IV:

>> Also, I still get an error when trustdb.gpg is not writable.
>> --lock-never
> Be careful with that option. The docs say this:
>> This option should be used only in very special environments
>> Improper usage of this option may lead to data and key corruption.
> Is there a chance that's what's happening here?

well, if trustdb.gpg is not writable, how could it lead to corruption.
That's the whole point. I want read-only access to trustdb.gpg, because
I don't want to make any changes.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to decrypt a message while preserving the signature?

[Mark H Weaver]

I wrote:
> I'm reading RFC 4880 now, to get my own answers.  Still, I would be
> grateful if someone with deeper knowledge would answer my question.

Quoting the last paragraph of section 2.1 of RFC 4880:

   Both digital signature and confidentiality services may be applied to
   the same message.  First, a signature is generated for the message
   and attached to the message.  Then the message plus signature is
   encrypted using a symmetric session key.  Finally, the session key is
   encrypted using public-key encryption and prefixed to the encrypted
   block.

Exactly as I said.  So what I'm asking for can certainly be done.

  Mark

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to decrypt a message while preserving the signature?

[Mark H Weaver]

Tony Lane wrote:

> On 11/3/19 1:55 AM, Mark H Weaver wrote:
>> I'm asking if there's a way to decrypt the message while preserving the
>> existing signed message.  Of course, this requires the private
>> decryption key, but it should *not* require the private signing key.
>
> I do not think there is a way to do this. When both '-s' and '-r' options
> are used for some given file, the decryption operation atomically decrypts
> and verifies the file.

"Atomically", really?  I'm aware that the high-level user interface
makes it *appear* to be atomic, but if you actually believe it's atomic,
I think you are demonstrating that your knowledge of cryptography and
OpenPGP formats is even more superficial than my own.

Incidentally, I one of the first developers hired by PGP, Inc, and one
of the authors of PGP 5.x.  I worked with Phil Zimmermann quite closely,
and also with Hal Finney, RIP.  It was the last nonfree software I
worked on, back in the late 1990s.  Obviously, I did not work on the
actual cryptographic operations--my areas were the key management code,
cross-platform layer, API design, and design and production of the
scannable printed source code books that allowed PGP to be legally
exported to Europe for the first time.  Please do not mistake me for a
noob.

I'm reading RFC 4880 now, to get my own answers.  Still, I would be
grateful if someone with deeper knowledge would answer my question.

 Thanks,
   Mark

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: encrypt file in batch mode

[Tony Lane via Gnupg-users]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 11/3/19 1:24 AM, Fourhundred Thecat wrote:

> But it makes no sense. This particular private key has no passphrase. So
> shouldn't signing work in batch mode as well ?
Are you sure? Try to --edit-key and select that key (not the cert key).
Then passwd, for the empty passphrase. Don't forget to save.

> Also, I still get an error when trustdb.gpg is not writable.
> --lock-never
Be careful with that option. The docs say this:
> This option should be used only in very special environments
> Improper usage of this option may lead to data and key corruption.
Is there a chance that's what's happening here?
-BEGIN PGP SIGNATURE-

iLcEARMKAB0WIQQWZv6JZKxO310TWtXo8fj9gx4T0wUCXb55QgAKCRDo8fj9gx4T
0wIGAgUReI7Epg4xygz0BxRkl+TSUwSW6K7q98D6AlkbjLbHUZBEG2RfmRu9IINe
UF3BFVddL1XqxV593DR81PPfU/gF+QIIrlMAvOW0kl/45S1cUrsrG9UkDMIRuM7i
NniVfZ9Snj5RZSVIdZNHw9wwdKKkY1MujkqfdF9UL4mtzIl1RQ8EFo0=
=dO9l
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to decrypt a message while preserving the signature?

[Tony Lane via Gnupg-users]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 11/3/19 1:55 AM, Mark H Weaver wrote:
> I'm asking if there's a way to decrypt the message while preserving the
> existing signed message.  Of course, this requires the private
> decryption key, but it should *not* require the private signing key.

I do not think there is a way to do this. When both '-s' and '-r' options
are used for some given file, the decryption operation atomically decrypts
and verifies the file. Actually, I don't think it goes through PGP in two
"passes" like you might think. You are probably best off having the signer
encrypt and sign distinctly, like so:

gpg -s http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: encrypt file in batch mode

[Fourhundred Thecat]

On 02/11/2019 22.52, Brian C via Gnupg-users wrote:
> I can answer why the passphrase is needed: You are using the -s option
> which tells gpg to sign the file, which requires your private key.

You are right. It works when I remove "-s".

But it makes no sense. This particular private key has no passphrase. So
shouldn't signing work in batch mode as well ?

Also, I still get an error when trustdb.gpg is not writable.

I am specifically using "--no-auto-check-trustdb" and "--lock-never",
but these options do not seem to have any effect.

Here is full syntax I am using now:

gpg --no-auto-check-trustdb --lock-never --no-verbose --batch --yes
--pinentry-mode loopback -e -r u...@domain.com -o zz.gpg zz

The above works, if trustdb.gpg is writable. It fails if it is not:

gpg: Fatal: can't open '/var/lib/asterisk/.gnupg/trustdb.gpg': Operation
not permitted

Why does gpg need trustdb.gpg to be writable? I am not asking to change
any trust settings. I just need simply to encrypt file.

thanks,

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users