Re: fingerprint associated public key does not match displayed public key
> Well, it depends. We have no idea what the .asc file in Disk/users/SamiBadri contains. It could be your public key. Or it could be somebody else's public key. Or it could be something other than a public key. That was my mistake. When I generated my first key pair I used the command: gpg --armor --export sami.ba...@gmail.com> ~/Desktop/SamiB.asc I moved it into my user folder. That's the file I uploaded to openpgp.org. It is the public key block. > You shouldn't assume anything if you are dealing with encryption software. You should be sure what you are doing. Otherwise, in the extreme, you could jeopardize the lives of other people. I absolutely understand. > You can use the command gpg --show-key But, as with using a proper email client you should probably also use a > proper graphical tool for working with GnuPG. On Linux, I suggest using Kleopatra. On Windows, I recommend gpg4win. I'm researching other email clients and will definitely get a GnuPG graphical tool. PGP Tool for Mac looks ok. > Alternatively, you could have a look at Mailvelope (https://mailvelope.com). It's a browser add-on that will extend GMail (and many other webmail providers) with OpenPGP support. I'm looking at Mailvelope and FlowCrypt for Gmail extensions. On Sat, Dec 18, 2021 at 3:23 PM Ingo Klöcker wrote: > > On Freitag, 17. Dezember 2021 18:04:04 CET S.B. via Gnupg-users wrote: > > > Otherwise, you can simply send your exported key to the person you want to > > > give your public key to. > > > > Yeah so, I can attach the .asc file that's in my Disk/users/SamiBadri > > folder (it's the only .asc file I've seen), but I'm assuming that is > > my public key. Is that correct? > > Well, it depends. We have no idea what the .asc file in Disk/users/SamiBadri > contains. It could be your public key. Or it could be somebody else's public > key. Or it could be something other than a public key. > > Quite frankly, I suggest that you follow Robert's advice and start your > learning experience with OpenPGP by using an email client that supports > OpenPGP out-of-the-box. All decent email clients should have a functionality > to attach your public key to an email without you having to attach some file > manually. > > > Is there anyway to send your private key? > > Sure. You can send any file to anyone, so, of course, you can do the same with > your private key (unless it's stored on a smartcard in a read-protected slot). > > A decent email client should not offer a functionality to attach your secret > key to an email. So, if you stick to what your email client offers you, then > you should be safe. > > > I want to know so that I don't do it accidentally. > > Then don't attach random files you find on your disk to your emails without > knowing what those files contain. > > > Also, if I > > use the cat SamiB.asc command, the terminal reveals a certificate (and > > I assume that's my public key certificate). > > You shouldn't assume anything if you are dealing with encryption software. You > should be sure what you are doing. Otherwise, in the extreme, you could > jeopardize the lives of other people. > > > Can I copy/paste and send > > that as a txt attachment? Will they be able to do anything with it? > > For instance, let's say they don't have my email, key ID, or > > fingerprint, only the pgp public key block (aka certificate), can you > > do anything with a txt-type file that only shows the certificate in > > armor? > > If you send someone the public key block of your public key, e.g. some file > that contains something like > > -BEGIN PGP PUBLIC KEY BLOCK- > > [...] > -END PGP PUBLIC KEY BLOCK- > > then this person can import your public key in their keyring and use it to > verify signatures made by you and to encrypt text or files for you. > > You can use the command > gpg --show-key to have a look at the key (or keys) contained in SamiB.asc. But, as with using > a proper email client you should probably also use a proper graphical tool for > working with GnuPG. On Linux, I suggest using Kleopatra. On Windows, I > recommend gpg4win. > > > Lastly, I see that you have attached a signature .asc file with your > > email. I can import that file, and compare to? > > No, you cannot import that file. You need an email client that supports > OpenPGP to do anything useful with it. > > Alternatively, you could have a look at Mailvelope (https://mailvelope.com). > It's a browser add-on that will extend GMail (and many other webmail > providers) with OpenPGP support. > > Regards, > Ingo > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: fingerprint associated public key does not match displayed public key
> Did you notice the command is "gpg --import < certificate.txt"? Yes, sorry. I did type the command correctly. >> I placed the file in my .gnupg hidden folder. > > Then you'd need to do "gpg --import < ~/.gnupg/certificate.txt". If certificate.txt isn't in your current directory, you need to tell Linux where to look for it. It worked. I placed the txt file (copied and pasted) certificate in my .gnugp folder and it went through. > Please stop using that resource. As mentioned above, it's shockingly bad. To be fair. The resource didn't actually tell me to do it that way. It only supplied me with the command. The method was my roundabout way of making it work (based on my underivative understanding). It seems as though my entry into this realm was clearly... bad. I wanted to learn the system without using separate encryption software like kleopatra. I wanted to know how to do it with just gpg and any email provider. It's difficult, and I have a lot to learn. and... I was hoping that, since I have your email, key ID, and fingerprint ;) I could write an encrypted message to your sixdemonbag email. I'd completely understand if you'd rather not. I just have now found myself luring friends and relatives into learning this with me and exchanging encrypted emails and... it's not going well. > On Fri, Dec 17, 2021 at 9:24 PM Robert J. Hansen wrote: > > > What other keys would it hold? > > Behold: > > pub ed25519/1E7A94D4E87F91D5 2021-02-22 [SC] >7D8EC4B85B6FEDD6C10D3C791E7A94D4E87F91D5 > uid [ultimate] Robert J. Hansen > uid [ultimate] Robert J. Hansen > sub cv25519/7D6CCDB66CA1202F 2021-02-22 [E] > > > My public certificate has two keys: an Edwards-25519 signing key and a > Curve-25519 encryption key. > > Back in the '90s, certificates almost always held a single key that was > used for both encryption and signing. Then we realized, "if the courts > force us to give our decryption key to the cops so they can read our > traffic, we're also giving them the ability to impersonate us." Since > then, virtually every OpenPGP certificate has had at least two keys: one > for signing and one for encryption. > > There are cases where three or more keys are appropriate, but they're > kind of outside the scope of the current discussion. > > >> Sure it does. I did that no more than twenty minutes ago myself. > > > > So I typed the gpg --import > certificate.txt command and it says "no > > such file or directory: certificate.txt" (certificate has a different > > name of course). > > Did you notice the command is "gpg --import < certificate.txt"? > > > I placed the file in my .gnupg hidden folder. > > Then you'd need to do "gpg --import < ~/.gnupg/certificate.txt". If > certificate.txt isn't in your current directory, you need to tell Linux > where to look for it. > > > Here is really the root of my problem. As you probably know, I'm not > > using a Web Key Service/Directory enabled email provider, so if I were > > to get an encrypted message intended for me, I'd have to copy the > > encryption text, paste it into txt file, then import/decrypt it like > > that with: gpg --decrypt ~/Desktop/encryptedfile.txt | perl > > -MMIME::QuotedPrint -0777 -nle 'print decode_qp($_)' > > That's shockingly bad. > > Try using an email client with OpenPGP support built-in. On Linux the > two major choices are Evolution and Thunderbird. > > > That's a command I found online from a source that I've been using for > > learning pgp. > > Please stop using that resource. As mentioned above, it's shockingly bad. > > As the FAQ says, "The good news is the internet is a treasure trove of > information. The bad news is that the internet is a festering sewer of > misinformation, conspiracy theories, and half-informed speculations all > masquerading as informed commentary." ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: fingerprint associated public key does not match displayed public key
On Freitag, 17. Dezember 2021 18:04:04 CET S.B. via Gnupg-users wrote: > > Otherwise, you can simply send your exported key to the person you want to > > give your public key to. > > Yeah so, I can attach the .asc file that's in my Disk/users/SamiBadri > folder (it's the only .asc file I've seen), but I'm assuming that is > my public key. Is that correct? Well, it depends. We have no idea what the .asc file in Disk/users/SamiBadri contains. It could be your public key. Or it could be somebody else's public key. Or it could be something other than a public key. Quite frankly, I suggest that you follow Robert's advice and start your learning experience with OpenPGP by using an email client that supports OpenPGP out-of-the-box. All decent email clients should have a functionality to attach your public key to an email without you having to attach some file manually. > Is there anyway to send your private key? Sure. You can send any file to anyone, so, of course, you can do the same with your private key (unless it's stored on a smartcard in a read-protected slot). A decent email client should not offer a functionality to attach your secret key to an email. So, if you stick to what your email client offers you, then you should be safe. > I want to know so that I don't do it accidentally. Then don't attach random files you find on your disk to your emails without knowing what those files contain. > Also, if I > use the cat SamiB.asc command, the terminal reveals a certificate (and > I assume that's my public key certificate). You shouldn't assume anything if you are dealing with encryption software. You should be sure what you are doing. Otherwise, in the extreme, you could jeopardize the lives of other people. > Can I copy/paste and send > that as a txt attachment? Will they be able to do anything with it? > For instance, let's say they don't have my email, key ID, or > fingerprint, only the pgp public key block (aka certificate), can you > do anything with a txt-type file that only shows the certificate in > armor? If you send someone the public key block of your public key, e.g. some file that contains something like -BEGIN PGP PUBLIC KEY BLOCK- [...] -END PGP PUBLIC KEY BLOCK- then this person can import your public key in their keyring and use it to verify signatures made by you and to encrypt text or files for you. You can use the command gpg --show-key Lastly, I see that you have attached a signature .asc file with your > email. I can import that file, and compare to? No, you cannot import that file. You need an email client that supports OpenPGP to do anything useful with it. Alternatively, you could have a look at Mailvelope (https://mailvelope.com). It's a browser add-on that will extend GMail (and many other webmail providers) with OpenPGP support. Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: fingerprint associated public key does not match displayed public key
> On 18 Dec 2021, at 02:25, Robert J. Hansen via Gnupg-users > wrote: > > As the FAQ says, "The good news is the internet is a treasure trove of > information. The bad news is that the internet is a festering sewer of > misinformation, conspiracy theories, and half-informed speculations all > masquerading as informed commentary." Indeed. The internet is also full of articles that haven’t been updated since before the iPhone was invented, and thus are *at best* so technologically outdated they might as well be written in hieroglyphics… A ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
