RE: GPG Decrypt Error based on a timeout function?

[Dave via Gnupg-users]

Angel,
  I came to that realization as I worked through with your guidance, the
configuration I wanted.
  Technology, while here to help, can be a drawback at times.  Or perhaps
better said, has its own limitations.

Many thanks and stay safe.
Dave

-Original Message-
From: Gnupg-users  On Behalf Of Ángel
Sent: Friday, December 18, 2020 3:50 PM
To: gnupg-users@gnupg.org
Subject: Re: GPG Decrypt Error based on a timeout function?

On 2020-12-18 at 10:25 -0800, Dave via Gnupg-users wrote:
> Angel,
>   Yes, I want the script to run unattended, which the gpg process is 
> not the right method, as you say: " you could configure the gpg 
> password in the script, but then that would be roughly equivalent to 
> the email account password."
> 
>   Many thanks and stay safe and healthy, Dave

You cannot make a machine which needs a secret run fully unattended without
having such secret *somewhere*. You can move pieces around, separate roles
amongst different parts, protect a secret in a way that a _different_ secret
is needed instead, etc. But in the end, as the machine needs that secret,
you need to store it there. Or, alternatively, have a human input it and
have it stored in memory, with the caveat that the machine won't be able to
boot to a fully functional state until that is provided.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: GPG Decrypt Error based on a timeout function?

[Dave via Gnupg-users]

Angel,
  Yes, I want the script to run unattended, which the gpg process is not the 
right method, as you say: " you could configure the gpg password in the script, 
but then that would be roughly equivalent to the email account password."

  Many thanks and stay safe and healthy,
Dave
  

-Original Message-
From: Gnupg-users  On Behalf Of Ángel
Sent: Thursday, December 17, 2020 4:53 PM
To: gnupg-users@gnupg.org
Subject: Re: GPG Decrypt Error based on a timeout function?

On 2020-12-17 at 11:28 -0800, Dave via Gnupg-users wrote:
> Good Day,
>   This very novice would appreciate some help.
>  
>   My situation:
>  
> I have a Raspberry Pi 4 computer running the Raspberry Operating 
> System (Raspbian GNU/Linux [buster], Version ID=10) at my home.  I 
> need it to send me an email notification when certain functions are 
> performed.
>  
> To this end, I have configured the mail system called msmtp on the 
> Raspberry Pi 4 computer.  I can send email to my myself via my email 
> account manually and interactively using msmtp on the Raspberry Pi 4 
> computer, with the password not encrypted on the Raspberry Pi 4 
> computer.
>  (...)
> When I run the following command:
>  
> gpg --encrypt -o .msmtp-2d.ionos.gpg -r 2...@daviddonnelly.com -
>  
> I am asked for my passphrase, once entered the file is decrypted and 
> the contents displayed.  I then rerun the command:

Probably a mistake in pasting the same as before. This command wouldn't need 
the password for the private key. 

> msmtp -t < message.txt
>  
> and the associated e-mail is sent.
>  
> I wait a few minutes and the error repeats itself.
>  
> Is there some sort of timeout associated with gpg? Or my 
> implementation is wrong…or ?
>   
> Also, I have noticed, at times, gpg will not accept the passphrase 
> until I reboot the Raspberry pi 4.

See gpg-agent settings. The few minutes it works, that's because gpg- agent has 
the decrypted gpg key cached. You would need to increase that timeout, or let 
the script provide the password directly to gpg / use a passwordless key. When 
the sending fails, it should perhaps be asking you to provide the gpg 
passphrase, my guess is that the way it runs ( --no-tty --batch maybe), it 
isn't able to launch a pinentry to ask the password to the user.

If you really want the password decryption to be unattended, you could 
configure the gpg password in the script, but then that would be roughly 
equivalent to the email account password. It's turtles all way down.

Regards



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GPG Decrypt Error based on a timeout function?

[Dave via Gnupg-users]

Good Day,

  This very novice would appreciate some help.

 

  My situation:

 

I have a Raspberry Pi 4 computer running the Raspberry Operating System
(Raspbian GNU/Linux [buster], Version ID=10) at my home.  I need it to send
me an email notification when certain functions are performed.

 

To this end, I have configured the mail system called msmtp on the Raspberry
Pi 4 computer.  I can send email to my myself via my email account manually
and interactively using msmtp on the Raspberry Pi 4 computer, with the
password not encrypted on the Raspberry Pi 4 computer.

 

I have gpg version 2.2.12-1+rpi1+deb10u1 installed on this Raspberry Pi 4
Computer.

 

 

Problem:

Following good security policies, I encrypted my email account password
using gpg.  My encrypted password is stored in a file
(/home/pi/.msmtp-2d-ionos.gpg) on the Raspberry Pi4 computer.

 

I successfully created my gpg key.  I was able to successfully run the
following command: 

 

gpg --encrypt -o .msmtp-2d.ionos.gpg -r 2...@daviddonnelly.com -

 

 

The password provided was encrypted with no problems and the associated file
was created.

 

 

However, when I run the following command, it initially works.  Meaning the
associated password is decrypted and the e-mail is sent:

 

msmtp -t < message.txt

 

But after a few minutes, when I retest the command:

 

msmtp -t < message.txt

 

I get the following error:

 

gpg: decryption failed: No secret key

 

When I run the following command:

 

gpg --encrypt -o .msmtp-2d.ionos.gpg -r 2...@daviddonnelly.com -

 

I am asked for my passphrase, once entered the file is decrypted and the
contents displayed.  I then rerun the command:

 

msmtp -t < message.txt

 

and the associated e-mail is sent.

 

I wait a few minutes and the error repeats itself.

 

Is there some sort of timeout associated with gpg? Or my implementation is
wrong.or ?

 

Also, I have noticed, at times, gpg will not accept the passphrase until I
reboot the Raspberry pi 4.

 

 

Your help in this matter is greatly appreciated,

Dave

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: GPG Encryption on Raspberry Pi 4 using custom e-mail address failure

[Dave via Gnupg-users]

Andrew,
  I learned a few things after this post was submitted.

  Yes - I had not created my key...or keys?
  At any rate - once I create the key (with an associated passphrase), the
encryption worked.  Well - to some degree. 

  Another problem cropped up which I will post via a different e-mail.

Many thanks, this initial issue is solved. 

Many thanks,
Dave

-Original Message-
From: Gnupg-users  On Behalf Of Andrew
Gallagher
Sent: Thursday, December 17, 2020 1:52 AM
To: gnupg-users@gnupg.org
Subject: Re: GPG Encryption on Raspberry Pi 4 using custom e-mail address
failure

On 16/12/2020 16:15, david.donne...@daviddonnelly.com wrote:
> However,  when I try to run the same command using my 
> david.donnelly.com
> (IONOS.COM) email account:
> 
> gpg --encrypt -o .msmtp-ionos.gpg -r david.donne...@daviddonnelly.com 
>  -
> 
> or
> 
> gpg --encrypt -o .msmtp-ionos.gpg -r 2...@daviddonnelly.com 
>  -
> 
> I get the following three errors:
> 
> gpg: error retrieving 'david.donne...@daviddonnelly.com' via WKD: 
> Network error
> 
> gpg: david.donne...@daviddonnelly.com
> : skipped: Network error
> 
> gpg: [stdin]: encryption failed: Network error

It appears that you don't already have a copy of the public key for
david.donne...@daviddonnelly.com on that machine. Is this expected?

I can't find keys for any of your listed emails on the SKS pool, or on
Hagrid (which appears to be down?), or via WKD. If you don't have the key
locally either, then gpg won't be able to encrypt.

--
Andrew Gallagher



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Usability of OpenSSL vs GNUPG

[Dave via Gnupg-users]

I've been playing around some with OpenSSL recently, and it seems to me that
the OpenSSL command structure is rather convoluted.  I've read a number of
articles, blog posts, etc. that criticize GNUPG and even make the case that
people should stop using it, in large part because of concerns around the
GNUPG command structure and general usability.  Yet I can't recall
encountering any similar complaints about OpenSSL.  I find this somewhat
curious, and am wondering if there are OpenSSL detractors out there that I
simply haven't come across or if the OpenSSL command structure isn't as
complicated as it seems to me.  Or if it seems to others that OpenSSL
doesn't get the same level of criticism as GNUPG does for usability,
although the tools seem to offer a generally similar user experience.  

 

I suppose that OpenSSL is geared toward a very technical and security-aware
user base, who aren't likely to complain about usability issues - while
GNUPG is a tool that could be used by all sorts of users, some of whom are
definitely not technically inclined or interested in details of information
security.  That alone could explain the difference, I suppose.  But I'm
wondering if anyone has any other thoughts around this topic.

 

Thanks,

 

Dave

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users