Re: cannot decrypt file symmetric encrypted

[Stefano Tranquillini]

i don't think that's the case. is there aa way to force the program to ask
passphrase?

On Fri, Aug 3, 2018 at 10:34 PM FuzzyDrawrings via Gnupg-users <
gnupg-users@gnupg.org> wrote:

> Stefano Tranquillini wrote:
>
> > the fact is that no passphrase is asked
>
> When you hit the Enter key after typing your decrypt command, it might
> also be closing the pinentry dialog immediately before it can appear on
> screen. Make sure you don't hold down the Enter key at all - just tap it
> once as briefly as possible.
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>


-- 
Stefano
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: cannot decrypt file symmetric encrypted

[Stefano Tranquillini]

the fact is that no passphrase is asked, and I don't know how I can force
the system to ask it.

On Thu, Aug 2, 2018 at 8:57 PM Dirk Gottschalk via Gnupg-users <
gnupg-users@gnupg.org> wrote:

> Hi.
>
> Am Donnerstag, den 02.08.2018, 14:11 +0200 schrieb Stefano
> Tranquillini:
> > Hi all,
> > last year I encrypted some files, today i tried to decrypt them but
> > the
> > decryption fails
>
> > stefano@~/Downloads/words$ gpg -d words.1.gpg
> > gpg: AES256 encrypted data
> > gpg: encrypted with 1 passphrase
> > gpg: decryption failed: Bad session key
>
> > can it be the difference between 1.4 (i guess in july 2017 that was)
> > and
> > the current one
>
> I don't now if there's any difference in symmetric encryption between
> 1.4.X and 2.2.X.
>
> > stefano@~/Downloads/words$ gpg --version
> > gpg (GnuPG/MacGPG2) 2.2.8
> > libgcrypt 1.8.3
>
> > what can I do?
> > (i'm on a mac)
>
> You could download and build the legacy version of GPG and give it a
> try.
>
> Are you sure you used the correct passphrase to decrypt?
>
> Regards,
> Dirk
>
> --
> Dirk Gottschalk
> Paulusstrasse 6-8
> 52064 Aachen, Germany
>
> GPG: DDCB AF8E 0132 AA54 20AB  B864 4081 0B18 1ED8 E838
> Keybase.io: https://keybase.io/dgottschalk
> GitHub: https://github.com/Dirk1980ac
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>


-- 
Stefano
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

cannot decrypt file symmetric encrypted

[Stefano Tranquillini]

Hi all,
last year I encrypted some files, today i tried to decrypt them but the
decryption fails

stefano@~/Downloads/words$ gpg -d words.1.gpg
gpg: AES256 encrypted data
gpg: encrypted with 1 passphrase
gpg: decryption failed: Bad session key

can it be the difference between 1.4 (i guess in july 2017 that was) and
the current one

stefano@~/Downloads/words$ gpg --version
gpg (GnuPG/MacGPG2) 2.2.8
libgcrypt 1.8.3

what can I do?
(i'm on a mac)

-- 
Stefano
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG, subkeys smartcard and computer

[Stefano Tranquillini]

Hi,
Things are getting clearer now, the fact is: subkeys are not related and
basically only the last generated is used. I missunderstood this step.
I need a Auth subkey on the smartcard becuase I've setup the server to
access ssh only via a key. If I'm not at my pc I can't access the server,
and this may be a problem. However, with a smartcard I may overcome the
problem by using any pc.
Probably is the same as having a ssh key stored on a usb and use it when
I'm not on my laptop (and throw it away afterward, just in case). but this
is outside the gpg list ;)

On Mon, Feb 20, 2017 at 1:14 AM, MFPA <2014-667rhzu3dc-lists-groups@
riseup.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hi
>
>
> On Sunday 19 February 2017 at 2:58:56 PM, in
> , Damien
> Goutte-Gattat wrote:-
>
>
> > Disclaimer: I am not advocating such a setup, that I
> > don't even actually use.
>
> I use that setup. Last I heard, message recipients who use
> Enigmail/Thunderbird only see the verification result of one of the
> signatures. Which one they see depends on the order of the two
> local-user lines in my gpg.conf file, so if I have them in the "wrong"
> order an Enigmail/Thunderbird user whose GnuPG is not version 2.1.x
> will not see report of a valid signature.
>
>
> - --
> Best regards
>
> MFPA  
>
> The trouble with words is that you never know whose mouths they've been in.
> -BEGIN PGP SIGNATURE-
>
> iL4EARYKAGYFAliqNQRfFIAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
> bnBncC5maWZ0aGhvcnNlbWFuLm5ldDMzQUNFRDRFRTkxMzRFRUJERTZBODUwNjE3
> MTJCQzQ2MUFGNzc4RTQACgkQFxK8Rhr3eOQu3AEAhk6IddWOiFov15Ha5QhKe9C8
> Xh3WMI8mt2H4h0hdp5IA/jGhW01UYCHDhVG4ddY2fwjjsIekcxOyE+rUcmTwueMK
> iQF8BAEBCgBmBQJYqjUEXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
> QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwbjYH/jUKUaX3GcfFcTpz3nsyuVqh
> VPwpd0WVu9Fd4s/Nbt8MOFn++mwR2J7wh3nv44QJgk5MJVFUkCpgIuavm+L8DxG1
> aQ14c0bBNw+IcTLhTF8q5fvWzPsluHex6YoNpzQLXSU3bJgMogm8IT+HCQAc7ee3
> pIwaFuxdW4H/p7E0OIDrJkQywcF7sXBSbr2aAtJZUWFUzeosfrxgVNE8q800elF3
> 8nPtlhNZJ8MGcbOohstocWEv1GCGwzT8RyEGmnGduYYG25hg33zz8mLn210E/nn0
> AOZIjUd8hyxBfLZLRjufbZAHkG+/EQVQcBbk0TBmuZ80dpXFLRZ9TXA4O6OqPIA=
> =FW0d
> -END PGP SIGNATURE-
>
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>



-- 
Stefano
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG, subkeys smartcard and computer

[Stefano Tranquillini]

thanks,
Sorry for the double messages, I sent the first before subscribing to the
list and I tought it was not forwarded to the mailing list.

Briefly:
 - use tails to genereate master (default settings) and subkeys
 - export the public key and fingerprints
 - backup master to a cold storage
 - export the subkeys for later usage
 - move the subkeys into the laptop

I'll skip the smart card now, I'll only generate and add to it a A subkeys
for accessing ssh in case I'm away of the pc. I think I can have multiple A
subkeys, not like E keys that only the last is used, and use them to ssh
servers if all these subkeys are added to the server


Regarding the rest:

On Fri, Feb 17, 2017 at 3:11 PM, Andrew Gallagher 
wrote:

> ​... cut ...
>
> If you run "keytocard" and then save your changes, you will delete the
> on-disk copy of those subkeys. They will only then exist on the
> smartcard. I normally don't recommend this, as it means you have no way
> to back up your E subkey, and if your smartcard breaks you then lose
> access to all data encrypted to it. If you are keeping your master
> offline, there is IMO little extra risk in also keeping an offline
> copy of your E subkey. In order to do this, once you run "keytocard" on
> all three subkeys you should immediately quit gnupg *without saving*.
> This will ensure that the on-disk copy is not deleted.
>

​wait, If i've a subkey E (called E1) and I lose it (e.g. it was on the
smartcard).
Can't I create a new E (called E2) from my master and decrypt the data? Or
the data encrypted are decriptable only by the exact E (E1 in this case)
that was used to encrypt it?

​Can't I export the subkeys to a file and backup that file​ and then move
the keys to the card? Will I be able to restore the keys if they get lost?

​Sending you a sperarte email for the script (which seems the one you have
on the website)​

-- 
Stefano
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GPG, subkeys smartcard and computer

[Stefano Tranquillini]

Hi all,
I'm sort of new to GPG/PGP, I'm not new to the encryption/crypto world and
to computers, however, some concepts are yet not clear to me.

I can't get my head around on how to use GPG in the "correct" way to
guarantee the maximum result. That is: protect, at the best, my privacy and
also don't get the system too complicated.

The problems that I've are multiple, I'll try to summarize them here asking
for help. I've read the manual, but it's a bit outdated, and online I found
scattered information that does not always explain why some decision are
made.

My ideal setup is:

   - Master generated on offline pc and stored in a cold storage
   - subkeys for the pc (main pc, that I use everyday) - i need
   (A)utenticate (E)encrypt (S)ign keys
   - subkeys for the smartcard - if I use a pc of someone else, and as
   backup for what is worth. (In the future I may switch to just the
   smartcard, removing the keys from pc, but I would like to have the keys on
   the pc for time being)
   - I would like to avoid moving the master ouside the offline pc/cold
   storage

Create the master:

I should create the master on a device that is not my primary one and that
is not online. It seems kind of freak approach to me, but I can understand
why. Once created, I backup it to a file which I store on a usb key or
somewhere outside of computers. With the master I can create, later,
subkeys for what I need and the revoke certificate in case of compromised
subkeys.  Other than the master key, do I've to export anything else (not
talking of subkeys yet, that's next topic)?

When creating the master, I've two possibility: (i) use the dafault setting
that results in a (SC) key or (ii) set it as only (C). The best solution
seems to be the second, right? (http://security.stackexchange.com/questions/
32386/why-do-pgp-master-keys-only-have-a-single-subkey-and-
tie-certification-with-sig). Is it worth to use that approach or, as of
today, the (i) is fine? I still don't get the full benefit of one or the
other solution

Create the subkey

With the master key I can create subkeys. I should do it from the offline
pc in which I created the key, or import the master in a pc and then create
the subkeys (it doesn't sound so safe though). Now:

   -  should each subkey be for only one scope (A) (S) (E) or is it fine if
  one key does  two or three scopes (ASE) or (SE)?
  - once subkeys are creted I've to export them and also their revoke
  certifications (do they have one)? correct?
  - I've a smartcard, but I've also a pc, should I create 6 subkeys, 2
  for A, 2 for S and 2 for E and move the 3 A S E to the yubikey and the
  other 3 to the pc?.
  - moving the keys on the smartcard is done via "keytocard" but to
  move the keys on the pc I've to export subkeys, will this export also the
  keys on the smartcard and then I'll need the smartcard to access some of
  those? how can I decide what to import where?
  - Do I've to rexport my public key or anything else to let the world
  know my subkeys?
  - Do I've to export anything else to achieve my scenario's goal?

Am I missing anything? Or is there anything that can guide me to achieving
my goals?

PS: Sorry for the long questions, but I can't find online something that
explains my scenario. Solutions are for base cases or for smart-card only.
Well, probably there's a guide, but I can't find it out.

-- 
Stefano
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GPG, subkeys smartcard and computer

[Stefano Tranquillini]

Hi all,
I'm sort of new to GPG/PGP, I'm not new to the encryption/crypto world and
to computers, however, some concepts are yet not clear to me.

I can't get my head around on how to use GPG in the "correct" way to
guarantee the maximum result. That is: protect, at the best, my privacy and
also don't get the system too complicated.

The problems that I've are multiple, I'll try to summarize them here asking
for help. I've read the manual, but it's a bit outdated, and online I found
scattered information that does not always explain why some decision are
made.

My ideal setup is:

   - Master generated on offline pc and stored in a cold storage
   - subkeys for the pc (main pc, that I use everyday) - i need
   (A)utenticate (E)encrypt (S)ign keys
   - subkeys for the smartcard - if I use a pc of someone else, and as
   backup for what is worth. (In the future I may switch to just the
   smartcard, removing the keys from pc, but I would like to have the keys on
   the pc for time being)
   - I would like to avoid moving the master ouside the offline pc/cold
   storage

Create the master:

I should create the master on a device that is not my primary one and that
is not online. It seems kind of freak approach to me, but I can understand
why. Once created, I backup it to a file which I store on a usb key or
somewhere outside of computers. With the master I can create, later,
subkeys for what I need and the revoke certificate in case of compromised
subkeys.  Other than the master key, do I've to export anything else (not
talking of subkeys yet, that's next topic)?

When creating the master, I've two possibility: (i) use the dafault setting
that results in a (SC) key or (ii) set it as only (C). The best solution
seems to be the second, right? (
http://security.stackexchange.com/questions/32386/why-do-pgp-master-keys-only-have-a-single-subkey-and-tie-certification-with-sig).
Is it worth to use that approach or, as of today, the (i) is fine? I still
don't get the full benefit of one or the other solution

Create the subkey

With the master key I can create subkeys. I should do it from the offline
pc in which I created the key, or import the master in a pc and then create
the subkeys (it doesn't sound so safe though). Now:

   -  should each subkey be for only one scope (A) (S) (E) or is it fine if
  one key does  two or three scopes (ASE) or (SE)?
  - once subkeys are creted I've to export them and also their revoke
  certifications (do they have one)? correct?
  - I've a smartcard, but I've also a pc, should I create 6 subkeys, 2
  for A, 2 for S and 2 for E and move the 3 A S E to the yubikey and the
  other 3 to the pc?.
  - moving the keys on the smartcard is done via "keytocard" but to
  move the keys on the pc I've to export subkeys, will this export also the
  keys on the smartcard and then I'll need the smartcard to access some of
  those? how can I decide what to import where?
  - Do I've to rexport my public key or anything else to let the world
  know my subkeys?
  - Do I've to export anything else to achieve my scenario's goal?

Am I missing anything? Or is there anything that can guide me to achieving
my goals?

PS: Sorry for the long questions, but I can't find online something that
explains my scenario. Solutions are for base cases or for smart-card only.
Well, probably there's a guide, but I can't find it out.

-- 
Stefano
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users