Re: How to NOT gnutar files during encryption?

[helices]

On Wed, Jul 19, 2017 at 9:49 AM, Peter Lebbing 
wrote:

> On 19/07/17 16:30, helices wrote:
> > Unchecking that box and encrypting, this file decrypted and unzipped
> > without incident: Archive.zip.gpg
>
> And if you keep the box checked, does it produce a file named
> Archive.zip.gpg or Archive.zip.tar.gpg?
>

Archive.zip.gpg - which is why it took me so long to identify why I could
not unzip it ;-)

Gr ... gmail makes it tedious to reply to list mail ...
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to NOT gnutar files during encryption?

[Peter Lebbing]

On 19/07/17 16:30, helices wrote:
> Unchecking that box and encrypting, this file decrypted and unzipped
> without incident: Archive.zip.gpg

And if you keep the box checked, does it produce a file named
Archive.zip.gpg or Archive.zip.tar.gpg? Because IMO, it should be the
latter. A good alternative would be: supposing the file is at
.../foldername/Archive.zip, call the tarred and encrypted file
foldername.tar.gpg. But naming it Archive.zip.gpg looks just confusing
and wrong to me. The chain of extensions is just incorrect; if we're
dropping "inner" extensions, it should be Archive.gpg, which just loses
all information.

If your client saw the filename "Archive.zip.tar.gpg" or
"foldername.tar.gpg", they might notice and think "Hey, where did this
come from?" instead of just sending it to you and leading to confusion
all round. Similarly, you might have noticed.

Cheers,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to NOT gnutar files during encryption?

[helices]

OK, for the record, I think that I've found the solution.

I looked in Kleopatra Settings and found nothing.

Then, I imported a proper key and began signing and encrypting a file:
Archive.zip

In Kleopatra's Sign/Encrypt Files dialog, there is a checkbox: Archive
files with: TAR (PGP-compatible), which is checked by default.

Unchecking that box and encrypting, this file decrypted and unzipped
without incident: Archive.zip.gpg

I'm waiting for our client to upload a file encrypted this way.


HOWEVER, they right click the ZIP file and select "sign and encrypt" to
process files. Will the UNchecked checkbox for "Archive files with: TAR
(PGP-compatible)" be default now?

~ Mike


On Wed, Jul 19, 2017 at 8:17 AM, helices <g...@mdsresource.net> wrote:

> How to NOT gnutar files during encryption?
>
>
> Thank you for your responses; but, you are all missing my point - and not
> answering my question.
>
> First, before encryption by Kleopatra, the file IS one (1) real ZIP file
> (e.g., filename.zip)
>
> After encryption and upload to us, the file is now an encrypted TAR file,
> with the ZIP file inside (e.g., filename.zip.gpg)
>
> Notice that there is NO indication of TAR anywhere in the filename.
>
> Yes, I can rewrite our production processes to look for files of type TAR,
> and automate that. We receive ~1000 encrypted files per day, and we have
> never needed this before.
>
> However, if they can turn OFF that TAR subprocess - which you state ought
> only to happen when requested to encrypt multiple files - then, this
> client's files will automatically process just like the thousands of other
> clients' files we process without incident every single day.
>
> So, to repeat myself:
>
> How to NOT gnutar files during encryption?
>
> Please, advise. Thank you.
>
> ~ Mike
>
>
> On Wed, Jul 19, 2017 at 5:43 AM, Werner Koch <w...@gnupg.org> wrote:
>
>> On Tue, 18 Jul 2017 23:30, g...@mdsresource.net said:
>>
>> > Further investigation reveals that Kleopatra is gnuTARring the ZIP file
>> > prior to encryption.
>>
>> That should only happen when you select multipe files or a directory.
>> This invokes the pgp-zip method of encrypting multiple files.  Despite
>> the name it is not ZIP but USTAR format (which any tar implementation
>> can handle).
>>
>>
>> Shalom-Salam,
>>
>>Werner
>>
>> --
>> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>>
>
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to NOT gnutar files during encryption?

[helices]

How to NOT gnutar files during encryption?


Thank you for your responses; but, you are all missing my point - and not
answering my question.

First, before encryption by Kleopatra, the file IS one (1) real ZIP file
(e.g., filename.zip)

After encryption and upload to us, the file is now an encrypted TAR file,
with the ZIP file inside (e.g., filename.zip.gpg)

Notice that there is NO indication of TAR anywhere in the filename.

Yes, I can rewrite our production processes to look for files of type TAR,
and automate that. We receive ~1000 encrypted files per day, and we have
never needed this before.

However, if they can turn OFF that TAR subprocess - which you state ought
only to happen when requested to encrypt multiple files - then, this
client's files will automatically process just like the thousands of other
clients' files we process without incident every single day.

So, to repeat myself:

How to NOT gnutar files during encryption?

Please, advise. Thank you.

~ Mike


On Wed, Jul 19, 2017 at 5:43 AM, Werner Koch <w...@gnupg.org> wrote:

> On Tue, 18 Jul 2017 23:30, g...@mdsresource.net said:
>
> > Further investigation reveals that Kleopatra is gnuTARring the ZIP file
> > prior to encryption.
>
> That should only happen when you select multipe files or a directory.
> This invokes the pgp-zip method of encrypting multiple files.  Despite
> the name it is not ZIP but USTAR format (which any tar implementation
> can handle).
>
>
> Shalom-Salam,
>
>Werner
>
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to NOT gnutar files during encryption?

[Andre Heinecke]

Hi,

On Tuesday, July 18, 2017 4:30:13 PM CEST helices wrote:
> How can this new client NOT gnutar files, and still properly encrypt the
> ZIP file?

The client could create a ZIP Archive with the files and then encrypt that as a 
single file. Kleopatra has no built in support for ZIP + Encrypt.

FWIW Kleopatra would have automatically chosen a filename like archive.tar.gpg 
so your client must have manually changed that to have some kind of zip 
extension.

On the other hand you could extend your process to also accept tarballs ;-)

Regards,
Andre


-- 
Andre Heinecke |  ++49-541-335083-262  | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to NOT gnutar files during encryption?

[Werner Koch]

On Tue, 18 Jul 2017 23:30, g...@mdsresource.net said:

> Further investigation reveals that Kleopatra is gnuTARring the ZIP file
> prior to encryption.

That should only happen when you select multipe files or a directory.
This invokes the pgp-zip method of encrypting multiple files.  Despite
the name it is not ZIP but USTAR format (which any tar implementation
can handle).


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpqx0kFTQi6T.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to NOT gnutar files during encryption?

[Einar Ryeng]

Hi,

On Tue, Jul 18, 2017 at 04:30:13PM -0500, helices wrote:
> 
> After many hours troubleshooting, I discovered that the decrypted "zip"
> file is actually inside a TAR file!
> 
> Further investigation reveals that Kleopatra is gnuTARring the ZIP file
> prior to encryption.
> 
> How can this new client NOT gnutar files, and still properly encrypt the
> ZIP file?
> 
> What are we missing?

Sounds like either a bug or a somewhat stupid default setting in Kleopatra
(which I have never used). A workaround on the receiving end could be to detect
that the file is a tar file and unpack it before further processing.

Something like this:

#!/bin/bash
FILENAME=$1
FILE_MIMETYPE=$(file -iN $FILENAME)

if [[ "$FILE_MIMETYPE" =~ "$FILENAME: application/x-tar; charset=binary" ]]
then
tar xvf $FILENAME
fi

As usual, du NOT run code from random people on the Internet.

-- 
Einar Ryeng


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

How to NOT gnutar files during encryption?

[helices]

We have a simple process that has worked for thousands of files over the
years:
1) Client ZIPs up a bunch of files
2) Client GPG/PGP encrypts that ZIP file
3) Client uploads that encrypted file to us
4) Our production server automatically decrypts the file
5) Our production server automatically unzips that file
6) Our production server automatically distributes those files

Today, we have a new wrinkle.  A new client is using Kleopatra to encrypt
the zip file.

Once we decrypt the file via GPG on Linux, we cannot unzip the file.

After many hours troubleshooting, I discovered that the decrypted "zip"
file is actually inside a TAR file!

Further investigation reveals that Kleopatra is gnuTARring the ZIP file
prior to encryption.

We must have many clients using GPG4WIN, and we have never had this problem
before.

How can this new client NOT gnutar files, and still properly encrypt the
ZIP file?

What are we missing?

~ Mike
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users