subject:"gpg troubles"

gpg troubles

2018-10-31 Thread Roland Siemons (P)

Thanks Friedhelm,

That is a lot to think about.
I'll study ..

Best regards,

Roland


On 31/10/2018 01:33, gnupg-users-requ...@gnupg.org wrote:
> Date: Mon, 29 Oct 2018 04:18:31 +0100
> From: Friedhelm Waitzmann 
> To: gnupg-users@gnupg.org
> Subject: Re: gpg troubles
> Message-ID: <20181029031830.ga24...@kugelfisch.zuhause.test>
>
> Roland Siemons (P) at Fri., 2018-10-12:
>
>> 3/ Assisted remotely by some of you, I was able to sort out a very
>> strange problem with decryption. The solution was found by manipulating
>> my key from inside the gpg shell using the command line. I am not very
>> experienced with the command line. A major difficulty for those for whom
>> this is not daily bread and butter is that mistakes are easily made.
>> Hence the great value of GUIs.
>> 4/ I observed some unclarities in the GnuPG manual
>> (www.gnupg.org/gph/en/manual.html), here below under A.
> This is the GnuPG privacy handbook rather than the GnuPG manual.
> I suggest that you read the GnuPG manual
> (<https://www.gnupg.org/documentation/manuals/gnupg/>) also, as
> it is the definitve instruction how to use GnuPG.
>
>> And perhaps also
>> some bugs in gpg, here below under B (please consider). Here is my
>> experience:
>> A/ I tried to revoke some subkeys, following the said manual (heading
>> "Revoking key components"). gpg pretended to do the job. Everything
>> looked fine. But it did'nt! After several hours of analysis (up to
>> checking if GnuPG was installed consistently on my system), I found the
>> issue: After the revkey procedure it is necessary to command "quit".
> A better way of committing the changes is typing in ?save?.
>
> Please see the GnuPG manual
> (<https://www.gnupg.org/documentation/manuals/gnupg/OpenPGP-Key-Management.html#OpenPGP-Key-Management>).
>
> For the ?--edit-key? main command (given at the command line) it
> lists the sub commands (to be typed into the edit key command
> shell):
>
> save
>
> Save all changes to the keyrings and quit.
>
> quit
>
> Quit the program without updating the keyrings. 
>
>> Instead of quitting, gpg then asks "do you want to save yr changes" (or
>> something like that).
> This is to remind you that you are about to discard your changes.
>
>> And only then the subkeys were revoked. The said
>> manual does mention the command "quit" only once, and not even in a
>> general place explaining the operations of gpg, and in fact without any
>> explanation as to the impact of that command.
> The GnuPG manual (not the privacy handbook) mentions both of
> ?save? and ?quit? and explains the difference.
>
>> Of course I am happy to
>> have found out, but let's hope that I remember when after perhaps 2
>> years time I have to use gpg shell again
> Just remember to read the GnuPG manual also.
>
>> B/ It is not at all clear to me how to start the gpg shell.
> This isn't a general (?the?) GnuPG shell for all GnuPG commands,
> it is a shell for the limited set of ?--edit-key? sub commands.
> That is, the ?--edit-key? specified at the GnuPG invocation
> command line lets GnuPG run an interactive interpreter for the
> ?--edit-key? subcommands that have to be typed in.
>
>> For example:
>> 1/ if (under the CMD terminal) I command "gpg -K", the lists of private
>> keys is returned,
> Generating this list doesn't need to ask the user to type any sub
> commands, so there is no ?--list-secret-keys? shell.
>
>> but I am also returned to CMD, that is, kicked out of
>> the gpg shell.
> If GnuPG has written this list into its standard output channel,
> the job is done, thus GnuPG terminates, nobody is ?kicked out?.
>
>> 2/ if (CMD) I command "gpg --edit-key X" (where X is key identifier), I
>> do indeed enter the gpg shell, the screen showing "gpg>".
> You enter the shell that recognizes the limited set of the
> ?--edit-key? sub commands.
>
>> That all may be allright, HOWEVER:
>> 3/ if (CMD) I command "gpg", the return is: "gpg: WARNING: no command
>> supplied.? Trying to guess what you mean ...  gpg: Go ahead and
>> type your message . 
> Please read the GnuPG manual
> (<https://www.gnupg.org/documentation/manuals/gnupg/GPG-Commands.html#GPG-Commands>):
>
>?gpg may be run with no commands. In this case it will perform
>a reasonable action depending on the type of file it is given
>as input (an encrypted message is decrypted, a signature is
>verified, a file containing keys is listed, etc.).?
>
> So GnuPG expects that you type in an encrypted me

Re: gpg troubles

2018-10-28 Thread Friedhelm Waitzmann

Roland Siemons (P) at Fri., 2018-10-12:

>3/ Assisted remotely by some of you, I was able to sort out a very
>strange problem with decryption. The solution was found by manipulating
>my key from inside the gpg shell using the command line. I am not very
>experienced with the command line. A major difficulty for those for whom
>this is not daily bread and butter is that mistakes are easily made.
>Hence the great value of GUIs.

>4/ I observed some unclarities in the GnuPG manual
>(www.gnupg.org/gph/en/manual.html), here below under A.

This is the GnuPG privacy handbook rather than the GnuPG manual.
I suggest that you read the GnuPG manual
() also, as
it is the definitve instruction how to use GnuPG.

>And perhaps also
>some bugs in gpg, here below under B (please consider). Here is my
>experience:

>A/ I tried to revoke some subkeys, following the said manual (heading
>"Revoking key components"). gpg pretended to do the job. Everything
>looked fine. But it did'nt! After several hours of analysis (up to
>checking if GnuPG was installed consistently on my system), I found the
>issue: After the revkey procedure it is necessary to command "quit".

A better way of committing the changes is typing in «save».

Please see the GnuPG manual
().

For the «--edit-key» main command (given at the command line) it
lists the sub commands (to be typed into the edit key command
shell):

save

Save all changes to the keyrings and quit.

quit

Quit the program without updating the keyrings. 

>Instead of quitting, gpg then asks "do you want to save yr changes" (or
>something like that).

This is to remind you that you are about to discard your changes.

>And only then the subkeys were revoked. The said
>manual does mention the command "quit" only once, and not even in a
>general place explaining the operations of gpg, and in fact without any
>explanation as to the impact of that command.

The GnuPG manual (not the privacy handbook) mentions both of
«save» and «quit» and explains the difference.

>Of course I am happy to
>have found out, but let's hope that I remember when after perhaps 2
>years time I have to use gpg shell again

Just remember to read the GnuPG manual also.

>B/ It is not at all clear to me how to start the gpg shell.

This isn't a general («the») GnuPG shell for all GnuPG commands,
it is a shell for the limited set of «--edit-key» sub commands.
That is, the «--edit-key» specified at the GnuPG invocation
command line lets GnuPG run an interactive interpreter for the
«--edit-key» subcommands that have to be typed in.

>For example:
>1/ if (under the CMD terminal) I command "gpg -K", the lists of private
>keys is returned,

Generating this list doesn't need to ask the user to type any sub
commands, so there is no «--list-secret-keys» shell.

>but I am also returned to CMD, that is, kicked out of
>the gpg shell.

If GnuPG has written this list into its standard output channel,
the job is done, thus GnuPG terminates, nobody is «kicked out».

>2/ if (CMD) I command "gpg --edit-key X" (where X is key identifier), I
>do indeed enter the gpg shell, the screen showing "gpg>".

You enter the shell that recognizes the limited set of the
«--edit-key» sub commands.

>That all may be allright, HOWEVER:

>3/ if (CMD) I command "gpg", the return is: "gpg: WARNING: no command
>supplied.  Trying to guess what you mean ...  gpg: Go ahead and
>type your message . 

Please read the GnuPG manual
():

   «gpg may be run with no commands. In this case it will perform
   a reasonable action depending on the type of file it is given
   as input (an encrypted message is decrypted, a signature is
   verified, a file containing keys is listed, etc.).»

So GnuPG expects that you type in an encrypted message, a
detached signature, a clear‐signed message, a public key block, etc.

>Then if I type a gpg command, everything stalls.

Here you cannot type a GnuPG command, because GnuPG wants input,
i.e. data.  As you haven't specified any input file on the
command line, GnuPG wants this data through its standard input
channel, that is, typed in from the keyboard.

>No results whatsoever.

Unless the end of data is signalled (by typing the end‐of‐file
character, with UNIX usually control d, with MS Windows perhaps
control z), GnuPG repeats reading input lines.

>Even the command "quit" gives no results.

This «quit» is counted an input line of data, too.

>So I force quit by Ctrl-C.
>So, in general, how to start the gpg shell?

You don't in general start the GnuPG shell.  You put a command on
the invocation command line.  This command may or may not be an
interactive command.

If it is (as with «--edit-key»), GnuPG starts a sub command shell
(as with «--edit-key») to read and execute further sub

gpg troubles

2018-10-12 Thread Roland Siemons (P)

Dear GnuPG experts,

1/ Thanks and compliments to those who make GnuPG possible!
2/ I am a very ordinary end-user who unfortunately cannot fall back to
computer experts easily in his vicinity. One of those for whom forum
assistance and manuals are very important.
3/ Assisted remotely by some of you, I was able to sort out a very
strange problem with decryption. The solution was found by manipulating
my key from inside the gpg shell using the command line. I am not very
experienced with the command line. A major difficulty for those for whom
this is not daily bread and butter is that mistakes are easily made.
Hence the great value of GUIs.
4/ I observed some unclarities in the GnuPG manual
(www.gnupg.org/gph/en/manual.html), here below under A. And perhaps also
some bugs in gpg, here below under B (please consider). Here is my
experience:

A/ I tried to revoke some subkeys, following the said manual (heading
"Revoking key components"). gpg pretended to do the job. Everything
looked fine. But it did'nt! After several hours of analysis (up to
checking if GnuPG was installed consistently on my system), I found the
issue: After the revkey procedure it is necessary to command "quit".
Instead of quitting, gpg then asks "do you want to save yr changes" (or
something like that). And only then the subkeys were revoked. The said
manual does mention the command "quit" only once, and not even in a
general place explaining the operations of gpg, and in fact without any
explanation as to the impact of that command. Of course I am happy to
have found out, but let's hope that I remember when after perhaps 2
years time I have to use gpg shell again

B/ It is not at all clear to me how to start the gpg shell. For example:
1/ if (under the CMD terminal) I command "gpg -K", the lists of private
keys is returned, but I am also returned to CMD, that is, kicked out of
the gpg shell.
2/ if (CMD) I command "gpg --edit-key X" (where X is key identifier), I
do indeed enter the gpg shell, the screen showing "gpg>".
That all may be allright, HOWEVER:
3/ if (CMD) I command "gpg", the return is: "gpg: WARNING: no command
supplied.  Trying to guess what you mean ...  gpg: Go ahead and
type your message . 
Then if I type a gpg command, everything stalls. No results whatsoever.
Even the command "quit" gives no results. So I force quit by Ctrl-C.
So, in general, how to start the gpg shell?
(FYI: the Windows Powershell ISE shows more weird behaviour than the CMD
terminal)

This is my system:
Win7
gpg --version
gpg (GnuPG) 2.2.10
libgcrypt 1.8.2

I hope that the above could be of some use to the developers.

Best regards
Roland



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpg troubles

Re: gpg troubles

gpg troubles

3 matches

Site Navigation

Mail list logo

Footer information