Re: How know who is a file encrypted for ?
Am 28 Feb 2008 um 10:04 hat Wilhelm Müller geschrieben: > > On Wed, 27 Feb 2008 13:23:34 -0500, David Shaw > <[EMAIL PROTECTED]> said: > > David> Why? > > David> I'm serious - what is the use case here? How often do > David> people need to list all recipients of a file? > > I agree with David, David didn't say he doesn't want this new command, but asked seriously for some use cases. > especially since the desired feature is already present, though > somewhat hidden: > > gpg --list-only --verbose encrypted_file.gpg It kind of partially works. With --verbose it at least mentions your own subkeys, but still doesn't print the uids or the primary keyid. No nice consistent output and a 'somewhat hidden' command. If you prefer not changing anything then Davids tip is much better. Dirk ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How know who is a file encrypted for ?
> On Wed, 27 Feb 2008 13:23:34 -0500, David Shaw <[EMAIL PROTECTED]> said: David> On Wed, Feb 27, 2008 at 06:55:28PM +0100, Dirk Traulsen wrote: [...] >> > >C:\>gpg --recipient-keys ENCRYPTED_FILE.gpg [...] >> So at least three people think it would be a good addition. David> Why? David> I'm serious - what is the use case here? How often do people need to David> list all recipients of a file? I agree with David, especially since the desired feature is already present, though somewhat hidden: gpg --list-only --verbose encrypted_file.gpg (Btw: It's in the manual...) Wilhelm -- There are 10 types of people in the world: Those who understand binary, and those who don't. -- fixed pitch fonts! ** Wilhelm Müller [EMAIL PROTECTED] (o_ (o_ (o_ //\ 1024D/2048g 5E6E CF83 B15E C7ED 1A31 (/)_ (/)_ V_/_ F9435BF6E9F3 F509 FD7B F943 5BF6 © N.Smith ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How know who is a file encrypted for ?
Am 27 Feb 2008 um 13:23 hat David Shaw geschrieben: > On Wed, Feb 27, 2008 at 06:55:28PM +0100, Dirk Traulsen wrote: > > > >What I meant, was something like this mockup: > > > == > > > >C:\>gpg --recipient-keys ENCRYPTED_FILE.gpg > > > >gpg: file ENCRYPTED_FILE.gpg was encrypted to the following keys: > > > > > > > > > i agree, and would welcome this as well, > > > > Thanks. > > So at least three people think it would be a good addition. > > Why? > > I'm serious - what is the use case here? How often do people need to > list all recipients of a file? I want to list just some use cases, where you only need the recipients and not the encrypted file content. I'm sure there are many more. 1. control Your coworker encrypted an important file and you want to control whether it has the correct set of recipient keys before sending or archiving it. 2. curiosity You want to know who else is getting the information in the file because he is also able to decrypt the file (I know about hidden- recipient.) 3. finding You don't remember the exact name of the file. But you know it was encrypted to XYZ also. 4. sorting You want to sort the encrypted files in an archive depending on the recipients. > By the way: > gpg --no-default-keyring --secret-keyring /dev/null the-file.gpg Cool. This is an interesting possibility to nearly get what I asked for, but not very user friendly. I now have this excellent tip from you, but I think it would be nice to have a clearly named command which people can find in the manual. --list-recipients would be an excellent name, I think. Ideally additionally in a --with-colons format for easier scripting. Dirk ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How know who is a file encrypted for ?
On Wed, 27 Feb 2008 16:17:01 -0500 John Clizbe <[EMAIL PROTECTED]> wrote: >>>By the way: >>> gpg --no-default-keyring --secret-keyring /dev/null the- >file.gpg >> >> what is the correct command on Windows ? > >gpg --no-default-keyring --secret-keyring nul the-file.gpg i can't get it to work :-(( i get the same gpg output as when trying to decrypt any file gpg lists whatever public keys are not in my keyring, and then asks me for a passphrase for the first key in my secret ring, and then, if that one is wrong, goes onto the next one, and only, if the passphrases are wrong for all the keys, then gpg lists all the keys the message was encrypted to vedaal any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link -- Compete with the big boys. Click here to find products to benefit your business. http://tagline.hushmail.com/fc/Ioyw6h4eDJdZDQq9RXV2uE440Pzoe8316d8SBZLT9HkGZ3OLjFffVl/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How know who is a file encrypted for ?
[EMAIL PROTECTED] wrote: > David Shaw dshaw at jabberwocky.com > wrote on Wed Feb 27 19:23:34 CET 2008 : > >>By the way: >> gpg --no-default-keyring --secret-keyring /dev/null the-file.gpg > > what is the correct command on Windows ? gpg --no-default-keyring --secret-keyring nul the-file.gpg or if you prefer NUL: (case is insignificant) -- John P. Clizbe Inet: JPClizbe (a) tx DAWT rr DAHT con Ginger Bear Networks hkp://keyserver.gingerbear.net "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go" signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How know who is a file encrypted for ?
David Shaw dshaw at jabberwocky.com wrote on Wed Feb 27 19:23:34 CET 2008 : >By the way: > gpg --no-default-keyring --secret-keyring /dev/null the-file.gpg ..... what is the correct command on 'windows' ? TIA, vedaal any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link -- Save big on a huge selection of discount auto parts. Click now! http://tagline.hushmail.com/fc/Ioyw6h4eju29Wdh6ZQ7gb864RUMIeiLzQ3G92VUIgkleWNXUrxkIyj/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How know who is a file encrypted for ?
On Wed, Feb 27, 2008 at 06:55:28PM +0100, Dirk Traulsen wrote: > > >What I meant, was something like this mockup: > > == > > >C:\>gpg --recipient-keys ENCRYPTED_FILE.gpg > > >gpg: file ENCRYPTED_FILE.gpg was encrypted to the following keys: > > > > > > i agree, and would welcome this as well, > > Thanks. > So at least three people think it would be a good addition. Why? I'm serious - what is the use case here? How often do people need to list all recipients of a file? By the way: gpg --no-default-keyring --secret-keyring /dev/null the-file.gpg David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How know who is a file encrypted for ?
Am 27 Feb 2008 um 9:51 hat [EMAIL PROTECTED] geschrieben: > Dirk Traulsen dirk.traulsen at lypso.de > wrote on Wed Feb 27 10:00:25 CET 2008 > > >You don't believe me to enter 9 times a complete passphrase, do > you? > > i agree with you completely that it would be a major annoyance to > have to enter a complete passphrase, even 3 times, > and certainly would be very annoying to enter it 9 times, > > my point was that you don't need to enter the *complete* passphrase > at all, or even 'any' part of it, > > all you have to do is press the 'enter' key without typing > *anything* Oh God! You REALLY thought I am so stupid that I type in complete passphrases 9 times. I cannot believe it. I first thought you made fun on me. Do I really sound like a complete moron here? 1. I thought, it was self-evident that one just hits to go through the questions, so I didn't mention it. 2. And to repeat myself: The examples I described for wish number one, where not MY scenarios I LIKE to have at home! There I'm in control of the computer and I can setup everything logical and secure. But when you are NOT in control of the computer you are supposed to work with and you experience a scenario like I described, then you just have to live with it. (Which might be a bit more comfortable, that's all.) On to the obviously more realistic wish number 2: --recipient-keys > >What I meant, was something like this mockup: > == > >C:\>gpg --recipient-keys ENCRYPTED_FILE.gpg > >gpg: file ENCRYPTED_FILE.gpg was encrypted to the following keys: > > > i agree, and would welcome this as well, Thanks. So at least three people think it would be a good addition. Dirk ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
re: How know who is a file encrypted for ?
vedaal at hush.com vedaal at hush.com wrote o Wed Feb 27 15:51:05 CET 2008 >What I meant, was something like this mockup: == >C:\>gpg --recipient-keys ENCRYPTED_FILE.gpg >gpg: file ENCRYPTED_FILE.gpg was encrypted to the following keys: actually, gnupg already does this when decrypting, but only after the passphrases are entered incorrectly for each key in the example i posted, here is the gnupg output after intentionally giving the wrong passphrases for each of the keys: gpg: Invalid passphrase; please try again ... You need a passphrase to unlock the secret key for user: "1 <[EMAIL PROTECTED]>" 2048-bit RSA key, ID 756C91DE, created 2005-12-01 :encrypted data packet: length: 90 mdc_method: 2 gpg: encrypted with 2048-bit RSA key, ID 756C91DE, created 2005-12- 01 "1 <[EMAIL PROTECTED]>" gpg: public key decryption failed: bad passphrase gpg: encrypted with 1024-bit ELG-E key, ID F0E74948, created 2002- 01-15 "boo <[EMAIL PROTECTED]>" gpg: public key decryption failed: bad passphrase gpg: encrypted with 2048-bit RSA key, ID 495CA15B, created 2005-12- 01 "1 <[EMAIL PROTECTED]>" gpg: public key decryption failed: bad passphrase gpg: encrypted with 2048-bit RSA key, ID F9015496, created 2005-12- 01 "1 <[EMAIL PROTECTED]>" gpg: public key decryption failed: bad passphrase gpg: decryption failed: secret key not available c:\gnupg> so, a simple workaround to see which keys a message is encrypted to, is to just type: gpg filename and press the 'enter' key quickly and repeatedly until gnupg gives the 'failed decryption' message, and lists all the keys (also not too hard to live with ... ;-) ) vedaal any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link -- Need cash? Click to get a cash advance. http://tagline.hushmail.com/fc/Ioyw6h4dP5JPpivsACr8uRGuNoIGIPHVi2hu11IoWuXXcqfw85CjFt/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
re : How know who is a file encrypted for ?
Dirk Traulsen dirk.traulsen at lypso.de wrote on Wed Feb 27 10:00:25 CET 2008 >You don't believe me to enter 9 times a complete passphrase, do you? i agree with you completely that it would be a major annoyance to have to enter a complete passphrase, even 3 times, and certainly would be very annoying to enter it 9 times, my point was that you don't need to enter the *complete* passphrase at all, or even 'any' part of it, all you have to do is press the 'enter' key without typing *anything* pressing the 'enter' key 9 times quickly, is something i can live with without bothering the developers (they were nice enough to include the option of being able to see the passphrase as it is typed in, after i requested it), [belated THANKS !!! ;-) ] >What I meant, was something like this mockup: == >C:\>gpg --recipient-keys ENCRYPTED_FILE.gpg >gpg: file ENCRYPTED_FILE.gpg was encrypted to the following keys: i agree, and would welcome this as well, also agree that the pgpdump provides extra distracting information, when all one is interested in, is finding out who the encrypted recipients are only brought up pgpdump as a useful solution until this could be done, (it lets you see how many times you need to press 'enter' to get to your key) and also, that since it is open source, it might be easier for the developers look at it and add a modified patch to have gnupg do the 'gpg --recipient-keys' option as you suggested (btw, i made a mistake in my example, it was encrypted to 4 keys instead of 5, i forgot i turned of my 'encrypt to default key' option ;-( ) vedaal any ads or links below this message are added by hushmail without -- Click to get a free auto insurance quotes from top companies. http://tagline.hushmail.com/fc/Ioyw6h4d8EHyLkuT6PZ33RrS131T3H2ZH6Fus2c3hJ5Yj08REzU9VV/ my endorsement or awareness of the nature of the link ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How know who is a file encrypted for ?
On Wed, 2008-02-27 at 10:00 +0100, Dirk Traulsen wrote: > You don't believe me to enter 9 times a complete passphrase, do you? > You are right, that it is possible to live with it, but why not > implement something more comfortable if it doesn't lower the security > level? > > > While pgpdump gives an really interesting output, it does not deliver > what I asked for: > A nicely formated list of the recipients of an encrypted file. > I agree, normal users may want user friendly output and developers want full debugging output. There is two need and now only full (heavy) output is available. Obviously users can make it with sed and awk but if there do so they are developers and like verbose output ;) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How know who is a file encrypted for ?
Am 26 Feb 2008 um 9:55 hat [EMAIL PROTECTED] geschrieben: > > Am 26 Feb 2008 um 8:48 hat [EMAIL PROTECTED] geschrieben: > > > >1. If there are several recipients, test the given passphrase > >automatically for all secret keys in your keyring, so that you don't > >have to give for example 9 times a wrong one if you are recipient > >number four, which you even don't know beforehand. > > it isn't necessary to enter the passphrase at all just press > repeatedly until you reach the recipient you want (you'll still need 9 > 'enter's for your example ;-) but hardly such a tedious task) You don't believe me to enter 9 times a complete passphrase, do you? You are right, that it is possible to live with it, but why not implement something more comfortable if it doesn't lower the security level? > >2. A command which lists the recipients of an encrypted file. > > or maybe an upgrade of gpg list packets, to include the recipient > listing the way pgpdump does > > pgpdump immediately lists all the keyid's a message is encrypted to, > and does so in the same order of recipients, as gnupg uses to ask > for the passphrase What I meant, was something like this mockup: == C:\>gpg --recipient-keys ENCRYPTED_FILE.gpg gpg: file ENCRYPTED_FILE.gpg was encrypted to the following keys: gpg: encrypted with 2048-bit ELG-E key, ID 1643B926, created 2002-01-28 "David M. Shaw <[EMAIL PROTECTED]>" gpg: encrypted with 4096-bit ELG-E key, ID E192093D, created 2005-10-21 "Dirk Traulsen (dtl-2) <[EMAIL PROTECTED]>" gpg: secret key with ID E192093D in keyring gpg: encrypted with 2048-bit RSA key, ID 85306D25, created 2000-09-05 "vedaal nistar <[EMAIL PROTECTED]>" gpg: encrypted with RSA key, ID 710ACD97 gpg: encrypted with RSA key, ID 01B0C12D C:\> == As you can easily see, there are 5 recipients: 3 in public keyring with 1 secret key in secret keyring, 2 not in keyring This is the result, I get from your example: PGPdump Results Old: Public-Key Encrypted Session Key Packet(tag 1)(268 bytes) New version(3) Key ID - 0x7DC4274AF9015496 Pub alg - RSA Encrypt or Sign(pub 1) RSA m^e mod n(2047 bits) - ... -> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02 Old: Public-Key Encrypted Session Key Packet(tag 1)(268 bytes) New version(3) Key ID - 0xA306C37B495CA15B Pub alg - RSA Encrypt or Sign(pub 1) RSA m^e mod n(2045 bits) - ... -> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02 (...) == While pgpdump gives an really interesting output, it does not deliver what I asked for: A nicely formated list of the recipients of an encrypted file. Dirk ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How know who is a file encrypted for ?
>Date: Tue, 26 Feb 2008 08:48:57 +0100 >From: "Dirk Traulsen" <[EMAIL PROTECTED]> >Subject: Re: How know who is a file encrypted for ? >1. If there are several recipients, test the given passphrase >automatically for all secret keys in your keyring, so that you >don't >have to give for example 9 times a wrong one if you are recipient >number four, which you even don't know beforehand. it isn't necessary to enter the passphrase at all just press repeatedly until you reach the recipient you want (you'll still need 9 'enter's for your example ;-) but hardly such a tedious task) >2. A command which lists the recipients of an encrypted file. or maybe an upgrade of gpg list packets, to include the recipient listing the way pgpdump does pgpdump immediately lists all the keyid's a message is encrypted to, and does so in the same order of recipients, as gnupg uses to ask for the passphrase here is a sample message encrypted to multiple keys: -BEGIN PGP MESSAGE- Version: GnuPG v1.4.5 (MingW32) Comment: encrypted to 5 recipients hQEMA33EJ0r5AVSWAQf/VLQ6Olu6blS14quefUC14MFPkNhBrtrb9BjZZhlf7UPQ n4KAbfCOMjyKsmQMidraUGbLVfvzOh74blBOvy56MmqI9nAwc6abA+pHx6NUPxL+ HCu4s8NAxkebJkdNDwKLUG3NEUFLkh1Z31ItzpePQl8rpE7/BTkffr2HwRid5AZg r5OPcbky5r6WFdlcg/wzR8v593TaEkR5XcCMUuR3wBbXVeTuMVhJkxOF46G4aJ7+ Jcf9PUWMD2rGuUPrThpa608ueje0wsq4LLDeFPLS1905vq2IuTvY7djaANLHay8T fUUENU+Dr75P/SlaKJ26bX2hhD/GnojdKIVY80A564UBDAOjBsN7SVyhWwEH/RNu QBpgqjIToFJPTRB8ZWo+V5KKQUrR9sNK0gR16TRnAhovpUVmlPPfW/VsSO86Crz4 RQ9elc330hwdW6sgcyAoVxFO57rcvnr7gyXIki/20r2cZHKEytA0j4NlIS1iERpo vPoPQmuWuKujmM975goLKXp0/4FuqnD9W3WzjHxRtMq/+/MkEUIW1q8WWzlPoFIq nuuDS/b1MsdsrTDiQLGqzJoDijtAZ2OCot5LB5jYlhiAAG12InCD2y7s56huj95c +4HRpB7xwA7QIiA0LtIgMTaGO7C8B6joZWe8rt0HlqQVjdXic9zcUhAFNXDrqShz nqwSFcVrbht/kUIcATCFAQ4D2RmnrvDnSUgQA/0a7o1am71UgJu22opIrz1x9Iag 94hBct+j8iR7H8EuMctwdfFxVVH+Dn3cOvYDkbjOLIY8zU1wyjdW6AqvVoRQ4aws NPdAqp811stDM41PNa4Uo5hCX/Pf3426eepjYTWLqOMQBSQAU9S1KtIAdKq8TfFg ABvSTPINkTDcR7Q83AQA6MYMmlK5JvbspAkRQnpygIe43d2Wxx9E7zejVkYRNvai iIDO4g4YG48x+AS2JHsuwm+XOY28SCqpJihHlnsZCP1F9+eFH1KGfMsGPZKZijpf yOIUCliXVWsoi2eKQAhRUp76LR94pN2pGF+K2WrOM7hbSTBr+zVhdjagYRhu4MGF AQwDndLzwHVskd4BB/4qMQ7ClUo6YS6J7aiC50VK9HR5voik4PznLYhrrHpaow0R 85/Gprwr1RS0muk9upFZFX6SDZw/PB72rjgQV2Lb7AV0htuuivmn3Q6vnxWNMd1e jhk/bMfxtRIR+AVezMbGzLbslBOyW9lmT9z6n7JcIP47ZYLiZ3/jdm/4/DbUhSIj N3D/E9EHpkHo/OnCHE+HpPqbC8jWQGNmN2aUURlPpfVgpChDB1XUeOu8t0UkNOxK 6M3auZM6GA7a5lDiGxMVxtYmvCrAwyj98zknhRB6lGigl+jmHBi67CJei+85v2Ee SpQxdsFLgTyiz7RWC8HIKp/MFbPQOCVLFtQRKvAi0loB/GI8tmITfTYRHyZEp0vZ IKnWsKyerAefPBwqZcmDHOUOboayfxbnc0TYElxyzWbL8tsVfJPT5utQG+15W+CF aJoLiVGt3JnWgch44ePEkqo+y1n9f4CKNzs= =Md62 -END PGP MESSAGE- here is the pgpdump web interface: http://www.pgpdump.net/ and here is the pgpdump home site and links for sourcecode: http://www.mew.org/~kazu/proj/pgpdump/ vedaal any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link -- Save hundreds on getting a Web Design Degree. Click here. http://tagline.hushmail.com/fc/Ioyw6h4fMueeWAGklrZP73ctJCCuFleiu0xJwUnBcDXi24RgBh6I4f/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How know who is a file encrypted for ?
Am 26 Feb 2008 um 9:40 hat Sven Radde geschrieben: > Hi! > > Dirk Traulsen schrieb: > > b. some keys do not belong to me in a common keyring. > > I am really not sure whether that is a good idea at all. Granting other > people (write!) access to my secret keyring would be a troubling > thought, even though I am not currently aware of any practical > exploits. > > I do not know your threat model but I cannot imagine many benefits for > such a setup. You are completely right that this is nothing for a maximum security usage, not the scenario one would like to have and not what I have at home. But think of one computer which is used together by several people in a working group or a shared flat. As the computer itself is physically reachable to several people you have no other chance as to trust these people not to mess with the computer. In these cases where there is no high security possible, you don't really get more security by using different keyrings. Dirk ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How know who is a file encrypted for ?
Hi! Dirk Traulsen schrieb: b. some keys do not belong to me in a common keyring. I am really not sure whether that is a good idea at all. Granting other people (write!) access to my secret keyring would be a troubling thought, even though I am not currently aware of any practical exploits. I do not know your threat model but I cannot imagine many benefits for such a setup. cu, Sven ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How know who is a file encrypted for ?
The two wishes I listed for gpg were: 1. If there are several recipients, test the given passphrase automatically for all secret keys in your keyring, so that you don't have to give for example 9 times a wrong one if you are recipient number four, which you even don't know beforehand. 2. A command which lists the recipients of an encrypted file. The first proposal is much more interesting as it would remedy a nuisance if you regularly work with files with several recipients. I really don't see a possible security problem here. Passphrases are to decrypt symmetrically the secret keys, nothing else. So we are only talking about secret keys in the keyring where a. all keys belong to me or b. some keys do not belong to me in a common keyring. In case a. there is no problem, I just give the first asked passphrase. But in case b, where it is the nuisance I described, you could only be unsure whether someone could guess your password. This is a completely different problem but has nothing to do with my proposal as now gpg also asks you three times to give a passphrase for these keys. You see, nothing changes securitywise. What I would like: gpg encrypted_file.gpg -> output nice list of the recipients with UIDs (ideally with indication, which one is in the secret keyring) -> ask for passphrase if at least one is in the secret keyring, otherwise tell that you can't decrypt the file -> test each secret key in the secret keyring with the passphrase -> if there was a hit, tell so and decrypt -> if not, give two more chances For the second wish Tracy D. Bossong mentioned > gpg --list-packets --list-only as a solution, which goes at least a bit in the right direction as it lists all the keyids. Interestingly it lists nicely the keys for which there is no secret key in our keyring, like David Shaws in this example. C:\>gpg --list-packets --list-only file.gpg :pubkey enc packet: version 3, algo 16, keyid 79F51929AC2E2384 data: [4096 bits] data: [4096 bits] :pubkey enc packet: version 3, algo 16, keyid E3B52841743DD3E2 data: [4096 bits] data: [4093 bits] :pubkey enc packet: version 3, algo 16, keyid AE2827D11643B926 data: [2047 bits] data: [2046 bits] :pubkey enc packet: version 3, algo 16, keyid 9166EB1E0B9DCED2 data: [4095 bits] data: [4096 bits] :encrypted data packet: length: 81 mdc_method: 2 gpg: verschlüsselt mit 2048-Bit ELG-E Schlüssel, ID 1643B926, erzeugt 2002-01-28 "David M. Shaw <[EMAIL PROTECTED]>" C:\> What I proposed with --recipient-keys is an output of a nice list of all the recipient keys like the last one here. And why not by the way even highlight for which one you have the secret key in the keyring? Dirk PS: Tracy, you seem to have a serious problem with your citing of other mails. You are citing them one word per line. To be sure that it is no artefact on my side, I checked the archives. See http://marc.info/?l=gnupg-users&m=120397363028142 and compare to below. There is definitely something wrong on your side. > - Original Message > From: Dirk Traulsen <[EMAIL PROTECTED]> > To: > Cc: GnuPG mailing list > Sent: Monday, February 25, 2008 12:27:56 PM > Subject: Re: How know who is a file encrypted for ? > > > Am > 25 > Feb > 2008 > um > 8:01 > hat > Tracy > D. > Bossong > geschrieben: > > > > gpg > --list-packets > should > give > you > a > clue > > No, > it > does > not! > --list-packets > file.gpg> > does > the > same > as > file.gpg>. > The > only > difference > is > that > gpg > gives > additional > packet > information > before > asking > the > passphrases > three > times > for > each > recipient. (...) I stop copying here. This should be enough to show the problem. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How know who is a file encrypted for ?
gpg --list-packets --list-only but clearly you identified yourself as a recipient because you were prompted for a passphrase. - Original Message From: Dirk Traulsen <[EMAIL PROTECTED]> To: Cc: GnuPG mailing list Sent: Monday, February 25, 2008 12:27:56 PM Subject: Re: How know who is a file encrypted for ? Am 25 Feb 2008 um 8:01 hat Tracy D. Bossong geschrieben: > gpg --list-packets should give you a clue No, it does not! does the same as . The only difference is that gpg gives additional packet information before asking the passphrases three times for each recipient. So the described problem for an encrypted file with several recipients stays the same. = C:\>gpg --list-packets file.gpg :pubkey enc packet: version 3, algo 16, keyid F2A47460E192093D data: [4095 bits] data: [4095 bits] You need a passphrase to unlock the secret key for user: "Dirk Traulsen (dtl-2) <[EMAIL PROTECTED]>" 4096-bit ELG-E key, ID E192093D, created 2005-10-21 (main key ID CDDB9911) Please enter the passphrase: = Dirk Traulsen ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How know who is a file encrypted for ?
Am 25 Feb 2008 um 8:01 hat Tracy D. Bossong geschrieben: > gpg --list-packets should give you a clue No, it does not! does the same as . The only difference is that gpg gives additional packet information before asking the passphrases three times for each recipient. So the described problem for an encrypted file with several recipients stays the same. = C:\>gpg --list-packets file.gpg :pubkey enc packet: version 3, algo 16, keyid F2A47460E192093D data: [4095 bits] data: [4095 bits] You need a passphrase to unlock the secret key for user: "Dirk Traulsen (dtl-2) <[EMAIL PROTECTED]>" 4096-bit ELG-E key, ID E192093D, created 2005-10-21 (main key ID CDDB9911) Please enter the passphrase: = Dirk Traulsen ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How know who is a file encrypted for ?
On Mon, 2008-02-25 at 08:01 -0800, Tracy D. Bossong wrote: > gpg --list-packets should give you a clue > Yes true! I'm not use using it cos it's only mentioned in man page and not in help (and I don't rtfm enough ;) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How know who is a file encrypted for ?
gpg --list-packets should give you a clue - Original Message From: Sebastien Chassot <[EMAIL PROTECTED]> To: Dirk Traulsen <[EMAIL PROTECTED]> Cc: GnuPG mailing list Sent: Monday, February 25, 2008 7:29:43 AM Subject: Re: How know who is a file encrypted for ? On Mon, 2008-02-25 at 09:59 +0100, Dirk Traulsen wrote: > If you are the third recipient, you have to give 6 times a wrong > password until you can finally input the correct one. This gets real > fun when there are ten recipients... > > It would be nice, if > 1. gpg would take the password and test it automatically with all > recipients keys. > 1a. If there would be a hit, fine. > 1b. If there was no hit, print a list of all recipient keys and give > two more chances for a correct password. > 2. there would be a command --recipient-keys which would just list all > recipient keys of an encrypted file, so I could see in advance whether > my key is one of them. > I thought it wasn't any command for security reason, but I agree it seems a basic functionality is missing. Maybe a command giving complete information on a file would be useful too. I mean a signed file and an encrypted file have both .gpg extension and are hard to distinguish, aren't they ? Or the --verify command could be more verbose and list recipient's keys ? $ gpg --verify encrypted_file.gpg gpg: verify signatures failed: unexpected data $ gpg --verify signed_file.gpg gpg: Signature made ... gpg: Good signature from ... ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How know who is a file encrypted for ?
On Mon, 2008-02-25 at 09:59 +0100, Dirk Traulsen wrote: > If you are the third recipient, you have to give 6 times a wrong > password until you can finally input the correct one. This gets real > fun when there are ten recipients... > > It would be nice, if > 1. gpg would take the password and test it automatically with all > recipients keys. > 1a. If there would be a hit, fine. > 1b. If there was no hit, print a list of all recipient keys and give >two more chances for a correct password. > 2. there would be a command --recipient-keys which would just list all > recipient keys of an encrypted file, so I could see in advance whether > my key is one of them. > I thought it wasn't any command for security reason, but I agree it seems a basic functionality is missing. Maybe a command giving complete information on a file would be useful too. I mean a signed file and an encrypted file have both .gpg extension and are hard to distinguish, aren't they ? Or the --verify command could be more verbose and list recipient's keys ? $ gpg --verify encrypted_file.gpg gpg: verify signatures failed: unexpected data $ gpg --verify signed_file.gpg gpg: Signature made ... gpg: Good signature from ... ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How know who is a file encrypted for ?
Am 8 Feb 2008 um 15:23 hat David Shaw geschrieben: > On Fri, Feb 08, 2008 at 09:07:21PM +0100, Sebastien Chassot wrote: > > Hi, > > > > I can't find how list who's a file encrypted for ? I've encrypt several > > files with different recipients, but I don't remember which. > > Just run 'gpg' on the file, and don't give a passphrase. It prints > all the possible recipients. No, not really. gpg asks three times for the password for each recipient one after the other. If you are the third recipient, you have to give 6 times a wrong password until you can finally input the correct one. This gets real fun when there are ten recipients... It would be nice, if 1. gpg would take the password and test it automatically with all recipients keys. 1a. If there would be a hit, fine. 1b. If there was no hit, print a list of all recipient keys and give two more chances for a correct password. 2. there would be a command --recipient-keys which would just list all recipient keys of an encrypted file, so I could see in advance whether my key is one of them. Dirk ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How know who is a file encrypted for ?
On Fri, Feb 08, 2008 at 09:07:21PM +0100, Sebastien Chassot wrote: > Hi, > > I can't find how list who's a file encrypted for ? I've encrypt several > files with different recipients, but I don't remember which. > > In general how can I make difference between file encrypted for one > user, several user ? symmetric encrypted, asymmetric ? Just run 'gpg' on the file, and don't give a passphrase. It prints all the possible recipients. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users