EzDevInfo.com

How can I send gpg encrypted mail automatically from the linux command line?

How can I send gpg encrypted mail automatically from the linux command line?

I'm a little stumped on this one, I've tried using mutt but it doesn't encrypt mail unless it's used interactively.

Does anyone know if you can use the build in mail command to do this some how?

Are GnuPG 1 and GnuPG 2 compatible with each other?

With Macports, I realize that there are ports gnupg and a newer gnupg2. I'd like to use GnuPG to encrypt files. Should I install both, or just one is enough? If I installed both, are both compatible with each other? Does it matter which one I install first matter at all?

Best encryption and signing algorithm for GnuPG: RSA/RSA or DSA/Elgamal? [closed]

I have found this relatively old question about whether RSA or DSA is the preferred algorithm for signing and encrypting with GnuPG.

When using gpg --gen-key, the two relevant choices are either "RSA and RSA" or "DSA and Elgamal". Which is better? What are the pros and cons for each? Has anything changed since 2009?

One GnuPG/PGP key pair, two emails?

I have two emails I use frequently, for both of which I'd like to use PGP keys generated/managed by GnuPG. I'd like to avoid creating a different key pair for each email, if possible, as that's unnecessary for my situation, i.e. I use the two emails interchangeably.

Is there a way to do this?

I am using Mac OS X 10.5 and Ubuntu 11.04, and Thunderbird 3.1.10.

Thanks in advance!

Getting information from an armored gpg public key file

When given a file with an armored public GnuPG key, i.e. a file (pubkey.gpg) that was created with:

gpg -r 0xDEADBEEF --export --armored > pubkey.gpg

What is the best way to get information such as the finger print in that file, without importing it into my keyring?

The best way I found so far (and I am not happy with) is:

gpg --dry-run --import pubkey.gpg

Naturally, I grepped the gpg man page, but didn't find an obvious solution.

How does S/MIME differ from PGP/GPG, for the purpose of signing and/or encrypting email?

In addition to the titular question, are the two technologies compatible? If so, under what circumstances?

What are the relative benefits of the two technologies?

How to manage GPG keys across multiple systems?

I'm new to using GnuPG and trying to understand how best to use it. I've reviewed Short, easy to understand explanation of GPG/PGP for nontechnical people?, but most guides explain PGP with a single-machine perspective.

I want to use GnuPG on three computing devices: a Linux PC, a Linux laptop, and an Android phone.

The fundamental use case is encrypting/decrypting email managed by an IMAP service, so all devices need the same private key for decryption.

I figure my choices are:

1. Just copy all my keys to the keyring on each device and rely mainly on the private key password for protection.

2. Create a master key (with --gen-key) to represent my identity, then create a separate disposable key (again with --gen-key) for encrypting/decrypting emails and signed with the master key. The former resides only on my PC, the latter is distributed to each device. As long as my mobile devices are not compromised, then the disposable key remains valid.

I may be overly paranoid and making this more complicated than it has to be, but humor me, please. I believe in not putting all your eggs in one basket.

The master key is supposed to be my digital identity. A lot of effort will be spent building trust around that identity, and I'd rather suffer the inconvenience of my paranoia than lose my key from carelessness and have to build trust around a new master key (maybe this isn't as bad as I think, but I am new to this).

I'm more likely to lose my laptop or my phone than my PC. If loss == compromise, then I'd rather lose an disposable key-pair (which I can revoke) than my master key-pair. I can always bestow the trust of my master key upon a new disposable key.

Sorry for the really long question. :-)

TL;DR

Is a password sufficient protection for storing my master private key across multiple devices?

Is my plan for option #2 feasible? Did I get something wrong or can it be improved?

If option #2 is a bad idea, then what are the best practices when using GnuPG for a single user across multiple devices?

Short, easy to understand explanation of GPG/PGP for nontechnical people?

Does anyone have a link to a good, but short (1-2 paragraphs) explanation of the benefits of using GPG/PGP signing and encryption for Email focused at non-technical readers? That is, why would someone care about email being signed?

I've looked but all I ever find are deeply technical, jargon filled documents; perhaps my Google-fu is failing me.

Are GPG and SSH keys interchangable?

I want to generate an RSA key in GPG and use it in SSH login. Is this even possible? If so, how?

How do I fix "WARNING: message was not integrity protected" when using GPG symmetrical encryption?

I've encrypted a file using symmetric encryption like this:

gpg --symmetric myfile

which results in a file myfile.gpg.

Alright. Now let's decrypt the file again:

gpg -o myfile --decrypt myfile.gpg

I'm being asked for the passphrase I've put on, and then I see

gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected

I'm not sure about the first and last line there.

• What is the CAST5 cipher and is it secure? I know 3DES and AES and I know those are secure.
• Why isn't it protected for integrity?
• And moreover, how do I fix this?

How to work around blocked outbound hkp port for apt keys

I'm using Ubuntu 9.10, and need to add some apt repositories. Unfortunately, I get messages like this when running sudo apt-get update:

W: GPG error: http://ppa.launchpad.net karmic Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5A9BF3BB4E5E17B5
W: GPG error: http://ppa.launchpad.net karmic Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 1DABDBB4CEC06767

So, I need to install the keys for these repositories. Under 9.10 we now have the option to do this:

sudo add-apt-repository ppa:nvidia-vdpau/ppa

See this Ubuntu help article for details.

This is great, except that I'm running this on a workstation behind a firewall which blocks outbound connections to pretty much all ports except those required by secretaries running Windows and IE.

The port in question here is the hkp service, port 11371.

There appear to be ways to manually download keys and install them on apt's keyring. There may even be a way to use add-apt-repository or wget or something to download a key from an alternative server making it available on port 80.

However, I haven't yet found a concise set of steps for doing so. What I'm looking for is:

1. How to find a public key for an apt-package (recommendations for resources which have these, and/or tips for searching. Searching for the key hash doesn't seem all that effective so far.)
2. How to retrieve a key (can it be done automatically using gpg or add-apt-repository?)
3. How to add a key to apt's keyring

Thanks in advance.

How can I forward a gpg key via ssh-agent?

I can use the ssh configuration file to enable the forwarding of ssh keys added to ssh-agent. How can I do the same with gpg keys?

Are files encrypted with gpg compatible with pgp?

Are files encrypted with gpg compatible with pgp? What about the other way? I recently learned the very basics of the procedures of using gpg to encrypt and decrypt files. But I don't have a lot of knowledge or good understanding of cryptology theory. I also hear about pgp. Besides the obvious and confusing -- at least to me -- resemblance of the name of one to the other, are the two system compatible with each other?

How to force GPG to use console-mode pinentry to prompt for passwords?

Whenever I try to use gpg from a console-based environment such as ssh sessions it fails because the GTK pinentry dialog cannot be shown in a SSH session.

I tried unset DISPLAY but it does not help and it does look like a dirty solution anyway. The GPG command line options do not include a switch for forcing the pinentry to console-mode.

Older GPG versions offered a text-based prompt that worked fine in SSH sessions but after the upgrade it just fails.

There is the --textmode command line switch but it does not seem to work and apparently is meant to do something else which is even more misleading.

What would be the proper and clean way of getting plain-text pin entry for remote sessions?

How do I symmetrically encrypt a file using gpg?

I'm trying to symmetrically encrypt a file using gpg.

$ gpg --encrypt --symmetric $MYFILE

I enter and re-enter a passphrase, then gpg tells me

You did not specify a user ID. (you may use "-r")

Current recipients:

Enter the user ID.  End with an empty line:

I don't know what to enter here. I'm symmetrically encrypting (not public key encrypting) so I don't understand why gpg wants to know who the recipient might be. I don't know what the sort of user id gpg is expecting looks like, and I don't know any gpg user ids anyway. If I just enter an empty line, gpg complains that there are "no valid addressees".

So how do I symmetrically encrypt a file using gpg?

Version: gpg (GnuPG) 1.4.11, as packaged in Ubuntu 11.10.