Top keepass frequently asked interview questions
I'm trying to verify the PGP Signature of the latest version of KeePass 2.14's setup file against this signature, but this is the output I receive:
C:\Program Files (x86)\GNU\GnuPG>gpg.exe --verify C:\Users\User\Desktop\KeePass-2.14-Setup.exe
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
C:\Program Files (x86)\GNU\GnuPG>
I found this command here, but it made no mention about ".sig" or ".asc" files, so I figured I did something wrong. By reading the man pages, I further tried the following:
C:\Program Files (x86)\GNU\GnuPG>gpg.exe --pgpfile C:\Users\User\Desktop\KeePass-2.14-Setup.exe
gpg: Invalid option "--pgpfile"
C:\Program Files (x86)\GNU\GnuPG>
As you can see, the results are quite obfuscating...
I took a look at this on SuperUser, but none of the links seemed to really address my question, at least not directly enough for me to get any idea on how to move forward on this.
Can anybody here help me with the esoteric technicality of OpenPGP & the associated use of the GnuPG program? I've felt pretty dumb learning VBS, but this is beyond humiliating: it's absolutely debilitating and maiming whatever confidence I had with my IT skills (then again, I have no justification for making any boast either, as I have yet to get my A+ Cert, lol).
UPDATE 04-04-2011
Okay, so I got tired of fooling around with Windows and decided I'd do it right by booting up Ubuntu; this alone made things much more logical!
So here's my list of commands and where I'm at:
proto@type:~$ cd Desktop/
proto@type:~/Desktop$ gpg --import KeePass-2.14-Setup.exe.asc
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
proto@type:~/Desktop$ gpg --import Dominik_Reichl.asc
gpg: /home/proto/.gnupg/trustdb.gpg: trustdb created
gpg: key FEB7C7BC: public key "Dominik Reichl " imported
gpg: Total number processed: 1
gpg: imported: 1
proto@type:~/Desktop$ gpg --verify KeePass-2.14-Setup.exe
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
proto@type:~/Desktop$ gpg --verify KeePass-2.14-Setup.exe.asc
gpg: Signature made Sun 02 Jan 2011 05:25:24 AM MST using DSA key ID FEB7C7BC
gpg: Good signature from "Dominik Reichl "
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2171 BEEA D0DD 92A1 8065 5626 DCCA A5B3 FEB7 C7BC
proto@type:~/Desktop$ gpg --verify Dominik_Reichl.asc
gpg: verify signatures failed: unexpected data
As Mike instructed, I placed ".exe" & the ".asc" files in the same directory, that being the Desktop. As you can see in the code, I also placed the public key "Dominik_Reichl.asc" in the Desktop directory.
Please be patient with me, as I've been thoroughly spoiled by MD5; I'm assuming that Step 5 from above is the GPG equivalent to this:
C:\Users\user\>CD Desktop
C:\Users\user\Desktop>MD5Sum KeePass-2.14-Setup.exe
bae59065b24f0a6f2ed4bb9e0d6fc65f *KeePass-2.14-Setup.exe
I say this because the behavior changes whenever I move the "KeePass-2.14-Setup.exe" file into a "temp" folder on the Desktop. When I run the command this is the result I get:
proto@type:~/Desktop$ gpg --verify KeePass-2.14-Setup.exe.asc
gpg: no signed data
gpg: can't hash datafile: file open error
These results have lead me to believe that I'm supposed to extract the "DSA key ID" & the "Primary key fingerprint", from Step 5, and compare them to the values at the top of the Signature Page. So, is this where the similarity is at with MD5 verification? Is this all there is to it? Or is there a further step? Is there a command that I use to verify these two strings? Are those strings what I really need to check? What are those strings?
Now there's one other issue that I'm having to contend with. In the "Primary key fingerprint" results, I have 2 spaces between the "8065" and the "5626". When I use a spreadsheet to verify my results with the string on the Signature Page, I get a "FALSE" result because of the extra whitespace in my results. I checked the source of the Signature Page to see if the browser was ignoring the extra white space, but that's not the case.
2171 BEEA D0DD 92A1 8065 5626 DCCA A5B3 FEB7 C7BC # From Source of Signature Page
2171 BEEA D0DD 92A1 8065 5626 DCCA A5B3 FEB7 C7BC # From My Results
As long as I remove that extra whitespace, my results match with that from the Signature Page, but shouldn't they match without any intervention on my part? Should a difference in whitespace be cause for alarm?
Unfortunately, the GPG Man Pages are still quite obscure to me, or as some may put it "user-hostile" (search "user hostile gpg"), so I'll need a couple extra carrots tossed my way. I'll admit it: I'm dumb. In fact, when I was still learning how to use MD5 verification, I floundered around with it almost as much as I did with this.
Source: (StackOverflow)
I am using KeePass version 2.19. What I would like to do is have more than just one URL address associated with a given user name and password.
The entry for a given website might look something like this...
Title
google
User Name
email
Password
pass
URL
https://accounts.google.com/ServiceLogin?hl=en&continue=https://www.google.com/
https://accounts.google.com/ServiceLogin?hl=sv&continue=https://www.google.com/
https://accounts.google.com/ServiceLogin?hl=de&continue=https://www.google.com/
As you can see the ?hl=en
changes into ?hl=sv
and then to ?hl=de
for the three different languages in which I wish to view the Google log-in page.
But this of course could be something completely different, like different web services from the same provider like YouTube and Gmail by Google. Very much like SE where you have several websites but only use one user name and password.
I imagine something along the lines of having multiple entries for one and the same website, where KeePass would actually prompt you to choose which one you want to use. So you have several user names and passwords that use the same URL. But is it possible to have several URLs using the same user name and password, so that KeePass asks me "to which of the following three URLs do you want to auto-log into with this password"?
Source: (StackOverflow)