pgp interview questions
Top pgp frequently asked interview questions
If I have both an encoded message and its original, is it possible to infer the private key?
Source: (StackOverflow)
John wants to send 1.txt
to Paul.
He encrypts it. Now the file is named myFile.pgp
, and he sends it to Paul.
Paul gets the file.
How (if possible) can Paul know what the original file name (1.txt
) was? Is there a parameter (--xxx
) to see the filename ?
I'm using GNU PGP (GnuPG) in console mode.
Source: (StackOverflow)
I have two emails I use frequently, for both of which I'd like to use PGP keys generated/managed by GnuPG. I'd like to avoid creating a different key pair for each email, if possible, as that's unnecessary for my situation, i.e. I use the two emails interchangeably.
Is there a way to do this?
I am using Mac OS X 10.5 and Ubuntu 11.04, and Thunderbird 3.1.10.
Thanks in advance!
Source: (StackOverflow)
Are files encrypted with gpg compatible with pgp? What about the other way? I recently learned the very basics of the procedures of using gpg to encrypt and decrypt files. But I don't have a lot of knowledge or good understanding of cryptology theory. I also hear about pgp. Besides the obvious and confusing -- at least to me -- resemblance of the name of one to the other, are the two system compatible with each other?
Source: (StackOverflow)
In a public key file "id_rsa.pub" generated by ssh-keygen, does the part after the == matter?
I ask because when I changed "root@somedomain.com" to "root", it seems to still work.
More generally, I am curious about what the purpose of that half is.
Source: (StackOverflow)
Does anyone have a link to a good, but short (1-2 paragraphs) explanation of the benefits of using GPG/PGP signing and encryption for Email focused at non-technical readers? That is, why would someone care about email being signed?
I've looked but all I ever find are deeply technical, jargon filled documents; perhaps my Google-fu is failing me.
Source: (StackOverflow)
I was successfully able to create a PGP Key using Seahorse in Ubuntu's Passwords and Keys (13.04). I was also able to create a revocation certificate, if needed in the future, using the terminal in Ubuntu.
My problem concerns doing this on a Windows machine (and Mac). I downloaded Gpg4win and used Kleopatra to create a PGP Key. I am however unable to find a way to create a revocation certificate for the key I generated.
I would appreciate some direction with this issue.
Source: (StackOverflow)
What's the best way of keeping a PGP private key file generated by GnuPG?
I will just store my public key online, in Gmail, on many of my computers. Where/how best to protect and store the private key file?
Source: (StackOverflow)
In addition to the titular question, are the two technologies compatible? If so, under what circumstances?
What are the relative benefits of the two technologies?
Source: (StackOverflow)
Possible Duplicate:
Are GPG and SSH keys interchangable?
How to use gpg and SSH together?
I know the basic procedures of 1) using gpg to encrypt and decrypt text files and 2) generating and using SSH keys to access remote servers without passwords.
I wonder if the two can be integrated. Are the two unrelated and should be separated in their day-to-day use?
Source: (StackOverflow)
I'm looking for a web front-end or some easy way to get a user who's never been exposed to cryptography / digital signatures etc. to simply copy/paste my GPG signed (not encrypted) email and specify whether that email/text has been correctly signed - meaning contents are untampered and from me - the sender.
Ideally, it would be able to pull my public key off a key server in order to verify or allow a user to upload the key along with the signed text for verification.
Basically - how would I be able to convince an ordinary user that the email sent is indeed from me.
UPDATE: I found something similar here, but apparently it only works for users who've signed up for HushMail.
Source: (StackOverflow)
I have a document for a project that I am working on with my team, and I need to digitally sign the document in a way that can be verified by other members of the team. The catch is, internally, we are using PGP (the commercial version, I think). It appears that, for all intents and purposes, PGP is wholly incompatible with any of Microsoft Office's built-in digital signature functions. Ditto for Adobe Acrobat.
This is baffling, because PGP is a defined RFC, 4880, so I would imagine that it is possible for MS to integrate SOME kind of support for either X.509 or PGP. Signing a document using the external PGP software, however, produces a stand-alone *.sig file that has to tag along with the original document for anyone to be able to verify its authenticity. Since I have multiple people that need to digitally sign this document, I have no idea if this means I would need to manage one *.sig for each signee, or if a single *.sig file can hold multiple signatures by different signees.
Is there a solution of some kind that can allow me to digitally authenticate/verify Word or PDF documents using PGP keys amongst members of a team? It'd be great if there is something that can leave a visual mark within the document itself, too.
I figured that if there was a way to export an X.509/PKCS-12 certificate based off of a public PGP key, and then store that certificate in Windows' internal certificate store (certmgr
), then maybe I could get Office to pull from that. But this appears to be impossible. I mean, aren't both technically bog-standard PKI certificates?
Assume that each signee has their own PGP keypair with passphrase and that there is an internal PGP keyserver that everyone can sync to.
Thoughts?
Source: (StackOverflow)
I have a requirement to encrypt a file, get it to an external partner who will then decrypt the file using a key.
My "basic" understanding is that I can generate the public and private keys, encode the file using the public key and our partner can decrypt using the private key we give them. But this sounds a bit strange to me that we would be sharing the private key. There is just one trusted partner.
Am I missing something?
Source: (StackOverflow)
What GUI (no command line) software or websites can I use to verify a PGP signature?
If I have a message like this
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Because anyone can claim to be me. There's no validation of the user
name or email address when someone posts a comment. While I do try to
remove imposters, some may slip through. By signing my comments using
this technique, anyone can independently verify that I was the author of
the message by validating the signature.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
iD8DBQFFxqRFCMEe9B/8oqERAqA2AJ91Tx4RziVzY4eR4Ms4MFsKAMqOoQCgg7y6
e5AJIRuLUIUikjNWQIW63QE=
=aAhr
-----END PGP SIGNATURE-----
How can I verify the message against the public key to get the same signature back?
This online encryption/decryption PGP site does not allow me to do that.
Source: (StackOverflow)