EzDevInfo.com

Infer PGP private key using an encoded decoded sample

If I have both an encoded message and its original, is it possible to infer the private key?

PGP (GnuPG) - what was the original filename?

John wants to send 1.txt to Paul.

He encrypts it. Now the file is named myFile.pgp, and he sends it to Paul.

Paul gets the file.

How (if possible) can Paul know what the original file name (1.txt) was? Is there a parameter (--xxx) to see the filename ?

I'm using GNU PGP (GnuPG) in console mode.

One GnuPG/PGP key pair, two emails?

I have two emails I use frequently, for both of which I'd like to use PGP keys generated/managed by GnuPG. I'd like to avoid creating a different key pair for each email, if possible, as that's unnecessary for my situation, i.e. I use the two emails interchangeably.

Is there a way to do this?

I am using Mac OS X 10.5 and Ubuntu 11.04, and Thunderbird 3.1.10.

Thanks in advance!

Are files encrypted with gpg compatible with pgp?

Are files encrypted with gpg compatible with pgp? What about the other way? I recently learned the very basics of the procedures of using gpg to encrypt and decrypt files. But I don't have a lot of knowledge or good understanding of cryptology theory. I also hear about pgp. Besides the obvious and confusing -- at least to me -- resemblance of the name of one to the other, are the two system compatible with each other?

what is PGP public key block?

There's PGP public key block posted on some websites (eg. http://phrack.org/index.html).

It's not hex code. it uses much more alphabet characters. What is it?

Why is this information posted? how can i use it?

Does the right half of the rsa public key matter?

In a public key file "id_rsa.pub" generated by ssh-keygen, does the part after the == matter?

I ask because when I changed "root@somedomain.com" to "root", it seems to still work.

More generally, I am curious about what the purpose of that half is.

Short, easy to understand explanation of GPG/PGP for nontechnical people?

Does anyone have a link to a good, but short (1-2 paragraphs) explanation of the benefits of using GPG/PGP signing and encryption for Email focused at non-technical readers? That is, why would someone care about email being signed?

I've looked but all I ever find are deeply technical, jargon filled documents; perhaps my Google-fu is failing me.

How do I create a PGP Key Revocation Certificate in Kleopatra

I was successfully able to create a PGP Key using Seahorse in Ubuntu's Passwords and Keys (13.04). I was also able to create a revocation certificate, if needed in the future, using the terminal in Ubuntu.

My problem concerns doing this on a Windows machine (and Mac). I downloaded Gpg4win and used Kleopatra to create a PGP Key. I am however unable to find a way to create a revocation certificate for the key I generated.

I would appreciate some direction with this issue.

What's the best way of keeping a PGP private key file generated by GnuPG?

What's the best way of keeping a PGP private key file generated by GnuPG?

I will just store my public key online, in Gmail, on many of my computers. Where/how best to protect and store the private key file?

How does S/MIME differ from PGP/GPG, for the purpose of signing and/or encrypting email?

In addition to the titular question, are the two technologies compatible? If so, under what circumstances?

What are the relative benefits of the two technologies?

How to use gpg and SSH together? [duplicate]

Possible Duplicate:
Are GPG and SSH keys interchangable?

How to use gpg and SSH together?

I know the basic procedures of 1) using gpg to encrypt and decrypt text files and 2) generating and using SSH keys to access remote servers without passwords.

I wonder if the two can be integrated. Are the two unrelated and should be separated in their day-to-day use?

How can I get a new / non-technical user to verify my GnuPG / PGP signed email?

I'm looking for a web front-end or some easy way to get a user who's never been exposed to cryptography / digital signatures etc. to simply copy/paste my GPG signed (not encrypted) email and specify whether that email/text has been correctly signed - meaning contents are untampered and from me - the sender.

Ideally, it would be able to pull my public key off a key server in order to verify or allow a user to upload the key along with the signed text for verification.

Basically - how would I be able to convince an ordinary user that the email sent is indeed from me.

UPDATE: I found something similar here, but apparently it only works for users who've signed up for HushMail.

Microsoft Word and digital signatures using PGP?

I have a document for a project that I am working on with my team, and I need to digitally sign the document in a way that can be verified by other members of the team. The catch is, internally, we are using PGP (the commercial version, I think). It appears that, for all intents and purposes, PGP is wholly incompatible with any of Microsoft Office's built-in digital signature functions. Ditto for Adobe Acrobat.

This is baffling, because PGP is a defined RFC, 4880, so I would imagine that it is possible for MS to integrate SOME kind of support for either X.509 or PGP. Signing a document using the external PGP software, however, produces a stand-alone *.sig file that has to tag along with the original document for anyone to be able to verify its authenticity. Since I have multiple people that need to digitally sign this document, I have no idea if this means I would need to manage one *.sig for each signee, or if a single *.sig file can hold multiple signatures by different signees.

Is there a solution of some kind that can allow me to digitally authenticate/verify Word or PDF documents using PGP keys amongst members of a team? It'd be great if there is something that can leave a visual mark within the document itself, too.

I figured that if there was a way to export an X.509/PKCS-12 certificate based off of a public PGP key, and then store that certificate in Windows' internal certificate store (certmgr), then maybe I could get Office to pull from that. But this appears to be impossible. I mean, aren't both technically bog-standard PKI certificates?

Assume that each signee has their own PGP keypair with passphrase and that there is an internal PGP keyserver that everyone can sync to.

Thoughts?

How does public/private key cryptography work, who generates the key pair?

I have a requirement to encrypt a file, get it to an external partner who will then decrypt the file using a key.

My "basic" understanding is that I can generate the public and private keys, encode the file using the public key and our partner can decrypt using the private key we give them. But this sounds a bit strange to me that we would be sharing the private key. There is just one trusted partner.

Am I missing something?

How do I verify a PGP signature?

What GUI (no command line) software or websites can I use to verify a PGP signature?

If I have a message like this

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Because anyone can claim to be me. There's no validation of the user
name or email address when someone posts a comment. While I do try to
remove imposters, some may slip through. By signing my comments using
this technique, anyone can independently verify that I was the author of
the message by validating the signature.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFFxqRFCMEe9B/8oqERAqA2AJ91Tx4RziVzY4eR4Ms4MFsKAMqOoQCgg7y6
e5AJIRuLUIUikjNWQIW63QE=
=aAhr
-----END PGP SIGNATURE-----

How can I verify the message against the public key to get the same signature back?

This online encryption/decryption PGP site does not allow me to do that.