I am using Control-M AFT for decryption. The encrypted source file is pulled from Mainframe and while decrypting the file using GnuPG, it fails with below error
gpg: mdc_packet with invalid encoding
gpg: decryption failed: Invalid packet
When trying to decrypt manually, it gives the same error message but the file is decrypted. But from control-m, file is not decrypted and the job fails
Related
I have a hash file from the image, my device is Surface Pro BitLocker encrypted image
Recovery Key hash #0:
$bitlocker$2$16$57debb77a3b130a92397f8c063049274$1048576$12$20cfa3155178d70198020000$60$ad91090585684fe3da68e053c0cbfdaae24e8bd5c6b50978790b964d3b2a808c3394a833c690cc9c99c0364d9df1fac40bdcadcd2b987a7d780bfdc3
when I run
hashcat.exe -m 22100 bitlocker.txt rockyou.txt
I get an error
Hashfile 'bitlocker.txt' on line 1 ($bitlo...9df1fac40bdcadcd2b987a7d780bfdc3): Salt-value exception
No hashes loaded.
Note also that Hashcat only supports $bitlocker$1$...
You should try to extract a $1 hash ... alternatively it should work with bitcracker
I am trying to insert a new password to pass (passwordstore.org), but I am receiving the following error:
➜ GitHub git:(master) ✗ pass insert platform-name
Enter password for platform-name:
Retype password for platform-name:
gpg: error retrieving 'xxx#gmail.com' via WKD: Syntax error in URI
gpg: xxx#gmail.com: skipped: Syntax error in URI
gpg: [stdin]: encryption failed: Syntax error in URI
Password encryption aborted.
I'm trying to automate centos installs via PXE and kickstart with encrypted filesystems. In case we mislay the passphrase we want to use escrow files and encrypt them using the public key attached to an x509 certificate obtained from a web server. The relevant line in the kickstart file is
logvol /home --fstype ext4 --name=lv02 --vgname=vg01 --size=1 --grow --encrypted --escrowcert=http://10.0.2.2:8080/escrow.crt --passphrase=XXXX --backuppassphrase
Leaving the cert as PEM encoded on the web server rather than DER doesn't seem to matter, either work up to a point.
The filesystem is created and encrypted using the supplied passphrase and can be opened on reboot with no issues. Two escrow files are produced as expected and if by using the NSS database containing the private key and the first escrow file I obtain what I think is the passphrase but it doesn't unlock the disk. For example:
# volume_key --secrets -d /tmp/nss e04a93fc-555b-430b-a962-1cdf921e320f-escrow
Data encryption key:<span class="whitespace other" title="Tab">»</span>817E65AC37C1EC802E3663322BFE818D47BDD477678482E78986C25731B343C221CC1D2505EA8D76FBB50C5C5E98B28CAD440349DC0842407B46B8F116E50B34
I assume the string from 817 to B34 is the passphrase but using it in a cryptsetup command does not work.
[root#mypxetest ~]# cryptsetup -v status home
/dev/mapper/home is inactive.
Command failed with code 19.
[root#mypxetest ~]# cryptsetup luksOpen /dev/rootvg01/lv02 home
Enter passphrase for /dev/rootvg01/lv02:
No key available with this passphrase.
Enter passphrase for /dev/rootvg01/lv02:
When prompted I paste in the long numeric string but get the No key available message. However if I use the passphrase specified in the kickstart file or the backup escrow file the disk unlocks.
# volume_key --secrets -d /tmp/nss e04a93fc-555b-430b-a962-1cdf921e320f-escrow-backup-passphrase
Passphrase:<span class="whitespace other" title="Tab">»</span>QII.q-ImgpN-0oy0Y-RC5qa
Then using the string QII.q-ImgpN-0oy0Y-RC5qa in the crypsetup command works.
Has anyone any idea what I'm missing? Why don't both escrow files work?
I've done some more reading and the file ending in escrow is not an alternative passphrase for the luks volume but it contains the encryption key which is encrypted of course. When decrypted the long string is the encryption key and there's a clue in the rest of the text which I confess I didn't read very well.
Can you please help me with the following issue:
I have a file.pgp and I want verify the userID/Key that signed it, before decrypt the file.
Now I runs:
Verify the file pgp --verify "C:\Folder\file.pgp":
C:\Folder\file.pgp:verify (3042:suggested output file name file.txt)
C:\Folder\file.pgp:verify (3177:message signed by key ID 0xFRF5234B)
C:\Folder\file.pgp:verify (3038:signing key 0xFRF5234B UserPGP)
C:\Folder\file.pgp:verify (3040:signature created 2017-12-05T14:55:35+01:00)
C:\Folder\file.pgp:verify (3170:signature hash SHA-256)
C:\Folder\file.pgp:verify (3035:good signature) C:\Folder\file.pgp:verify
(0:verify complete)
parse the OUTPUT and check if the signed by key ID is: 0xFRF5234B
If key ID is 0xFRF5234B, decrypt the file:
pgp --decrypt "C:\Folder\file.pgp" --output "C:\Folder\file.xml" --overwrite remove
Question: Is it possible verify the signed UserID/key without parsing the output? Is there, for example, a script as:
pgp verify --signer 0xFRF5234B file.pgp
Thanks!
I try to make a gpg encryption/decryption on my server, for encryption i make this command line :
gpg --output test.txt.gpg --encrypt test.txt
and then i enter a user ID and my file is created.
But after, when i want to decrypt this file with same commande :
gpg --output result.txt --decrypt test.txt.gpg
result is :
gpg: encrypted with 2048-bit RSA key, ID FF070B4D, created 2017-07-19
"droli mail_adress"
gpg: decryption failed: No secret key
i don't understand why i can encrypt but can't decrypt after ?
$gpg --list-keys
/home/ssie/.gnupg/pubring.gpg
-----------------------------
pub 2048R/09C41BAC 2017-07-19
uid droli mail_adress
sub 2048R/6D2F1BE9 2017-07-19
$gpg --list-secret-keys
/home/ssie/.gnupg/secring.gpg
-----------------------------
sec 2048R/09C41BAC 2017-07-19
uid droli mail_adress sub
ssb 2048R/6D2F1BE9 2017-07-19
Edit after 2 hours :
I think to have find why : there were 2 different keys and 1 secret key for the same user. But now there is another issue : i deleted the wrong key and make the same test again.
the answer after decrypt is :
You need a passphrase to unlock the secret key for user: "droli
mail_adress" 2048-bit RSA key, ID 6D2F1BE9, created 2017-07-19 (main
key ID 09C41BAC)
can't connect to `/home/ssie/.gnupg/S.gpg-agent': Connection refused
gpg-agent[32298]: command get_passphrase failed: Operation cancelled
gpg: cancelled by user gpg: encrypted with 2048-bit RSA key, ID
6D2F1BE9, created 2017-07-19 "telefact " gpg: public key decryption
failed: General error gpg: decryption failed: No secret key
what is this "S.gpg-agent" ? (the file /home/ssie/.gnupg/S.gpg-agent is empty in my case)
$ gpg-agent
--daemon GPG_AGENT_INFO=/tmp/gpg-1K7fOi/S.gpg-agent:18607:1; export GPG_AGENT_INFO;
After launching GPG_AGENT_INFO=/tmp/gpg-1K7fOi/S.gpg-agent:18607:1
and export GPG_AGENT_INFO
there is no ask about the gpg agent.
You need a passphrase to unlock the secret key for user: "droli
mail_adress" 2048-bit RSA key, ID 6D2F1BE9, created 2017-07-19 (main
key ID 09C41BAC)
gpg: cancelled by user
gpg: encrypted with 2048-bit RSA key, ID 6D2F1BE9, created 2017-07-19
"droli mail_adress"
gpg: public key decryption failed: General error
gpg: decryption failed: No secret key
When creating a new key i have the same issue at the end :
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
gpg: cancelled by user
gpg: Key generation canceled.
it's like there is a dyfonctionnement with the passphrase ?
Thanks for help.
The solution is :
chmod o+rw $(tty)
before using su to become that user and it works as it should.