I make a key with gpg2.
I --edit-key
Only the secret keys show. Is it supposed to be like that?
Anyway, I select the only uid and delete the signature (delsig).
Save & exit.
I do anything.
"Unusable secret key"
Fair enough, I did something unreasonable.
--edit-key
check
check gives no output. Is it supposed to be like that?
sign
I can't sign my own key, unusable secret key.
Surely I ought to be able to use and sign my own key, regardless of whether I signed it? What am I missing? I'm working with the only key on the keyring.
Related
With GPGME, how would I check if I can decrypt a given secret with the current keychain.
I can attempt decryption with gpgme_op_decrypt and catch GPG_ERR_NO_SECKEY errors, but this seems non-optimal, nor do I know if this covers all cases.
Is there can_decrypt function, do_we_own_decrypt_key_for_secret or alike?
Also, can I list the secret recipients without decrypting the secret, that could help with this issue.
I have a key to be decrypted shown here dc6f0dbebfc5747330deeedfbd8475568a740d0a. The following key has salt value prefixed before the key. The salt value is 80808080. How can i decrypt this.
Hashes are not meant to be broken but you can use a tool like this to crack it (If you're lucky). This hash is for the string 'azerty'
Hashes are not decrypted. In their regular usage as password hashes, you can validate an entered password using the hash but you can't find the password given the hash, because the hash function isn't reversible. The exception is brute force password cracking which works for sufficiently simple passwords only.
I am fairly new to PGP encryption. I generated a new key pair last week on a Yubikey, while previously I had only used a private key that I generated on my machine. I use thunderbird enigmail for key management. This is probably a stupid question but I don't actually understand how to encrypt an email using the private key stored on my Yubikey. I can decrypt just fine but can't figure out how to compose an encrypted email from the new key. Using my old key pair, it's automatic - how do I actually encrypt using the right private key? At what point do I enter the Yubikey and pin? (I'm not all that technical and I use encryption for one specific project, so I appreciate dumbing down something that is probably very obvious.)
Using keys generated on a Yubikey is a practically identical process to using your old keys, with one extra step of set up.
To use keys stored on a Yubikey, you need "key stubs" registered on your PGP system. Basically, these are references that tell your PGP software "This private key is located on smartcard number #123456." Once you have the stubs to the keys you need, Enigmail should treat the Yubikey-stored keys like any other PGP key.
I'm only familiar with GnuPG, so specifics may vary, but using GPG you need to
Have a copy of the public key imported to your system from a key server or the like.
Import key stubs from your smart card (in this case, your Yubikey) using:
gpg --card-status
After that, checking your private keyring should reflect that you have stubs pointing to private keys stored on a smart card (denoted by the > after sub). I.E.
gpg --list-secret-keys
----------------------------------------------------
sec# rsa2048 2018-01-02 [C] [expires: 2020-01-02]
ABCDEF123456789ABCDEF123456789ABCDEF1234
uid [ ultimate] My Name (My PGP key) <anAddress#somesite.com>
ssb> rsa2048 2018-01-02 [S] [expires: 2018-12-31]
ssb> rsa2048 2018-01-02 [E] [expires: 2018-12-31]
ssb> rsa2048 2018-01-02 [A] [expires: 2018-12-31]
At this point you can use sub keys of CDEF1234 as if there were on your system. Your PGP software ought to handle checking the card is inserted and dealing with PIN entry.
I am trying to decrypt a set of files with GnuPG, for which I already have the username and password. However, I cannot seem to be able to do so, even though I have generated a new key with the given credentials. When trying to run
gpg --output result.sc --decrypt myFile.sc.xz.gpg
I get:
gpg: encrypted with RSA key, ID 3662FD5E
gpg: decryption failed: No secret key
I am wondering, which are the steps in decrypting with GnuPG? I followed the instructions here http://linoxide.com/security/gpg-comand-linux-how-to-encrypt-and-decrypt-file/, but still did not get it to work. I have no other key given except for these credentials.
You're missing the private key with 3662FD5E.
I have no other key given except for these credentials.
Without this key, you cannot decrypt the file. The password you have might protect the private key, but without the private key, there's definitely no way to decrypt the file (unless in future, a way is found to crack the encryption, but as of now, pretty much all relevant and actually used algorithms in OpenPGP are believed to be secure).
even though I have generated a new key with the given credentials
Keys are generated from random numbers, you cannot generate the same key again, also when using the same user ID and password.
I am trying to decrypt a file that has been encrypted using 2 recipients (--recipient recipientA#example.com --recipient recipientB#example.com).
However when I try to decrypt the file, it always requests the passphrase of the 1st recipient. When the 1st recipient secret-key isn't part of the key-ring, it will give an error 'secret key not found'.
How can I encrypt a file with multiple recipients so that both can decrypt them without knowing eachother keys & passphrases?
(To me, the question seems simple and a basic feature - but obviously I cannot get it to work)
Thank you in advance!
I ran into this problem today, and found your question looking for the answer. I've seen many merry an example of how to encrypt things for multiple recipients... never saying/showing what will happen when one tries to decrypt that data. Here's what I got:
user#system ~ $ gpg --decrypt filename.pgp
You need a passphrase to unlock the secret key for
user: "SOMEBODY ELSE <somebody_else#example.com>"
2048-bit ELG-E key, ID ABC1234, created 1972-10-29 (main key ID ABC5678)
gpg: Invalid passphrase; please try again ... [I DON'T HAVE *THEIR* PASSPHRASE!]
2 more times... finally...
You need a passphrase to unlock the secret key for
user: "HEY! This is ME! <my_email#example.com>"
2048-bit ELG-E key, ID DEF1234, created 1969-02-03 (main key ID DEF5678)
gpg: encrypted with 2048-bit ELG-E key, ID ABC1234, created 1972-10-29
"NAME <email#example.com>"
gpg: public key decryption failed: bad passphrase
gpg: encrypted with 2048-bit ELG-E key, ID DEF1234, created 1969-02-03
"HEY! This is ME! <my_email#example.com>"
and then the file decrypted fine...
Quick Note: Just to clarify, for security reasons one's passphrase and one's private key should NEVER be given to anyone else. The passphrase is to keep the private key "safe" should it become compromised. One's public key is the only thing that should be shared with others.
I preface this with the fact I currently only have access to version 1.4.2.2, and don't have the ability to test these solutions. Later version have certain options that may well be what's needed. Please try and answer back if any of these work.
--local-user/-u looked promising. In the version I have, --help showed use this user-id to sign or decrypt But when trying it seemed futile, further research revealed a cruel truth: seems the help is wrong, and this is ONLY an option using for "signing".
This post has a likely solution, though I personally find it messy:
gpg --try-all-secrets --passphrase <passphrase here> filename.pgp
--passphrase was apparently added in version 1.4.3. UGH!
EDIT: Perhaps a better (possibly, below) solution is only available in gpg2? gpg2 seems to have --try-secret-key, which if I read correctly, may be what we're both looking for?
I have also faced this problem today and I have solved it by running gpg in batch mode:
/usr/bin/gpg --batch --passphrase "your_passphrase" --verbose --decrypt