Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 days ago.
This post was edited and submitted for review 7 days ago and failed to reopen the post:
Original close reason(s) were not resolved
Improve this question
I export both public and private keys, copy them to the chroot, then import them into the chroot using --homedir, where homedir points to the default location inside the chroot for the user. This all works fine. (homedir is /path/to/chroot/home/AUSER/.gnupg)
Later, a script running inside the chroot running as AUSER attempts to encrypt a file with the imported above keys, pointing to the same homedir, but the first time it fails with (please excuse any typos, since this is a hand transcription):
gpg: checking the trustdb
gpg: 3 margial(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 0 trust: 0-,0q, 0n, 0m,0f,2u
gpg: checking created signature failed: No public key
gpg: signing failed: No public key
gpg: /path/to/filename: sign+encrypt failed: No public key
This is the command invocation:
gpg --cypher-algo AES256 --homedir $HOME/.gnupg --digest-algo SHA512 --default-key 'username' -es -r 'username' /path/to/file
and HOME correctly points to /home/AUSER.
If I ignore the first attempt to encrypt, it encrypts all day long after that.
As a work around, I encrypt some random file, ignore that error, then run the real script.
The chroot is Centos 7.8x, running on Centos 7, 1810, where both gpg versions are 2.0.22 based on libgcrypt 1.5.3, and gpg is a symlink to gpg2 on both, with the username the same on both. Also, on the 7:1810 'host', there are no keys at all.
Anyone have a clue why the first encryption fails?
So the answer to this question is that the gpg database has to be updated. Running gpg --update-trustdb solves the problem.
Related
i`ve got a problem with encrypting some stuff on a Debian 8.10 server.
I have a few keys imported into my keyring and am able to check if all that need to be there are actually there with
gpg --list-keys
Whenever my script runs which contains the following command
gpg --trust-model always -r XXXXXXXX -r XXXXXXXX -r XXXXXXXX -r XXXXXXXX -r XXXXXXXX -e
i get this error
gpg: XXXXXXXX: skipped: public key not found
gpg: [stdin]: encryption failed: public key not found
None of the keys that aren't working are expired.
I imported every Key by hand via gpg --import bla.asc
If anyone knows what I might be doing wrong - help would be appreciated.
Thanks in advance
Hi for me same key is working on lower Environment but not production i got following error on prod :: No Public Key
Reason :: on prod Environment Public key is imported for root as well as another user. I removed from Root users and import again with my own user again it start encrypting the file.
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 months ago.
The community reviewed whether to reopen this question 3 months ago and left it closed:
Original close reason(s) were not resolved
Improve this question
The recent beta version of OpenSSH on Windows 10 does not accept my openssh formatted private key:
The same key works on ssh shipped with git shell from github.
Is there a format option for openssh on Windows that I'm missing or is this a bug?
I got this working.. believe it or not by adding a single LF at the end of your private key file. E.G
-----BEGIN OPENSSH PRIVATE KEY-----
KEY
-----END OPENSSH PRIVATE KEY-----
Without the LF the private key worked fine with putty, secureCRT, WinSCP, GIT etc... but Windows (which is used by VisualCode) Kept giving me "invalid Format"
Windows 10 currently (as of January 2018) only supports ed25519 keys (reference: https://github.com/PowerShell/Win32-OpenSSH/issues/973). I see that you are trying to connect to Amazon Web Services. If you manage your key using the AWS console, you can only use an RSA key.
However, if you are trying to connect to an existing EC2 instance, you can do the following:
Create the private/public key in Windows cmd using the command "ssh-keygen", if you have not already done this. The key pair is saved in files id_ed25519.pub and id_ed25519 in your .ssh directory
Connect to your AWS EC2 instance. Add the contents of the id_ed25519.pub to your authorized_keys file within the .ssh directory
Now you can connect to your EC2 instance using the Windows 10 SSH client.
I had a similar issue. I copied it id_rsa from Linux to Windows 10. I knew that it was probably line-terminating issue. So I downloaded dos2unix for Windows https://waterlan.home.xs4all.nl/dos2unix.html, and ran dos2unix id_rsa, and it worked afterwards.
For me, a new line at the end of the file solved the problem.
try this
ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_rsa -C "your email"
and catch the folder with this command
cat ~/.ssh/id_rsa.pub
hope this help.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
I have created a self-signed root certificate authority which if I install onto windows, linux, or even using the certificate store in firefox (windows/linux/macosx) will work perfectly with my terminating proxy.
I have installed it into the system keychain and I have set the certificate to always trust.
Within the chrome browser details it says "The certificate that Chrome received during this connection attempt is not formatted correctly, so Chrome cannot use it to protect your information. Error type: Malformed certificate"
I used this code to create the certificate:
openssl genrsa -des3 -passout pass:***** -out private/server.key 4096
openssl req -batch -passin pass:***** -new -x509 -nodes -sha1 -days 3600 -key private/server.key -out server.crt -config ../openssl.cnf
If the issue is NOT that it is malformed (because it works everywhere else) then what else could it be? Am I installing it incorrectly?
To be clear:
Within the windows/linux OS, all browsers work perfectly. Within mac only firefox works if it uses its internal certificate store and not the keychain. It's the keychain method of importing a certificate that causes the issue. Thus, all browsers using the keychain will not work.
The openssl configuration defaults an intermediate certificate to have basicConstraints=CA:TRUE however in my case since I am using the intermediate certificate as an end user certificate, I need to make it basicConstraints=CA:FALSE.
On windows/linux/firefox this doesn't seem to matter, but security settings on a mac make it required.
I have a brand new install of Linux Mint 14. Installed Thunderbird & Enigmail.
Generated my key, got a friend's public key, imported it.
Sent my friend an encrypted email, he was able to decrypt it just fine.
However, when he responded, I got "gpg: decryption failed: secret key not available"
I tried deleting my key and reimporting it. I tried changing various settings. But I can't figure out what the problem is. I've used Linux/Thunderbird/Enigmail in the past and never had this error.
Sounds like your friend didn't encrypt the message to your public key in the first place. That error message just means that you did not possess the secret key for any of the keys the message was encrypted to.
I think you'll find that if you save the encrypted message into a file and run "gpg -v " it will tell you that it can't find a key on your keyring to decrypt it. I'm also willing to bet that running "gpg --list-packets" or "pgpdump" (which just makes the --list-packets option easier to read) on that file you'll find that the message was only encrypted to your friend's key.
Sounds stupid, but make sure you are not mixing up gpg keys and ssh keys. That's just the kind of brain fart that will have you tearing your hair out. That's why I keep my hair short :)
See this: Are GPG and SSH keys interchangeable?
I just had exactly the same thing happen as the OP but it was a different cause. I eventually noticed that Thunderbird Enigmail was looking in the keyring of gpg2 while I had used gpg to create the latest key pair. You can check if it is in gpg and bring it across:
gpg2 --list-secret-keys
gpg2 --import ~/.gnupg/secring.gpg
gpg2 --list-secret-keys
It will ask you for passwords of keys after the middle step.
I am getting an error:
gpg: no default secret key: No secret key
gpg: [stdin]: clearsign failed: No secret key
My secret keys are available to GPG.
If gpg --list-keys returns nothing, gpg --generate-key solves the problem.
This confusing error message wasted me days of time. I deploy my maven project to maven central, which was always working, but suddenly it gives this message without prompting the passcode. Searched through all the answers didn't solve my problem. Eventually, I found out my key is expired.
gpg --list-keys
So I need to change the expiration by using
gpg --edit-key
And make sure to update both keys.
It might be difference between gpg1 and gpg2. The secret keys are stored in different ways. You may have both of them.
Try
which gpg gpg2
If you do have both, run:
gpg2 --list-secret
gpg --list-secret
You maybe able to tell that one works, another does not.
Here's the answer: I am using latest gnupg version , but I have to use 0.44 gnupg interface version. I have reinstalled the gnupg.
Then no compilation errors were found. I am able to sign my message. but not able to send the request. The problem is I have not installed LWP::Protocol::Https module which is used by "Useragent" to send the request.( i came to know this that i have not installed the module by keeping simple print statements which shown the problem that LWP::Protocol::Https is not found). So i have installed LWP::Protocol::Https module through cpan. And i am good to go. Finally all is set :-)