I am trying to create new GPG key. I am stuck at creating passphrase. I putting my 50+ symbols length phrase into input from clipboard, and then it answers me again. And there is no end of it. How can I create gpg key?
GPG version: 2.3.6 (by Brew)
I solve this including digits in the passphrase.
Related
I am writing a bash script to change MAC (Ethernet) address back to default one after changing it.
In order to match the default value and the current value,
the script needs the default value.
However I am not sure where to store the default MAC address.
Currently The address is hard-coded and stored in the script
MAC=**:**:**:**:**
It doesn't seem appropriate to hardcode like this for security purposes,
but retrieving default MAC address seems pretty hard because the MAC address has already changed to another value.
Possible solution is to store it in another file or some other places.
Are there any ideas to solve without hardcoding it?
Protecting a public information like a MAC address is a bit strange but what about cryptography? Let's assume you have GNU gpg installed, and a key pair with identity animal.farm#orwell.gb. Then:
echo "$MAC" | gpg -e -r animal.farm#orwell.gb > ~/.mac
Will encrypt the value of shell variable MAC and store the encrypted value in a file named .mac in your home directory. Decrypt with:
gpg -d ~/.mac 2> /dev/null
If you protected your private key with a passphrase (recommended) you will be asked for it.
After switching the Linux Distributions, gpg changed and I could not encrypt any emails. Even my own. Enigmail gave me "No matching secret key found to decrypt message" error message.
Before:
$gpg --version
gpg (GnuPG) 2.1.18
libgcrypt 1.7.6-beta
Now:
$gpg2 --version
gpg (GnuPG) 2.2.13
libgcrypt 1.8.4
Both have Enigmail 2.0.9.
It's been long time since you wrote. Nevertheless I'd try to give it a chance, as I think similar problem still might happen (again).
First of all try this command:
gpg-agent --daemon
Expectation is, it would show you if something is wrong with config file(s). Example output:
gpg-agent[22861]: /home/<REPLACE_WITH_YOUR_USERNAME>/.gnupg/gpg-agent.conf:13: invalid option
This, for example, is telling you: "Line 13 in that file contains invalid setting option".
In this case, edit that file, remediate the error or comment out the line creating the error for example like this:
Edit the file. Example, in your console/terminal, try one of this:
nano /home/REPLACE_WITH_YOUR_USERNAME/.gnupg/gpg-agent.conf
gedit /home/REPLACE_WITH_YOUR_USERNAME/.gnupg/gpg-agent.conf
editor /home/REPLACE_WITH_YOUR_USERNAME/.gnupg/gpg-agent.conf
now go to that line (here in the example it is line 13), and replace its content, example
ignore-caching-for-signing
with the line
# ignore-caching-for-signing
Plsease note the '#' in front of the line, which is the comment sign to deactivate the invalid option.
Go to line 1. above and repeat the gpg-agent command, and the steps up to this line, until the gpg-agent starts without complaining about invalid options
gpg-agent --daemon
Now start thunderbird with enigmail, and click on the encrypted mail. From my experience, you should now be able to see its content.
In the end, this helped: https://sourceforge.net/p/enigmail/forum/support/thread/03ebee57/
gpg2 --edit-key 0xYourKeyId setpref save
(0xYourKeyId taken from gpg2 --list-secret-keys)
EDIT: ok, this does not work. I can decrypt messages for like 5 minutes since I had to unlock the keychain in the dialog.
I am running OS-X El-Capitan with MacPorts. System language of my Mac is Spanish. How can I tell gnupg to use English as language for any output such as error messages?
I have installed gpg 1.4.19 via macports and gpg 2.0.28 via GPGTools. Both gpg -h and gpg2 -h produce Spanish output, while other unix commands such as git --help or man -h produce English output.
In this post a similar problem is discussed, but I could not apply the recommendations given there to my OS:
http://www.gossamer-threads.com/lists/gnupg/users/52908
Like lots of other internationalized tools, GnuPG takes the LANG environment variable into account. Either export the variable for the whole session, where it will be valid for all executed applications from this terminal (you could also add this to your dotfiles):
export LANG=en
gpg --version
or prefix LANG=en for individual calls of gpg if you only want to run it in English language a single time:
LANG=en gpg --version
Did anybody come across that annoying phenomenon that after using pinentry-curses (emacs, osx, gpg) key mappings in terminal (iterm2) are broken?
Before entering a passphrase, e.g. arrow-keys work fine with emacs run in terminal but after entering a passphrase the arrow-keys are unmapped and emacs complains:
M-[ a is undefined
I am using Ubuntu 10.04. i have created a shell script. After writing the script, the code can be edited when right clicking the file and selecting Gedit. I want to know how to make the script unreadable in Gedit.
GEdit is just another tool that can be used to edit a file, much like "vi" or "nano" is. Only difference is, I believe it is graphical. Nevertheless, it appears that what the original poster is attempting to do here is to simply make it impossible for others to view certain scripts. If that's true, there are solutions that may be worth investigating.
SHC:
SHC is a great tool to use for this purpose. and based on the last post in this thread, it appears the OP has already tried it but, it didn't work on certain systems. If that's the case, heres's the reason why. The way SHC works is actually pretty straight-forward. When using it to obfuscate a script, you have to re-compile the script for whichever OS you intend to run it on. What that means is, you cannot run the SHC compiler on a ubuntu box and expect the produced script to work on a Red Hat/CentOS box. It appears the latest version of SHC can be accessed here.
EnScryption:
If your main goal is to discourage others from attempting to read your code, you can just paste your script to a site like this one. This site will automatically generate an obfuscated version of your script that should be able to run without issues on most common Unix systems.
If you do not wish to paste your code to the above site or use SHC for whatever reason, then, there's yet another solution. Use openssl!
OpenSSL:
If your scripts are really that sensitive, then Openssl(or a similar tool) is probably the best option for you. Why? Because the openssl tool in particular is present on most Unix systems...i.e. Ubuntu, CentOS, Red Hat, Macs, AIX. It comes as part of the default installation. If you decide to go this route, note, you will need to write your script in such a way that before it runs, the user has to provide a password.
Encrypting your script with OpenSSL:
cat yourscript.sh | openssl aes-128-cbc -a -salt -k (specify-a-password-here) > yourscript.enc.sh
(OR)
openssl aes-128-cbc -a -salt -in yourscript.sh -k (specify-a-password-here) > yourscript.enc.sh
(OR)
openssl aes-128-cbc -a -salt -in yourscript.sh -out yourscript.enc.sh -k (specify-a-password-here)
Decrypting your script with OpenSSL:
cat yourscript.enc.sh | openssl aes-128-cbc -a -d -salt -k (specify-a-password-here) > yourscript.dec.sh
(OR)
openssl aes-128-cbc -a -d -salt -in yourscript.sh -k (specify-a-password-here) > yourscript.dec.sh
(OR)
openssl aes-128-cbc -a -d -salt -in yourscript.sh -out yourscript.enc.sh -k (specify-a-password-here)
A quick thing to note about the openssl encryption mechanism 'aes-128-cbc':
There are probably more secure mechanisms out there. But there is a good chance some of the systems you wish to run your encrypted scripts on wont have those mechanisms, thereby making it impossible to run your script. So keep that in mind if you decide to change it.
Obfuscation (which is what most people mean when they say they want a "binary" shell script) is a Bad Idea(TM) - Been there, done that. It doesn't provide any security against a determined programmer (they'd just trace the script to figure out what it's doing), and it makes it really, really hard to debug (which, possibly unless you're GreyCat, you will need to do. A lot.).
You are probably looking for something like shc.
From the man page:
shc creates a stripped binary executable version of the
script specified with -f on the command line.
http://freecode.com/projects/shc
Disclaimer: I have not tested shc nor do I know how well/if it works
What you want to do is not readily possible. Scripts are interpreted, not compiled, that's why you see text in there.
For an script to be executed, the effective user must have read access to it. An alternative to giving execution permission or using shc (as KillerX has nicely proposed), without letting the user look at the contests of the script, would be to use sudo. You would edit the sudoers file like this (remember to use visudo to edit this file!):
username ALL=(ALL) /path/to/your_script.sh
Now the script would be executable by "username" but he wouldn't be able to read its contents. Of course, you need to remove all permissions to "username" from this file...