I tried to solve this Geocache:
https://www.geocaching.com/geocache/GC67EXW_signaturbruch
And it gave me a password prompt, when I tried to solve gpg message.asc, but I didn't know the correct password back then.
Now I know it, but it just wouldn't give me the password prompt again, no matter how I tried it.
The output is as follows:
Martinas-Air:gpg martl$ gpg message.asc
gpg: WARNING: Kein Kommando angegeben. Versuche zu raten was gemeint ist ...
gpg: CAST5 verschlüsselte Daten
gpg: Verschlüsselt mit einer Passphrase
gpg: Entschlüsselung fehlgeschlagen: Bad session key
(I am on a German MacOs Mojave, 10.14.6 and my gpg --version gives me this:
Martinas-Air:gpg martl$ gpg --version
gpg (GnuPG/MacGPG2) 2.2.17
libgcrypt 1.8.4
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /Users/martl/.gnupg
Unterstützte Verfahren:
Öff. Schlüssel: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Verschlü.: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Komprimierung: nicht komprimiert, ZIP, ZLIB, BZIP2)
Can somebody tell me, how can I get back to getting asked for the password again??? I searched whole Internet for solutions like "restart your computer", reinstall all gpg tools, delete all .gpg files and so on, but nothing would make it better.
Thanks in advance.
After having had the same issue, I was able to get the password prompt back using the following steps:
In file ~/.gnupg/gpg.conf, append:
use-agent
pinentry-mode loopback
In file ~/.gnupg/gpg-agent.conf, append:
pinentry-program /usr/bin/pinentry-gtk-2
allow-loopback-pinentry
Then restart your gpg agent with echo RELOADAGENT | gpg-connect-agent.
Related
Im trying to setup my gnupg configuration on MAC OS 11.2.1
So far I have setup my SSH, I have generated my GPG key and added it into GPG agent.
Now, if I run this command:
echo "test" | gpg --clearsign
I am getting this result:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
test
gpg: signing failed: No pinentry
gpg: [stdin]: clear-sign failed: No pinentry
The problem is, that the pinetry is installed:
pinentry-curses (pinentry) 1.1.1
Copyright (C) 2016 g10 Code GmbH
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
In my gpg-agent.conf file, I have this line:
pinentry-program /usr/local/bin/pinentry-mac
In my gpg.conf I have this line:
no-tty
gpg version:
gpg (GnuPG) 2.2.27
libgcrypt 1.9.2
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /Users/usr/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
I have tried to kill gpg agent and reinstall gnupg several times, reinstal pinentry. Nothing helped.
Update
I have tried
unset DISPLAY
Still no help
I have downloaded a GNU tar archive (emacs-26.1.tar.xz) and now want to verify it against its signature file. gpg returns with the verify option the following output:
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Obviously the download could not be verified. But what does this mean? Is the tar archive probably corrupt? Or had I not imported the correct keys?
Here is step-by-step what I did:
I downloaded the archive file and its .sig file:
$ wget https://ftp.gnu.org/gnu/emacs/emacs-26.1.tar.xz
$ wget https://ftp.gnu.org/gnu/emacs/emacs-26.1.tar.xz.sig
I downloaded the GNU keyring (the Emacs download page gave me the link):
$ wget https://ftp.gnu.org/gnu/gnu-keyring.gpg
With gpg I imported the GNU keyring:
$ gpg --import gnu-keyring.gpg
Note that this returned:
.
.
.
gpg: Total number processed: 525
gpg: imported: 525 (RSA: 187)
gpg: no ultimately trusted keys found
Finally I verified the tar archive:
gpg --verify emacs-26.1.tar.xz.sig emacs-26.1.tar.xz
This then returned (as stated at the top):
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
So, is the tar archive corrupt or had I not imported the correct keys? If the latter is the case, what are the correct keys for this GNU download?
Unable to find Mach task port for process-id 2546: (os/kern) failure
(0x5).\n (please check gdb is codesigned - see taskgated(8))
What's wrong with my ggdb debugger tool (gdb installed by MacPorts), It was working perfectly for months till now!
The whole problem starts just after running the following command to install some avr tools and libraries:
port install avrdude avarice avr-binutils avr-gcc avr-libc avr-gdb simulavr uisp git gcc5 gcc6
It's not a How-to-sign question, it's already signed months ago, however I'll really appreciate any help suggestions.
You may need to have a look at those:
which ggdb
/opt/local/bin/ggdb
security find-identity -p codesigning
Policy: Code Signing
Matching identities
1) 4627C4FCFACC41114B956E7DAB83E83C014641BC "gdb-cert"
1 identities found
Valid identities only
1) 4627C4FCFACC41114B956E7DAB83E83C014641BC "gdb-cert"
1 valid identities found
find / -name gdb
I'm not using this.
/Applications/Android Studio.app/Contents/bin/lldb/shared/stl_printers/gdb
/Applications/Arduino.app/Contents/Java/hardware/tools/avr/include/gdb
/Applications/CLion.app/Contents/bin/gdb
/Applications/CLion.app/Contents/bin/gdb/bin/gdb
/Applications/CLion.app/Contents/bin/gdb/share/gdb
/Applications/CLion.app/Contents/bin/gdb/share/gdb/python/gdb
/opt/local/include/gdb
/opt/local/libexec/gnubin/gdb
/opt/local/share/gdb
/opt/local/share/gdb/python/gdb
/opt/local/share/glib-2.0/gdb
/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_tarballs_ports_cross_i386-mingw32-binutils/i386-mingw32-binutils/work/binutils-2.21/include/gdb
/opt/local/var/macports/software/gdb
/opt/local/var/macports/sources/rsync.macports.org/release/tarballs/ports/devel/gdb
find / -name ggdb
I'm using this.
/opt/local/bin/ggdb
uname -a
Darwin Ghoneim.local 15.4.0 Darwin Kernel Version 15.4.0: Fri Feb 26 22:08:05 PST 2016; root:xnu-3248.40.184~3/RELEASE_X86_64 x86_64
Thanks for advance for helping me figuring it out..
BACKGROUND: We had pgp software installed on old servers but on our new servers the infrastructure team installed gpg. So we have to do everything using gpg tool now. I am new to this.
So when we try to import a PGP public key block using the gpg import command we get the following error
>gpg --import /<filepath>/PGPKey.asc --user xyzzzd
gpg: Warning: using insecure warning!
gpg please see http://www.gnupg.org/faq.html for more inoformation
gpg key 0DBC987k: "zyzzd <pgpadmin#xyprod.#####.com>" not changed
gpg can't open '--user':No such file or directory
gpg can't open 'xyzzzd':No such file or directory
gpg Total number processed: 1
gpg unchanged: 1
Note we have placed the PGPKey.asc in the temp directory and the commands have been executed from that directory
There is no --user option in GnuPG, especially not for --import which expects all further arguments to be files to be imported; and I could neither find one for PGP.
The message says that the key 0DBC987k was already successfully imported into the GnuPG keyring, and no files could be found for --user nor xyzzzd.
Very likely you're fine just removing --user xyzzzd, otherwise you'll have to explain in detail what you're trying to achieve.
So we have a certificate that allows us to sign kexts,
but when we run > sudo kextload friendly.kext, it fails
and we sign the kext we want, and to prove it's signed, here's some diagnostic output:
👉 codesign --verify -vvvv friendly.kext
friendly.kext: valid on disk
friendly.kext: satisfies its Designated Requirement
👉 spctl -a -vvvv friendly.kext
friendly.kext: accepted
source=Developer ID
origin=Developer ID Application: Friendly Corporation
/Library/Extensions
👉 codesign -dvvv friendly.kext
Executable=/Library/Extensions/friendly.kext/Contents/MacOS/friendly
Identifier=com.friendly.friendly
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20200 size=502 flags=0x0(none) hashes=18+3 location=embedded
Hash type=sha1 size=20
CDHash=a1e2bf8d53ea67c6cfe9fc3d6d2001fe56c838a7
Signature size=8528
Authority=Developer ID Application: Friendly Corporation
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Oct 9, 2014, 11:49:02 AM
Info.plist entries=21
TeamIdentifier=1234567890
Sealed Resources version=2 rules=12 files=1
Internal requirements count=1 size=180
👉 codesign --verify -vvvv friendly.kext
friendly.kext: valid on disk
friendly.kext: satisfies its Designated Requirement
It looks like it's signed properly;
However, when I run > sudo kextutil -v friendly.kext :
Defaulting to kernel file '/System/Library/Kernels/kernel'
Diagnostics for /Library/Extensions/friendly.kext:
Code Signing Failure: code signature is invalid
/Library/Extensions/friendly.kext appears to be loadable (not including linkage for on-disk libraries).
ERROR: invalid signature for com.techsmith.friendly, will not load
I'm thinking either I downloaded the certificate wrong (we definitely got approved for kext signing), although I tried redownloading the certificate once before so that may not be the problem.
Otherwise, it's the way that I'm signing. I'm thinking maybe it has something to do with the permissions I set on the kext before I sign them?
Has anybody seen this problem before?
Thanks in advance!
The kext signing certificate must have the extension "( 1.2.840.113635.100.6.1.18 )" listed - this is what designates it as a kext-enabled certificate. You can easily verify this by viewing it in Keychain Access.app. (it's listed near the bottom, below extension "( 1.2.840.113635.100.6.1.13 )" which I think is used for apps and thus present in all Developer ID certificates)