I'm trying to decrypt a file but I get the following:
gpg <file name>
gpg: encrypted with 2048-bit RSA key, ID 4A83B612, created 2018-02-19
"user <email>"
gpg: decryption failed: secret key not available
When I list my keys using:
gpg --list-keys
Here is the result:
pub 2048R/0BBBBDB3 2018-02-19
uid user <email>
sub 2048R/4A83B612 2018-02-19
I understand that the sub key doesn't seem to be recognized.
To decrypt you need the private key. Have a look at https://www.gnupg.org/gph/en/manual/x110.html:
If you want to encrypt a message to Alice, you encrypt it using Alice's public key, and she decrypts it with her private key. If Alice wants to send you a message, she encrypts it using your public key, and you decrypt it with your key.
As the documentation states, only the recipient you specify by --recipient when encrypting can decrypt the message.
So in summary:
Encrypting uses the public key of the recicipient
Decrypting uses the private key of the recipient
I managed to have an output of gpg --list-secret-keys
I still can't decrypt the file though. Here is the output of gpg --output doc --decrypt doc.gpg:
gpg: encrypted with 2048-bit RSA key, ID 4A83B612, created 2018-02-19
"user " gpg: decryption failed: secret key not available
Related
I am trying to sign (and later verify) a JWT. The issue I have is that there will be multiple servers running and one can sign a JWT and others need to verify. So I can not internally generate a key pair. Our devops would generate the keys store them in a secrets manager and put them as an env variable. I am trying to read the env and create the private key object
My issue is that the key generated by
ssh-keygen -t ed25519
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIPtNTjzDd8/b8asuFRpkrmbmraj3xinurMHoTQFYUMLa
-----END PRIVATE KEY-----
Assuming I put this in an env variable env.key
how do I get the ed25519 key in ruby, neither of the below options seems to work.
#option 1
private_key = RbNaCl::Signatures::Ed25519::SigningKey.new(env.key)
#option 2
private_key = RbNaCl::Signatures::Ed25519::SigningKey.new(Base64.decode64(env.key))
token = JWT.encode payload, private_key, 'ED25519'
I could not find any good example of signing and verifying a file using PGP, I hope the following example could be useful.
I will use Bob and Alice to explain it.
1.Bob install Alice’s PGP Public key in his machine:
$ gpg --import <Key_Alice>-pub-sub.asc
2.Alice signs and encrypts a document (TestMessage.txt) using her PGP Private key :
$ gpg --output TestMessageSignedByAlice.txt -a --sign ./TestMessage.txt
--output : write output to FILE (TestMessageSignedByAlice.txt)
-a, --armor :output file should be in ascii format
--sign : document to sign and encrypt (TestMessage.txt)
The result is a document signed and encrypted (TestMessageSignedByAlice.txt) by Alice using her PGP private key.
3.Finally Bob verifies Alice’s signed document and decrypts document using Alice’s PGP Public Key. The original document content will be found in document TestMessageDecrypt.txt .
$ gpg --output TestMessageDecrypt.txt --decrypt ./TestMessageSignedByAlice.txt
--decrypt: file to verify signature and to decrypt (TestMessageSignedByAlice.txt)
--output : write output to FILE (TestMessageDecrypt.txt)
I used documentation from :
https://www.gnupg.org/gph/en/manual/x135.html
It works in a bit different way:
Alice uses her secret (private) key to sign a document, and Bob's public key to encrypt a document.
Bob uses his secret (private) key to decrypt document, and then Alice's public key to verify signature.
I'm looking to convert an ed25519 private key to an rsa private key using ssh-keygen.
I found this helpful guide but I am having trouble figuring out how to specify that the input format is ed25519 and the export format should be rsa.
I've tried a bunch of different ways trying to match the synopsis and the description of flags, but every time I try, I get "Too many arguments" error from ssh-keygen.
I'd also like to find the command to generate a public key from a ed25519 private key to verify that it works.
No, it can't be converted. RSA and EdDSA are not just different types of keys, these are totally different Cryptosystems. Key generation algorithms, private keys are just part of it.
All the conversion options available in ssh-keygen are usually convert one type of RSA key to another type of RSA key. e.g. converting OPENSSH RSA key to PKCS8 RSA key. Basically, that so called conversion is just packaging RSA key in different ways.
As mentioned in "How to generate secure SSH keys", ED25519 is an EdDSA signature scheme using SHA-512 (SHA-2) and Curve25519
The main problem with EdDSA is that it requires at least OpenSSH 6.5 (ssh -V) or GnuPG 2.1 (gpg --version), and maybe your OS is not so updated, so if ED25519 keys are not possible your choice should be RSA with at least 4096 bits.
To generate the private key:
ssh-keygen -t ed25519 -P "" -f myid_ed25519
From the private key, you can generate its public key (which has nothing to do with RSA):
ssh-keygen -y -f myid_ed25519 > myid_ed25519.pub
I would like to import my secret key from another laptop so I did :
$ gpg2 --allow-secret-key-import --import /mnt/very-secret/private/keys/my-precious.asc
gpg: key 51D5DF*********: "John Doe <john.doe#acme.com>" not changed
gpg: key 51D5DF*********: secret key imported
gpg: Total number processed: 1
gpg: unchanged: 1
gpg: secret keys read: 1
gpg: secret keys unchanged: 1
But later on I did :
$ gpg2 --list-secret-keys | grep 51D5DF
And I don't see my secret key. I don't understand why it isn't visible with the --list-secret-keys option.
I have this files:
AddTrustExternalCARoot.crt
STAR_mydomain_com.crt
TrustedSecureCertificateAuthority5.crt
USERTrustRSAAddTrustCA.crt
domain.key
domain.key is passphrase protected and it was generated during creation of CSR files (files that were required to get .crt files from certificate provider. I tried:
heroku certs:update certs/STAR_mydomain_com.crt certs/domain.key
But I get following error:
! No valid, non-passphrase-protected keys given.
How I can generate valid crt/key for heroku? (I tried all other crt files with domain key but they are not valid domain certificates.
domain.key was generated with following command:
openssl genrsa -des3 -out domain.key 2048
Here's how to remove a passphrase from a private key:
openssl rsa -in certs/domain.key -out certs/domain-nopassphrase.key
You'll need to enter the current passphrase on the private key. If prompted for a passphrase on the new key, do not enter one (just press enter).
You can then update your SSL endpoint using your cert + this new key:
heroku certs:update certs/*.crt certs/domain-nopassphrase.key