I am using gpg (GnuPG) 2.1.15 on Ububtu 16.04, 64 bit. The gpg --gen-key only asks for my name and email ID nothing else. I'd expect it to ask for key size, algorithm, expiration date etc. How can I change the behavior?
You should use:
gpg2 --full-gen-key
and you will be able to set key size, algorithm, expiration date etc.
Related
When you receive a PGP message encrypted with your key, your PGP software can decrypt it because the message itself is encrypted with a one-time use random key and that random key is encrypted with your own key. Therefore, if you can get the random key ("session key" or "secret key"), then you can share it (and the original message) to prove to someone else what the original message said. This is what I need to do. I have been unable to find commands I can use in Windows or Linux to recover this random key. Does anyone know how to get it from the PGP message?
I'd also like to learn how to improve my search strategy because I believe the answer is already on the Internet and I just didn't search for the right keywords to find it.
echo '-----BEGIN PGP MESSAGE [...]' | gpg --show-session-key
It's okay if your PGP message spans multiple lines. You can paste it in and the presence of the first single quote causes the CLI to continue your input at the line breaks.
In Windows subsystem for Linux (aka WSL), you can use gpg to do this. One common problem with gpg is that it assumes it has a terminal connection (which is probably true) and that GPG_TTY is an environment variable that points to that connection (which might be false). The result of trying something in this case will produce Inappropriate ioctl for device and you can fix that with the following command: export GPG_TTY=$(tty)
You have to make sure the key you use to decrypt the message is in the keyring of the system you're using. I've been using Kleopatra in Windows and forgot that the keyring it uses is NOT shared with WSL, so I had to gpg --import [filename of my key] and enter my passphrase.
Once all that works, you'll get output that contains something like:
gpg: session key: '3:541FE563...
which you can use as described at https://security.stackexchange.com/questions/115231/how-to-decrypt-a-message-using-only-session-key to share the contents of the encrypted message without divulging your own private key. Thanks to Alex of Localmonero.com (aka Agoradesk.com) for helping me figure this out.
I want to disable GPG caching entirely. Ie, symmetrically encrypt a file, then have it ask for a password every time.
Specifically, I'm using GPG 2.2.14 to try to do:
gpg -c file.txt
I've tried adding a ~/.gnupg/gpg-agent.conf with default-cache-ttl and max-cache both set to 1 but this doesn't seem to work. Ive also tried encrypting with --no-symkey-cache but again, this doesn't seem to prevent password caching. The two in combination also does not prevent caching. On first attempt it asks for password, then caches it and doesn't ask again.
I want the file to be encrypted and the password to be nuked and never seen again for all users, including myself and root. Anyone know how to do this?
System is Raspbian Buster 10 running on a raspberry pi 4.
I'm trying to figure out how i could manually (on a linux machiene) encrypt / hash the password in the Autounattended.xml for the AdministratorPassword.
Right now i have an hash from the Windows Tool generated like:
<UserAccounts>
<AdministratorPassword>
<Value>eAB4AEgANwAtAEgASAAyAGYAQQBkAG8AaQBuAGkAcwB0AHIAYQB0AG8AcgAQAGEAcwBzAHcAbwByAGQA</Value>
<PlainText>false</PlainText>
</AdministratorPassword>
</UserAccounts>
I would like to know how i have to hash a password in linux to put the hashed string into the Autounattended.xml for an automatic windows installation.
Right now i do not find any clues about how the password is hashed, and it seems for now i only can generate an hashed password via the Windows unattended generation tool..
The hash is a base64 representation of the actual password concatened with AdministratorPassword string. But I'm not absolutely sure because your hasn't exactly this string.
I'd like to give the highest trust level to a certificate. I need to do so, as this certificate is mine but I don't have exported it before formatting my PC.
I have downloaded it from a public key server and I have my private key saved in KeePass, but I don't know what to do next.
I'm sorry I cannot tell you how to do it in Kleopatra, but it is rather easy on the command line.
If you haven't imported the private key yet, save it to a file (let's say, key.pgp, name and extension don't matter). Now run gpg --import <key.pgp. Your key should be listed using gpg -K now.
For setting trust (the highest trust level in OpenPGP is "ultimate", which is usually only applied to your own certificates, as you want to do in this case), run gpg --edit-key [key-id] (printed in gpg -K above). In the edit key menu, run trust; and enter 5 (followed by Return for "I trust ultimately". Confirm with y (again followed by Return), and finally run save to store the modified key and quit GnuPG.
I successfully put my private key at a place where git finds it when it connects to github.
(like this https://serverfault.com/questions/194567/how-to-i-tell-git-for-windows-where-to-find-my-private-rsa-key/198691#198691 )
But when I try to sign a tag, this default magic seems not to apply. The brilliant git community book talks about an gpg-key-id, but I created my keys with puttygen, and seem not to have such an id.
So, how can I tell git a Windows machine that the key it shall use resides at ~/.ssh/id_rsa ?
Thank you, Falko
To sign a tag you need a GPG/PGP ID and not a SSH id. The SSH id is used to encrypt the connection and identify yourself to the server.
The GPG works in general similar how ever there is a kind of "profile" linked to your public gpg key. To get started on with GPG on windows gpg3win is a good place to look. Also the Wikipedia entries on GPG and PGP are good places to get some insight regarding this topic.
how can I tell git a Windows machine that the key it shall use resides at ~/.ssh/id_rsa
You need to define ~, ie HOME (which isn't a variable defined by default on Windows. HOMEPATH or USERPROFILE are).
See for instance "Auth fails on Windows XP with git and tortoisegit", where HOME is defined to a complete non-default path (ie not HOMEPATH)