Newbie question - how to include the pass phrase in the command

Steve Butler sbutler@fchn.com
Fri Jun 6 20:39:02 2003


--recipient 
  This is the key ID of the person to whom the file will be sent.  Don't use
the '--encrypt-to' option for this.  --recipient <<key_id>> is enough to
ensure the file is encrypted so the other person can decrypt it.

--encrypt-to <<quoting the man page>>
                 Same as --recipient but this one is intended for
                 use in the options file and  may  be  used  with
                 your own user-id as an "encrypt-to-self".  These
                 keys are only used when there are other  recipi-
                 ents  given  either  by use of --recipient or by
                 the asked user id.  No trust  checking  is  per-
                 formed for these user ids and even disabled keys
                 can be used.

You encrypt the file to yourself so you can decrypt it later (if the need to
see exactly what was sent).  You are using the options in opposite order to
their intended usage.



You really should read up on the web of trust.

-----Original Message-----
From: Ping Kam [mailto:pkam@quikcard.com]
Sent: Friday, June 06, 2003 10:24 AM
To: gnupg-users@gnupg.org
Subject: Re: Newbie question - how to include the pass phrase in the
command


----- Original Message -----
From: "Steve Butler" <sbutler@fchn.com>
To: "'Ping Kam'" <pkam@quikcard.com>; <gnupg-users@gnupg.org>
Sent: Thursday, June 05, 2003 7:52 PM
Subject: RE: Newbie question - how to include the pass phrase in the command


> Ah, because it's now checking the right things in the right order.
>
> It's the "recipient" to whom you are sending the encrypted file that needs
> to be "trusted".  In the first version you are sending to yourself
> (actually, sending to somebody for whom you also have the secret key).  So
> you trust (the secret key trusts) the recipient.
>
This is confusing.  I want to encrypt the file for the recipient so I
encrypt-to the recipient.  I want to ensure that I can also decrypt the file
so I add myself to the list of recipients.  Why would I want to encrypt the
file to myself?

> I suspect that the "encrypt-to" logic doesn't do the web of trust check.
>
Don't know anything about this feature.  But since I am not using it now, I
don't really care.

> Did you sign (or local sign) the recipient's public key?  I don't do it at
> work either since the only keys that get loaded are ones that are
"trusted".
> Therefore I set the trust always flag.
>
I have tried to trust a key using the trusted-key option but I don't know
what to enter for the keyid.  I tried the 8 digit hex number from
the --list-key, the 5 digit number before it, and the two together with the
slash.  I always get the error 'xxxx is not a valid long keyID'.  And I
couldn't find any documentation or help on how to do this.  Can you tell me
how to do this, or direct me to some links that will?

> You may be interested the some of the following options to gpg:  batch,
> no-tty, always-yes
>
I have tried them all, none of them works for me.  I get the prompt anyway.

Thanks,
Ping Kam



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.