New to GPG

John Clizbe JPClizbe at comcast.net
Tue Jan 4 23:23:09 CET 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adam Cormany wrote:
> I've installed GPG 1.2.1 onto AIX 4.3.3. I also have
> GPG 1.4.0 installed on a Windows NT 4.0 workstation.
> My goal is to encrypt a file on the AIX box and
> decrypt the file on the Windows box. I would prefer to
> not have to enter the passphrase on the Windows box if
> possible to try to automate the process of decryption.
>
> <snippage>
> 
> Could someone please tell me what step I'm missing or
> if I'm incorrectly trying to encrypt from AIX and
> decrypting to Windows?

Your export didn't export your secret key. Exporting secret keys has
certain security risks. See --export-secret-key in the 1.4.0 man page.
BTW, you want to make positive you have 1.4.0a on the Windows box.

On your windows box, open a CMD window and run

	gpg --list-secret-keys
and
	gpg --list-keys

I bet only the public key is there.

I don't know your network setup, but you could more easily transfer the
public and secret keyring files (in binary) over a secure network
connection (scp or sftp) or on a FAT formatted floppy.

If the transfer is always going to be from the AIX box to the NT box, you
don't need nor do you *REALLY* want your secret key on the AIX box.
Generate a keypair sans passphrase on the NT box and export the PUBLIC key
to the AIX box. Use that to encrypt TO the NT box. Each secret key should
have only one home - especially one with no passphrase.

If you are encrypting data both ways consider a pair of keypairs (easily
extended to more machines), with each machine having it's own
public+secret keypair along with the public key(s) of the machine(s) it's
sending encypted files.

You can even sign and encrypt using the two keypair scheme: AIX uses its
secret key to sign the file, then encrypts it to NT's public key. The
encrypted data is transferred. NT then uses its secret key to decrypt the
file and AIX's public key to verify the signature.

This is a good approach if you're emailing the files. But if you're
transferring directly from one machine to the other with no relays, you
may want to look at OpenSSH and scp or sftp as a better mousetrap to more
easily solve this problem.

Regards.
- --
John P. Clizbe                   Inet:   John (a) Mozilla-Enigmail.org
Golden Bear Networks             PGP/GPG KeyID: 0x608D2A10
"Gir-r-r-r-rl" is like this Universal Gay term, like 'Aloha' or 'Shalom'.
	- Margaret Cho
"Only the truly intelligent know when they are being stupid."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1-cvs-2005-01-03 (Windows 2000 Pro SP4)
Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFB2xdLHQSsSmCNKhARAguRAKCUMsedvWgd9vxvo55s6ffvXZi6cgCeNT+1
wf/tY/44KWpIlp9lB0gRjG4=
=/org
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list