Gnupg-users Digest, Vol 85, Issue 3

Tammy Collier TCollier at Prospera.ca
Wed Oct 6 16:38:37 CEST 2010


We figured it out.  We needed an extra parameter to get the passphrase to be entered from a file into the command line.

"C:\Program Files\GNU\GnuPG\gpg2" --batch --passphrase-file "C:\Program Files\GNU\GnuPG\pass.txt" -du "Username <person at email.ca>" -o "C:\RPTS%3%2%1.zip" "C:\RPTS%3%2%1.pgp"

Tammy Collier, DCIS, MCTS
Systems Administrator, Information Technology

direct: 604 864 6578
cell: 778 549 0148
email: tcollier at prospera.ca
Urgent email, 24 hours a day: pcuops at prospera.ca



-----Original Message-----
From: gnupg-users-bounces at gnupg.org [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of gnupg-users-request at gnupg.org
Sent: Tuesday, October 05, 2010 11:03 AM
To: gnupg-users at gnupg.org
Subject: Gnupg-users Digest, Vol 85, Issue 3

Send Gnupg-users mailing list submissions to
	gnupg-users at gnupg.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.gnupg.org/mailman/listinfo/gnupg-users
or, via email, send a message with subject or body 'help' to
	gnupg-users-request at gnupg.org

You can reach the person managing the list at
	gnupg-users-owner at gnupg.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Gnupg-users digest..."


Today's Topics:

   1. Decrypting a file with a passphrase via command line
      (Tammy Collier)
   2. import key to smart cards (koladina)
   3. Re: import key to smart cards (Werner Koch)
   4. schedule batch file (Lee Elcocks)
   5. How to delete a signature from a key with delsig? (Max Burley)
   6. Re: How to delete a signature from a key with delsig?
      (Daniel Kahn Gillmor)


----------------------------------------------------------------------

Message: 1
Date: Mon, 4 Oct 2010 14:29:27 -0700
From: "Tammy Collier" <TCollier at Prospera.ca>
To: <gnupg-users at gnupg.org>
Subject: Decrypting a file with a passphrase via command line
Message-ID: <51A6A48F9624A443A50033DF6FF29BF7A09F27 at mail01.fvecu.com>
Content-Type: text/plain; charset="us-ascii"

I have gpg2 installed and I get prompted for the passphrase when I try
to decrypt the file.  If I enter in the passphrase and don't log out it
doesn't prompt me the next time as it is cached, but I need to
disconnect from the RDP connection so that's not an option.  I can
figure out how to put the passphrase into the command line so that it
does not require user intervention.  Help?

 

Tammy Collier, DCIS, MCTS
Systems Administrator, Information Technology

Prospera Credit Union | Insurance
direct: 604 864 6578

cell: 778 549 0148 

toll-free:  1 888 440 4480
fax:  604 864 6556

web: prospera.ca <http://prospera.ca/> 
email: tcollier at prospera.ca <mailto:tcarson at prospera.ca> 

Urgent email, 24 hours a day: pcuops at prospera.ca
<mailto:pcuops at prospera.ca> 

 



This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed.

If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you receive this email in error, please immediately notify the sender.

Please note that this financial institution neither accepts nor discloses confidential member account information via email. This includes password related inquiries, financial transaction instructions and address changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20101004/a072fa9f/attachment-0001.htm>

------------------------------

Message: 2
Date: Tue, 05 Oct 2010 13:18:00 +0200
From: koladina <koladina at web.de>
To: gnupg-users at gnupg.org
Subject: import key to smart cards
Message-ID: <4CAB0968.3080405 at web.de>
Content-Type: text/plain; charset=UTF-8

Hello eyeryone,

I?ve got a special question concerning GnuPG and smart card
My question is: How can I import a (sec-pub-)key which was
generated on a crypto stick (containing an integrated smart card)
into another crypto stick? A crypto stick like:
http://www.privacyfoundation.de/crypto_stick/crypto_stick_english/

Normaly it should work by using the keytocard-command:
http://www.gnupg.org/howtos/card-howto/en/ch05.html#id2523191
But in my case (and I guess I?m not the only one) the process can?t
conclude. See my example here:

___________________________

office:~ home$ gpg2 --edit-key F4C8....
gpg (GnuPG/MacGnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  2048R/F4C8....  created:  2010-02-17 expires: never   usage: SC
                     trust: ultimate      validity: ultimate
sub 2048R/DAE5.... created: 2010-02-17 expires: never      usage: A
sub 2048R/BD84.... created: 2010-02-17 expires: never 	usage. E
[ultimate] (1). <my at mailaddress.org>

Command> toggle
sec   2048R/F4C8.... created:  2010-02-17 expires: never
			   card number:0006 000002FD
ssb 	2048R/DAE7.... created:  2010-02-17 expires: never
			   card number:0006 000002FD
ssb  	2048R/BD84.... created:  2010-02-17 expires: never
			   card number:0006 000002FD
(1) name <my at mailadress.org>

Command> keytocard
Really move the primary key? (y/N) y
Signature key ....: E5B0 AA49 39A0 01D1 29A9  9042 28D4 524A 2AB4 7879
Encryption key....: 93CF AB4A AD27 DEC3 986E  C90F 2AEB 898F F651 78AC
Authentication key: BA48 357B 5E13 9D2A 4E14  AEB7 07A6 51FA 53CD 0819

Please select where to store the key:
   (1) Signature key
   (3) Authentication key
Your selection? 3

gpg: WARNING: such a key has already been stored on the card!

Replace existing key? (y/N) y

gpg: secret key is already stored on a card

Command>
_____________________________

The problem seems to be either that GnuPG blocks importing the key
because the key is already stored on another card. Or GnuPG ?things?
the key is already stored on the card on which I want to import the key.
Is there a way to work with a trick in order to ?persuade? GnuPG to do
that nevertheless (to allow the key-import). Does anyone know the trick?

A big thanks in advance

Kola



------------------------------

Message: 3
Date: Tue, 05 Oct 2010 17:18:27 +0200
From: Werner Koch <wk at gnupg.org>
To: koladina <koladina at web.de>
Cc: gnupg-users at gnupg.org
Subject: Re: import key to smart cards
Message-ID: <87fwwkmzwc.fsf at vigenere.g10code.de>
Content-Type: text/plain; charset=us-ascii

On Tue,  5 Oct 2010 13:18, koladina at web.de said:

> My question is: How can I import a (sec-pub-)key which was
> generated on a crypto stick (containing an integrated smart card)
> into another crypto stick? A crypto stick like:

The whole point of generating keys on a smartcard is that it is
impossible to get it back out of the card - you may only use the
generated key with certain command provided by the smartcard.

And thus you can't import it to another smartcard.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




------------------------------

Message: 4
Date: Tue, 5 Oct 2010 16:18:46 +0100
From: Lee Elcocks <l_elcocks at hotmail.co.uk>
To: <gnupg-users at gnupg.org>
Subject: schedule batch file
Message-ID: <SNT115-W51A1B9994FD0176FB36288DF6D0 at phx.gbl>
Content-Type: text/plain; charset="iso-8859-1"


Hello 

 

I have installed GNUGP 1.4.10 installed on windows XP. I need to create a script that will allow me to do the following.

 

Create a 'drop folder' in a directory, where any files dropped in that location will be encrypted and signed with the same keys.

 

Create a 'decrpted' folder where any encyrpted files that are dropped to this location are decypted using the same keys.

 

The keys will have passphrases on them, i need to automate this also so their is no human interaction.

 

I plan to schedule the batch files using XP scheduler

 

Any help, and i mean any help at all would be greatly appreciated!

 

Many Thanks

 

Lee
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20101005/a9f38455/attachment-0001.htm>

------------------------------

Message: 5
Date: Tue, 05 Oct 2010 09:21:11 -0700
From: Max Burley <burley at telus.net>
To: gnupg-users at gnupg.org
Subject: How to delete a signature from a key with delsig?
Message-ID: <1286295671.2718.25.camel at max-desktop64>
Content-Type: text/plain; charset="utf-8"

I have two keys: 
- a personal key (used to sign this message); and
- a business key.

Inadvertently, I signed the business key with the personal key. Trying
to remove that personal signature with delsig fails.
Bringing up the business key with "gpg --edit-key <key_name>" gives me
the "command>" prompt, at which point entering "<UID (n)> delsig" runs
without an error message, but the personal key signature is still
attached to the business key when I run "gpg --list-sigs <key_name>".

Am I missing something terribly obvious here?
Max Burley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20101005/e11fe536/attachment-0001.pgp>

------------------------------

Message: 6
Date: Tue, 05 Oct 2010 14:11:46 -0400
From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
To: Max Burley <burley at telus.net>
Cc: gnupg-users at gnupg.org
Subject: Re: How to delete a signature from a key with delsig?
Message-ID: <4CAB6A62.6060904 at fifthhorseman.net>
Content-Type: text/plain; charset="utf-8"

On 10/05/2010 12:21 PM, Max Burley wrote:
> I have two keys: 
> - a personal key (used to sign this message); and
> - a business key.
> 
> Inadvertently, I signed the business key with the personal key. Trying
> to remove that personal signature with delsig fails.

how does it fail?

to be clear, if this sig is already pushed to the keyservers you cannot
delete it effectively, and your best bet is to revoke it.

> Bringing up the business key with "gpg --edit-key <key_name>" gives me
> the "command>" prompt, at which point entering "<UID (n)> delsig" runs
> without an error message, but the personal key signature is still
> attached to the business key when I run "gpg --list-sigs <key_name>".
> 
> Am I missing something terribly obvious here?

It's not terribly obvious, but i think what you want to do within the
gpg --edit-key prompt is a multi-line approach:

 uid <X>
 delsig

 <then keep pressing "n" until you see the sig you want to delete --
  at that point, choose Y>

 <choose q if there are no more sigs you want to delete>
 save

and then you should be back at your shell's prompt.

hth,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101005/27def3d3/attachment.pgp>

------------------------------

_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


End of Gnupg-users Digest, Vol 85, Issue 3
******************************************


This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed.

If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you receive this email in error, please immediately notify the sender.

Please note that this financial institution neither accepts nor discloses confidential member account information via email. This includes password related inquiries, financial transaction instructions and address changes.



More information about the Gnupg-users mailing list