How to encrypt using public certificate\key

shaarang tyagi shaarang.tyagi at gmail.com
Thu Sep 7 12:58:16 CEST 2017 

Hello Peter,

I am trying to understand the encryption process and the all the input that
is required to perform encryption.

So according to this RFC, section 2.1:

https://tools.ietf.org/html/rfc4880#section-2.1

There can be 2 sources for encryption key, either a session key(generated
randomly) or a shared pass phrase (key is derived from this phrase) ?

So there is a command i found somewhere , to use with command line GnuPG,
to do encryption:

gpg -e -u "Sender User Name" -r "Receiver User Name" somefile

Which method does this command uses exactly?
It does message encryption with a given username's certificate's pub
key?(Is this a third method which is not mentioned in that RFC ) ?

Also, Where can i find all the commands for all the possibilities using
different key sources?

Best Regards,
Shaarang




On Wed, Sep 6, 2017 at 8:25 PM, shaarang tyagi <shaarang.tyagi at gmail.com>
wrote:

> Hello Peter,
>
> Thanks a lot to you for clarifying this in a paragraph otherwise i would
> have to read a whole lot of things to understand that i am trying to
> connect 2 totally differet things!
> I will go through the pdf and may have more question(s).
>
> Thanks again!
> Shaarang
>
> On Sep 6, 2017 8:05 PM, "Peter Lebbing" <peter at digitalbrains.com> wrote:
>
> Hello Shaarang,
>
> On 06/09/17 16:13, shaarang tyagi wrote:
> > I am talking about OpenPGP, i want to encrypt a file that follows
> > openpgp standard [...]
>
> > I was encrypting by selecting a certificate which i had imported , i had
> > also imported its root ca, so certificate chain was fully there but
> > encryption failed.
>
> "Root CA", "certificate chain" and your earlier "PEM public key" tell me
> you are using certificates from the Cryptographic Message Syntax
> ecosystem (to which S/MIME belongs also). These are not OpenPGP
> certificates/public keys, and it is simply impossible to encrypt an
> OpenPGP message to them. You will need to ask your peer for their
> OpenPGP certificate (also called "public key")  before you can send them
> an OpenPGP encrypted message.
>
> They are two completely separate and incompatible ecosystems. It just so
> happens that GnuPG does have some support for CMS as well, through the
> gpgsm binary.
>
> More about starting with OpenPGP is in The GNU Privacy Handbook[1]. That
> guide is pretty outdated, though, so don't take its word for gospel.
>
> HTH,
>
> Peter.
>
> [1] <https://www.gnupg.org/gph/en/manual.html>
>
> --
> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170907/8c2cbac7/attachment.html>

More information about the Gnupg-users mailing list