How to encrypt using public certificate\key
shaarang tyagi
shaarang.tyagi at gmail.com
Thu Sep 7 12:58:16 CEST 2017
Hello Peter,
I am trying to understand the encryption process and the all the input that
is required to perform encryption.
So according to this RFC, section 2.1:
https://tools.ietf.org/html/rfc4880#section-2.1
There can be 2 sources for encryption key, either a session key(generated
randomly) or a shared pass phrase (key is derived from this phrase) ?
So there is a command i found somewhere , to use with command line GnuPG,
to do encryption:
gpg -e -u "Sender User Name" -r "Receiver User Name" somefile
Which method does this command uses exactly?
It does message encryption with a given username's certificate's pub
key?(Is this a third method which is not mentioned in that RFC ) ?
Also, Where can i find all the commands for all the possibilities using
different key sources?
Best Regards,
Shaarang
On Wed, Sep 6, 2017 at 8:25 PM, shaarang tyagi <shaarang.tyagi at gmail.com>
wrote:
> Hello Peter,
>
> Thanks a lot to you for clarifying this in a paragraph otherwise i would
> have to read a whole lot of things to understand that i am trying to
> connect 2 totally differet things!
> I will go through the pdf and may have more question(s).
>
> Thanks again!
> Shaarang
>
> On Sep 6, 2017 8:05 PM, "Peter Lebbing" <peter at digitalbrains.com> wrote:
>
> Hello Shaarang,
>
> On 06/09/17 16:13, shaarang tyagi wrote:
> > I am talking about OpenPGP, i want to encrypt a file that follows
> > openpgp standard [...]
>
> > I was encrypting by selecting a certificate which i had imported , i had
> > also imported its root ca, so certificate chain was fully there but
> > encryption failed.
>
> "Root CA", "certificate chain" and your earlier "PEM public key" tell me
> you are using certificates from the Cryptographic Message Syntax
> ecosystem (to which S/MIME belongs also). These are not OpenPGP
> certificates/public keys, and it is simply impossible to encrypt an
> OpenPGP message to them. You will need to ask your peer for their
> OpenPGP certificate (also called "public key") before you can send them
> an OpenPGP encrypted message.
>
> They are two completely separate and incompatible ecosystems. It just so
> happens that GnuPG does have some support for CMS as well, through the
> gpgsm binary.
>
> More about starting with OpenPGP is in The GNU Privacy Handbook[1]. That
> guide is pretty outdated, though, so don't take its word for gospel.
>
> HTH,
>
> Peter.
>
> [1] <https://www.gnupg.org/gph/en/manual.html>
>
> --
> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170907/8c2cbac7/attachment.html>
More information about the Gnupg-users
mailing list