<div dir="auto">Please Help me get off this </div><div dir="auto">I have tried but not working </div><div dir="auto">Please </div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Aug 17, 2022 at 3:47 AM <<a href="mailto:gnupg-users-request@gnupg.org">gnupg-users-request@gnupg.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send Gnupg-users mailing list submissions to<br>
        <a href="mailto:gnupg-users@gnupg.org" target="_blank">gnupg-users@gnupg.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
        <a href="https://lists.gnupg.org/mailman/listinfo/gnupg-users" rel="noreferrer" target="_blank">https://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
        <a href="mailto:gnupg-users-request@gnupg.org" target="_blank">gnupg-users-request@gnupg.org</a><br>
<br>
You can reach the person managing the list at<br>
        <a href="mailto:gnupg-users-owner@gnupg.org" target="_blank">gnupg-users-owner@gnupg.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of Gnupg-users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
   1. Re: GNUPG and Google Cloud (C.J. Collier)<br>
   2. gpa.exe hungs when click on "smartcards" AND scdaemon cannot<br>
      recognise SC-HSM (Minas Argyrou)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Tue, 16 Aug 2022 13:29:19 -0700<br>
From: "C.J. Collier" <<a href="mailto:cjac@colliertech.org" target="_blank">cjac@colliertech.org</a>><br>
To: David Gordon <<a href="mailto:DavidWGordon1011@outlook.com" target="_blank">DavidWGordon1011@outlook.com</a>><br>
Cc: "<a href="mailto:gnupg-users@gnupg.org" target="_blank">gnupg-users@gnupg.org</a>" <<a href="mailto:gnupg-users@gnupg.org" target="_blank">gnupg-users@gnupg.org</a>><br>
Subject: Re: GNUPG and Google Cloud<br>
Message-ID:<br>
        <<a href="mailto:CAJj0OuvWzGUfHFCy8LrzW8BiVSrzP7KsxuPPoSVc848kP2OFRA@mail.gmail.com" target="_blank">CAJj0OuvWzGUfHFCy8LrzW8BiVSrzP7KsxuPPoSVc848kP2OFRA@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi David,<br>
<br>
I would take a look at Secret Manager[1] as a way to store your private key<br>
material confidentially.  Perhaps consider Cloud Run[2] as a mechanism for<br>
execution of arbitrary code, in this case for instance with the<br>
encryption/decryption pipeline using the python runtime and python-gnupg[3]<br>
library.<br>
<br>
You might instead find Cloud Pub/Sub[4] and Dataflow[5] to be useful for<br>
streaming the data from your on-prem environment to GCS, and from GCS to<br>
BigQuery.<br>
<br>
In short, yes, there are a variety of ways to perform the steps that you're<br>
talking about on GCP.  You should be able to develop a proof of concept on<br>
a small scale while staying within the limits of the free tier[6].  I'm not<br>
quite clear on why you would want to encrypt the data when you will<br>
eventually decrypt it for storage into BigQuery, but yes, it is feasible.<br>
<br>
C.J.<br>
<br>
[1] <a href="https://cloud.google.com/secret-manager" rel="noreferrer" target="_blank">https://cloud.google.com/secret-manager</a><br>
[2] <a href="https://cloud.google.com/run" rel="noreferrer" target="_blank">https://cloud.google.com/run</a><br>
[3] <a href="https://pypi.org/project/python-gnupg/" rel="noreferrer" target="_blank">https://pypi.org/project/python-gnupg/</a><br>
[4] <a href="https://cloud.google.com/pubsub" rel="noreferrer" target="_blank">https://cloud.google.com/pubsub</a><br>
[5] <a href="https://cloud.google.com/dataflow" rel="noreferrer" target="_blank">https://cloud.google.com/dataflow</a><br>
[6] <a href="https://cloud.google.com/free" rel="noreferrer" target="_blank">https://cloud.google.com/free</a><br>
<br>
On Tue, Aug 16, 2022 at 11:33 AM David Gordon <<a href="mailto:DavidWGordon1011@outlook.com" target="_blank">DavidWGordon1011@outlook.com</a>><br>
wrote:<br>
<br>
> CJ,<br>
><br>
><br>
><br>
> We were looking for a server-less solution. What we want to do is take<br>
> data from a legacy mainframe system, encrypt it via PGP, and then via GKE<br>
> transfer it to Cloud Storage. From there we want to decrypt it via GnuPG,<br>
> save it in Cloud Storage and then load it into Big Query.<br>
><br>
><br>
><br>
> Thanks,<br>
><br>
> David<br>
><br>
><br>
><br>
> *From:* C.J. Collier <<a href="mailto:cjac@colliertech.org" target="_blank">cjac@colliertech.org</a>><br>
> *Sent:* Tuesday, August 16, 2022 10:23 AM<br>
> *To:* David Gordon <<a href="mailto:DavidWGordon1011@outlook.com" target="_blank">DavidWGordon1011@outlook.com</a>><br>
> *Cc:* <a href="mailto:gnupg-users@gnupg.org" target="_blank">gnupg-users@gnupg.org</a><br>
> *Subject:* Re: GNUPG and Google Cloud<br>
><br>
><br>
><br>
> Hi there!<br>
><br>
><br>
><br>
> Are you looking for a server-less solution or will a Debian instance on<br>
> GCE or GKE suffice?<br>
><br>
><br>
><br>
> You can "deploy" GNUPG with apt-get.  Decrypting content would require<br>
> getting a private key or an agent onto the system.<br>
><br>
><br>
><br>
> Can you give more details about what you're looking for?<br>
><br>
><br>
><br>
> C.J. in Cloud Support, Seattle<br>
><br>
> GCP Technical Solutions Engineer<br>
><br>
><br>
><br>
><br>
><br>
> On Tue, Aug 16, 2022, 05:49 David Gordon via Gnupg-users <<br>
> <a href="mailto:gnupg-users@gnupg.org" target="_blank">gnupg-users@gnupg.org</a>> wrote:<br>
><br>
> Can GnuPG be deployed to GCP to decrypt files? If so, is there a<br>
> recommended approach?<br>
><br>
><br>
><br>
> Thanks,<br>
><br>
> David<br>
><br>
><br>
><br>
> Sent from Mail<br>
> <<a href="https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkId%3D550986&data=05%7C01%7C%7Cad6622d2400147059b4508da7f92dad8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637962565967612968%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=A2zN6aWVAIQ7H8Zhq2JiSIZ2cEjDy2yKCQdRIX7T7bA%3D&reserved=0" rel="noreferrer" target="_blank">https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkId%3D550986&data=05%7C01%7C%7Cad6622d2400147059b4508da7f92dad8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637962565967612968%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=A2zN6aWVAIQ7H8Zhq2JiSIZ2cEjDy2yKCQdRIX7T7bA%3D&reserved=0</a>><br>
> for Windows<br>
><br>
><br>
><br>
> _______________________________________________<br>
> Gnupg-users mailing list<br>
> <a href="mailto:Gnupg-users@gnupg.org" target="_blank">Gnupg-users@gnupg.org</a><br>
> <a href="https://lists.gnupg.org/mailman/listinfo/gnupg-users" rel="noreferrer" target="_blank">https://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br>
> <<a href="https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.gnupg.org%2Fmailman%2Flistinfo%2Fgnupg-users&data=05%7C01%7C%7Cad6622d2400147059b4508da7f92dad8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637962565967612968%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EnvRhaqhJaDX%2FlpIwBGk3QjuMcIXh5Gcppuypi5kNYw%3D&reserved=0" rel="noreferrer" target="_blank">https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.gnupg.org%2Fmailman%2Flistinfo%2Fgnupg-users&data=05%7C01%7C%7Cad6622d2400147059b4508da7f92dad8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637962565967612968%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EnvRhaqhJaDX%2FlpIwBGk3QjuMcIXh5Gcppuypi5kNYw%3D&reserved=0</a>><br>
><br>
><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220816/1651fc4d/attachment-0001.html" rel="noreferrer" target="_blank">https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220816/1651fc4d/attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Wed, 17 Aug 2022 07:15:33 +0000<br>
From: Minas Argyrou <<a href="mailto:minasargyrou@outlook.com" target="_blank">minasargyrou@outlook.com</a>><br>
To: "<a href="mailto:gnupg-users@gnupg.org" target="_blank">gnupg-users@gnupg.org</a>" <<a href="mailto:gnupg-users@gnupg.org" target="_blank">gnupg-users@gnupg.org</a>><br>
Cc: Minas Argyrou <<a href="mailto:minasargyrou@outlook.com" target="_blank">minasargyrou@outlook.com</a>><br>
Subject: gpa.exe hungs when click on "smartcards" AND scdaemon cannot<br>
        recognise SC-HSM<br>
Message-ID:<br>
        <<a href="mailto:AS4P251MB094158964CBA8E7E7339A92DC16A9@AS4P251MB0941.EURP251.PROD.OUTLOOK.COM" target="_blank">AS4P251MB094158964CBA8E7E7339A92DC16A9@AS4P251MB0941.EURP251.PROD.OUTLOOK.COM</a>><br>
<br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hello,<br>
<br>
I believe I have found the cause of the problem with the GnuPG. When removing <br>
the AES key from the card, the error about the invalid PrKDF disappeared, <br>
which I believe is progress.<br>
<br>
When I try "scdaemon --server" and then type "learn", I get the following:<br>
<br>
scdaemon[xxxxx]: detected reader 'ACS CCID USB Reader 0'<br>
scdaemon[xxxxx]: reader slot 0: not connected<br>
scdaemon[xxxxx]: pcsc_control failed: invalid PC/SC error code (0x1)<br>
scdaemon[xxxxx]: pcsc_vendor_specific_init: GET_FEATURE_REQUEST failed: 65547<br>
scdaemon[xxxxx]: reader slot 0: active protocol: T1<br>
scdaemon[xxxxx]: slot 0: ATR=xxxxxxxxxxxxxx<br>
scdaemon[xxxxx]: DBG: PrKDF C401: id=xxxxxxxxxxxxxx keyref=0x01 keysize=528 <br>
usage=sign,derive<br>
scdaemon[xxxxx]: DBG: CDF C401: id=xxxxxxxxxxxxxx fid=CE01<br>
scdaemon[xxxxx]: DBG: PrKDF C402: id=xxxxxxxxxxxxxx keyref=0x02 keysize=2048 <br>
usage=decrypt,sign,sign_recover,unwrap<br>
scdaemon[xxxxx]: DBG: CDF C402: id=xxxxxxxxxxxxxx fid=CE02<br>
S READER ACS CCID USB Reader 0<br>
S SERIALNO xxxxxxxxxxxxxx<br>
INQUIRE KNOWNCARDP xxxxxxxxxxxxxx<br>
<br>
<br>
I then try "gpg --card-edit --expert" and then "admin" and "list"<br>
<br>
Reader ...........: ACS CCID USB Reader 0<br>
Application ID ...: xxxxxxxxxxxxxx<br>
Application type .: Unknown<br>
<br>
<br>
GnuPG is now recognising the private keys and can parse the PrKDF record but <br>
still cannot use the keys. Any thoughts on this?<br>
<br>
Thanks in advance!<br>
<br>
Argyrou Minas<br>
-------------- next part --------------<br>
A non-text attachment was scrubbed...<br>
Name: smime.p7s<br>
Type: application/pkcs7-signature<br>
Size: 6027 bytes<br>
Desc: not available<br>
URL: <<a href="https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220817/a617c41d/attachment.bin" rel="noreferrer" target="_blank">https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220817/a617c41d/attachment.bin</a>><br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
Gnupg-users mailing list<br>
<a href="mailto:Gnupg-users@gnupg.org" target="_blank">Gnupg-users@gnupg.org</a><br>
<a href="https://lists.gnupg.org/mailman/listinfo/gnupg-users" rel="noreferrer" target="_blank">https://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br>
<br>
<br>
------------------------------<br>
<br>
End of Gnupg-users Digest, Vol 227, Issue 11<br>
********************************************<br>
</blockquote></div></div>