I have an ETL that is Un-PGPing a file sent to us. This process works for two people on our team but fails for the rest on the unPGP step. We all use Kleopatra for our key encryption/decryption and have the same key's imported.
I have noticed that the keys on the systems that work are set to the trust level "This is my certificate" (sometimes called Ultimate trust). However the option to set to that level on the other systems are grayed out.
I have tried to change the level via a CMD prompt based on this article:
https://security.stackexchange.com/questions/129474/how-to-raise-a-key-to-ultimate-trust-on-another-machine
However I do not get the same prompts as described.
When debuging with CMD /K I see:
gpg: decryption failed: No secret key
UNPGP Failure Message
I found out how to change my trust,
gpg --edit-key [key-id]
trust
5
though this didn't end up solving my problems.
I discovered when I typed gpg --list-secret-keys I would get nothing in return despite having kleopatra tell me the keys were properly installed.
I found and staged the secret key's I needed then imported them using GPG.
gpg --allow-secret-key-import --import "filename.asc"
This fixed my issue!
I generated a standard jhipster application in java/angular 6. I changed the password from the interface. I do not remember them anymore.
I wanted to set them up in users.csv.
Since the password is hashed and salted I followed the following process:
1) Loaded the app locally
2) Changed the password through the interface and noted it in clear in txt. I also tested the login with the new one and it worked
3) Retrieved the hashed one from the database
4) Copied the hashed password in users.csv
I did a mvnw and expected to be able to login with the new password since I though that the new version of users.csv would be taken into account.
The result was that I was able to connect neither as user/user not with the new one.
Am I missing something?
Are you sure the liquibase changeset loading users.csv was run? if you changed only users.csv
Liquibase has probably not detected any change as changeset has same checksum, so this changeset was not run again otherwise you would have got a checksum error.
To take your change into account, run mvnw clean to fully reset database assuming you're running H2 on disk as dev database.
I downloaded the upload_cert.der file from the Play store. I added the root certificate to my keystore just fine. But Android Studio won't let me use it because there is no password for it. Android Studio complains that I must enter a key password before it let's me do the build.
Is there a way to generate a password protected private key from this upload_cert.der file?
Is there a way to just get Android Studio to let me get past this "error" and do the build?
I'm using Windows and the upload_cert.der file was added to my Windows certificate store. Could I just signed the APK outside of Android Studio (even though I'd rather stay within the tools for this)?
I found someone else ask this question and none of the answers mentioned the password, just explanations for why there are multiple entries of the wrong type in the keystore, etc. To be clear, I can create a key in the keystore of my own making and with a password, just fine. I deal with deleting an alias before I try to add a key of any sort. I just don't know how to use the .der file from the play store when Android Studio wants a password for the key and there is none!
Here's the exact error if I use a password that is just random jiberish:
Failed to read key rep from store "C:\Users\xxxx\xxxx.jks": trusted certificate entries are not password-protected
So it's clear that there is no way to fake this out somehow.
The important fact you are missing:
Google Play never gives you a key you use to sign things. It only ever gives you certificates to verify with.
I'll start with the basics you probably know. In public key cryptography, there is a private key and a public key. Only the person who signs has the private key. Otherwise anyone could sign. The public key anyone can have. They can use it to check the signature is valid.
The upload_cert.der download only contains the public key. The reason Google Play lets you download it for verification. You can verify offline your signatures match what the Play Store expects. You probably never need to do this.
Why doesn't Google give you the signing key?
Google Play doesn't give you the private key for the upload certificate for 2 reasons.
Google doesn't have the private part of your upload key! You created the private key part of the upload key, when you enrolled in Google Play App signing. You never gave it to Google. All Google has is the public key part.
If Google did give it to you, the key would have no value. The whole point of the upload key is that even if a hacker breaks into your Play Console account they still cannot upload a new version of your app. They would need the upload key as well. The upload key means Google Play knows the app came from you. If they let you download the signing key from your account, then a hacker could just download it too. Then it would be worthless.
How do I get the upload key I need for signing?
So now the question you probably have is "how do I get the public key I need for signing?". The answer is "you create it". When you first upload your APK, that APK was signed with a key (Google insists on it). It was probably stored in your Android Studio. That key becomes your upload key. Find where you kept it.
What if I lost it?
Now you might be in a place where you don't know where the key is that you originally used. This is the great thing about Google Play App Signing. If you were signing your app yourself and lost the signing key you would be stuck, you'd have to create a new app. But with Google Play App Signing you can contact Play Console support and they can help you. The process is on the help page.
Look at the section entitled "Create a new upload key". Notice step 1 is you create the key. Google still never has it.
I formatted my Windows 7 laptop and in an attempt to have git setup working again, I installed git and source tree application.
I deleted the SSH Key from gitlab and regenerated the key using ssh-keygen. But when I try to add the SSH Key at gitlab, it throws the following exception :
Key is invalid
Fingerprint has already been taken
Fingerprint cannot be generated
Because of this I am unable to clone the git repository from the source tree application since gitlab is unable to authenticate the SSH key.I followed queries at google groups of gitlab but none of them seem to resolve my issue. Is there any workaround or steps to get the SSH key accepted by gitlab?
In my case; the public key i was trying to add was already used with 'work' Gitlab account and i received the said error upon trying to use the same key with 'personal' Gitlab account.
Solution - Add another public key on the same machine and use that with 'personal' gitlab account (both on same machine).
navigate to .ssh folder in your profile (even works on windows) and run command
ssh-keygen -t rsa
when asked for file name give another filename id_rsa_2 (or any other).
enter for no passphrase (or otherwise).
You will end up making id_rsa_2 and id_rsa_2.pub
use the command
cat id_rsa_2.pub
copy and save key in 'personal' Gitlab account.
create a file with no extension in .ssh folder named 'config'
put this block of configuration in your config file
Host gitlab.com
HostName gitlab.com
IdentityFile C:\Users\<user name>\.ssh\id_rsa
User <user name>
Host gitlab_2
HostName gitlab.com
IdentityFile C:\Users\<user name>\.ssh\id_rsa_2
User <user name>
now whenever you want to use 'personal' gitlab account simply change alias in git URLs for action to remote servers.
for example
instead of using
git clone git#gitlab.com:..............
simply use
git clone git#gitlab_2:...............
doing that would use the second configuration with gitlab.com (from 'config' file) and will use the new id_rsa_2 key pair for authentication.
Find more about above commands on this link
https://clubmate.fi/how-to-setup-and-manage-multiple-ssh-keys/
Gitlab can use your ssh-key in another account of your past projects for somehow - so, easiest way to solve this problem is to create new ssh-pair, add it to ssh-agent and add id_rsa2.pub to your gitlab account.
$ ssh-keygen -t rsa -b 4096 -C "your_email#example.com"
When it ask:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/<NAME>/.ssh/id_rsa):
Please enter /home/<NAME>/.ssh/id_rsa2
$ ssh-add ~/.ssh/id_rsa2
Make sure to cut away everything at the end of the base64 encoded string.
Also remove all newlines so the string contains no newlines.
This did the trick for me.
I got the same error because I already added this key to another account in gitlab.
I tried everything already suggested and nothing worked. What ended up working for me was to copy the public key using a command rather than from a text editor (nano in my case):
pbcopy < ~/.ssh/id_rsa.pub
replacing, if necessary, id_rsa with my specific key name. The above command works on OSX. Other systems require a different command, and they are listed on the following page: http://doc.gitlab.com/ce/ssh/README.html.
In my case I already had the public key added on another repo.
Fix:
On the same GitLab page (Settings -> Repository -> Deploy Keys)
Scroll down and click to the TAB "Privately accessible deploy keys"
Find your "Deploy key" in the list and click the Enable button
Then you are good to go.
My SSH key was stored in an old Gitlab account, I removed it and problem solved.
Text editor could be the problem. Try to open key file with Notepad, not Notepad++.
Also add "ssh-rsa " at the beginning of the key.
Make a New Key
None of the above solutions worked for me so I backed up my old key and created a new one.
https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/
#osx10.12.6
In my case, my public key must have somehow been attached to a specific repository.
I went back and deleted two old repositories and after that it allowed me to add the public key to my GitLab account without any problems.
Add new ssh key
The pervius ssh key probabley use by another user . When somone else use a ssh key you must get this error dint worry create a new ssh key and use theme.
In the same gitlab setting page where you tried to add the deploy key scroll down a little bit and you shall find a tab called "Privately accessible deploy keys". Click it and you shall find the key you tried to add listed there. Just click "Enable" from next to it and it would work !
If all these suggestions don't work:
First of all - don't deal with security keys being exhausted or in a hurry, not to do silly mistakes (my case).
Secondly - copy as GitLab deploy key public-key, not the private one (my case as well, despite well understand oh how keys work, just being in a hurry).
In my case, I have not added an existing Deploy key to any other project before, and I am was not a member of any project.
In order to be able to enable the deploy key for a new project, you need to add yourself as a member to a project where this key has already been enabled.
Then in the New Project-Settings-Repository-Deploy keys-Privately accessible deploy keys list, you will see this key and the Enable button.
The answer is found in this documentation
https://gitlab-docs.creationline.com/ee/user/project/deploy_keys/
In the Privately accessible deploy keys tab, you can enable a private
key which has already been imported in a different project. If you
have access to these keys, it's because you have either:
Previously uploaded the keys yourself in a different project.
You are a maintainer or owner of the other project where the keys were imported.
But if you have GitLab admin profile, it's enough even to have "User" privileges as a member for the project.
I'm using an rsa-encrypted ssh key for accessing certain servers - the private key is password-protected.
I have used this type of configuration in the past, and I'm aware that using the gnome-keyring I should normally be asked to confirm the password for my key once per session.
However, since I entered my password for the first time, I was never asked for it again.
I can verify that the private key is password-protected, I have tried the same key on other machines (where I've been asked for the password) and I have changed the password through the gnome-keyring manager. Still, I'm not being asked for it since that first time!
Any idea what might be happening here?
Thanks!
The password of your rsa key is the same as the password for your username on the system where you were never asked for the password. When you log into gnome, the gnome-keyring will automatically use the user password if it matches the key password.