I thought this is how to encrypt a file in linux with gpg.
So,
xxx#xxx:~$ gpg -c /home/xxx/secretfilename.txt
But it does nothing but this,
usage: gpg [options] --symmetric [filename]
Any idea what this means and what have I done wrong?
You are attempting to use GPG to encrypt data without sufficient understanding. While it can do symmetric encryption, most use cases for GPG use public/private key encryption (see "public-key cryptography" in the FAQ), and the default CAST5 is not the best choice today.
First, try
gpg -v --version
to see what version of gpg you're currently working with.
Then, study!
Please have the GnuPG FAQ open for reference.
Then start with the GnuPG MiniHOWTO
Then refer to the GnuPG Manual
Related
I'm trying to use gnome-keyring to memorize my GPG passphrase in a headless Ubuntu server (22.04.1 LTS GNU/Linux 5.15.0-57-generic x86_64). The reason I'm trying to do this with gnome-keyring and not using the gpg-agent cache is that I'd like for the GPG certificate to be immediately accessible to be used by some systemd cronjobs when I reboot my server.
I've followed the Gnome/Keyring instructions but using pinentry-gnome3 doesn't seem to work:
No Gcr System Prompter available, falling back to curses
I've also tried using pinentry-gtk-2 like it is mentioned in GnuPG instructions and although I don't get any error, the passphrase is not stored.
When doing some debugging, I've found some weird behavior. Trying to store something in my keyring gives me this error:
$ secret-tool store --label='test' foo bar
secret-tool: Cannot create an item in a locked collection
Anyone can help me? I'm also willing to drop using gnome-keyring for something else, but I haven't found anything that would fit my use case.
This is a very weird behavior. I am using gpg (GnuPG) 2.2.19, and I am trying to sign a git commit. The first time I try I get an error saying:
error: gpg failed to sign the data
fatal: failed to write commit object
... but then someone suggested in another Stack Overflow question that if you sign a local dummy file first, and then try again to sign the commit that would work. And it does! But why? How can I avoid doing weird thing of signing a local file first every time I want to sign a git commit?
I am using WSL on Windows 11, so all these take place in WSL.
Ok I don't know if this will solve it for everyone, the comments in the original question provide some other solutions that did not work for me. But I did find a solution in this guide in this section Configure pinentry to use the correct TTY
It was an issue where I had to specify the correct TTY as described in this gpg-agent documentation
So to achieve this I had added the following in my ~/.bashrc (or ~/.zshrc in my case when using ohmyzsh):
# update tty for gpg-agent
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
unset SSH_AGENT_PID
export GPG_TTY=$(tty)
gpgconf --launch gpg-agent
I'm following the FIDO U2F instructions on https://developers.yubico.com/SSH/ on macOS Monterey with openSSH 8.6 and run into the following issue:
~ ssh-keygen -t ecdsa-sk -f ~/.ssh/id_ecdsa_sk
Generating public/private ecdsa-sk key pair.
You may need to touch your authenticator to authorize key generation.
Key enrollment failed: unknown or unsupported key type
Anyone know what I'm missing here?
Use Homebrew's OpenSSH
$ brew install openssh
Once installed, you have to override the one in your PATH by putting the openssh folder at the beginning of your PATH in your rc file like this
$ export PATH=$(brew --prefix openssh)/bin:$PATH
Once you've done that and you've sourced your rc file you should be able to generate your key
Tested on macOS Monterey and OpenSSH_8.8p1, OpenSSL 1.1.1l
On an OpenWRT installation, I have an update script that downloads a file and checks its GPG signature.
If I run this script at boot in rc.d at priority 99 (it's the last one), I get a "gpg: Can't check signature: public key not found" error. If I run it via Cron or manually, everything works.
I also tried to add a 60 second sleep before running the script.
Is there a way to know when GPG finished its init?
Can you post the script you use?
A possible solution would be to add the public key import as part of the script before you check the signature, so it's always available for gpg.
This answer may also shed some light on this error: Can't check signature: public key not found
Turns out, scripts in rc.d are not run as root, or the root home is not specified yet (?), so the home directory where GPG is looking for signatures is different (it's looking at //.gnupg/ instead of /root/.gnupg/).
Adding the homedir parameter to GPG allows to specify the directory; this works:
gpg --homedir /root/.gnupg/ --verify update.gpg
I'm running linux debian 9.4.0 64-bit on my machine. Since I installed atom text editor, I receive an ERROR while running ap-get update. The error reads the following:
W: GPG-Fehler: https://packagecloud.io/AtomEditor/atom/any any InRelease: Die folgenden Signaturen konnten nicht überprüft werden, weil ihr öffentlicher Schlüssel nicht verfügbar ist: NO_PUBKEY 4C6E74D6C0A35108
W: The repository 'https://packagecloud.io/AtomEditor/atom/any any InRelease' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
The first line says that the signature of my PGP key could not be verified, since a PUBKEY is unavailable.
The same error message continously shows, even though I purged atom from my system.
Can someone lend me a hand with making my system being updating properly again and how to install atom without causing future problems?
Thanks in advance!
EDIT: I initially misunderstood the question and thought you wanted to completely remove Atom and the repository. In that case, the solution would be to remove the relevant entry from your /etc/apt/sources.list file (or the relevant file in etc/apt/sources.list.d, whichever exists).
Now I understand you are trying to install und update Atom without apt giving you the error message described in your question.
In that case, it seems the repository key may not be installed on your system. You can try to follow the instructions at https://packagecloud.io/app/AtomEditor/atom/gpg#gpg-apt to manually install the required GPG key. I recommend reading all the instructions on that page, but the relevant command would be curl -L https://packagecloud.io/AtomEditor/atom/gpgkey | sudo apt-key add -