[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnupg-users
Subject:    RE: Unable to encrypt file with private/public key
From:       Pete Stephenson <pete () heypete ! com>
Date:       2014-12-30 2:44:29
Message-ID: CA+4dSw574hooYaYtWHpbgFHysDKMAqCodZ+_rA_u-wPsj8J_xw () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


On Dec 29, 2014 6:57 AM, "Haritwal, Dhiraj" <Dhiraj.Haritwal@ap.sony.com>
wrote:
>
> Almost done now. After I signed partner's public key, that warring has
gone.

Great!

> I am using below command to encrypt file with my private key & partner's
public key & partner is using my private key & their public key to decrypt
it but it's getting fail. M I using anything wrong here.
>
>
>
> ./gpg --local-user 'MY USER' --recipient partner_pubkey --encrypt --armor
/tmp/test/data1.CSV

That looks reasonable. When you say you're getting a fail, what error
message are you seeing?

Also, it seems that you're still mixing up the terms for private and public
keys: this makes it a bit confusing to follow what you're doing. You should
be encrypting the message to your partner's public key (you can
additionally encrypt it to other public keys, such as your own. This is
useful if you want to be able to read the message after you sent it.) and
your partner should use their private key to decrypt it.

> Tried to use --sign which is asking passphrase which don't want to use.
Can we sign without passphrase & only with public/private key.

Signing a message requires the sender's (i.e., your) private key to
generate the signature. In order to unlock the private key so that it can
be used to sign the message, you need to provide the passphrase for your
private key.

Short answer: no. You need to use your passphrase (and private key) to sign
a message.

> Dhiraj
>
>
>
>
>
> From: Pete Stephenson [mailto:pete@heypete.com]
> Sent: 23 December 2014 11:24
> To: Haritwal, Dhiraj
> Cc: gnupg-users@gnupg.org
>
> Subject: RE: Unable to encrypt file with private/public key
>
>
>
> On Dec 22, 2014 7:30 AM, "Haritwal, Dhiraj" <Dhiraj.Haritwal@ap.sony.com>
wrote:
>
> >
> > Thank you very much for all the explanation/links. Now things are bit
clear.
> > Now I have to encrypt file with partner's Public Key. I tried with
below command which is still showing warning message (gpg: 89709B71: There
is no assurance this key belongs to the named user) whereas if I am
checking partner_pubkey, it's showing full trust. How can I remove this
message. Even I have added partner's public key as trusted.
> >
> > ./gpg --encrypt --recipient partner_pubkey --armor /tmp/test/data.CSV
>
> I'm glad things are working better.
>
> To resolve the issue with the assurance message, manually verify that the
key belongs to the recipient (e.g. meet in person or call them and verify
the fingerprint of their key) and then sign the key using GnuPG. (gpg
--sign-key 0xKEYID)
>
> In GnuPG you vouch that a particular public key belongs to a person (or
organization) by signing their public key. This signature can be local or
published publicly.
>
> "Trust" in GnuPG is different, and reflects how much you trust the other
key to correctly vouch for the identity of others. If you set their key as
fully trusted, keys that are signed by that key are treated by your copy of
GnuPG with the same level of assurance as if you signed them yourself.
Typically this should only be reserved for people you know to always check
the identity of other people thoroughly and correctly before signing their
keys. The default is for trust to be set to "marginal".
>
> By combining signatures and trust, one forms a "web of trust":
https://en.wikipedia.org/wiki/Web_of_trust
>
> Cheers!
> -Pete
>
>
> ________________________________
>
> This email is confidential and intended only for the use of the
individual or entity named above and may contain information that is
privileged. If you are not the intended recipient, you are notified that
any dissemination, distribution or copying of this email is strictly
prohibited. If you have received this email in error, please notify us
immediately by return email or telephone and destroy the original message.
- This mail is sent via Sony Asia Pacific Mail Gateway..

[Attachment #5 (text/html)]

<p dir="ltr"><br>
On Dec 29, 2014 6:57 AM, &quot;Haritwal, Dhiraj&quot; &lt;<a \
href="mailto:Dhiraj.Haritwal@ap.sony.com">Dhiraj.Haritwal@ap.sony.com</a>&gt; \
wrote:<br> &gt;<br>
&gt; Almost done now. After I signed partner's public key, that warring has gone.</p>
<p dir="ltr">Great!</p>
<p dir="ltr">&gt; I am using below command to encrypt file with my private key &amp; \
partner's public key &amp; partner is using my private key &amp; their public key to \
decrypt it but it's getting fail. M I using anything wrong here.<br> &gt;<br>
&gt;   <br>
&gt;<br>
&gt; ./gpg --local-user &#39;MY USER' --recipient partner_pubkey --encrypt --armor \
/tmp/test/data1.CSV</p> <p dir="ltr">That looks reasonable. When you say you&#39;re \
getting a fail, what error message are you seeing?</p> <p dir="ltr">Also, it seems \
that you&#39;re still mixing up the terms for private and public keys: this makes it \
a bit confusing to follow what you&#39;re doing. You should be encrypting the message \
to your partner&#39;s public key (you can additionally encrypt it to other public \
keys, such as your own. This is useful if you want to be able to read the message \
after you sent it.) and your partner should use their private key to decrypt it.</p> \
<p dir="ltr">&gt; Tried to use --sign which is asking passphrase which don't want to \
use. Can we sign without passphrase &amp; only with public/private key.</p> <p \
dir="ltr">Signing a message requires the sender&#39;s (i.e., your) private key to \
generate the signature. In order to unlock the private key so that it can be used to \
sign the message, you need to provide the passphrase for your private key.</p> <p \
dir="ltr">Short answer: no. You need to use your passphrase (and private key) to sign \
a message.</p> <p dir="ltr">&gt; Dhiraj<br>
&gt;<br>
&gt;   <br>
&gt;<br>
&gt;   <br>
&gt;<br>
&gt; From: Pete Stephenson [mailto:<a \
href="mailto:pete@heypete.com">pete@heypete.com</a>] <br> &gt; Sent: 23 December 2014 \
11:24<br> &gt; To: Haritwal, Dhiraj<br>
&gt; Cc: <a href="mailto:gnupg-users@gnupg.org">gnupg-users@gnupg.org</a><br>
&gt;<br>
&gt; Subject: RE: Unable to encrypt file with private/public key<br>
&gt;<br>
&gt;   <br>
&gt;<br>
&gt; On Dec 22, 2014 7:30 AM, &quot;Haritwal, Dhiraj&quot; &lt;<a \
href="mailto:Dhiraj.Haritwal@ap.sony.com">Dhiraj.Haritwal@ap.sony.com</a>&gt; \
wrote:<br> &gt;<br>
&gt; &gt;<br>
&gt; &gt; Thank you very much for all the explanation/links. Now things are bit \
clear.<br> &gt; &gt; Now I have to encrypt file with partner&#39;s Public Key. I \
tried with below command which is still showing warning message (gpg: 89709B71: There \
is no assurance this key belongs to the named user) whereas if I am checking \
partner_pubkey, it&#39;s showing full trust. How can I remove this message. Even I \
have added partner&#39;s public key as trusted.<br> &gt; &gt;<br>
&gt; &gt; ./gpg --encrypt --recipient partner_pubkey --armor /tmp/test/data.CSV<br>
&gt;<br>
&gt; I&#39;m glad things are working better.<br>
&gt;<br>
&gt; To resolve the issue with the assurance message, manually verify that the key \
belongs to the recipient (e.g. meet in person or call them and verify the fingerprint \
of their key) and then sign the key using GnuPG. (gpg --sign-key 0xKEYID)<br> \
&gt;<br> &gt; In GnuPG you vouch that a particular public key belongs to a person (or \
organization) by signing their public key. This signature can be local or published \
publicly.<br> &gt;<br>
&gt; &quot;Trust&quot; in GnuPG is different, and reflects how much you trust the \
other key to correctly vouch for the identity of others. If you set their key as \
fully trusted, keys that are signed by that key are treated by your copy of GnuPG \
with the same level of assurance as if you signed them yourself. Typically this \
should only be reserved for people you know to always check the identity of other \
people thoroughly and correctly before signing their keys. The default is for trust \
to be set to &quot;marginal&quot;.<br> &gt;<br>
&gt; By combining signatures and trust, one forms a &quot;web of trust&quot;: <a \
href="https://en.wikipedia.org/wiki/Web_of_trust">https://en.wikipedia.org/wiki/Web_of_trust</a><br>
 &gt;<br>
&gt; Cheers!<br>
&gt; -Pete<br>
&gt;<br>
&gt;<br>
&gt; ________________________________<br>
&gt;<br>
&gt; This email is confidential and intended only for the use of the individual or \
entity named above and may contain information that is privileged. If you are not the \
intended recipient, you are notified that any dissemination, distribution or copying \
of this email is strictly prohibited. If you have received this email in error, \
please notify us immediately by return email or telephone and destroy the original \
message. - This mail is sent via Sony Asia Pacific Mail Gateway..<br> </p>



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic