[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: gpg troubles
From: "Roland Siemons (P)" <Siemons () CleanFuels ! nl>
Date: 2018-10-31 9:21:11
Message-ID: 9a33aad3-f3e1-8a04-44a3-ee4ad92a47ca () CleanFuels ! nl
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
[Attachment #4 (multipart/mixed)]
[Attachment #6 (multipart/mixed)]
Thanks Friedhelm,
That is a lot to think about.
I'll study ..
Best regards,
Roland
On 31/10/2018 01:33, gnupg-users-request@gnupg.org wrote:
> Date: Mon, 29 Oct 2018 04:18:31 +0100
> From: Friedhelm Waitzmann <gnupgmlusers.fwnsp@xoxy.net>
> To: gnupg-users@gnupg.org
> Subject: Re: gpg troubles
> Message-ID: <20181029031830.GA24386@kugelfisch.zuhause.test>
>
> Roland Siemons (P) at Fri., 2018-10-12:
>
> > 3/ Assisted remotely by some of you, I was able to sort out a very
> > strange problem with decryption. The solution was found by manipulating
> > my key from inside the gpg shell using the command line. I am not very
> > experienced with the command line. A major difficulty for those for whom
> > this is not daily bread and butter is that mistakes are easily made.
> > Hence the great value of GUIs.
> > 4/ I observed some unclarities in the GnuPG manual
> > (www.gnupg.org/gph/en/manual.html), here below under A.
> This is the GnuPG privacy handbook rather than the GnuPG manual.
> I suggest that you read the GnuPG manual
> (<https://www.gnupg.org/documentation/manuals/gnupg/>) also, as
> it is the definitve instruction how to use GnuPG.
>
> > And perhaps also
> > some bugs in gpg, here below under B (please consider). Here is my
> > experience:
> > A/ I tried to revoke some subkeys, following the said manual (heading
> > "Revoking key components"). gpg pretended to do the job. Everything
> > looked fine. But it did'nt! After several hours of analysis (up to
> > checking if GnuPG was installed consistently on my system), I found the
> > issue: After the revkey procedure it is necessary to command "quit".
> A better way of committing the changes is typing in ?save?.
>
> Please see the GnuPG manual
> (<https://www.gnupg.org/documentation/manuals/gnupg/OpenPGP-Key-Management.html#OpenPGP-Key-Management>).
>
> For the ?--edit-key? main command (given at the command line) it
> lists the sub commands (to be typed into the edit key command
> shell):
>
> save
>
> Save all changes to the keyrings and quit.
>
> quit
>
> Quit the program without updating the keyrings.
>
> > Instead of quitting, gpg then asks "do you want to save yr changes" (or
> > something like that).
> This is to remind you that you are about to discard your changes.
>
> > And only then the subkeys were revoked. The said
> > manual does mention the command "quit" only once, and not even in a
> > general place explaining the operations of gpg, and in fact without any
> > explanation as to the impact of that command.
> The GnuPG manual (not the privacy handbook) mentions both of
> ?save? and ?quit? and explains the difference.
>
> > Of course I am happy to
> > have found out, but let's hope that I remember when after perhaps 2
> > years time I have to use gpg shell again....
> Just remember to read the GnuPG manual also.
>
> > B/ It is not at all clear to me how to start the gpg shell.
> This isn't a general (?the?) GnuPG shell for all GnuPG commands,
> it is a shell for the limited set of ?--edit-key? sub commands.
> That is, the ?--edit-key? specified at the GnuPG invocation
> command line lets GnuPG run an interactive interpreter for the
> ?--edit-key? subcommands that have to be typed in.
>
> > For example:
> > 1/ if (under the CMD terminal) I command "gpg -K", the lists of private
> > keys is returned,
> Generating this list doesn't need to ask the user to type any sub
> commands, so there is no ?--list-secret-keys? shell.
>
> > but I am also returned to CMD, that is, kicked out of
> > the gpg shell.
> If GnuPG has written this list into its standard output channel,
> the job is done, thus GnuPG terminates, nobody is ?kicked out?.
>
> > 2/ if (CMD) I command "gpg --edit-key X" (where X is key identifier), I
> > do indeed enter the gpg shell, the screen showing "gpg>".
> You enter the shell that recognizes the limited set of the
> ?--edit-key? sub commands.
>
> > That all may be allright, HOWEVER:
> > 3/ if (CMD) I command "gpg", the return is: "gpg: WARNING: no command
> > supplied.? Trying to guess what you mean ... <RETURN> gpg: Go ahead and
> > type your message . <RETURN>
> Please read the GnuPG manual
> (<https://www.gnupg.org/documentation/manuals/gnupg/GPG-Commands.html#GPG-Commands>):
>
> ?gpg may be run with no commands. In this case it will perform
> a reasonable action depending on the type of file it is given
> as input (an encrypted message is decrypted, a signature is
> verified, a file containing keys is listed, etc.).?
>
> So GnuPG expects that you type in an encrypted message, a
> detached signature, a clear?signed message, a public key block, etc.
>
> > Then if I type a gpg command, everything stalls.
> Here you cannot type a GnuPG command, because GnuPG wants input,
> i.e. data. As you haven't specified any input file on the
> command line, GnuPG wants this data through its standard input
> channel, that is, typed in from the keyboard.
>
> > No results whatsoever.
> Unless the end of data is signalled (by typing the end?of?file
> character, with UNIX usually control d, with MS Windows perhaps
> control z), GnuPG repeats reading input lines.
>
> > Even the command "quit" gives no results.
> This ?quit? is counted an input line of data, too.
>
> > So I force quit by Ctrl-C.
> > So, in general, how to start the gpg shell?
> You don't in general start the GnuPG shell. You put a command on
> the invocation command line. This command may or may not be an
> interactive command.
>
> If it is (as with ?--edit-key?), GnuPG starts a sub command shell
> (as with ?--edit-key?) to read and execute further sub commands.
>
> If it is not (as with ?--list-keys?, ?--sign?, ?--encrypt?,
> etc.), GnuPG may (as with ?--sign?, ?--encrypt?, ?--decrypt?,
> etc.) expect input to process, or may not (as with ?--list-keys?,
> etc.) expect any input.
>
> Please remember: GnuPG is not a program, that does what you
> mean. It is a program, that does exactly what you command it to
> do. Thus you must know how to command GnuPG to do what you want
> it to do for you.
>
>
> Regards
> Friedhelm
>
--
Roland Siemons
Haaksbergerstraat 205
ENSCHEDE
t: O645616734
["0xAEEC5E2ED87628F5.asc" (application/pgp-keys)]
["signature.asc" (application/pgp-signature)]
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic