Solved

how to use a public key

Posted on 2002-06-04
11
244 Views
Last Modified: 2013-12-23
Hi experts,
if you find someone's public key as follows, how do you use it
to encrypt the file you want to send? I mean, you can import
a public key by issuing "gpg --import blahblah.gpg", but the
following is a .asc file, not a .gpg file. how can i import
it to my keyring?



-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (NetBSD)

mQGiBDz9Q1YRBAC6LqCWvyDMmJhQZHWxgUZjYBnBqghb4RuckW3R9FFtxXGW2qUr
QLvbjI9n7vyh7pVd4lphogTp/J8dv9O1pzpxFotr6oC6pq4kUNeciURdEao+oyXk
hBqoXDU5lVS00SEYkUZXArGHlJfUjGUMdciO/74H/555dMuPjTbLn27b1wCgqfbE
YCasmzzGhg/3EfX3TF2yv2cD/1qHRM6ZqU1aRLGYvqtf4rtLzKSU1en65nxsiuBI
tSXJD+2CE6gMOF++pMhQO1gv4N5mcIx5Csw30VG+ubpYyPs899hbnRgstNLnuRA0
MFdA/8HLJ4SfrV50FKE6RzX6xNdENSR6UE2JmRf1dXAGNmWCbOpkQyPiRkozyyHD
JxbuBACII0KGOE9p2IzuN3oC9g0C7AHL4OJEnn4x7iye2/o3u/DPEMtKJOj4qFLP
G8Dd0C5y7GwRjzJ8MiBvOn11wkaxo7neKJUxrHFfuGlJ+vdlKLA7wpywRGqVJ+1b
3pmIn4Ky4NOQuCqzk/aKZbYCmROHDbAHzjin5wx2bRPEW/AO4LQfa2VuIHpoYW5n
IDx6c3lneW1AbG9uZXN0YXIub3JnPohfBBMRAgAfBQI8/UNXBQkACTqABAsHAwID
FQIDAxYCAQIeAQIXgAAKCRDiGx8FK/sQEriSAKCTpv6otDekhxCJAlNqggDvhp57
7QCfVt9/y9i8jLy2AcZRMB3lqT1ec2i5AQ0EPP1DXBAEAJafra002gjCuMSsI7qo
tKz443+fR1GH7X7AQ/5dA/wTb8W7nBP10MbWzP9OxLEt+XygFreKE1r9lBXnucVJ
vZAo4Z/lXLw8uSSzf+nuf7h2lw3GXkPTL2iMRiiypMFXzd1f90sl4T7P6IeVhOQx
/ssZXSU25fNdBtrIFpryqf1zAAMFBACJT+gcCDih3I8QvlNHXw86nzom0r6mJel4
NL6803tS4P3ebFGNU7Q7t63OW9aRblBolh8//u/TYUU7GyV8R+ktK0qGC9qUweRa
+On1a0AeZJCPpx+OEg2MgzoCTKCMchAm9tNsNVyBHWFKpfS/y3/AF19VYwOebzTn
p5pFYB4xo4hMBBgRAgAMBQI8/UNcBQkACTqAAAoJEOIbHwUr+xASCbsAn0em3R7L
ds5pQE2hNoK9PXyZhCQ/AJwJp/t4m5368YwzzL9yCFZaquZGeQ==
=rYbE
-----END PGP PUBLIC KEY BLOCK-----


Thanks a lot,
KEN

0
Comment
Question by:ken021600
  • 6
  • 5
11 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7058720
you import is like:
  gpg --import blahblah.asc
then you encrypt it like:
  gpg --encrypt -a -r <id or email of imported key> file
0
 

Author Comment

by:ken021600
ID: 7058791
Hi ahoffmann,

nice to see you again!

due to some reason i don't know, EE didn't notify me of any replies by email:) anyway, i'm here.

just to clarify: are you saying that i should "copy and paste" the above asc file (if i found it on someone's personal website) and save it as an asc file, then import it as you showed me?  and where should i start? i mean should i include the "-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (NetBSD)" bit into the asc file i save?




Thanks,
KEN
0
 

Author Comment

by:ken021600
ID: 7058793
just got another question:
when i issued "gpg --gen-key" at the prompt as a non-priviledged
user,
i got the following output:

gpg: Warning: using insecure memory!
gpg: keyblock resource '/home/myname/.gnupg': file open error

gpg: keyblock resource '/home/myname/.gnupg': file open error

Please select what kind of key you want:
1)...
2)...
4)...


i got stumpted by these warning messages and tried to re-issue "gpg --gen-key" as the root. This time i didn't get those warnings.


my questions are:
why did i get these warnings? what do they imply? why did i get them as a common user, but not as the root? how can i, as a common user, generate keypairs without getting
these warnings?

KEN
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7058871
> ..  i mean should i include the "-----BEGIN PGP PUBLIC KEY BLOCK-----
yes

> gpg: Warning: using insecure memory!
that's ok (except you care about it:)

> gpg: keyblock resource '/home/myname/.gnupg': file open error
> gpg: keyblock resource '/home/myname/.gnupg': file open error
This error must be fixed, it's probably due to a permission problem (while creating .gnupg directory)
.gnupg should have permissions 700
0
 

Author Comment

by:ken021600
ID: 7060743
I found the mode for /home/myname is drwx------. so why i still got the "file open error"?

and before finalize this question, would you mind spending 3 minutes explaining to me the nature of the problem? I mean you showed me how to solve my problem, but didn't tell me why the problem occured. I think I can learn a lot from gurus like you by exploring the nature of problem. Otherwise   I will never be able to know what the "real" problem is.

Thanks so much,
KEN
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 51

Expert Comment

by:ahoffmann
ID: 7061828
> ..  is drwx------
that's ok.

>  so why i still got the "file open error"?
out of ideas (from remote) sorry.
Is gpg owned by root and has **not** set the SID bit?

> ..  nature of the problem?
which pronlem?

Anyway, gpg is very picky about anything concerning security, for obvious reason. It does this 'cause it will inform you about possible way to to compromice even the security of public key structures. That's why it prints errors and warnings. Keep in mind: it's **your privacy** which is in question !

Unfortunately my experiance is not good enough to give more details about the "error open file" ('cause of historical reason I'm still bound to pgp):

Hope this helps anyway.
PLease check the docs about the errors, might be simpler than giving hints here, just out of my finger tips ...
Feel free to ask more then.

Cheers
Achim
0
 

Author Comment

by:ken021600
ID: 7063750
Hi Achim,

I found the following in /usr/bin:
-rwxr-xr-x  1  root  root ...     gpg
-rwxr-xr-x  1  root  root ...     gpgv

i changed their modes to 777 and issued "gpg --gen-key" as a normal user. but i still got that warning and "file open error"...

another quick question is: can i use gpg to encrypt/decrypt non-english characters such as Japanese or Chinese?

Thanks,
KEN
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7063974
file permissions are ok, you don't need 777, 555 is best.
Does the directory .gnupg exist? can you create it with mkdir, and then chmod 700 ?
You can encrypt anything, even plain binary data.
0
 

Author Comment

by:ken021600
ID: 7064817
i created the directory .gnupg and changed its mode to 700. then i issued "gpg --gen-key" as a normal user, and this time i got the following:

gpg: warning: using insecure memory!
gpg: /home/myname/.gnupg/secring.gpg: keyring created
gpg: /home/myname/.gnupg/pubring.gpg: keyring created
Please select what kind of key you want:
1)...
2)...
4)...

so it seems that "file open error" is gone...
but,

1) why did i still get the "using insecure memory" warning?
2) why did i have to create the directory ".gnupg" manually? Why couldn't it be created automatically?

Thanks,
KEN
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 50 total points
ID: 7064824
1) why did i still get the "using insecure memory" warning?
While you're running gpg some data is stored in memory, for example pass phrases. On most systems a root user is able to dump the memory and read the pass phrase there. Even if it es encrypted, all necessary keys are in memory too, somehow. So an experianced user could do nasty things.

2) why did i have to create the directory ".gnupg" manually? Why couldn't it be created automatically?
Probably it's simply a missing feature.
0
 

Author Comment

by:ken021600
ID: 7064876
Great!

Thanks Achim!

See you next time!
KEN
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Article by: IanTh
Hi Guys After a whole weekend getting wake on lan over the internet working, I thought I would share the experience. Your firewall has to have a port forward for port 9 udp to your local broadcast x.x.x.255 but if that doesnt work, do it to a …
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now