ken021600
asked on
how to use a public key
Hi experts,
if you find someone's public key as follows, how do you use it
to encrypt the file you want to send? I mean, you can import
a public key by issuing "gpg --import blahblah.gpg", but the
following is a .asc file, not a .gpg file. how can i import
it to my keyring?
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (NetBSD)
mQGiBDz9Q1YRBAC6LqCWvyDMmJ hQZHWxgUZj YBnBqghb4R uckW3R9FFt xXGW2qUr
QLvbjI9n7vyh7pVd4lphogTp/J 8dv9O1pzpx Fotr6oC6pq 4kUNeciURd Eao+oyXk
hBqoXDU5lVS00SEYkUZXArGHlJ fUjGUMdciO /74H/555dM uPjTbLn27b 1wCgqfbE
YCasmzzGhg/3EfX3TF2yv2cD/1 qHRM6ZqU1a RLGYvqtf4r tLzKSU1en6 5nxsiuBI
tSXJD+2CE6gMOF++pMhQO1gv4N 5mcIx5Csw3 0VG+ubpYyP s899hbnRgs tNLnuRA0
MFdA/8HLJ4SfrV50FKE6RzX6xN dENSR6UE2J mRf1dXAGNm WCbOpkQyPi RkozyyHD
JxbuBACII0KGOE9p2IzuN3oC9g 0C7AHL4OJE nn4x7iye2/ o3u/DPEMtK JOj4qFLP
G8Dd0C5y7GwRjzJ8MiBvOn11wk axo7neKJUx rHFfuGlJ+v dlKLA7wpyw RGqVJ+1b
3pmIn4Ky4NOQuCqzk/aKZbYCmR OHDbAHzjin 5wx2bRPEW/ AO4LQfa2Vu IHpoYW5n
IDx6c3lneW1AbG9uZXN0YXIub3 JnPohfBBMR AgAfBQI8/U NXBQkACTqA BAsHAwID
FQIDAxYCAQIeAQIXgAAKCRDiGx 8FK/sQEriS AKCTpv6otD ekhxCJAlNq ggDvhp57
7QCfVt9/y9i8jLy2AcZRMB3lqT 1ec2i5AQ0E PP1DXBAEAJ afra002gjC uMSsI7qo
tKz443+fR1GH7X7AQ/5dA/wTb8 W7nBP10MbW zP9OxLEt+X ygFreKE1r9 lBXnucVJ
vZAo4Z/lXLw8uSSzf+nuf7h2lw 3GXkPTL2iM RiiypMFXzd 1f90sl4T7P 6IeVhOQx
/ssZXSU25fNdBtrIFpryqf1zAA MFBACJT+gc CDih3I8Qvl NHXw86nzom 0r6mJel4
NL6803tS4P3ebFGNU7Q7t63OW9 aRblBolh8/ /u/TYUU7Gy V8R+ktK0qG C9qUweRa
+On1a0AeZJCPpx+OEg2MgzoCTK CMchAm9tNs NVyBHWFKpf S/y3/AF19V YwOebzTn
p5pFYB4xo4hMBBgRAgAMBQI8/U NcBQkACTqA AAoJEOIbHw Ur+xASCbsA n0em3R7L
ds5pQE2hNoK9PXyZhCQ/AJwJp/ t4m5368Ywz zL9yCFZaqu ZGeQ==
=rYbE
-----END PGP PUBLIC KEY BLOCK-----
Thanks a lot,
KEN
if you find someone's public key as follows, how do you use it
to encrypt the file you want to send? I mean, you can import
a public key by issuing "gpg --import blahblah.gpg", but the
following is a .asc file, not a .gpg file. how can i import
it to my keyring?
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (NetBSD)
mQGiBDz9Q1YRBAC6LqCWvyDMmJ
QLvbjI9n7vyh7pVd4lphogTp/J
hBqoXDU5lVS00SEYkUZXArGHlJ
YCasmzzGhg/3EfX3TF2yv2cD/1
tSXJD+2CE6gMOF++pMhQO1gv4N
MFdA/8HLJ4SfrV50FKE6RzX6xN
JxbuBACII0KGOE9p2IzuN3oC9g
G8Dd0C5y7GwRjzJ8MiBvOn11wk
3pmIn4Ky4NOQuCqzk/aKZbYCmR
IDx6c3lneW1AbG9uZXN0YXIub3
FQIDAxYCAQIeAQIXgAAKCRDiGx
7QCfVt9/y9i8jLy2AcZRMB3lqT
tKz443+fR1GH7X7AQ/5dA/wTb8
vZAo4Z/lXLw8uSSzf+nuf7h2lw
/ssZXSU25fNdBtrIFpryqf1zAA
NL6803tS4P3ebFGNU7Q7t63OW9
+On1a0AeZJCPpx+OEg2MgzoCTK
p5pFYB4xo4hMBBgRAgAMBQI8/U
ds5pQE2hNoK9PXyZhCQ/AJwJp/
=rYbE
-----END PGP PUBLIC KEY BLOCK-----
Thanks a lot,
KEN
ASKER
Hi ahoffmann,
nice to see you again!
due to some reason i don't know, EE didn't notify me of any replies by email:) anyway, i'm here.
just to clarify: are you saying that i should "copy and paste" the above asc file (if i found it on someone's personal website) and save it as an asc file, then import it as you showed me? and where should i start? i mean should i include the "-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (NetBSD)" bit into the asc file i save?
Thanks,
KEN
nice to see you again!
due to some reason i don't know, EE didn't notify me of any replies by email:) anyway, i'm here.
just to clarify: are you saying that i should "copy and paste" the above asc file (if i found it on someone's personal website) and save it as an asc file, then import it as you showed me? and where should i start? i mean should i include the "-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (NetBSD)" bit into the asc file i save?
Thanks,
KEN
ASKER
just got another question:
when i issued "gpg --gen-key" at the prompt as a non-priviledged
user,
i got the following output:
gpg: Warning: using insecure memory!
gpg: keyblock resource '/home/myname/.gnupg': file open error
gpg: keyblock resource '/home/myname/.gnupg': file open error
Please select what kind of key you want:
1)...
2)...
4)...
i got stumpted by these warning messages and tried to re-issue "gpg --gen-key" as the root. This time i didn't get those warnings.
my questions are:
why did i get these warnings? what do they imply? why did i get them as a common user, but not as the root? how can i, as a common user, generate keypairs without getting
these warnings?
KEN
when i issued "gpg --gen-key" at the prompt as a non-priviledged
user,
i got the following output:
gpg: Warning: using insecure memory!
gpg: keyblock resource '/home/myname/.gnupg': file open error
gpg: keyblock resource '/home/myname/.gnupg': file open error
Please select what kind of key you want:
1)...
2)...
4)...
i got stumpted by these warning messages and tried to re-issue "gpg --gen-key" as the root. This time i didn't get those warnings.
my questions are:
why did i get these warnings? what do they imply? why did i get them as a common user, but not as the root? how can i, as a common user, generate keypairs without getting
these warnings?
KEN
> .. i mean should i include the "-----BEGIN PGP PUBLIC KEY BLOCK-----
yes
> gpg: Warning: using insecure memory!
that's ok (except you care about it:)
> gpg: keyblock resource '/home/myname/.gnupg': file open error
> gpg: keyblock resource '/home/myname/.gnupg': file open error
This error must be fixed, it's probably due to a permission problem (while creating .gnupg directory)
.gnupg should have permissions 700
yes
> gpg: Warning: using insecure memory!
that's ok (except you care about it:)
> gpg: keyblock resource '/home/myname/.gnupg': file open error
> gpg: keyblock resource '/home/myname/.gnupg': file open error
This error must be fixed, it's probably due to a permission problem (while creating .gnupg directory)
.gnupg should have permissions 700
ASKER
I found the mode for /home/myname is drwx------. so why i still got the "file open error"?
and before finalize this question, would you mind spending 3 minutes explaining to me the nature of the problem? I mean you showed me how to solve my problem, but didn't tell me why the problem occured. I think I can learn a lot from gurus like you by exploring the nature of problem. Otherwise I will never be able to know what the "real" problem is.
Thanks so much,
KEN
and before finalize this question, would you mind spending 3 minutes explaining to me the nature of the problem? I mean you showed me how to solve my problem, but didn't tell me why the problem occured. I think I can learn a lot from gurus like you by exploring the nature of problem. Otherwise I will never be able to know what the "real" problem is.
Thanks so much,
KEN
> .. is drwx------
that's ok.
> so why i still got the "file open error"?
out of ideas (from remote) sorry.
Is gpg owned by root and has **not** set the SID bit?
> .. nature of the problem?
which pronlem?
Anyway, gpg is very picky about anything concerning security, for obvious reason. It does this 'cause it will inform you about possible way to to compromice even the security of public key structures. That's why it prints errors and warnings. Keep in mind: it's **your privacy** which is in question !
Unfortunately my experiance is not good enough to give more details about the "error open file" ('cause of historical reason I'm still bound to pgp):
Hope this helps anyway.
PLease check the docs about the errors, might be simpler than giving hints here, just out of my finger tips ...
Feel free to ask more then.
Cheers
Achim
that's ok.
> so why i still got the "file open error"?
out of ideas (from remote) sorry.
Is gpg owned by root and has **not** set the SID bit?
> .. nature of the problem?
which pronlem?
Anyway, gpg is very picky about anything concerning security, for obvious reason. It does this 'cause it will inform you about possible way to to compromice even the security of public key structures. That's why it prints errors and warnings. Keep in mind: it's **your privacy** which is in question !
Unfortunately my experiance is not good enough to give more details about the "error open file" ('cause of historical reason I'm still bound to pgp):
Hope this helps anyway.
PLease check the docs about the errors, might be simpler than giving hints here, just out of my finger tips ...
Feel free to ask more then.
Cheers
Achim
ASKER
Hi Achim,
I found the following in /usr/bin:
-rwxr-xr-x 1 root root ... gpg
-rwxr-xr-x 1 root root ... gpgv
i changed their modes to 777 and issued "gpg --gen-key" as a normal user. but i still got that warning and "file open error"...
another quick question is: can i use gpg to encrypt/decrypt non-english characters such as Japanese or Chinese?
Thanks,
KEN
I found the following in /usr/bin:
-rwxr-xr-x 1 root root ... gpg
-rwxr-xr-x 1 root root ... gpgv
i changed their modes to 777 and issued "gpg --gen-key" as a normal user. but i still got that warning and "file open error"...
another quick question is: can i use gpg to encrypt/decrypt non-english characters such as Japanese or Chinese?
Thanks,
KEN
file permissions are ok, you don't need 777, 555 is best.
Does the directory .gnupg exist? can you create it with mkdir, and then chmod 700 ?
You can encrypt anything, even plain binary data.
Does the directory .gnupg exist? can you create it with mkdir, and then chmod 700 ?
You can encrypt anything, even plain binary data.
ASKER
i created the directory .gnupg and changed its mode to 700. then i issued "gpg --gen-key" as a normal user, and this time i got the following:
gpg: warning: using insecure memory!
gpg: /home/myname/.gnupg/secrin g.gpg: keyring created
gpg: /home/myname/.gnupg/pubrin g.gpg: keyring created
Please select what kind of key you want:
1)...
2)...
4)...
so it seems that "file open error" is gone...
but,
1) why did i still get the "using insecure memory" warning?
2) why did i have to create the directory ".gnupg" manually? Why couldn't it be created automatically?
Thanks,
KEN
gpg: warning: using insecure memory!
gpg: /home/myname/.gnupg/secrin
gpg: /home/myname/.gnupg/pubrin
Please select what kind of key you want:
1)...
2)...
4)...
so it seems that "file open error" is gone...
but,
1) why did i still get the "using insecure memory" warning?
2) why did i have to create the directory ".gnupg" manually? Why couldn't it be created automatically?
Thanks,
KEN
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Great!
Thanks Achim!
See you next time!
KEN
Thanks Achim!
See you next time!
KEN
gpg --import blahblah.asc
then you encrypt it like:
gpg --encrypt -a -r <id or email of imported key> file