how to use a public key
Hi experts,
if you find someone's public key as follows, how do you use it
to encrypt the file you want to send? I mean, you can import
a public key by issuing "gpg --import blahblah.gpg", but the
following is a .asc file, not a .gpg file. how can i import
it to my keyring?
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (NetBSD)
mQGiBDz9Q1YRBAC6LqCWvyDMmJ
QLvbjI9n7vyh7pVd4lphogTp/J
hBqoXDU5lVS00SEYkUZXArGHlJ
YCasmzzGhg/3EfX3TF2yv2cD/1
tSXJD+2CE6gMOF++pMhQO1gv4N
MFdA/8HLJ4SfrV50FKE6RzX6xN
JxbuBACII0KGOE9p2IzuN3oC9g
G8Dd0C5y7GwRjzJ8MiBvOn11wk
3pmIn4Ky4NOQuCqzk/aKZbYCmR
IDx6c3lneW1AbG9uZXN0YXIub3
FQIDAxYCAQIeAQIXgAAKCRDiGx
7QCfVt9/y9i8jLy2AcZRMB3lqT
tKz443+fR1GH7X7AQ/5dA/wTb8
vZAo4Z/lXLw8uSSzf+nuf7h2lw
/ssZXSU25fNdBtrIFpryqf1zAA
NL6803tS4P3ebFGNU7Q7t63OW9
+On1a0AeZJCPpx+OEg2MgzoCTK
p5pFYB4xo4hMBBgRAgAMBQI8/U
ds5pQE2hNoK9PXyZhCQ/AJwJp/
=rYbE
-----END PGP PUBLIC KEY BLOCK-----
Thanks a lot,
KEN
if you find someone's public key as follows, how do you use it
to encrypt the file you want to send? I mean, you can import
a public key by issuing "gpg --import blahblah.gpg", but the
following is a .asc file, not a .gpg file. how can i import
it to my keyring?
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (NetBSD)
mQGiBDz9Q1YRBAC6LqCWvyDMmJ
QLvbjI9n7vyh7pVd4lphogTp/J
hBqoXDU5lVS00SEYkUZXArGHlJ
YCasmzzGhg/3EfX3TF2yv2cD/1
tSXJD+2CE6gMOF++pMhQO1gv4N
MFdA/8HLJ4SfrV50FKE6RzX6xN
JxbuBACII0KGOE9p2IzuN3oC9g
G8Dd0C5y7GwRjzJ8MiBvOn11wk
3pmIn4Ky4NOQuCqzk/aKZbYCmR
IDx6c3lneW1AbG9uZXN0YXIub3
FQIDAxYCAQIeAQIXgAAKCRDiGx
7QCfVt9/y9i8jLy2AcZRMB3lqT
tKz443+fR1GH7X7AQ/5dA/wTb8
vZAo4Z/lXLw8uSSzf+nuf7h2lw
/ssZXSU25fNdBtrIFpryqf1zAA
NL6803tS4P3ebFGNU7Q7t63OW9
+On1a0AeZJCPpx+OEg2MgzoCTK
p5pFYB4xo4hMBBgRAgAMBQI8/U
ds5pQE2hNoK9PXyZhCQ/AJwJp/
=rYbE
-----END PGP PUBLIC KEY BLOCK-----
Thanks a lot,
KEN
ASKER
Hi ahoffmann,
nice to see you again!
due to some reason i don't know, EE didn't notify me of any replies by email:) anyway, i'm here.
just to clarify: are you saying that i should "copy and paste" the above asc file (if i found it on someone's personal website) and save it as an asc file, then import it as you showed me? and where should i start? i mean should i include the "-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (NetBSD)" bit into the asc file i save?
Thanks,
KEN
nice to see you again!
due to some reason i don't know, EE didn't notify me of any replies by email:) anyway, i'm here.
just to clarify: are you saying that i should "copy and paste" the above asc file (if i found it on someone's personal website) and save it as an asc file, then import it as you showed me? and where should i start? i mean should i include the "-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (NetBSD)" bit into the asc file i save?
Thanks,
KEN
ASKER
just got another question:
when i issued "gpg --gen-key" at the prompt as a non-priviledged
user,
i got the following output:
gpg: Warning: using insecure memory!
gpg: keyblock resource '/home/myname/.gnupg': file open error
gpg: keyblock resource '/home/myname/.gnupg': file open error
Please select what kind of key you want:
1)...
2)...
4)...
i got stumpted by these warning messages and tried to re-issue "gpg --gen-key" as the root. This time i didn't get those warnings.
my questions are:
why did i get these warnings? what do they imply? why did i get them as a common user, but not as the root? how can i, as a common user, generate keypairs without getting
these warnings?
KEN
when i issued "gpg --gen-key" at the prompt as a non-priviledged
user,
i got the following output:
gpg: Warning: using insecure memory!
gpg: keyblock resource '/home/myname/.gnupg': file open error
gpg: keyblock resource '/home/myname/.gnupg': file open error
Please select what kind of key you want:
1)...
2)...
4)...
i got stumpted by these warning messages and tried to re-issue "gpg --gen-key" as the root. This time i didn't get those warnings.
my questions are:
why did i get these warnings? what do they imply? why did i get them as a common user, but not as the root? how can i, as a common user, generate keypairs without getting
these warnings?
KEN
> .. i mean should i include the "-----BEGIN PGP PUBLIC KEY BLOCK-----
yes
> gpg: Warning: using insecure memory!
that's ok (except you care about it:)
> gpg: keyblock resource '/home/myname/.gnupg': file open error
> gpg: keyblock resource '/home/myname/.gnupg': file open error
This error must be fixed, it's probably due to a permission problem (while creating .gnupg directory)
.gnupg should have permissions 700
yes
> gpg: Warning: using insecure memory!
that's ok (except you care about it:)
> gpg: keyblock resource '/home/myname/.gnupg': file open error
> gpg: keyblock resource '/home/myname/.gnupg': file open error
This error must be fixed, it's probably due to a permission problem (while creating .gnupg directory)
.gnupg should have permissions 700
ASKER
I found the mode for /home/myname is drwx------. so why i still got the "file open error"?
and before finalize this question, would you mind spending 3 minutes explaining to me the nature of the problem? I mean you showed me how to solve my problem, but didn't tell me why the problem occured. I think I can learn a lot from gurus like you by exploring the nature of problem. Otherwise I will never be able to know what the "real" problem is.
Thanks so much,
KEN
and before finalize this question, would you mind spending 3 minutes explaining to me the nature of the problem? I mean you showed me how to solve my problem, but didn't tell me why the problem occured. I think I can learn a lot from gurus like you by exploring the nature of problem. Otherwise I will never be able to know what the "real" problem is.
Thanks so much,
KEN
> .. is drwx------
that's ok.
> so why i still got the "file open error"?
out of ideas (from remote) sorry.
Is gpg owned by root and has **not** set the SID bit?
> .. nature of the problem?
which pronlem?
Anyway, gpg is very picky about anything concerning security, for obvious reason. It does this 'cause it will inform you about possible way to to compromice even the security of public key structures. That's why it prints errors and warnings. Keep in mind: it's **your privacy** which is in question !
Unfortunately my experiance is not good enough to give more details about the "error open file" ('cause of historical reason I'm still bound to pgp):
Hope this helps anyway.
PLease check the docs about the errors, might be simpler than giving hints here, just out of my finger tips ...
Feel free to ask more then.
Cheers
Achim
that's ok.
> so why i still got the "file open error"?
out of ideas (from remote) sorry.
Is gpg owned by root and has **not** set the SID bit?
> .. nature of the problem?
which pronlem?
Anyway, gpg is very picky about anything concerning security, for obvious reason. It does this 'cause it will inform you about possible way to to compromice even the security of public key structures. That's why it prints errors and warnings. Keep in mind: it's **your privacy** which is in question !
Unfortunately my experiance is not good enough to give more details about the "error open file" ('cause of historical reason I'm still bound to pgp):
Hope this helps anyway.
PLease check the docs about the errors, might be simpler than giving hints here, just out of my finger tips ...
Feel free to ask more then.
Cheers
Achim
ASKER
Hi Achim,
I found the following in /usr/bin:
-rwxr-xr-x 1 root root ... gpg
-rwxr-xr-x 1 root root ... gpgv
i changed their modes to 777 and issued "gpg --gen-key" as a normal user. but i still got that warning and "file open error"...
another quick question is: can i use gpg to encrypt/decrypt non-english characters such as Japanese or Chinese?
Thanks,
KEN
I found the following in /usr/bin:
-rwxr-xr-x 1 root root ... gpg
-rwxr-xr-x 1 root root ... gpgv
i changed their modes to 777 and issued "gpg --gen-key" as a normal user. but i still got that warning and "file open error"...
another quick question is: can i use gpg to encrypt/decrypt non-english characters such as Japanese or Chinese?
Thanks,
KEN
file permissions are ok, you don't need 777, 555 is best.
Does the directory .gnupg exist? can you create it with mkdir, and then chmod 700 ?
You can encrypt anything, even plain binary data.
Does the directory .gnupg exist? can you create it with mkdir, and then chmod 700 ?
You can encrypt anything, even plain binary data.
ASKER
i created the directory .gnupg and changed its mode to 700. then i issued "gpg --gen-key" as a normal user, and this time i got the following:
gpg: warning: using insecure memory!
gpg: /home/myname/.gnupg/secrin
gpg: /home/myname/.gnupg/pubrin
Please select what kind of key you want:
1)...
2)...
4)...
so it seems that "file open error" is gone...
but,
1) why did i still get the "using insecure memory" warning?
2) why did i have to create the directory ".gnupg" manually? Why couldn't it be created automatically?
Thanks,
KEN
gpg: warning: using insecure memory!
gpg: /home/myname/.gnupg/secrin
gpg: /home/myname/.gnupg/pubrin
Please select what kind of key you want:
1)...
2)...
4)...
so it seems that "file open error" is gone...
but,
1) why did i still get the "using insecure memory" warning?
2) why did i have to create the directory ".gnupg" manually? Why couldn't it be created automatically?
Thanks,
KEN
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Great!
Thanks Achim!
See you next time!
KEN
Thanks Achim!
See you next time!
KEN
gpg --import blahblah.asc
then you encrypt it like:
gpg --encrypt -a -r <id or email of imported key> file