Main
CouchMan
Flac-Jacket
Downloads
 -mostly scripts
Script Bits
Docs
Misc Notes
Tasks
Personal
hash bang slash
      bin slash bash

A Few GNU-Privacy Guard Notes


This page is should provide a quick reference to some of the common GNU Privacy Guard commands and a few issues.
Related Link: You may want to look at the SSH Key Authentication HOWTO



Finding the Key ID:

You need to have a key ID before you can request a key from a server.
look at the top of an email from the person, for example:
Message was signed by Unknown Key 20B19259

Receiving a Key from a Server:

[pete@nebula pete]$ gpg --keyserver certserver.pgp.com --recv-key 20B19259
gpg: Warning: using insecure memory!
gpg: requesting key 20B19259 from certserver.pgp.com ...
gpg: key 20B19259: public key imported
gpg: sig 20B19259.69: duplicated certificate - deleted
gpg: sig 20B19259.69: duplicated certificate - deleted
gpg: sig 20B19259.69: duplicated certificate - deleted
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)



Listing Keys:

[pete@nebula pete]$ gpg --list-key
gpg: Warning: using insecure memory!
/home/pete/.gnupg/pubring.gpg
-----------------------------
pub 1024D/2442DB43 2001-07-31 Pete Nesbitt (Promoting the Bird)
sub 1024g/01AF5D44 2001-07-31

pub 1024D/7FE12896 2001-08-01 Pete Nesbitt
sub 1024g/2BDB90AC 2001-08-01

pub 1024R/20B19259 2000-09-20 CERT Coordination Center



Sending a Key to a Server:

[pete@nebula pete]$ gpg --keyserver certserver.pgp.com --send-key pmnesbitt@home.com
gpg: Warning: using insecure memory!
gpg: success sending to `certserver.pgp.com' (status=200)
[pete@nebula pete]$



Key Servers and Firewalls:

The --keyserver option will accept a port as part of its argument. If your connection times out, your local firewall may be blocking the connection, often to LDAP port 389, but not always. Try using http on port 80 by appending it to the server name.
The example above would look like:
gpg --keyserver certserver.pgp.com:80 --recv-key 20B19259



Eliminating "using insecure memory" warnings:

This is very important if others have access to your system.
To force gpg to run as user root, set the executable to SUID:

[root@nebula /root]# ls -al /usr/bin/gpg
-rwxr-xr-x 1 root root 542396 Feb 27 13:18 /usr/bin/gpg

[root@nebula /root]# chmod u+s /usr/bin/gpg

[root@nebula /root]# ls -l /usr/bin/gpg
-rwsr-xr-x 1 root root 542396 Feb 27 13:18 /usr/bin/gpg



PGP & GNU-PG Compatability Notes:

  1. Why would your signature be Invalid?
    On the PGP side, you seem to need to validate the signature yourself before it acknowleges it as valid. You need to "sign" it saying you trust the key.
  2. netscape plugin broke pgp in win 95, netsc 6.
  3. In GNU-PG you need to force --compress-algo 1 --cipher-algo 3des
    sample command line:
    "gpg -o ./testtowin --compress-algo 1 --cipher-algo 3des -r pete_nesbitt@yahoo.com -e testtoencr"
    Note: These can both go into the ~/.gnupg/options file so they work with other apps such as email. (drop the pair of leading dashes):
    compress-algo 1
    cipher-algo 3des
  4. You need some kind of plugin for email, without it you can not read any encrypted mail you send out, because you do not (likely) have the recipients Private key to decrypt it.
  5. By default, it was set to sync with the key server for:
    Encrypting to an unknown key
    or Verification
    You may preffer not to enable these.
  6. Kmail auto decripts and has the good line returns. PGP for Windows fails at the line-return characters (but see Eudora section).
      Eudora & PGP supplied Plugin:
    • Eudora on win95, with pgp (and included plugin), works fine. Does correct line returns but not auto decrypt even though the option is selected in the email tab of the PGP settings (available through Eudora settings). You also have to open the message, it will not decrypt in the preview window.
    • Messages are sent as attachments, which is a real pain, especially since they are not titled, just a blank email with an attachment. Scary!
    • Even worse, your encrypted outgoing messages are saved in the outbox, as a blank email with an attachment (that you can at least read). I sent an email, with a title of "Eudora Encrytion Test", it saved it as an encrypted attachment named c:\windows\temp\mimd0f2.msg. How intuative.!

  7. I have not yet tried GNU PG for Windows. The people who would be using it want/need the GUI that PGP offers. I am sure that if a GNU PG graphical front end was available, Privacy Guard would be the better solution. It works so well with Linux, but then again.... what did you expect.


Page created August 2001.

Back to Main Page
Site maintained by: Pete Nesbitt RHCE
Date: Thursday, 02-Sep-2010 16:07:18 PDT