Questions tagged [gpg]
GNU Privacy Guard (GnuPG or GPG) is OpenPGP compliant FOSS alternative to PGP encryption software.
167
questions
94
votes
9
answers
88k
views
GPG does not have enough entropy
I've got a ton of processes running in the background to try and get enough entropy, but I am still failing.
**We need to generate a lot of random bytes. It is a good idea to perform
some other ...
70
votes
9
answers
59k
views
gpg --gen-key hangs at gaining enough entropy on centos 6
Trying to generate a key for a server.
gpg --gen-key
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
...
54
votes
6
answers
29k
views
How to backup GPG?
What are the critical files I need to backup from GPG? I guess my private key would qualify of course, but what else?
50
votes
2
answers
60k
views
How to verify an imported GPG key
I'm new to this PGP thing. Here are my questions:
Verification
When I do this, I'm given the message "This key is not certified with a trusted signature". Is there anyway to make it trusted and ...
44
votes
2
answers
28k
views
GPG - why am I encrypting with subkey instead of primary key?
When encrypting a file to send to a collaborator, I see this message:
gpg: using subkey XXXX instead of primary key YYYY
Why would that be? I've noticed that when they send me an encrypted file, it ...
39
votes
2
answers
66k
views
How to verify a file using an asc signature file?
As an example, this project offers an *.asc file with a PGP signature to verify the contents of the download (as opposed to a checksum, you can see the empty column): https://ossec.github.io/downloads....
26
votes
5
answers
41k
views
How to install gpg keys from behind a firewall?
I understand that keyservers are using the port 11371 but in many cases you are not allowed to connect to this port and you cannot add
There a many cases when you cannot modify the firewall ...
25
votes
4
answers
24k
views
How to generate gpg key without user interaction?
I found in https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html#Unattended-GPG-key-generation method to generate gpg keys without user interaction, but it doesn't seem ...
22
votes
4
answers
27k
views
How do I import a RSA SSH key into GPG as the _primary_ private key?
I currently have a SSH key that I've used for a while and I'd like to start using GnuPG with a new keyring. However, given that I've used my key for ages, I would like to still use that key in GPG as ...
21
votes
3
answers
17k
views
How to prevent gpg from creating .gnupg directory in user's home directory
I'm trying to run use the gpg tool to encrypt and decrypt files and I would like to know if it's possible to run this tool without it changing a user's global state. Specifically, running gpg for the ...
19
votes
2
answers
21k
views
How can I decrypt multiple files in a directory with gpg?
I have a directory with multiple .gpg files, all encrypted with the same passphrase. How can I decrypt them all without entering the passphrase over and over?
18
votes
5
answers
24k
views
Using PGP keys for SSH
I use a 4096 byte RSA PGP key; since SSH also uses the RSA standard, is it at all possible to use the PGP key as an SSH key without installing additional software on the server (and as little as ...
17
votes
2
answers
10k
views
Reprepro export could not find signing key
We have a private debian repository that was set up years ago by an earlier system admin. Packages were signed by the older key, 7610DDDE (which I had to revoke), as shown here for the root user on ...
15
votes
2
answers
28k
views
How to remove a yum repo GPG key?
I have a custom RPM repo in Artifactory, and GPG signing keys were recently enabled.
When I ran sudo yum check-updates I was prompted to add the key:
Retrieving key from https://artifactory.example....
14
votes
4
answers
9k
views
Validating signature trust with gpg?
We would like to use gpg signatures to verify some aspects of our
system configuration management tools. Additionally, we would like to
use a "trust" model where individual sysadmin keys are signed ...
13
votes
2
answers
10k
views
Is it possible to use a gpg public key to encrypt a message without importing the key?
Sometimes I might want to use someone's gpg key to send a message but will have no need to ever use the key again.
Importing the key in this instance seems unnecessary.
I've searched, but can't find ...
12
votes
3
answers
4k
views
Encrypted offsite backup using GPG with private key never on backup server?
I have a backup server, that creates xz compressed tar archives of directory trees to be backed up. These tar archives can get huge (multiple TBs), are split into pieces (2.5TB), and each piece is ...
12
votes
4
answers
22k
views
gpg-agent says agent exists, but gpg says agent doesn't exist?
I'm struggling with some issues while scripting gpg with bash on a Debian 6.0.6 box. I have a script that does a batch of operations and wants to make sure that a gpg-agent is available before it ...
10
votes
5
answers
32k
views
Why does apt-get update tell me to run apt-get update?
So I have this going on:
# apt-get update
Get:1 http://ftp.us.debian.org etch Release.gpg [1032B]
Hit http://ftp.us.debian.org etch Release ...
10
votes
2
answers
5k
views
How does changing a GPG encryption key's passphrase work?
I know that I can do (edit: fixed this; I'm interested in gpg NOT openssh)
gpg --edit-key
...to change my passphrase for my key, but I'm not sure what this means.
If I'm encrypting data on box A ...
9
votes
3
answers
6k
views
Debian - "WARNING: untrusted versions of the following packages will be installed!"
When i try to install or update any packages I get:
Untrusted packages could compromise your system's security.
You should only proceed with the installation if you are certain that
this is what you ...
9
votes
3
answers
4k
views
Add second sub-key to unattended GPG key
I am writing a bash script which generates unattended GPG keys, I have looked through Unattended Usage of GPG and was surprised to find that 'Currently only one subkey can be handled.'
I am unable to ...
8
votes
3
answers
4k
views
Force the use of a gpg-key as an ssh-key for a given server
I configured ssh to use GPG as my ssh-agent and if I remove the ~/.ssh folder, I can ssh into my server fine using my gpg key. However, my ~/.ssh folder has over a dozen different ssh keys in it, and ...
8
votes
1
answer
18k
views
Bad signatures or NOKEY errors on RPMs I just signed
I'm having serious problems getting RPM signing working for RHEL / CentOS 5 hosts.
TL;DR: RPM signing isn't working, and it's working in a variety of insane and erratic ways depending on the exact ...
8
votes
1
answer
4k
views
Using gpg-agent over ssh
I'm having a problem using the gpg-agent over ssh via a single command line.
Here is my configuration :
Server A : triggering the command via ssh.
ssh user@serverB "sudo -E /path/to/script.sh"
...
8
votes
1
answer
12k
views
Unable to generate GPG keys without passphrase on Ubuntu 18.04 [closed]
Has anyone tried creating GPG keys for encrypted pillars on Ubuntu 18.04?
I'm using the following command to attempt to generate the keys:
gpg --gen-key --homedir /etc/salt/gpgkeys
When I run that ...
7
votes
2
answers
7k
views
How can I use Duplicity with a symmetric key?
I am using duplicity to perform backups on my server. Right now duplicity is encrypting the backup using a GPG public-private key system. I would prefer to encrypt the backup files using just a ...
7
votes
1
answer
1k
views
Mailing list + PGP/GPG support
I would like to create such mailing list where every contributor must sign his/her messages with PGP/GPG, otherwise mailing list software would block unsigned message.
All PGP/GPG public keys of ...
7
votes
0
answers
4k
views
Export Private ed25519 Key From GnuPG For Use in SSH
Is there a way to create an id_ed25519 (not id_ed25519.pub) file from an ed25519 keypair stored in GnuPG?
I've started keeping track of my SSH keys in GPG:
sec rsa3072 2017-12-12 [C]
...
6
votes
5
answers
9k
views
user GPG key not able to be used by SUDO
I created a script that runs duplicity to backup files I have on a VPS,and uses a GPG key that I generated as a user.
When I try and run this script as SUDO I get:
GPGError: GPG Failed, see log ...
6
votes
3
answers
10k
views
GPG doesn't work in crontab
I have the following script:
#!/bin/sh -e
PWD="supersecretpassword"
file="/backup/2do/example.txt"
echo before
echo $PWD | gpg --passphrase-fd 0 -c $file
echo after
The scripts works perfectly fine ...
6
votes
2
answers
7k
views
replace or remove GPG signature on RPM
Is there a way to remove or replace an existing GPG signature on an RPM?
I am placing a few obscure RPMs on an internal repo we use for supplementary rhel/centos packages. A few of those RPMs are ...
6
votes
3
answers
244
views
General GnuPG tips
Prompted by the recent vulnerability in SHA-1 and admonitions to begin the process of moving away from that hash function, I'm playing around with GnuPG again. I was just wondering how other folks ...
5
votes
3
answers
450
views
PGP: on the web, what if everything was tampered?
I am trying to wrap my head around how Public Key Cryptography can really work in a secure manner.
From what I can gather, you go to example.com and download their PGP/GPG Public Key and add it to ...
5
votes
3
answers
386
views
GPG/PGP Signatures & Encryption - An Academic Security Question
Digital Signatures
Digital signatures take place whereby you apply your private key to a particular message (or the hash of that message in most cases).
The recipient then takes your public key - ...
5
votes
1
answer
23k
views
How to export private key? (GnuPG) [closed]
I have successfully created GnuPG public/private key pair using RSA and RSA algorithm. How can I export a public key and private key in the form of file with the .asc extension?
5
votes
1
answer
2k
views
How can I set up automated, encrypted backups of live MySQL databases on a Ubuntu VPS to Google Drive using Duplicity?
We're using DigitalOcean as our VPS provider. They have a tutorial on how to set up Duplicity for encrypted backups, but it doesn't cover database backups or the Google Drive endpoint.
I found a few ...
5
votes
4
answers
3k
views
Ubuntu add repo app-key fails
On Ubuntu 20.04 LTS, I'm trying to install packages like MongoDB, Sublime Text 3 etc. but before adding them their repo url must be added.
I'm trying this command:
wget -qO - https://download....
5
votes
1
answer
6k
views
How to reposync saltstack? reposync failing with error message `Removing [...], due to missing GPG key.`
On a RHEL 7.4 system, I add the salt-latest repo as follows:
yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
Notice, amongst other things, this creates the ...
5
votes
1
answer
9k
views
Cannot update Debian Wheezy due to GPG error (NODATA)
I have a server running on Debian Wheezy.
It's apt source file has following configuration:
deb http://ftp.uk.debian.org/debian/ wheezy main non-free contrib
deb-src http://ftp.uk.debian.org/debian/ ...
5
votes
1
answer
3k
views
How do you enable the storing of GPG / PGP keys in OpenLDAP
I've searched high and low trying to find a method that allows me to store GPG keys for existing users in an OpenLDAP server. The only relevant how-to I've found is this. However, I'm unable to get ...
5
votes
2
answers
2k
views
Why do I get this APT warning: Signature by key [...] uses weak digest algorithm (SHA1)?
I'm hosting a private Debian repository for some custom Raspberry Pi code. I originally built the software on Raspbian Jessie (version 8), generated a GPG key which I use to sign the repository, and ...
5
votes
1
answer
2k
views
force ssh to use agent, without fallback to directly accessing the IdentityFile
Company policy requires some ssh keys to be stored securely, e.g. on dedicated USB device. Using keys not stored on the host machine works flawlessly using gnupg with enable-ssh-support, even when ...
4
votes
1
answer
3k
views
When installing docker on Ubuntu, why isn't it as easy as apt-get install docker?
I've installed docker a dozen times on Ubuntu using the instructions on the docker website (7 commands including removing old versions, adding a gpg keychain etc). I always just powered through, but ...
4
votes
3
answers
4k
views
apt warnings with HP SDR/MCP repo on Ubuntu
I'm using the HP SDR system (MCP specifically) for Linux packages to manage the HP hardware RAID, iLo, etc. The kernel drivers for the hardware are upstream, so these are just management utilities.
...
4
votes
1
answer
8k
views
How to Disable GPG checks per Channel in Spacewalk?
Is it possible to disable GPG checks on a per channel basis in Spacewalk?
For patching of my servers, I've converted from using local yum repositories on the clients under /etc/yum.repos.d, to ...
4
votes
2
answers
3k
views
GPG encrypt and decrypt with ssh-agent
I use ssh regularly and have ssh-agent set up.
How can I use ssh keys to gpg-encrypt a file?
Edit: It seems that this is impossible. Why? ssh can encrypt traffic, so why not also files?
4
votes
2
answers
2k
views
Trust gpg key via script
When performing an automated server deployment, I can upload and import gpg keys via script. But I cannot trust keys.
I tried
gpg --batch --yes --edit-key keyname trust 5
and
echo 5 | gpg --batch -...
4
votes
1
answer
10k
views
gpg-agent: fatal error in syslog on ssh login
In the syslog for my Ubuntu server, there is an error that appears whenever I log in using an SSH user account.
systemd[27299]: usr/bin/gpg-agent failed (exitcode=2): General error
systemd[27299]: ...
4
votes
1
answer
2k
views
How do I successfully import public key 94532124541922FB into GPG?
I think I need to have the key 94532124541922FB in my keyring as multistrap is reporting:
W: GPG error: http://packages.roundr.devuan.org/merged ascii InRelease: The following signatures couldn't be ...