Skip to main content

Questions tagged [gpg]

GNU Privacy Guard (GnuPG or GPG) is OpenPGP compliant FOSS alternative to PGP encryption software.

Filter by
Sorted by
Tagged with
94 votes
9 answers
88k views

GPG does not have enough entropy

I've got a ton of processes running in the background to try and get enough entropy, but I am still failing. **We need to generate a lot of random bytes. It is a good idea to perform some other ...
Joey BagODonuts's user avatar
70 votes
9 answers
59k views

gpg --gen-key hangs at gaining enough entropy on centos 6

Trying to generate a key for a server. gpg --gen-key We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the ...
stormdrain's user avatar
  • 1,459
54 votes
6 answers
29k views

How to backup GPG?

What are the critical files I need to backup from GPG? I guess my private key would qualify of course, but what else?
jldupont's user avatar
  • 1,899
50 votes
2 answers
60k views

How to verify an imported GPG key

I'm new to this PGP thing. Here are my questions: Verification When I do this, I'm given the message "This key is not certified with a trusted signature". Is there anyway to make it trusted and ...
user192702's user avatar
44 votes
2 answers
28k views

GPG - why am I encrypting with subkey instead of primary key?

When encrypting a file to send to a collaborator, I see this message: gpg: using subkey XXXX instead of primary key YYYY Why would that be? I've noticed that when they send me an encrypted file, it ...
Michael H.'s user avatar
39 votes
2 answers
66k views

How to verify a file using an asc signature file?

As an example, this project offers an *.asc file with a PGP signature to verify the contents of the download (as opposed to a checksum, you can see the empty column): https://ossec.github.io/downloads....
user8897013's user avatar
26 votes
5 answers
41k views

How to install gpg keys from behind a firewall?

I understand that keyservers are using the port 11371 but in many cases you are not allowed to connect to this port and you cannot add There a many cases when you cannot modify the firewall ...
sorin's user avatar
  • 8,266
25 votes
4 answers
24k views

How to generate gpg key without user interaction?

I found in https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html#Unattended-GPG-key-generation method to generate gpg keys without user interaction, but it doesn't seem ...
eijeze's user avatar
  • 457
22 votes
4 answers
27k views

How do I import a RSA SSH key into GPG as the _primary_ private key?

I currently have a SSH key that I've used for a while and I'd like to start using GnuPG with a new keyring. However, given that I've used my key for ages, I would like to still use that key in GPG as ...
SineSwiper's user avatar
  • 2,658
21 votes
3 answers
17k views

How to prevent gpg from creating .gnupg directory in user's home directory

I'm trying to run use the gpg tool to encrypt and decrypt files and I would like to know if it's possible to run this tool without it changing a user's global state. Specifically, running gpg for the ...
Richard Cook's user avatar
19 votes
2 answers
21k views

How can I decrypt multiple files in a directory with gpg?

I have a directory with multiple .gpg files, all encrypted with the same passphrase. How can I decrypt them all without entering the passphrase over and over?
Chris Shain's user avatar
18 votes
5 answers
24k views

Using PGP keys for SSH

I use a 4096 byte RSA PGP key; since SSH also uses the RSA standard, is it at all possible to use the PGP key as an SSH key without installing additional software on the server (and as little as ...
user18725's user avatar
  • 181
17 votes
2 answers
10k views

Reprepro export could not find signing key

We have a private debian repository that was set up years ago by an earlier system admin. Packages were signed by the older key, 7610DDDE (which I had to revoke), as shown here for the root user on ...
Andy Dorman's user avatar
15 votes
2 answers
28k views

How to remove a yum repo GPG key?

I have a custom RPM repo in Artifactory, and GPG signing keys were recently enabled. When I ran sudo yum check-updates I was prompted to add the key: Retrieving key from https://artifactory.example....
cherdt's user avatar
  • 425
14 votes
4 answers
9k views

Validating signature trust with gpg?

We would like to use gpg signatures to verify some aspects of our system configuration management tools. Additionally, we would like to use a "trust" model where individual sysadmin keys are signed ...
larsks's user avatar
  • 45.6k
13 votes
2 answers
10k views

Is it possible to use a gpg public key to encrypt a message without importing the key?

Sometimes I might want to use someone's gpg key to send a message but will have no need to ever use the key again. Importing the key in this instance seems unnecessary. I've searched, but can't find ...
Patrick Keery's user avatar
12 votes
3 answers
4k views

Encrypted offsite backup using GPG with private key never on backup server?

I have a backup server, that creates xz compressed tar archives of directory trees to be backed up. These tar archives can get huge (multiple TBs), are split into pieces (2.5TB), and each piece is ...
oberstet's user avatar
  • 329
12 votes
4 answers
22k views

gpg-agent says agent exists, but gpg says agent doesn't exist?

I'm struggling with some issues while scripting gpg with bash on a Debian 6.0.6 box. I have a script that does a batch of operations and wants to make sure that a gpg-agent is available before it ...
Craig Ringer's user avatar
  • 11.3k
10 votes
5 answers
32k views

Why does apt-get update tell me to run apt-get update?

So I have this going on: # apt-get update Get:1 http://ftp.us.debian.org etch Release.gpg [1032B] Hit http://ftp.us.debian.org etch Release ...
chaos's user avatar
  • 7,513
10 votes
2 answers
5k views

How does changing a GPG encryption key's passphrase work?

I know that I can do (edit: fixed this; I'm interested in gpg NOT openssh) gpg --edit-key ...to change my passphrase for my key, but I'm not sure what this means. If I'm encrypting data on box A ...
jberryman's user avatar
  • 934
9 votes
3 answers
6k views

Debian - "WARNING: untrusted versions of the following packages will be installed!"

When i try to install or update any packages I get: Untrusted packages could compromise your system's security. You should only proceed with the installation if you are certain that this is what you ...
user1794469's user avatar
9 votes
3 answers
4k views

Add second sub-key to unattended GPG key

I am writing a bash script which generates unattended GPG keys, I have looked through Unattended Usage of GPG and was surprised to find that 'Currently only one subkey can be handled.' I am unable to ...
user avatar
8 votes
3 answers
4k views

Force the use of a gpg-key as an ssh-key for a given server

I configured ssh to use GPG as my ssh-agent and if I remove the ~/.ssh folder, I can ssh into my server fine using my gpg key. However, my ~/.ssh folder has over a dozen different ssh keys in it, and ...
Mike D's user avatar
  • 318
8 votes
1 answer
18k views

Bad signatures or NOKEY errors on RPMs I just signed

I'm having serious problems getting RPM signing working for RHEL / CentOS 5 hosts. TL;DR: RPM signing isn't working, and it's working in a variety of insane and erratic ways depending on the exact ...
Craig Ringer's user avatar
  • 11.3k
8 votes
1 answer
4k views

Using gpg-agent over ssh

I'm having a problem using the gpg-agent over ssh via a single command line. Here is my configuration : Server A : triggering the command via ssh. ssh user@serverB "sudo -E /path/to/script.sh" ...
Tony's user avatar
  • 281
8 votes
1 answer
12k views

Unable to generate GPG keys without passphrase on Ubuntu 18.04 [closed]

Has anyone tried creating GPG keys for encrypted pillars on Ubuntu 18.04? I'm using the following command to attempt to generate the keys: gpg --gen-key --homedir /etc/salt/gpgkeys When I run that ...
Soviero's user avatar
  • 4,386
7 votes
2 answers
7k views

How can I use Duplicity with a symmetric key?

I am using duplicity to perform backups on my server. Right now duplicity is encrypting the backup using a GPG public-private key system. I would prefer to encrypt the backup files using just a ...
mclark1129's user avatar
7 votes
1 answer
1k views

Mailing list + PGP/GPG support

I would like to create such mailing list where every contributor must sign his/her messages with PGP/GPG, otherwise mailing list software would block unsigned message. All PGP/GPG public keys of ...
user avatar
7 votes
0 answers
4k views

Export Private ed25519 Key From GnuPG For Use in SSH

Is there a way to create an id_ed25519 (not id_ed25519.pub) file from an ed25519 keypair stored in GnuPG? I've started keeping track of my SSH keys in GPG: sec rsa3072 2017-12-12 [C] ...
Dave's user avatar
  • 223
6 votes
5 answers
9k views

user GPG key not able to be used by SUDO

I created a script that runs duplicity to backup files I have on a VPS,and uses a GPG key that I generated as a user. When I try and run this script as SUDO I get: GPGError: GPG Failed, see log ...
BassKozz's user avatar
  • 655
6 votes
3 answers
10k views

GPG doesn't work in crontab

I have the following script: #!/bin/sh -e PWD="supersecretpassword" file="/backup/2do/example.txt" echo before echo $PWD | gpg --passphrase-fd 0 -c $file echo after The scripts works perfectly fine ...
MrG's user avatar
  • 289
6 votes
2 answers
7k views

replace or remove GPG signature on RPM

Is there a way to remove or replace an existing GPG signature on an RPM? I am placing a few obscure RPMs on an internal repo we use for supplementary rhel/centos packages. A few of those RPMs are ...
carlos's user avatar
  • 173
6 votes
3 answers
244 views

General GnuPG tips

Prompted by the recent vulnerability in SHA-1 and admonitions to begin the process of moving away from that hash function, I'm playing around with GnuPG again. I was just wondering how other folks ...
5 votes
3 answers
450 views

PGP: on the web, what if everything was tampered?

I am trying to wrap my head around how Public Key Cryptography can really work in a secure manner. From what I can gather, you go to example.com and download their PGP/GPG Public Key and add it to ...
Ken R.'s user avatar
  • 63
5 votes
3 answers
386 views

GPG/PGP Signatures & Encryption - An Academic Security Question

Digital Signatures Digital signatures take place whereby you apply your private key to a particular message (or the hash of that message in most cases). The recipient then takes your public key - ...
khosrow's user avatar
  • 4,173
5 votes
1 answer
23k views

How to export private key? (GnuPG) [closed]

I have successfully created GnuPG public/private key pair using RSA and RSA algorithm. How can I export a public key and private key in the form of file with the .asc extension?
rancho's user avatar
  • 181
5 votes
1 answer
2k views

How can I set up automated, encrypted backups of live MySQL databases on a Ubuntu VPS to Google Drive using Duplicity?

We're using DigitalOcean as our VPS provider. They have a tutorial on how to set up Duplicity for encrypted backups, but it doesn't cover database backups or the Google Drive endpoint. I found a few ...
alexw's user avatar
  • 371
5 votes
4 answers
3k views

Ubuntu add repo app-key fails

On Ubuntu 20.04 LTS, I'm trying to install packages like MongoDB, Sublime Text 3 etc. but before adding them their repo url must be added. I'm trying this command: wget -qO - https://download....
Shah-G's user avatar
  • 193
5 votes
1 answer
6k views

How to reposync saltstack? reposync failing with error message `Removing [...], due to missing GPG key.`

On a RHEL 7.4 system, I add the salt-latest repo as follows: yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm Notice, amongst other things, this creates the ...
Edward Ned Harvey's user avatar
5 votes
1 answer
9k views

Cannot update Debian Wheezy due to GPG error (NODATA)

I have a server running on Debian Wheezy. It's apt source file has following configuration: deb http://ftp.uk.debian.org/debian/ wheezy main non-free contrib deb-src http://ftp.uk.debian.org/debian/ ...
Lashae's user avatar
  • 183
5 votes
1 answer
3k views

How do you enable the storing of GPG / PGP keys in OpenLDAP

I've searched high and low trying to find a method that allows me to store GPG keys for existing users in an OpenLDAP server. The only relevant how-to I've found is this. However, I'm unable to get ...
zymhan's user avatar
  • 1,382
5 votes
2 answers
2k views

Why do I get this APT warning: Signature by key [...] uses weak digest algorithm (SHA1)?

I'm hosting a private Debian repository for some custom Raspberry Pi code. I originally built the software on Raspbian Jessie (version 8), generated a GPG key which I use to sign the repository, and ...
soapergem's user avatar
  • 719
5 votes
1 answer
2k views

force ssh to use agent, without fallback to directly accessing the IdentityFile

Company policy requires some ssh keys to be stored securely, e.g. on dedicated USB device. Using keys not stored on the host machine works flawlessly using gnupg with enable-ssh-support, even when ...
anx's user avatar
  • 9,872
4 votes
1 answer
3k views

When installing docker on Ubuntu, why isn't it as easy as apt-get install docker?

I've installed docker a dozen times on Ubuntu using the instructions on the docker website (7 commands including removing old versions, adding a gpg keychain etc). I always just powered through, but ...
jorfus's user avatar
  • 795
4 votes
3 answers
4k views

apt warnings with HP SDR/MCP repo on Ubuntu

I'm using the HP SDR system (MCP specifically) for Linux packages to manage the HP hardware RAID, iLo, etc. The kernel drivers for the hardware are upstream, so these are just management utilities. ...
roktechie's user avatar
  • 123
4 votes
1 answer
8k views

How to Disable GPG checks per Channel in Spacewalk?

Is it possible to disable GPG checks on a per channel basis in Spacewalk? For patching of my servers, I've converted from using local yum repositories on the clients under /etc/yum.repos.d, to ...
blindsnowmobile's user avatar
4 votes
2 answers
3k views

GPG encrypt and decrypt with ssh-agent

I use ssh regularly and have ssh-agent set up. How can I use ssh keys to gpg-encrypt a file? Edit: It seems that this is impossible. Why? ssh can encrypt traffic, so why not also files?
nalply's user avatar
  • 1,107
4 votes
2 answers
2k views

Trust gpg key via script

When performing an automated server deployment, I can upload and import gpg keys via script. But I cannot trust keys. I tried gpg --batch --yes --edit-key keyname trust 5 and echo 5 | gpg --batch -...
lonix's user avatar
  • 978
4 votes
1 answer
10k views

gpg-agent: fatal error in syslog on ssh login

In the syslog for my Ubuntu server, there is an error that appears whenever I log in using an SSH user account. systemd[27299]: usr/bin/gpg-agent failed (exitcode=2): General error systemd[27299]: ...
John Doe's user avatar
  • 365
4 votes
1 answer
2k views

How do I successfully import public key 94532124541922FB into GPG?

I think I need to have the key 94532124541922FB in my keyring as multistrap is reporting: W: GPG error: http://packages.roundr.devuan.org/merged ascii InRelease: The following signatures couldn't be ...
fadedbee's user avatar
  • 2,138