Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: Lost in the maze of encryption - guidance needed please.

  1. #11
    Join Date
    Sep 2012
    Posts
    5,041

    Default Re: Lost in the maze of encryption - guidance needed please.

    Quote Originally Posted by Budgie2 View Post
    why are the Key IDs different
    Legacy. Some programs default to old short form, some display more modern long form.
    Enigmail App shows the 22/06/19 dated key as disabled?
    This key is disabled in your keyring.

    Code:
    alastair@AJBR-W530:~> gpg --edit-key --expert ajbudge@errichel.co.uk
    This shows the disabled key but not the other although both have the same email address.
    a) you did not show any evidence that both keys have the same uid. Show "gpg -K" output.
    b) --edit-key edits one single key. So it happens to pick up the first one in the list of matching keys. If you want to edit another one, select it using more precise search criteria, like key id.

    what I have yet to do to get the key dated 05/07/19 which has not been disabled, to show as available for encryption
    Encryption is using recipient public key, not your own secret key. If you want to encrypt message so you can also read it, you will need your matching public key. Do you have one ("gpg -k" lists public keys)?
    enable creation of authentication subkey.
    You mean that "gpg --edit-key 68EC645D" does not work?

  2. #12
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,153
    Blog Entries
    2

    Default Re: Lost in the maze of encryption - guidance needed please.

    Quote Originally Posted by Budgie2 View Post
    Hi Tsu and thanks for the good questions. My objectives are:-

    To have all my computers used for secure email to all be using the same key database and eventually have this synced, possibly in cloud such as dropbox.

    In pursuing this objective to rationalize all the keys and subkeys I have and sort out their trust status etc.

    To set up a "Nitrokey Storage" as a login key for computers, a convenient means of opening KeePassXC password database without having to enter the long password and also a key safe for transporting key database and password database before cloud sync is working or when there is no internet access.

    All of the information I have used has either been from the Firefox/Enigmail instructions of from the Nitrokey.com site which has various instructions for using the NitroKey.

    You point out that there are differences between OpenPGP and GPG but I confess I am slightly confused. For example NitroKey describes "OpenPGP Email Encryption with Thunderbird" and goes on to explain how to install Enigmail and gnupg2. In another instruction Nitrokey describes OpenPGP Key generation with Backup and the terminal commands are for gpg.

    In a similar manner, instructions for Key Management in Enigmail and certainly in the Enigmail documentation the references are for GnuPG and OpenPGP but where GPG fits in if it is different I am not clear.

    I am not sitting here asking others to sort out my problem and am reading and trying but not making much progress. I have not used email encryption since I stopped using OS/2 many years ago. All the keys now extant are new and none have been used in anger. I could clear out all the keys in my present machines and start over but am uneasy and would rather put the unwanted keys in storage somewhere so they do not confuse what I am trying to do now but could find them if needed.

    Thanks again for your reply. Given the several different issues I propose to work at the enigmail until I have that all correct before going on the the Nitrokey. Will report back when I next get stuck!
    I have not used the Enigma plugin to Thunderbird, but I understand it somewhat uniquely (and maybe transparently) can support either OpenPGP and GPG... So to the User setup and encrypt/decrypt may seem exactly the same no matter what is the backend... But you will have to set up the backend correctly for OpenPGP or GPG.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  3. #13
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,507
    Blog Entries
    3

    Default Re: Lost in the maze of encryption - guidance needed please.

    Quote Originally Posted by tsu2 View Post
    I have not used the Enigma plugin to Thunderbird, but I understand it somewhat uniquely (and maybe transparently) can support either OpenPGP and GPG...
    OpenPGP is the name of the standard. And GPG is an implementation of that standard.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  4. #14
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,153
    Blog Entries
    2

    Default Re: Lost in the maze of encryption - guidance needed please.

    Quote Originally Posted by nrickert View Post
    OpenPGP is the name of the standard. And GPG is an implementation of that standard.
    Not entirely true.
    There are distinct differences which is why they are not necessarily always interchangeable (depends on the software)
    Usually compatible but not exactly the same.
    One came before the other, and although there is a lot of overlap in features, there are differences which shouldn't be ignored.

    https://www.google.com/search?q=open...openpgp+vs+gpg

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  5. #15
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,507
    Blog Entries
    3

    Default Re: Lost in the maze of encryption - guidance needed please.

    There's also PGP (from "pgp.com") which is another implementation of the OpenPGP standard, and started by the originator of PGP. As far as I know, "enigmail" on linux can only use GPG. At one time there was a PGP version for linux, but I'm not sure if that is still true.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  6. #16

    Default Re: Lost in the maze of encryption - guidance needed please.

    OK and thanks for the detailed additional information. I was however reasonably confident that if I followed the Enigmail Mozilla Applications Handbook I should be OK. In order to clear the decks for new action I put all my previous activity into a temporary directory and started with a clean and empty .gnupg directory. I then followed the instructions by going to a friend's email which had been sent by him earlier which had attached his public key.

    The email had an Enigmail banner at the top with an Import Key button. This didn't work because the key had not been uploaded to "the key server."

    OK, so the Handbook instructions say "right click on the attachment" and choose Import OpenPGP Key.

    Unfortunately this option is not offered. Instead I am offered "Decrypt and Open" or "Decrypt and Save As..."

    Surely this should be managed in the background by the Enigmail but what should I do with the file?

  7. #17
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,153
    Blog Entries
    2

    Default Re: Lost in the maze of encryption - guidance needed please.

    Quote Originally Posted by Budgie2 View Post
    OK and thanks for the detailed additional information. I was however reasonably confident that if I followed the Enigmail Mozilla Applications Handbook I should be OK. In order to clear the decks for new action I put all my previous activity into a temporary directory and started with a clean and empty .gnupg directory. I then followed the instructions by going to a friend's email which had been sent by him earlier which had attached his public key.

    The email had an Enigmail banner at the top with an Import Key button. This didn't work because the key had not been uploaded to "the key server."

    OK, so the Handbook instructions say "right click on the attachment" and choose Import OpenPGP Key.

    Unfortunately this option is not offered. Instead I am offered "Decrypt and Open" or "Decrypt and Save As..."

    Surely this should be managed in the background by the Enigmail but what should I do with the file?
    First,
    There are free, public GPG servers you can upload a public GPG cert... I'd be pretty sure how that button should work, it's a convenient way to distribute your public key for all to use when communicating with the person who generated the key

    https://www.gnupg.org/gph/en/manual/x457.html

    I'd expect that either of those other two options should also work if the you already have the necessary public key, but Enigma must know where that key is stored... There has to be another way to import the key if the described way isn't there... Click around the app, something will likely show up, or do a search on your version of Enigma.

    HTH,
    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  8. #18
    Join Date
    Sep 2012
    Posts
    5,041

    Default Re: Lost in the maze of encryption - guidance needed please.

    Quote Originally Posted by Budgie2 View Post
    friend's email which had been sent by him earlier which had attached his public key.
    ...
    OK, so the Handbook instructions say "right click on the attachment" and choose Import OpenPGP Key.

    Unfortunately this option is not offered.
    I just tested and it works fine, at least if I used Enigmail "Attach public key" menu option when sending it. I also tested signed and encrypted messages with attachment and it worked in both cases.
    Instead I am offered "Decrypt and Open" or "Decrypt and Save As..."
    So Enigmail did not recognize it as attached public key. More useful answer is hardly possible without having actual message.

  9. #19

    Default Re: Lost in the maze of encryption - guidance needed please.

    First in reply to Tsu many thanks and I see that a number of key servers are listed in the Enigmail Preferences Expert Settings with the first on the list being the default which in this case is hkps://keys.openpgp.org so all is well here once I opt to upload. My testing suggests my friend has not uploaded or, as he is using Mailvelope, he may have used the Mailvelope key server as his default!

    I am disappointed that the key saving is less elegant than the Handbook suggests. What I have to do is save the ascii file and then go to Enigmail Key Management and import that file. All clear and straight forward but several unwanted additional moves which should be uneccessary.

    The attachment is all working and so is the recognition of of the key once it is in the keyring.
    In conclusion so far OK but not smooth yet.

    Thanks again.
    Budgie2

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •