Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Lost in the maze of encryption - guidance needed please.

  1. #1

    Default Lost in the maze of encryption - guidance needed please.

    Running Leap 15 with KDE Plasma 5.12.6 and am really lost. Back in the day when I was running OS/2 and PMMail I had PGP working well and life was simple. Now I cannot understand what is happening.

    I thought I would try pgp again after a gap of 10 years and I have Thunderbird installed with Enigmail. I have not yet set it up because I thought I would try and have a rational approach to key storage.

    Meanwhile I messed up my kwallet so started over with a new wallet and thought I would try pgp security rather than blowfish and loh and behold it tells me there are no keys present. As I recall I was asked to use kgpg. But there are already keys present or so I believe, so why didn't the wallet find them.

    Related this has been my initial attempt to set up and use an encrypted usb key device called Nitrokey Storage. This suggests I use gnupg or is that gnupg2 to generate keys.

    So where should I start?

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,507
    Blog Entries
    3

    Default Re: Lost in the maze of encryption - guidance needed please.

    You need to start by generating a key.

    You can use "gpg" at the command line for this. Or you can use "kgpg" or "kleopatra". But those are both just GUI front-ends to "gpg" so it won't really make a difference which you use.

    Once you have created a key, you will have a ".gnupg" directory. And "enigmail" should recognize that and be able to use your key.

    I'm not sure if this helps. Yes, there's a steep learning curve for crypto. But once you get over the hump, it all begins to make sense.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  3. #3

    Default Re: Lost in the maze of encryption - guidance needed please.

    Quote Originally Posted by nrickert View Post
    You need to start by generating a key.

    You can use "gpg" at the command line for this. Or you can use "kgpg" or "kleopatra". But those are both just GUI front-ends to "gpg" so it won't really make a difference which you use.

    Once you have created a key, you will have a ".gnupg" directory. And "enigmail" should recognize that and be able to use your key.

    I'm not sure if this helps. Yes, there's a steep learning curve for crypto. But once you get over the hump, it all begins to make sense.
    Hi and thanks for this. As I wrote before there is already a key there in the .gnupg directory. Not sure how it came to be there but what is clear is that the kwallet app didn't pick it up and I need to read a good bit more so I can understand how Nitrokey is integrated otherwise I shall have three different sets of keyrings.
    Many thanks once more.

  4. #4
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,507
    Blog Entries
    3

    Default Re: Lost in the maze of encryption - guidance needed please.

    Maybe:
    Code:
    gpg --list-keys
    to see what keys are there.

    Or:
    Code:
    gpg --list-keys Budgie2
    for your own keys. But replace "Budgie2" by whatever name you are likely to have used on keys -- or whatever email address.

    When used for kwallet, it wants a key where you have ultimate trust.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  5. #5

    Default Re: Lost in the maze of encryption - guidance needed please.

    After a break in which I have had to move to Tumbleweed I have returned to this topic because I must now start to use Thunderbird/Engmail in anger as it were.
    There is one concept on which I would ask clarification and that concerns my email clients and IMAP server.

    It appears that during many installations of Thunderbird and use on several different computers but using the same email addresses I seem to have too many key pairs. So my question is; are the key pairs saved in my thunderbird profile and also therefore on the IMAP server or are they saved only locally.

    I ask because I now need to weed out surplus keys and ensure that each machine only has the same and correct keyring contents. No doubt there will be more questions but this seems like the place to start.

    Regards,
    Budgie2

  6. #6

    Default Re: Lost in the maze of encryption - guidance needed please.

    Talking to myself again but I had it wrong, at least it appears the keys are held locally so what I have done is gone into each system and made all keys inactive except the ones I want to keep and then exported the wanted keys to each machine in turn. I shall delete the unwanted and unused keys when I have checked all is working as it should, Hope I haven't wasted your time.

  7. #7
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,507
    Blog Entries
    3

    Default Re: Lost in the maze of encryption - guidance needed please.

    Keys are saved in your "gnupg" keyring (in ".gnupg"). It's best to keep that consistent over all systems.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  8. #8

    Default Re: Lost in the maze of encryption - guidance needed please.

    I still need some guidance please as there appear to be contradictions or different information for the same keyring contents.

    Using GNU Privacy Assistant there are two keys shown with my relevant main email address with details as follows:

    The first, dated 2019-06-22 has a Key ID:2B24B97C, a fingerprint starting E9F0... is shown as fully valid and can be used for certification, signing and encryption.
    The second, dated 2019-07-05 has a Key ID:68EC645D, a fingerprint starting 1EAD... is shown with unknown validity and not available for encryption.
    Neither are shown as disabled.

    Using Enigmail Key Management there are still two keys shown with my relevant email address with details as follows:

    The first, dated 22/06/19 has a Key ID:BB7E69A42B24B97C, a fingerprint starting E9F0... is shown with key validity "disabled" but with ultimate owners trust.
    The second, dated 05/07/19 has a Key ID:50A3AF5F68EC645D, a fingerprint starting 1EAD... is shown with unknown validity or trust.

    Although the presentation is different it is clear these keys are the same in both applications so why are the Key IDs different and note that Enigmail App shows the 22/06/19 dated key as disabled?

    When I use console to look at the keys with a view to creating another subkey for use in authentication I have as follows:-

    Code:
    alastair@AJBR-W530:~> gpg --edit-key --expert ajbudge@errichel.co.uk
    gpg (GnuPG) 2.2.17; Copyright (C) 2019 Free Software Foundation, Inc.
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.
    
    Secret key is available.
    
    sec  rsa2048/BB7E69A42B24B97C
         created: 2019-06-22  expires: 2020-06-21  usage: SC  
         trust: ultimate      validity: ultimate
    *** This key has been disabled
    ssb  rsa2048/50CBBAAAC6A53584
         created: 2019-06-22  expires: 2020-06-21  usage: E   
    [ultimate] (1). ajbudge@errichel.co.uk <ajbudge@errichel.co.uk>
    
    gpg>
    This shows the disabled key but not the other although both have the same email address.

    Please could somebody reassure me that all is well and explain what I have yet to do to get the key dated 05/07/19 which has not been disabled, to show as available for encryption and enable creation of authentication subkey.

  9. #9
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,153
    Blog Entries
    2

    Default Re: Lost in the maze of encryption - guidance needed please.

    First,
    You need to clarify your intention... Are you trying to set up OpenPGP or GPG?
    They're not the same, look them up...
    That may even be at least in part why you're not finding anything working with GPG keys...

    Both PGP and GPG support asymmetric encryption (You exchange public keys which are used to unlock files or messages encrypted with the other person's related private key).
    There is also the symmetric key S-MIME.

    Recommend you clarify exactly what you want,
    Then look up a guide for the particularly email client you're using and that encryption method.

    If you run into problems,
    You can post the guide you're following and the problem.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  10. #10

    Default Re: Lost in the maze of encryption - guidance needed please.

    Hi Tsu and thanks for the good questions. My objectives are:-

    To have all my computers used for secure email to all be using the same key database and eventually have this synced, possibly in cloud such as dropbox.

    In pursuing this objective to rationalize all the keys and subkeys I have and sort out their trust status etc.

    To set up a "Nitrokey Storage" as a login key for computers, a convenient means of opening KeePassXC password database without having to enter the long password and also a key safe for transporting key database and password database before cloud sync is working or when there is no internet access.

    All of the information I have used has either been from the Firefox/Enigmail instructions of from the Nitrokey.com site which has various instructions for using the NitroKey.

    You point out that there are differences between OpenPGP and GPG but I confess I am slightly confused. For example NitroKey describes "OpenPGP Email Encryption with Thunderbird" and goes on to explain how to install Enigmail and gnupg2. In another instruction Nitrokey describes OpenPGP Key generation with Backup and the terminal commands are for gpg.

    In a similar manner, instructions for Key Management in Enigmail and certainly in the Enigmail documentation the references are for GnuPG and OpenPGP but where GPG fits in if it is different I am not clear.

    I am not sitting here asking others to sort out my problem and am reading and trying but not making much progress. I have not used email encryption since I stopped using OS/2 many years ago. All the keys now extant are new and none have been used in anger. I could clear out all the keys in my present machines and start over but am uneasy and would rather put the unwanted keys in storage somewhere so they do not confuse what I am trying to do now but could find them if needed.

    Thanks again for your reply. Given the several different issues I propose to work at the enigmail until I have that all correct before going on the the Nitrokey. Will report back when I next get stuck!

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •