LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Problems with GPG keys (https://www.linuxquestions.org/questions/linux-newbie-8/problems-with-gpg-keys-4175574321/)

repcak285 03-08-2016 11:57 AM

Problems with GPG keys
 
Hi
I am using linux mint 17.2 with Thunderbird and Enigmail.
I cannot import any new public gpg keys recently. A friend sent me an encrypted message and atatched his public key. I saved the atatchment and tried to import that key from file. After I import it I still cannot decrypt the message - enigmail says a key is needed. I click on details and it says I am missing a secret key. So I have my secret key in a file, try to import it and it tells me I already have this key.
Any ideas what's the problem here? been fighting this since yesterday and getting fed up now. I really want to use the encryption.

CTM 03-08-2016 08:17 PM

The email your friend sent needs to be encrypted with your public key in order for you to be able to decrypt it with your private key. (Checking signatures is another matter: for that, you only need the other party's public key.) If he only encrypted it with his own public key, you'll get that error message from GnuPG. If you're sure you're typing in the passphrase for your private key correctly, it's likely that he didn't encrypt it correctly.

sgosnell 03-08-2016 10:12 PM

He may have encrypted it with his public key. Using his private key is supremely stupid, and takes some effort. If he did use his public key, only he can decrypt it with his private key. He has to use your public key to encrypt, so that only you can decrypt it with your private key. There is a lot of confusion about public and private keys out there, and the way they're used needs to change. The use of keys has to be transparent. Some developers are working on it, notably Open Whisper Systems, as well as email providers like Startmail. But encryption can still be mucked up.

repcak285 03-09-2016 09:36 AM

Quote:

Originally Posted by sgosnell (Post 5512500)
He may have encrypted it with his public key. Using his private key is supremely stupid, and takes some effort. If he did use his public key, only he can decrypt it with his private key. He has to use your public key to encrypt, so that only you can decrypt it with your private key. There is a lot of confusion about public and private keys out there, and the way they're used needs to change. The use of keys has to be transparent. Some developers are working on it, notably Open Whisper Systems, as well as email providers like Startmail. But encryption can still be mucked up.

Hi
I did not use his private key, only mine. Anyway the problem is sorted now. He was able to read my encrypted messages but I could not decrypt his messages. So I asked him to properly import my public key again and after he did everything works flawlessly now.
Indeed the whole process of using encryption is not an easy one for a newb. I cannot understand why it is not much popular and idiot proof by now. Do all people use facebook chat to communicate? :D
Thanks for the help guys!

CTM 03-09-2016 05:50 PM

Quote:

Originally Posted by repcak285 (Post 5512703)
Indeed the whole process of using encryption is not an easy one for a newb. I cannot understand why it is not much popular and idiot proof by now.

The academic literature describes a usability study of PGP that was performed in 1999. It's a stain on our industry that, 17 years later, every conclusion it drew still applies (although Open Whisper Systems are moving things in the right direction for mobile devices).

sundialsvcs 03-11-2016 02:01 PM

The important thing to realize about GPG is that mail sent to a particular person is encrypted using his public key, which can be safely stored on a public key-server (and usually is). Therefore, anyone can send a secure message to someone, but only that person can decrypt it. (Because only the private key may be used to decrypt a message that was encrypted with any public key.)

Likewise, when you "digitally sign" a message, whether you encrypt it or not, you do so using your private key. In order to verify your signature, the recipient must download (or have) your public key. Only you could have signed the message, but anyone can verify the signature.

Many GPG-aware mail clients also know how to transparently retrieve public keys as-needed from well known servers. GPG suites also will post your public keys to those servers as a matter of course, if you let them. Therefore, you don't need to send keys to someone in advance of engaging with secure communication with them. You just publish your public key, and remind them to do the same.


All times are GMT -5. The time now is 08:42 AM.