LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-02-2016, 02:48 PM   #1
usao
Member
 
Registered: Dec 2011
Location: Chandler, AZ
Posts: 286

Rep: Reputation: Disabled
Trying to use GPG to encrypt/decrypt backup files


I have a need to encrypt backup files before they are sent to the tape library.
After some reading, I found that I should be using the 'gpg -c' command to encrypt the files.
When I tried to do that, I received an error, something about an agent. Not sure how to proceed. Don't know what the problem is.

[user@host ~]$ gpg -c foo
gpg: directory `/home/user/.gnupg' created
gpg: new configuration file `/home/user/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/user/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/user/.gnupg/pubring.gpg' created
can't connect to `/home/user/.gnupg/S.gpg-agent': No such file or directory
gpg-agent[56666]: directory `/home/user/.gnupg/private-keys-v1.d' created
gpg-agent[56666]: command get_passphrase failed: Operation cancelled
gpg: cancelled by user
gpg: error creating passphrase: Operation cancelled
gpg: symmetric encryption of `foo' failed: Operation cancelled
 
Old 05-02-2016, 04:47 PM   #2
Michael Uplawski
Senior Member
 
Registered: Dec 2015
Location: Apples
Distribution: Apple-selling shops, markets and direct marketing
Posts: 1,103
Blog Entries: 29

Rep: Reputation: 633Reputation: 633Reputation: 633Reputation: 633Reputation: 633Reputation: 633
Quote:
Originally Posted by usao View Post
I found that I should be using the 'gpg -c' command to encrypt the files.
When I tried to do that, I received an error, something about an agent. Not sure how to proceed. Don't know what the problem is.
AFAIS, with newer versions of GnuPG, gpg-agent is automatically installed. If this is not the case for your Linux-distribution, either verify that there is not a newer version of GnuPG available for your distribution or locate a package “gpg-agent” in the package-resources. In the latter case, verify also, that a pinentry-program is installed. There are different versions available, choose the one that pleases you most.

If installed, gpg-agent can be executed.
Code:
user@machine:~$ gpg-agent --version
gpg-agent (GnuPG) 2.1.12-beta152
libgcrypt 1.7.1-beta1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
 
Old 05-02-2016, 05:02 PM   #3
usao
Member
 
Registered: Dec 2011
Location: Chandler, AZ
Posts: 286

Original Poster
Rep: Reputation: Disabled
It appears the agent is installed:
$ gpg-agent --version
gpg-agent (GnuPG) 2.0.14
libgcrypt 1.4.5
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


Is this something which has to be started manually or is it a daemon process?
 
Old 05-02-2016, 05:04 PM   #4
usao
Member
 
Registered: Dec 2011
Location: Chandler, AZ
Posts: 286

Original Poster
Rep: Reputation: Disabled
Even after trying to start this agent as a daemon, it still fails to encrypt files:

[user@host~]$ gpg-agent --daemon
GPG_AGENT_INFO=/tmp/gpg-4Mj3hs/S.gpg-agent:56345:1; export GPG_AGENT_INFO;
[user@host~]$ gpg -c foo
can't connect to `/home/user/.gnupg/S.gpg-agent': No such file or directory
gpg-agent[56366]: command get_passphrase failed: Operation cancelled
gpg: cancelled by user
gpg: error creating passphrase: Operation cancelled
gpg: symmetric encryption of `foo' failed: Operation cancelled
 
Old 05-02-2016, 08:31 PM   #5
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian Stable and Unstable
Posts: 1,945

Rep: Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536
Do you really need symmetric encryption? You don't seem to be seeing the password prompt, for whatever reason. It says "cancelled by user". I use the -e option for almost everything, which does asymmetric encryption, using the public key for encryption and the private key for decryption. I can understand using symmetric encryption if you need to have someone else able to decrypt, but asymmetric is easier.

It doesn't appear that you have generated you keys, though. You need to do that before doing anything else.

Last edited by sgosnell; 05-02-2016 at 08:34 PM.
 
1 members found this post helpful.
Old 05-02-2016, 09:07 PM   #6
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,590

Rep: Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908Reputation: 1908
Quote:
Originally Posted by usao View Post
Even after trying to start this agent as a daemon, it still fails to encrypt files:

[user@host~]$ gpg-agent --daemon
GPG_AGENT_INFO=/tmp/gpg-4Mj3hs/S.gpg-agent:56345:1; export GPG_AGENT_INFO;
You need to set the environment variables according to gpg-agent's output, so that subsequent gpg calls know how to find the agent. You can do this with
Code:
eval "$(gpg-agent --daemon)"
 
1 members found this post helpful.
Old 05-07-2016, 03:41 AM   #7
Michael Uplawski
Senior Member
 
Registered: Dec 2015
Location: Apples
Distribution: Apple-selling shops, markets and direct marketing
Posts: 1,103
Blog Entries: 29

Rep: Reputation: 633Reputation: 633Reputation: 633Reputation: 633Reputation: 633Reputation: 633
Quote:
Originally Posted by sgosnell View Post
I can understand using symmetric encryption if you need to have someone else able to decrypt, but asymmetric is easier.
Sorry to intervene once again on this topic, but usually it is the other way 'round.

Asymmetric encryption is to organize communication and exchange. Neither the security of the algorithms nor the protocols in use favor asymmetric encryption of locally stored files. “Easier” can only refer to a single aspect, that occupies you at a certain point in time. Afterwards, the complication augments with asymmetric encryption, as security begins to diminish and continues to decline continuously...

Some people confuse “Security” with the security to retrieve their data from encrypted files or encrypted media, or the security to receive and be able to open encrypted mail. But this is not the kind of security that encryption is meant for. Worse, if security is confused with facilitation and fail proof procedures. We are not discussing this, I know. Just for completeness...
 
Old 05-07-2016, 10:12 AM   #8
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian Stable and Unstable
Posts: 1,945

Rep: Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536
By 'easier', I was referring to the ease and convenience of the encryption. You don't need to enter a password because you're using a pre-generated key. This is arguably more secure in addition to the convenience. Passwords are a weak link in most cases. I'm not sure I follow you with your argument that asymmetric encryption diminishes security, if in fact that's what you're saying.
 
Old 05-08-2016, 02:25 AM   #9
Michael Uplawski
Senior Member
 
Registered: Dec 2015
Location: Apples
Distribution: Apple-selling shops, markets and direct marketing
Posts: 1,103
Blog Entries: 29

Rep: Reputation: 633Reputation: 633Reputation: 633Reputation: 633Reputation: 633Reputation: 633
Asymmetric algorithms do not the same job as the others. Apart from that, key generation and key management are not easy.

Quote:
You don't need to enter a password because you're using a pre-generated key
Tell me how you secure your keys. If you do not use a password, than we are discussing a moot point.
But I have all from the books, from Internet-sources, many discussions, trial, error, corrections from some people that I still keep in high esteem and from my experience.
I cannot try to show off with my own wisdom. So better go somewhere else for clarifications.

Last edited by Michael Uplawski; 05-08-2016 at 05:23 AM.
 
Old 05-08-2016, 04:33 PM   #10
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian Stable and Unstable
Posts: 1,945

Rep: Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536
I don't think you completely understand how gpg works. And I don't think we can have a productive conversation on this issue. So I'm bailing out on this one.
 
Old 05-09-2016, 12:10 AM   #11
Michael Uplawski
Senior Member
 
Registered: Dec 2015
Location: Apples
Distribution: Apple-selling shops, markets and direct marketing
Posts: 1,103
Blog Entries: 29

Rep: Reputation: 633Reputation: 633Reputation: 633Reputation: 633Reputation: 633Reputation: 633
Quote:
Originally Posted by sgosnell View Post
I don't think you completely understand how gpg works. And I don't think we can have a productive conversation on this issue. So I'm bailing out on this one.
These are not questions of belief. I know, you believe.

Last edited by Michael Uplawski; 05-09-2016 at 04:50 AM. Reason: f
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Looking for a software that i can encrypt and decrypt files with a key bmxakias Linux - Software 9 01-08-2016 07:57 AM
LXer: How to PGP encrypt, decrypt or digitally sign files via GnuPG GUI LXer Syndicated Linux News 0 08-30-2013 02:40 PM
gpg 2.0.19 w/ libgcrypt 1.5.0 seg faulting on encrypt/decrypt action brightfame Linux - Software 0 03-08-2013 09:44 PM
Can I use SSH to encrypt/decrypt a file like gpg? KenJackson Linux - Security 9 11-09-2012 03:16 AM
encrypt and decrypt using encrypt(char block[64], int edflag) rockwell_001 Linux - Security 3 08-30-2009 09:16 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:46 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration