LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 03-01-2016, 12:35 AM   #61
Gregg Bell
Senior Member
 
Registered: Mar 2014
Location: Illinois
Distribution: Xubuntu
Posts: 1,992

Original Poster
Rep: Reputation: 175Reputation: 175

Quote:
Originally Posted by Blitzig View Post
You could take a look at VeraCrypt

https://veracrypt.codeplex.com/
Looks good Blitzig. Thanks for passing that along.
 
Old 03-01-2016, 01:13 AM   #62
Gregg Bell
Senior Member
 
Registered: Mar 2014
Location: Illinois
Distribution: Xubuntu
Posts: 1,992

Original Poster
Rep: Reputation: 175Reputation: 175
Quote:
Originally Posted by sgosnell View Post
Kate, nano, mousepad, gedit, or whatever text editor you prefer. Nano is a text editor, it just has no GUI wrapper. I tend to use it a lot for quick edits, because it's easy to run it as root to edit files owned by root. If you use nano, just make sure you're in your home directory in the terminal, and enter
Code:
nano .gnupg/gpg.conf
and it will be ready for edit. Just put that line anywhere in the file, and then save it. If you use Kate or another GUI editor, you just have it open that file. You might need to tell the editor to show hidden files so you can select through the .gnupg directory.

You need to choose a recipient so gpg knows what key to use. If you don't have a default, and you don't specify one on the command line, you'll be asked for one. If you make yourself the default recipient, gpg will use your public key for encrypting without asking, which is what you seem to want to do. If you ever encrypt a file for someone else to decrypt using their secret key, you'll need to specify that on the command line. Or in the GUI, if you use that. Using gpa might be easier for you, but it's your choice. If you do use gpa, you need to open the file manager to select the file. The default window that opens is a clipboard, so you can enter and encrypt text without opening a file. It's not very intuitive. I seldom use it, preferring the command line, but that's me.

Thanks sgosnell. I've only used Nano once, so maybe I'll go for Kate. I've just got to try it is all. I'm not on the computer that I was able to get the -e to work, so I'll wait till I can try it there and see how it goes.

And I got gpa Privacy Assistant. (I didn't even know there was such a thing.) Really, this GUI is looking more my speed. (I still get nervous working in the terminal.) Is the level of encryption of the gpa Privacy Assistant as good as the terminal version? And when I open the GUI it asks me if I want to create a key. Just say yes? And can I, via the gpa Privacy Assistant, somehow set things up where I (like your way in the terminal) I can encrypt all the files with my secret key (or vice versa, maybe the public key--that's still a little confusing to me)? (The idea being not to be sending the files but just encrypting them and plopping them in the cloud.) Thanks.
 
Old 03-01-2016, 11:06 AM   #63
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian Stable and Unstable
Posts: 1,945

Rep: Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536
The GUI does exactly what the terminal version does. It's just a GUI (Graphical User Interface) frontend for gpg. If you already have keys, you can use them, or you can create new ones, it's up to you. If you do create new keys, you should revoke your previous public key. That's both polite and practical.

Kate works fine, any text editor will do.

For gpg, you should always encrypt with the public key, thus decrypt with the private key. Always. You can certainly do the opposite, but it's completely unsecure. Gpg/gpa/etc will always automatically use the public key for encryption unless you force the use of the private key, and then decryption becomes more trouble than if you did it correctly the first time. In reality, don't even worry about that, because gpg will do it right on its own if you don't try to get cute with it. With what you're trying to do, it should work fine, without needing any tinkering.

Just make that edit in your config file, and you should be set.
 
1 members found this post helpful.
Old 03-01-2016, 08:27 PM   #64
A.Thyssen
Member
 
Registered: May 2006
Location: Brisbane, Australia
Distribution: linux
Posts: 157

Rep: Reputation: 44
Many people follow the basic rules of encryption and use pre-existing tools.

That is well and good but I have always had a beef with the openssl file encryption ("enc"). It is a good system and works very well. BUT....

OpenSSL "enc" uses PBKDF1.5 for the pass-phrase to cryptographic key hashing (pass-phrase expansion). That problem is that is prone to brute force attacks. It should use PBKDF2 which is basically PBKDF1.5 iterated thousands of times, so that typical computers take at least 1/2 second to encode a pass-phrase. Strangely it has the PBKDF2 functionality in its library (I use it) it just does not 1: make it available from command line, and 2: use it for file encryption! Basically the functionality is available but not to command line users, for general file encryption.

Arrgghhhh....

This has made me wary of file encryption tools, until I know exactly how they actually implement the file encryption.

Using GPG to use public keys for file encryption sounds like a good system. You can encrypt files without needing a password (the public key), BUT the private key still needs a symmetric key encryption to protect it. Anyone have pointers to what symmetric encryption it actually uses.

GPG has been around a long time. I do hope it has kept up with encryption standards. Because if the private key is not secure, none of your files are secure.

Last edited by A.Thyssen; 03-01-2016 at 08:36 PM.
 
1 members found this post helpful.
Old 03-02-2016, 12:36 AM   #65
Gregg Bell
Senior Member
 
Registered: Mar 2014
Location: Illinois
Distribution: Xubuntu
Posts: 1,992

Original Poster
Rep: Reputation: 175Reputation: 175
Quote:
Originally Posted by sgosnell View Post
The GUI does exactly what the terminal version does. It's just a GUI (Graphical User Interface) frontend for gpg. If you already have keys, you can use them, or you can create new ones, it's up to you. If you do create new keys, you should revoke your previous public key. That's both polite and practical.

Kate works fine, any text editor will do.

For gpg, you should always encrypt with the public key, thus decrypt with the private key. Always. You can certainly do the opposite, but it's completely unsecure. Gpg/gpa/etc will always automatically use the public key for encryption unless you force the use of the private key, and then decryption becomes more trouble than if you did it correctly the first time. In reality, don't even worry about that, because gpg will do it right on its own if you don't try to get cute with it. With what you're trying to do, it should work fine, without needing any tinkering.

Just make that edit in your config file, and you should be set.
Thanks sgosnell. I got very close. Again this is my goal:

Set the default user to your username on your system, and all you need to do is enter
Code:
gpg -e filename
to get an encrypted file. It automatically uses your public key to encrypt the file, and only you, using the passphrase for you secret key, can decrypt it. There are also GUI frontends for gpg if you prefer that.


In other works, I just want to use
Code:
gpg -e filename
to encrypt my files. I'm not ready for encrypting back and forth communications yet.

BTW Is the front end GUI you're referring to for this GNU Privacy Assistant-Key Manager? (Wouldn't using a GUI make this easier for a terminal(terminally?)-challenged person like me?)

So I created a valid key in GNU Privacy Assistant-Key Manager. Then not being able to find the file I needed in Kate, I went the terminal route. I made sure I was in the home directory and entered the
Code:
nano .gnupg/gpg.conf
command. That file came up in the nano editor. Then I had some questions.

1) In an earlier post you said:

all you need to do is edit ~/.gnupg/gpg.conf. You can do this with any text editor. You need the line
Code:
default-recipient username
replacing username with your actual username on your computer.


So I was doing just that.

But then in a later post you said:

nano .gnupg/gpg.conf
and it will be ready for edit. Just put that line anywhere in the file, and then save it. If you use Kate or another GUI editor, you just have it open that file. You might need to tell the editor to show hidden files so you can select through the .gnupg directory.

You need to choose a recipient so gpg knows what key to use.
My underlining.

So I was confused. And if I needed to add a recipient, what would that be? My email address? My public key name? My public key id#?

Then I didn't know how to save in Nano. I Googled and I came across this (from
Code:
https://help.ubuntu.com/community/Nano#Save_and_Save_As
)

Save and Save As
Save and Save As are both accomplished with the Write Out command, Ctrl-O.

When prompted, press enter to accept the existing file name.


but I was even uncertain after that. Do I do the ^O symbol and then Ctrl-O ?

And then I exited with Ctrl-X and even though the screen was blank it asked me:

Do you want to save modified buffer?

I said no.

So anyway. Three questions:

1)Do I need a "recipient"? (And if so exactly what?)
2)How to save in Nano?
3) How to exit Nano?

I LOL think that should put me over the top.

Thanks!

P.S. And in the GNU Privacy Assistant-Key Manager there is my key and then ten or twelve keys with all these words in German. What's up with that stuff?

Last edited by Gregg Bell; 03-02-2016 at 12:52 AM. Reason: added about German stuff
 
Old 03-02-2016, 01:47 PM   #66
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian Stable and Unstable
Posts: 1,945

Rep: Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536
You need a recipient, and that recipient's name is your username on the machine. I don't know what that is, but it's whatever you use when you log in.

To save in nano, use Ctrl-X, Y to answer yes, save, Enter to accept the filename, and it exits. Ctrl-X is exit. You're prompted to save the edit and accept the current filename before exit. You can change any of that if you wish. Or you can use Ctrl-O to save the file, then Ctrl-X exits immediately.

I have no idea what other keys you might have saved.
 
Old 03-02-2016, 04:11 PM   #67
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187
A pass-phrase might be used to protect (encrypt ...) a digital key, but it is no substitute for one.

A digital certificate is like a badge: it is a thing, and you must possess it. (If the key is encrypted, you must also know how to decrypt it.) Furthermore, it should be unique. It belongs to you, and you alone. Therefore, if it is lost or stolen, it can be instantly and reliably revoked ... without affecting anyone else's key. Now, security becomes a matter of key management.

Unique keys also provide for digital identity. You have a reason for confidence of who sent the message, and likewise who can decipher it. You have reason for confidence that the message you received is the one that the sender sent you; that it is not a forgery and that it has not been tampered with.

When you're sending thousands of messages across an insecure channel, "prove it: say the magic word" just don't get the job done.

Last edited by sundialsvcs; 03-02-2016 at 04:14 PM.
 
Old 03-02-2016, 10:31 PM   #68
Gregg Bell
Senior Member
 
Registered: Mar 2014
Location: Illinois
Distribution: Xubuntu
Posts: 1,992

Original Poster
Rep: Reputation: 175Reputation: 175
Quote:
Originally Posted by sgosnell View Post
You need a recipient, and that recipient's name is your username on the machine. I don't know what that is, but it's whatever you use when you log in.

To save in nano, use Ctrl-X, Y to answer yes, save, Enter to accept the filename, and it exits. Ctrl-X is exit. You're prompted to save the edit and accept the current filename before exit. You can change any of that if you wish. Or you can use Ctrl-O to save the file, then Ctrl-X exits immediately.

I have no idea what other keys you might have saved.
I'm sorry, sgosnell, but I'm still confused. I get it about nano and saving and exiting now. I know how to get into that
Code:
nano .gnupg/gpg.conf
file. But what I'm putting in there I'm still not sure.

In post #53 you wrote:

Quote:
all you need to do is edit ~/.gnupg/gpg.conf. You can do this with any text editor. You need the line
Code:
default-recipient username
replacing username with your actual username on your computer.
So let's say my computer is named
Code:
sunshine
. So then I would enter:
Code:
default-recipient sunshine
But then you also say I need to choose a "recipient" (by replacing "recipient" with my computer's name). So then would I be adding:

Code:
default-sunshine sunshine
to the
Code:
nano .gnupg/gpg.conf
file?

Like I said I'm sure I'm misunderstanding something. Sorry.

P.S. I just made the one key. When I installed GNU Privacy Assistant Key Manager (from Synaptic Package Manager on my Bodhi computer) it had my key but also all these others. (see screenshot) I don't speak or understand German! Should I just delete them all?
Attached Thumbnails
Click image for larger version

Name:	Selection_005.png
Views:	4
Size:	85.8 KB
ID:	21034  

Last edited by Gregg Bell; 03-02-2016 at 10:36 PM. Reason: the germans
 
Old 03-02-2016, 10:33 PM   #69
Gregg Bell
Senior Member
 
Registered: Mar 2014
Location: Illinois
Distribution: Xubuntu
Posts: 1,992

Original Poster
Rep: Reputation: 175Reputation: 175
Quote:
Originally Posted by sundialsvcs View Post
A pass-phrase might be used to protect (encrypt ...) a digital key, but it is no substitute for one.

A digital certificate is like a badge: it is a thing, and you must possess it. (If the key is encrypted, you must also know how to decrypt it.) Furthermore, it should be unique. It belongs to you, and you alone. Therefore, if it is lost or stolen, it can be instantly and reliably revoked ... without affecting anyone else's key. Now, security becomes a matter of key management.

Unique keys also provide for digital identity. You have a reason for confidence of who sent the message, and likewise who can decipher it. You have reason for confidence that the message you received is the one that the sender sent you; that it is not a forgery and that it has not been tampered with.

When you're sending thousands of messages across an insecure channel, "prove it: say the magic word" just don't get the job done.
Thanks for the explanation, sundial. It certainly makes a lot of sense (and sounds very secure).
 
Old 03-02-2016, 11:55 PM   #70
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 4,287
Blog Entries: 3

Rep: Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419
0100100001100101011011000110110001101111 Qrs+eO0UljuCBzKKrKE5dGdICbXnlruwoi2wVn7G5MM=


Jefferson Airplane - And I Like It
 
Old 03-03-2016, 01:17 AM   #71
Gregg Bell
Senior Member
 
Registered: Mar 2014
Location: Illinois
Distribution: Xubuntu
Posts: 1,992

Original Poster
Rep: Reputation: 175Reputation: 175
Okay, a slightly new thing. I've been trying to encrypt a file in the terminal. I have my "public key" in my Downloads folder and it's named "public key" (without the quotes). Then when I try to encrypt something I get this:

Code:
skydweller@skydweller-OptiPlex-170L:~/Downloads$ gpg -e -r skydweller ~skydweller/lost.jpg
gpg: skydweller: skipped: public key not found
gpg: /home/skydweller/lost.jpg: encryption failed: public key not found
skydweller@skydweller-OptiPlex-170L:~/Downloads$
I still need answers to my previous post! LOL But in regards to this one, how do I get my public key into my terminal?
 
Old 03-03-2016, 04:36 AM   #72
beachboy2
Senior Member
 
Registered: Jan 2007
Location: Wild West Wales, UK
Distribution: Linux Mint 20 MATE, MX-19.3, antiX, EndeavourOS
Posts: 3,288
Blog Entries: 17

Rep: Reputation: 1232Reputation: 1232Reputation: 1232Reputation: 1232Reputation: 1232Reputation: 1232Reputation: 1232Reputation: 1232Reputation: 1232
Gregg,

I really hope we don't get a post from you in the future saying:

Quote:
I have successfully encrypted everything on my computer. Now, how do I decrypt it?
Good luck.
 
1 members found this post helpful.
Old 03-03-2016, 11:09 AM   #73
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian Stable and Unstable
Posts: 1,945

Rep: Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536
Add the line
Code:
default-recipient username
anywhere in the file.

The username you use is the user you log in with. Not the computer name, your personal username. It may be greg, it may be sunshine, I have no idea. Run the command "users" in a terminal, and it will tell you. Assuming your username is greg, use the following line:
Code:
default-recipient greg
Your public key should not be named "public key". Use gpa key manager to export it to a file. You'll be prompted for a filename.

BTW, those German references are certificates that have been installed. Ignore them for now.

Last edited by sgosnell; 03-03-2016 at 11:12 AM.
 
Old 03-03-2016, 01:00 PM   #74
Gregg Bell
Senior Member
 
Registered: Mar 2014
Location: Illinois
Distribution: Xubuntu
Posts: 1,992

Original Poster
Rep: Reputation: 175Reputation: 175
Quote:
Originally Posted by beachboy2 View Post
Gregg,

I really hope we don't get a post from you in the future saying:



Good luck.
ROFL Am I turning into LQ's version of "Annoying Man"?
Attached Thumbnails
Click image for larger version

Name:	Selection_021.png
Views:	8
Size:	89.6 KB
ID:	21037  
 
Old 03-03-2016, 01:05 PM   #75
Gregg Bell
Senior Member
 
Registered: Mar 2014
Location: Illinois
Distribution: Xubuntu
Posts: 1,992

Original Poster
Rep: Reputation: 175Reputation: 175
Quote:
Originally Posted by sgosnell View Post
Add the line
Code:
default-recipient username
anywhere in the file.

The username you use is the user you log in with. Not the computer name, your personal username. It may be greg, it may be sunshine, I have no idea. Run the command "users" in a terminal, and it will tell you. Assuming your username is greg, use the following line:
Code:
default-recipient greg
Your public key should not be named "public key". Use gpa key manager to export it to a file. You'll be prompted for a filename.

BTW, those German references are certificates that have been installed. Ignore them for now.
Ok. Thanks. I'll add the line tonight when I get back to that computer.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Non-system partition encryption versus container-file encryption of equal size Ulysses_ Linux - Security 13 07-17-2015 07:38 PM
new gpg encryption/signing frontend -- looking for name suggestions ryran Linux - General 13 01-27-2012 02:09 PM
Linux password encryption and data encryption Tux-Slack Programming 4 06-20-2007 06:46 AM
Mandrake 9.0 Wireless Works without encryption.. does not with encryption topcat Linux - Wireless Networking 3 05-04-2003 08:47 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 02:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration