Questions tagged [gpg]
gpg is the main command line tool of the GNU Privacy Guard (GnuPG), implementing the OpenPGP standard for public key cryptography. It allows encryption, (verification of) signatures and trust models like the web of trust. gpg (and its library gpgme) are the base of many FOSS crypto applications (like mail user agents). There is a standalone version (1.x) and one (2.x) requiring gpg-agent for secret key handling.
738 questions
1
vote
1
answer
30
views
GPG simple chain of trust
I'm generating gpg keys, and trying to create chain of trusts. In this example everything happens in same directory. But it is not the goal. The chain trust will be :
Jhon -> James -> Peter
#!/...
- 11
0
votes
1
answer
16
views
Opera signign keys re-appearing a day after deletion
I have a silly problem with Opera, which I installed, tried out, and purged completely from my system, but its signing keys are constantly re-appearing in mintsources. Why and how to prevent it?:
- 29.6k
0
votes
0
answers
61
views
GPG doesn't want to import my private key
I've been trying to export my private key from my laptop to my phone(termux). But whenever I tried importing the private key on the phone, the gpg just throws an error at me:
> gpg --import private....
1
vote
1
answer
31
views
why won't pass allow entries to be added or edited?
I have been using pass (cli pw manager) for a couple of years now, and I just started using yubikeys.
I have (2) YKs which I configured as duplicates of each other, transferring the same gpg subkeys (...
- 43
0
votes
0
answers
58
views
"gpg: decryption failed: No secret key" When secret key exists
Using gpg from the commandline I've created a public/private keypair.
I have then written a plaintext message and encrypted it with my public key.
When I attempt to decrypt the message, I get the ...
- 103
1
vote
0
answers
26
views
GPG 2 hangs when given the wrong passphrase
When I use GPG to decrypt a packed and encrypted backup, I plan to use a script that loops over old passphrases so I don't have to sweat rolling them regularly. Testing this, however, gpg never exits ...
- 111
0
votes
1
answer
35
views
Why am I seeing output on `gpg --export-secret-key` when my secrets are on my smartcard?
I have a Yubikey with my GPG private keys on it, and public keys in my gpg keyring. I made sure that private keys are not present on my system by running gpg --export-secret-key -a <key id> ...
- 629
0
votes
0
answers
43
views
How can I prevent gpg-agent from asking for a password?
I am using Fedora 40 (KDE) and I have followed the Arch Wiki guide on how to set it up. However, I would like to unlock - or, whatever is happening in the background - my GPG keys upon login. I am ...
- 2,103
2
votes
1
answer
189
views
gpg: Can't check signature: No public key | Debian Raspberry Pi Images
I am having some issue verifying the Raspberry Pi image for the RPI 2B of Debian.
Steps followed:
Download Files:
wget https://raspi.debian.net/tested/20231109_raspi_2_bookworm.img.xz && wget ...
0
votes
1
answer
25
views
How to get the gpg password prompt from a user's systemd timer unit?
I've written a short script to copy and encrypt my home dir for backup. I do this using
gpg --symmetric
I call this from my backup.service file, and it works fine: when I run systemctl --user start ...
- 141
2
votes
2
answers
81
views
Can you fix this error while creating alias for encryption and decryption by GPG in z-shell?
I wanted to make a .zshrc alias with the help of these previous aliases present to make an alias to convert a compressed gpg to its original uncompressed folder or file...
However, I am facing this ...
- 51
1
vote
1
answer
79
views
Changing the GNUPG home directory on NixOS
I'm setting up NixOS 24.05 and I'm using the equivalent version of Home Manager. I'm trying to move the directory for GNUPG to $HOME/.local/share/gnupg also known as $XDG_DATA_HOME/gnupg. I know that ...
- 11
0
votes
0
answers
31
views
Upgrade from Buster to Bullseye now reports Release file not found in s3 bucket for private repo apt update
I upgraded our Debian kernel from Buster to Bullseye on our device. However, when trying to update our custom Debian packages from our s3 using apt repo, I now receive a message that the repository ...
- 1
0
votes
1
answer
55
views
what are the .openssh.asc text files and how to generate/sign/verify one?
eg.: https://www.freebsd.org/security/advisories/FreeBSD-SA-24:08.openssh.asc
The Question: how can i make an openssh.asc file from my plain TXT file? And how can i verify it? Does it always needs to ...
- 107
0
votes
1
answer
29
views
Does the operating system used to create a GPG key get stored with the key?
I generated a new GPG key for personal use using the gpg --full-generate-key command on FreeBSD. Is the name of the operating system where the key was created stored in the key itself? Can I use this ...
- 399
0
votes
0
answers
157
views
gpg decryption failed with cipher algorithm CAST5 not found in recipient preferences
I have generated public private key pair with 3072 key length. I am encrypting file, but when i tried to decrypt file i am seeing.
gpg: WARNING: cipher algorithm CAST5 not found in recipient ...
- 11
0
votes
1
answer
184
views
gpg: No dirmngr although dirmngr is installed
I have used pass as an interface for gpg2 without problem so far on Ubuntu LTS 22.04 but suddently I cannot generate or edit new passwords:
$ pass edit newPW
gpg: connecting dirmngr at '/run/user/1000/...
- 465
-3
votes
1
answer
267
views
Where do I find the fingerprints gpg keys used to sign Linux Mint software?
Where do I find the fingerprints of the gpg keys used to sign
the ISO images of the Linux Mint?
Linux Mint packages?
I would like to find a place where I can download them using a secured method (...
- 263
0
votes
1
answer
109
views
GPG Key to TPM. error from TPM: Card error
When following instructions on how to import a GPG key to a TPM, I get the following error: gpg: error from TPM: Card error.
$ gpg --edit-key <key ID>
gpg (GnuPG) 2.4.5; Copyright (C) 2024 g10 ...
- 1
3
votes
0
answers
119
views
Can't import or create keys in Kleopatra in Arch Linux using KDE (x11)
I'm still new to linux, so please give me time if you need something from me.
As the title says I cannot create new key pairs or import existing keys into Kleopatra 3.2.0.240501 (24.05.1). I've just ...
- 41
0
votes
0
answers
78
views
GPG key for the OpenSUSE Build Service repository
How to get GPG key for the OpenSUSE Build Service repository?
For the error of:
Err:13 http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04 InRelease
The ...
- 1,736
0
votes
0
answers
36
views
GnuPG often asks for subkey passphrase when signing/encrypting messages even with large [default|max]-cache-ttl in gpg-agent.conf
I have in my ~/.gnupg/gpg-agent.conf the following:
default-cache-ttl 172800
max-cache-ttl 172800
which works fine when I am en- or decrypting files using one of my regular GPG key pairs (just a ...
- 65
0
votes
1
answer
107
views
gpg suddenly won't ask for password, "cancelled by user"
Suddenly, gpg won't ask for password when trying to decrypt file and instead says "cancelled by user". I have already tried..
GPG_TTY=$(tty)
export GPG_TTY
with no effect. I get the ...
- 21
0
votes
1
answer
68
views
Decrypting multiple files quicker with gpg
The pass program is a command line utility to store passwords plus free form extra data in small files encrypted with gpg. It provides a grep sub-command in particular to find passwords by the extra ...
- 958
2
votes
1
answer
71
views
Why does setting `umask` to `0077` (and then downloading public key) makes a gpg public key unavailable for apt?
Why does setting umask to 0077 makes a gpg public key unavailable for apt when installing a package, e.g.
umask 0077
curl -fsSLo /usr/share/keyrings/brave-browser-beta-archive-keyring.gpg https://...
- 785
0
votes
0
answers
212
views
gpg: error retrieving '[email protected]' via WKD: No data
I am trying to write a script where I use 7z on some directories, and then use gpg to encrypt them. journalctl -u backup_encrypt_browser.service tells me :
gpg: error retrieving '[email protected]' via ...
1
vote
0
answers
318
views
How to use pass-secret-service as a keyring provider without breaking gpg?
Recently, I’ve tried to install nheko, a Matrix client, but I failed using it because it complains it cannot store password and other secrets because there are no providers for org.freedesktop.secrets ...
- 111
0
votes
1
answer
464
views
`gpg --pinentry-mode loopback` used to ask passphrase once but now it asks always
In short (Edit 1): How to make gpg -qd --pinentry-mode loopback out.gpg cache the passphrase for a period of time in the cli. It used to cache but now it doesn't.
Edit 2: I have tried this thing in ...
0
votes
1
answer
20
views
how do I access Pass files when logged into my user's shell from another user's session?
I just migrated from keepassxc to the linux pass password utility. But I often find myself su'ing to my user's account from another user's session, and when I try to run any pass commands on entries ...
- 43
0
votes
0
answers
40
views
gpg usage on fedora 39 at 100% cpu due to unknown read error
Both gpg and journalctl are at 100% on my machine. The journal endlessly fills with message:
May 15 12:34:42 fedora kgpg[3496]: gpg: /home/some_user/.gnupg/:0: read error
This repeats multiple times ...
Sera Gold
0
votes
0
answers
93
views
gpg unusable secret key
gpg --list-secret-keys --keyid-format=long
shows:
sec rsa2048/588EFF3348F037FB 2013-04-25 [SCEA]
...
uid [ultimate] ...
But if I try to sign a file with that key, I get:
skipped &...
- 101
1
vote
2
answers
542
views
add repo to debian (gpg issue)
First, I have done literally hours of work and research on this... attempting to find a solution my self. But I am unable to either understand what I am missing or get all the info I need (not sure ...
- 31
0
votes
1
answer
279
views
how to change/add gpg key to pass
I need to change the gpg key originally used for pass on my system to a newly generated key.
However, when I follow the advice I found on this thread: https://unix.stackexchange.com/questions/226944/...
- 43
0
votes
1
answer
79
views
re-install pass on Debian sid
pass was recently removed on my Debian sid setup when gpg (namely dirmngr gpg gpg-agent gpg-wks-client gpgsm gpgconf gpgv) were upgraded to unstable version 2.2.40-3.
At this time, reinstalling pass ...
- 3
0
votes
1
answer
92
views
GPG: find secret-keyfile that matches my public-key
When I create a keypair with gpg, then it stores the secret key inside of
~/.gnupg/private-keys-v1.d
It stores the public-key inside of a keyring-file - I can name it or it uses the default-location.
...
- 771
0
votes
1
answer
223
views
GPG broken after debian 10 -> 11 upgrade
Just upgraded my Buster server to Debian 11 Bullseye.
However, gpg is now broken.
apt update fails with Unknown error executing apt-key
apt-key --list fails with gpg: symbol lookup error: gpg: ...
- 163
5
votes
1
answer
249
views
Is it possible to grep this output from gpg
Take the following command (real example) :
~$ gpg --edit-key [email protected] showpref quit
(...)
[ultimate] (1). Foo Bar <[email protected]>
Cipher: AES256, AES192, AES, CAST5, 3DES
AEAD:
...
- 1,835
0
votes
1
answer
87
views
LibreOffice on FreeBSD (GhostBSD) is missing GnuPG encryption entry fields
I set up a FreeBSD 14 (GhostBSD) box with a complete set of my GnuPG keys. Encryption/Decryption on the cli works as expected.
I am used to encrypt files within LibreOffice on Linux (on the same ...
2
votes
1
answer
87
views
gpg-agent "forgetting" password for key, when getting too many requests
I'm running Ubuntu (via Regolith) and my gpg key is unlocked when I log in. I'm running multiple decrypt operations in parallel and I noticed, that if I get above 7, gpg-agent will "forget" ...
- 505
0
votes
1
answer
237
views
Recover poorly backed up gpg secret keys
I have just restored my data from a borg backup repository after a computer failure.
My ~/.gnupg folder seems fine, private keys are there, and permissions look correct. Usually borg does a good job ...
- 63
2
votes
0
answers
46
views
How to figure out what is prompting gpg pinentry?
Sometimes I get a pinentry popup from gpg. Although I'm currently playing around with some automation so it is not entirely surprising it would be nice to know what exactly is requesting access to the ...
- 505
0
votes
1
answer
1k
views
How do I resolve a missing GPG key for an apt repo in Debian 12?
I'm currently running Debian 12 and am trying to download some .deb packages for a Debian 8.7 machine that has no access to the internet. To do this, I've configured a new apt repo that targets the ...
- 983
0
votes
1
answer
167
views
Totally Legit Signing Key <[email protected]>
I run:
gpg --list-keys
I get:
pub rsa1024 2014-01-26 [C]
<REMOVED>
uid [ unknown] Totally Legit Signing Key <[email protected]>
Can this be dangerous? What is this? ...
- 198
2
votes
1
answer
85
views
gpg expiration TIME?
I have a licence that I'm signing with:
gpg --default-sig-expire "2024-02-14" --sign licence
This results in:
$ gpg --verify licence.gpg
gpg: Signature made Tue 13 Feb 2024 08:18:39 AM CET
...
- 14.8k
1
vote
1
answer
174
views
How to migrate my encrypted passwords to my new laptop
I'm using pass to store my password. Passwords are stored in ~/.password-store. This has been working for 10 years, but now I have a new laptop. I'm trying to migrate the passwords by copying what I ...
- 121
0
votes
1
answer
151
views
Having downloaded keyring and imported public key, why is the public key still unavailable for apt?
I am trying to install brave-browser-beta on Debian testing with the following script run as root:
#!/bin/bash
pdir=$(dirname "${BASH_SOURCE[0]}")
skf="${pdir}/brave-beta-signing-key&...
- 785
0
votes
0
answers
42
views
Should you keep the (encrypted) gpg secret key in a file to export the password store on another machine?
I am using gpg and pass to manage my password (on my Macos). I want to read the keychain contained in .password-store on another machine.
As there was no public or private key listed in the gpg on the ...
- 465
0
votes
1
answer
939
views
GPG hangs on MacOS
When trying to access secret keys, my GPG hangs. The existing solutions suggested killing gpg-agent, but that didn't help for me. I tried debug logging (see below), but couldn't make anything out of ...
- 1
1
vote
1
answer
142
views
Change passphrase of SSH key stored in the gpg-agent
How do I change the passphrase of an SSH key that is stored in the gpg-agent?
- 121
0
votes
0
answers
270
views
Fedora 39 - How to remove expired GPG key installed by MySQL?
I have the following situation
Is not possible install MySQL 8 on Fedora Workstation 39
Pls, see how was installed to understand this post. Anyway I am going in peace to wait until mysql itself ...
- 1,882