Questions tagged [gpg]
GNU Privacy Guard (GnuPG or GPG) is OpenPGP compliant FOSS alternative to PGP encryption software.
163
questions
0
votes
1
answer
165
views
How to update the GPG keyring on a Debian Wheezy server
I am trying to setup a Dockerized Wheezy for some development which production servers are still on this old unmaintained Debian version.
The main problem I get is with checking the GPG signatures of ...
- 103
2
votes
0
answers
74
views
GPG hangs when using a Yubikey
I am trying to debug why all of the sudden my Yubikey is taking very long to access. The Yubikey holds a GPG private key, that is then used for GPG and SSH. It was working just fine for several months ...
- 411
0
votes
0
answers
144
views
apt update throws warnings - how to fix?
I'm migrating a website to a fresh Ubuntu 22 server hosted by Rackspace. I'm doing some initial config and hardening and I start with the usual:
apt update
apt upgrade
The apt update command spits ...
- 536
0
votes
1
answer
665
views
How to use gpg without --keyserver (which is deprecated too, just like apt-key)
The background
For some time now, apt-key warn users with deprecated messages like this one:
use of apt-key is deprecated, except for the use of apt-key del in maintainer scripts to remove existing ...
- 310
0
votes
0
answers
140
views
How to expand the expiration of gpg subkey while it had expired in shell script?
It is Nov 27, 2022 now. The environment is below:
user@domain:~$ date
Sun Nov 27 00:32:12 HKT 2022
user@domain:~$ gpg -K --keyid-format long --with-fingerprint --with-subkey-fingerprint --with-keygrip ...
- 1
2
votes
1
answer
1k
views
When installing docker on Ubuntu, why isn't it as easy as apt-get install docker?
I've installed docker a dozen times on Ubuntu using the instructions on the docker website (7 commands including removing old versions, adding a gpg keychain etc). I always just powered through, but ...
- 765
0
votes
1
answer
567
views
Why duplicity asks password for decryption even if .gpg files are encrypted with GPG key?
I created a backup with duplicity with GPG encryption used by below command. When I want to restore a file duplicity asks password for decryption. Any idea why? I use YubiKey 5 to store my GPG private ...
- 103
0
votes
1
answer
71
views
gpg stripping trailing whitespace from text files
I'm gpg encrypting text files that contain fixed-character length lines of data. The client requires the ends of each line have a specific amount of trailing whitespace. When I gpg encrypt the files, ...
- 33
1
vote
1
answer
622
views
Yubico forward over ssh
I've been trying to forward my Yubico to perform sudo authentication without having to use the password
I've successfully performed SSH auth with Yubico no macOS 12 using ssh -A [email protected]
But ...
- 111
0
votes
1
answer
302
views
gpg certify key public key getting export along with sub-key public key
I am using gpg. My keyring structure is explained below.
I have a certify key under that I have
Encryption sub-key
Authentication Sub-key
In order to export the sub-key following steps are executed
...
- 101
0
votes
1
answer
223
views
Can I extract the GPG public key if I have an encrypted file, the private key pgp file, and the pass phrase?
I am working on a project where I have been provided with a GPG private key in armor text format, the pass phrase, and a file that was encrypted with the public key. The public key is not available ...
1
vote
1
answer
2k
views
Update PGP key in self hosted apt repository
We are using the Sonatype Nexus Repository Manager to host apt repositories. The GPG key of one of them has expired recently and needed to be updated. What I thought would be sufficient was to ...
- 131
2
votes
2
answers
1k
views
What are required environment variables for GPG?
I'm trying to setup the docker credentials, and it requires to initialize the gpg first.
Here are my steps:
root@remote_machine:~# gpg --gen-key ...
- 31
2
votes
0
answers
236
views
What is GPG equivalent of ssh-add?
When using password-secured SSH keys I can use ssh-add to preemptively unlock a key before it needs to be used and have it cached in ssh-agent for future use. What is a GPG equivalent of ssh-add? I ...
- 255
0
votes
2
answers
233
views
Encrypted files stored next to GPG Key in backup – alternative solution?
During a recent test run to see if my personal backups work as intended, I noticed that I store my GPG key next to files encrypted with that key on the same disk. Although the disk is encrypted (LUKS) ...
- 151
0
votes
0
answers
2k
views
GPG import skips public key in file (no user ID)
On computer-a a key is generated, linking it to email [email protected], using command
gpg --gen-key
Then it is exported using command
gpg --export -a --output public.asc [email protected]
The file is ...
- 1
1
vote
1
answer
1k
views
How to get expiry date for yum repo signing keys
I recently had a package signing key expire preventing some automatic updates from installing so am now setting up monitoring to make sure we are alerted if this happens again.
On Debian systems I can ...
- 438
-1
votes
1
answer
351
views
How to generate a dummy GPG key by running a script for testing purposes?
I would like to create a GPG key for testing Nexus3 and N3DR. When I follow instructions like these, a key gets created and it could be used in the Continuous Integration (CI) as well. The question is ...
- 5,951
-2
votes
1
answer
233
views
How fast is decryption by a YubiKey? [closed]
Do YubiKeys decrypt GPG or SSH/SFTP data directly within themselves? If so, would that cause a bottleneck? Do YubiKeys have accelerated AES hardware that does most of the heavy lifting of decryption?
...
- 186
5
votes
4
answers
3k
views
Ubuntu add repo app-key fails
On Ubuntu 20.04 LTS, I'm trying to install packages like MongoDB, Sublime Text 3 etc. but before adding them their repo url must be added.
I'm trying this command:
wget -qO - https://download....
- 183
3
votes
1
answer
576
views
Can't connect to server via SSH using gpg-agent
I'm trying to connect to a VM on Google Cloud. I've created a public key to use for SSH and added the key to the cloud instance. I have SSH_AUTH_SOCK set to the file used by gpg-agent.
~/.gnupg/gpg-...
google-cloud-platform
4
votes
2
answers
2k
views
Trust gpg key via script
When performing an automated server deployment, I can upload and import gpg keys via script. But I cannot trust keys.
I tried
gpg --batch --yes --edit-key keyname trust 5
and
echo 5 | gpg --batch -...
- 898
1
vote
0
answers
378
views
GPG disabling ssh support for an authentication key coming from a smartcard
When a gpg smartcard (e.g. yubikey) is inserted and contains an authentication key, the key is automatically enrolled by the gpg-agent. That means the key is usable for any ssh operation without ...
- 157
1
vote
2
answers
492
views
GPG I am trying to create a script to automaticaly associate an imported ssh key to a primary key
I am trying to attach an imported ssh key to an existing primary key. The imported ssh key exists inside ~/.gnupg/private-keys-v1.d/ and is usable through the gpg-agent. When I associate it manually ...
- 157
0
votes
1
answer
585
views
Is it possible to setup msmtp for proper authentification in a Dockerfile?
I am running a php:7.2-apache container and I want to send mails. As ssmtp is retired, I want to use msmtp but I face authentication problems with msmtp.
My goal: Setup msmtp for a docker container ...
- 11
1
vote
0
answers
124
views
Yubikey won't receive an imported SSH auth key
I had a SSH key which I imported without problems in my GPG keyring as auth key using pem2openpgp from monkeysphere.
The imported key works fine.
I removed its SSH version from ~/.ssh and switched ...
- 135
1
vote
1
answer
396
views
Use ssh key on GPG card to decrypt data
When a Windows instance is created in AWS, its password is encrypted using the public part of an SSH key.
It's then possible to use the following command to retrieve the encrypted password:
aws ec2 ...
- 111
2
votes
1
answer
5k
views
gpg: no valid OpenPGP data found [closed]
I am trying to make sense of the following two serverfault posts:
How to verify a file using an asc signature file?
and
gpg --import bind-9.9.4.tar.gz.sha1.asc fails with no valid OpenPGP data ...
- 198
0
votes
0
answers
354
views
Fix or explain tty issue and gpg2
I'm having an issue importing or generating gpg secret keys on ubuntu 18.04 with my main (sudo) non-root user. With root user I have no problems with gpg, but non-root and it's basically permission ...
- 101
1
vote
1
answer
913
views
How to lock / unlock a gpg hardware token via script
I would like to execute gpg --card-edit; verify; quit non-interactively to unlock a gpg hardware token (i.e. smartcard or yubikey).
My usecase is:
Enter a password e.g. via ssh
Store it in the ...
- 633
4
votes
1
answer
10k
views
gpg-agent: fatal error in syslog on ssh login
In the syslog for my Ubuntu server, there is an error that appears whenever I log in using an SSH user account.
systemd[27299]: usr/bin/gpg-agent failed (exitcode=2): General error
systemd[27299]: ...
- 343
8
votes
1
answer
11k
views
Unable to generate GPG keys without passphrase on Ubuntu 18.04 [closed]
Has anyone tried creating GPG keys for encrypted pillars on Ubuntu 18.04?
I'm using the following command to attempt to generate the keys:
gpg --gen-key --homedir /etc/salt/gpgkeys
When I run that ...
- 4,366
1
vote
1
answer
1k
views
Where does duplicity store the key that it creates?
I started a backup via duplicity without giving it any options. I haven't created any GPG keys myself, so when I ran duplicity, it asked me for a passphrase, then created a key, and successfully ...
2
votes
1
answer
448
views
What is the Devuan equivalent of the Debian debian-archive-keyring package?
Debian keeps the keys required for a successful multistrap installation in a package called debian-archive-keyring.
(Multistrap is like debootstrap, but it can install packages from multiple ...
- 2,068
4
votes
1
answer
2k
views
How do I successfully import public key 94532124541922FB into GPG?
I think I need to have the key 94532124541922FB in my keyring as multistrap is reporting:
W: GPG error: http://packages.roundr.devuan.org/merged ascii InRelease: The following signatures couldn't be ...
- 2,068
1
vote
1
answer
334
views
Multiple files encrypted with multiple GPG keys - how to easily add/remove/manage keys, automate key change tasks?
We have a bunch of files that contain sensitive information, that need to be accessed by several teams, but need to be unreadable to everyone else. Currently, each team member needs to generate their ...
- 1,228
1
vote
1
answer
695
views
How to export GPG key without user interaction?
I use GPG keys to encrypt backups with duplicity, so I would like to export the key after it is generated, so I can move it to a backup location in case the server burst into flames.
Is there any way ...
user497477
2
votes
1
answer
1k
views
How to get only the pub part of gpg --list-public-keys?
Okay, there is probably a better way to phrase this question. I am writing a script to configure my web servers on the first boot, but I hit a snag when generating the GPG key that will be used to ...
user497477
0
votes
1
answer
4k
views
Problematic apt-get update due to missing gpg keys
I accidentally deleted some Debian gpg keys when testing out apt-key del. (I don't remember which key)
I have redownloaded the deb package and extracted the gpg keys. Then I used apt-key add to add ...
- 13
0
votes
1
answer
805
views
Aptly publish asking for password although --passphrase flag is set
I unsuccessfully try publishing an APTLY snapshot (about 80GB) using
aptly publish snapshot --batch=true --passphrase="SuperSecretPassWord" --distribution="mydistro" current-snapshot
After about 15 ...
0
votes
0
answers
254
views
Where is the networker public key?
I am trying to install a networker backup client on linux (CentOS).
At the moment I have to use "yum install --nogpgcheck" to do this, since I could not find the public gpg-key for their rpms.
...
- 7,725
0
votes
1
answer
315
views
rhel7 yum repository metadata GPG signatures
I'm trying to sign yum repo metadata using GPG, as part of a Jenkins job. This is proving more difficult than I first imagined, but I'm sure lots of people must have done this already.
I've worked ...
1
vote
1
answer
370
views
Have Duplicity use user's persistent gpg session when performing full filesystem backup?
I'm trying to set up automatic, full filesystem backups on my local system using Duplicity. I do not want to have to enter my password for it to encrypt a volume: what if I am not at the computer and ...
- 151
4
votes
1
answer
5k
views
How to reposync saltstack? reposync failing with error message `Removing [...], due to missing GPG key.`
On a RHEL 7.4 system, I add the salt-latest repo as follows:
yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
Notice, amongst other things, this creates the ...
2
votes
1
answer
2k
views
How to setup logrotate with GPG to encrypt for GDPR?
As per GDPR all private data should be encrypted, so I need to encrypt all logs and retrieve them for auditing. I have chosen to perform the encryption during log rotation and to use GnuPG as my ...
8
votes
3
answers
3k
views
Force the use of a gpg-key as an ssh-key for a given server
I configured ssh to use GPG as my ssh-agent and if I remove the ~/.ssh folder, I can ssh into my server fine using my gpg key. However, my ~/.ssh folder has over a dozen different ssh keys in it, and ...
- 318
13
votes
2
answers
22k
views
How to remove a yum repo GPG key?
I have a custom RPM repo in Artifactory, and GPG signing keys were recently enabled.
When I ran sudo yum check-updates I was prompted to add the key:
Retrieving key from https://artifactory.example....
- 405
37
votes
2
answers
60k
views
How to verify a file using an asc signature file?
As an example, this project offers an *.asc file with a PGP signature to verify the contents of the download (as opposed to a checksum, you can see the empty column): https://ossec.github.io/downloads....
- 483
4
votes
1
answer
1k
views
force ssh to use agent, without fallback to directly accessing the IdentityFile
Company policy requires some ssh keys to be stored securely, e.g. on dedicated USB device. Using keys not stored on the host machine works flawlessly using gnupg with enable-ssh-support, even when ...
- 9,166
7
votes
0
answers
3k
views
Export Private ed25519 Key From GnuPG For Use in SSH
Is there a way to create an id_ed25519 (not id_ed25519.pub) file from an ed25519 keypair stored in GnuPG?
I've started keeping track of my SSH keys in GPG:
sec rsa3072 2017-12-12 [C]
...
- 223