Menu
▾
▴
Re: [Macgpg-users] trouble figuring out how to import a public key from windows to mac gnugpg
|
From: Jack R. <ja...@ne...> - 2007-04-13 22:02:43
|
On Apr 13, 2007, at 2:22 PM, tombb wrote: > 1. Do you guys also see this difficulty when working across > platform, or do > do you think I might have a setup issue? I have never had the experience you're having now, no. But I have a theory about what's going on. I think the break-down is at the point where your friend puts his key into the message. Do you know how that's being done? As a matter of fact, I have more than a tiny suspicion that your friend is NOT putting his key into the message at all! Here's what s/he should do: in their favorite PGP interface, export their key. Then, attach that to the email message by any familiar means (such as drag-and-drop). Here's what I'm beginning to suspect s/he actually did: reasoning from prior experience with the "S/MIME" facilities built into Outlook, s/he may have supposed that the key is sent along with every signed message. S/MIME does that. GPG doesn't. (Maybe it should, perhaps, but anyway it doesn't.) The tricky bit here is that the goop which is an exported key looks (to a human like you or me) pretty much the same as the goop which is a message signature (not to mention any number of other kinds of goop) ;-) But I think the goop you've been trying to import as a key was actually only the goop which was the signature on the message from your friend. Can you confirm that the procedure I suggest ends up working? > 2. Also, even though I have the public key form my wife's windows > based > account and can decrypt messages, and the message shows that it is > signed, > but it also says "validity:unknown"-- I saw in the windows enigmail > plugin > inteerface how to set the trust level of others signatures, but how > can I do > this in the Mac environment, either through gpg keychain access or > the sente > Mail plugin interface? Oh, my. You've confused two things that pretty much EVERYONE gets confused at first, but which are actually completely different things. "Validity" means "does this key really belong to the person it claims to belong to?" "Trust," on the other hand, means "do I trust that particular human being, specifically in the matter of certifying keys?" Validity is about the key (or about its legitimacy); trust is about the human. PGP keeps track of them separately. But they are related. Here's how: One person can "sign" someone else's key. The signature means "you can believe that this key belongs to the person it appears to." That is, signature attests validity. But OK, so I sign Charly's key, and you get that signed key somehow or other. You wonder whether this really is Charly's key (is it valid?). You see that I've signed, claiming it's valid. "But," you should ask, "can I *trust* this Repenning character?" That's something you have to decide for yourself. So you set some level of *trust* on my key, and if you trust me enough, then my signature on Charly's key shows that it is *valid*. It *is* confusing. We all mess it up at first. Since you've done all this work to transport your wife's key to your keyring, you're pretty confident it's the right one. You should *sign* her key. GPG naturally assumes that you trust yourself quite a lot, so if you yourself have signed a key, that's all we need (that's what "ultimate trust" means). So, if you *sign* your wife's key, and you've left your *trust* setting for yourself as "ultimate", then your wife's key will show up as "valid." > > Sorry for the length and for burying my 2 last questions, but you > guys have > been great in helping me sort this out. I look forward to any > suggestions > and comments you have for hte other 2 issues. > > > > Jack Repenning-3 wrote: >> >> On Apr 13, 2007, at 6:25 AM, tombb wrote: >> >>> Question here: able to encrypt/sign when I am sending messages back >>> and >>> forth to self using mac version of gpg, but trouble across >>> platform to >>> another user with windows version of gnu gpg. Their app correctly >>> received >>> my key, but the mac Mail.app on my computer appears to be having >>> difficulty >>> with their key. I can't seem to import the key when using GPG >>> Keychain >>> Access app on my mac. the file I receive from the windows pubkey >>> export is >>> listed as "0x0C0D89A8.asc.pgp" -- even though when I export it on >>> the >>> windows machine it appears to be a text file with a .txt extension >>> on the >>> windows end before mailing it. >> >> What you're trying to do should work just fine. I don't see anything >> wrong with your procedure. The file renaming dance is a common side >> effect of mail handling, but all the names you give should work the >> same. So, I'm puzzled. Let me ask more questions. >> >> You say "I can't seem to import the key." What does that mean? Do >> you get error messages? >> >> Open a Terminal window and type "head 0x0C0D89A8.asc.pgp". The >> format of this file is pretty rigid; does it look like this? >> >> The first line should be "-----BEGIN PGP PUBLIC KEY BLOCK-----". >> Well, that doesn't have to be the very first line, but it's the first >> line that gpg cares about. There must be exactly five dashes at the >> beginning and end of the line. The beginning dashes must begin at >> the very beginning of the line, no spaces first or "> " things or >> anything else. The ending dashes must end at the end of the line, >> nothing after them. >> >> The second line is probably something like "Version: GnuPG v1.4.6 >> (Darwin)". The actual version info may differ. actually, since you >> got this from your windows-using friend, it almost *certainly* won't >> say "Darwin", because that means "Macintosh" ;-) But something like >> this, anyway. >> >> There may be a third line, something like this: "Comment: PGP- >> encrypted email preferred" The comment line is optional, so it may >> not be there. If it is there, it might say pretty much anything at >> all - it's just a ... well ... comment ... provided your friend. >> >> The next line (third or fourth, depending on whether there was a >> comment) should be blank, empty, nothing there. >> >> After that come a bunch of lines containing unreadable goop, like >> "mQCNAyyg8RgAAAEEALN78k0ovUHn119cm8enD4oaDXWgImkSXPYNJFfo9VFeH14B" >> >> >> Does it look like that? I'm guessing it does not, or it would have >> worked for you. So, in what way is it different from that? Tell me >> how it's different, and maybe I can tell you how to fix it up, >> possibly how it got messed up in the first place, and hopefully how >> to avoid the problem the next time. >> >> -==- >> Jack Repenning >> Chief Technology Officer >> CollabNet, Inc. >> 8000 Marina Boulevard, Suite 600 >> Brisbane, California 94005 >> office: +1 650.228.2562 >> mobile: +1 408.835.8090 >> raindance: +1 877.326.2337, x844.7461 >> aim: jackrepenning >> skype: jrepenning >> >> >> >> >> >> >> --------------------------------------------------------------------- >> ---- >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net's Techsay panel and you'll get the chance to >> share >> your >> opinions on IT & business topics through brief surveys-and earn cash >> http://www.techsay.com/default.php? >> page=join.php&p=sourceforge&CID=DEVDEV >> _______________________________________________ >> Macgpg-users mailing list >> Mac...@li... >> https://lists.sourceforge.net/lists/listinfo/macgpg-users >> >> > > -- > View this message in context: http://www.nabble.com/trouble- > figuring-out-how-to-import-a-public-key-from-windows-to-mac-gnugpg- > tf3571613.html#a9986663 > Sent from the macgpg-users mailing list archive at Nabble.com. > > > ---------------------------------------------------------------------- > --- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to > share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php? > page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Macgpg-users mailing list > Mac...@li... > https://lists.sourceforge.net/lists/listinfo/macgpg-users -==- Jack Repenning Chief Technology Officer CollabNet, Inc. 8000 Marina Boulevard, Suite 600 Brisbane, California 94005 office: +1 650.228.2562 mobile: +1 408.835.8090 raindance: +1 877.326.2337, x844.7461 aim: jackrepenning skype: jrepenning |
