Menu
▾
▴
Re: [Macgpg-users] trouble figuring out how to import a public key from windows to mac gnugpg
|
From: Jack R. <ja...@ne...> - 2007-04-14 03:23:57
|
On Apr 13, 2007, at 7:25 PM, tombb wrote: > To complete the picture for you, I am sitting in our home office > and am > going back and forth between her computer (pc) and mine (intelmac), > testing > this all out. I have tried the following methods for sending her > key to my > email account: 1. sign her message and send it, Just checking: you do realize, right, that signing and sending a message (with PGP) does NOT also transmit the key? I wasn't absolutely sure whether you meant this step "1" was a complete experiment that failed, or just part of the longer process. > 2. export her key under the > pgp "key management" section-- it exports as a .asc file That .asc file, just as it's saved there on disk, is the thing you want to get to yourself, somehow. > 3. opened her > public key up through key management (I think it was a choice to see > details) and copied the key text info manually into a word file to > mail to > my account. I'm not certain I know what you mean here, but it sure sounds like you would get some information *about* the key, but not the actual key itself. Rather than opening it with key management, just send it as an attachment, the same way you'd send a Word document or a zip file. > I can change the extensions while the file is still on her pc, > and open it as the true text file, but it still opens as goop on the > intelmac. That confuses me. On both the mac and the PC, the extension is only a kind of hint to the operating system about what to do with a file. In many cases, it can figure out The Right Thing To Do even if the extension is wrong. In a few cases, it will do the wrong thing even though the extension is right. The procedure I suggested was very deliberately designed to reduce confusion: the tools I suggested, like Terminal and head, are very simple, and won't confuse us by trying to be smart. So, more "experiments with tools so simple that NOTHING could go wrong" ;-): Export her key again if you have to (that is, if you don't have that file any more). Let's say this produces a file called 0x0C0D89A8.asc, on the desktop. Start> Run...> cmd cd Desktop more < 0x0C0D89A8.asc (it shows some stuff) ^C (that last is, "hold down the ctrl key and press c") That will, I'm reasonably sure, show you one of those "----- BEGIN PGP" thingies. Now, in TBird, compose a message to yourself. Attach 0x123456.asc. Sorry, I don't know how to attach things in TBird, but I bet there's some link or button or menu named "Attach", so use that. Maybe you can just drag the file from your desktop to TBird, but maybe not. Send the message. Walk over to your Mac. Fetch mail. You don't tell me what you use for mail on the Mac end, but whatever it is, do whatever you have to do to save the attachment to the desktop. If you use Apple's Mail.app, you can press the "Save" button at the top of the message window. There should now be a file on your desktop named 0x123456.asc. It might just possibly have an extra extension, like 0x0C0D89A8.asc.txt, or so. Terminal cd Desktop more < 0x0C0D89A8.asc (or "more < 0x0C0D89A8.asc.txt", as appropriate) You should see the same "----- BEGIN PGP..." stuff as before. If the file isn't named 0x0C0D89A8.asc, rename it so it is. Since you're in a Terminal window already, type gpg --import 0x0C0D89A8.asc It should import her key. Now, still in the Terminal window, type gpg --sign-key 0x0C0D89A8 (notice: no ".asc"!) gpg will ask you some questions of the "are you really sure" sort, and if you answer yes enough times, it will sign your wife's key with your key, thereby indicating that your wife's key is "valid". Now, back at her machine, sign and send some message. Now, back at yours, receive it and see what happens. > > She uses Thuinderbird with the enigmail extension installed. Are > there more > preferable gnu apps to use than enigmail in windows xp? Well, actually, Enigmail has a very good reputation, I suggest she stick with that. The only problem, here, is that *I* have never used it, so I'm going to be a bit lame in commenting on it. > > > > Jack Repenning-3 wrote: >> >> On Apr 13, 2007, at 2:22 PM, tombb wrote: >> >>> 1. Do you guys also see this difficulty when working across >>> platform, or do >>> do you think I might have a setup issue? >> >> I have never had the experience you're having now, no. But I have a >> theory about what's going on. I think the break-down is at the point >> where your friend puts his key into the message. Do you know how >> that's being done? As a matter of fact, I have more than a tiny >> suspicion that your friend is NOT putting his key into the message at >> all! >> >> Here's what s/he should do: in their favorite PGP interface, export >> their key. Then, attach that to the email message by any familiar >> means (such as drag-and-drop). >> >> Here's what I'm beginning to suspect s/he actually did: reasoning >> from prior experience with the "S/MIME" facilities built into >> Outlook, s/he may have supposed that the key is sent along with every >> signed message. S/MIME does that. GPG doesn't. (Maybe it should, >> perhaps, but anyway it doesn't.) >> >> The tricky bit here is that the goop which is an exported key looks >> (to a human like you or me) pretty much the same as the goop which is >> a message signature (not to mention any number of other kinds of >> goop) ;-) But I think the goop you've been trying to import as a key >> was actually only the goop which was the signature on the message >> from your friend. >> >> Can you confirm that the procedure I suggest ends up working? >> >> >>> 2. Also, even though I have the public key form my wife's windows >>> based >>> account and can decrypt messages, and the message shows that it is >>> signed, >>> but it also says "validity:unknown"-- I saw in the windows enigmail >>> plugin >>> inteerface how to set the trust level of others signatures, but how >>> can I do >>> this in the Mac environment, either through gpg keychain access or >>> the sente >>> Mail plugin interface? >> >> Oh, my. >> >> You've confused two things that pretty much EVERYONE gets confused at >> first, but which are actually completely different things. >> "Validity" means "does this key really belong to the person it claims >> to belong to?" "Trust," on the other hand, means "do I trust that >> particular human being, specifically in the matter of certifying >> keys?" Validity is about the key (or about its legitimacy); trust is >> about the human. PGP keeps track of them separately. But they are >> related. Here's how: >> >> One person can "sign" someone else's key. The signature means "you >> can believe that this key belongs to the person it appears to." That >> is, signature attests validity. >> >> But OK, so I sign Charly's key, and you get that signed key somehow >> or other. You wonder whether this really is Charly's key (is it >> valid?). You see that I've signed, claiming it's valid. "But," you >> should ask, "can I *trust* this Repenning character?" That's >> something you have to decide for yourself. So you set some level of >> *trust* on my key, and if you trust me enough, then my signature on >> Charly's key shows that it is *valid*. >> >> It *is* confusing. We all mess it up at first. >> >> Since you've done all this work to transport your wife's key to your >> keyring, you're pretty confident it's the right one. You should >> *sign* her key. >> >> GPG naturally assumes that you trust yourself quite a lot, so if you >> yourself have signed a key, that's all we need (that's what "ultimate >> trust" means). So, if you *sign* your wife's key, and you've left >> your *trust* setting for yourself as "ultimate", then your wife's key >> will show up as "valid." >> >> >>> >>> Sorry for the length and for burying my 2 last questions, but you >>> guys have >>> been great in helping me sort this out. I look forward to any >>> suggestions >>> and comments you have for hte other 2 issues. >>> >>> >>> >>> Jack Repenning-3 wrote: >>>> >>>> On Apr 13, 2007, at 6:25 AM, tombb wrote: >>>> >>>>> Question here: able to encrypt/sign when I am sending messages >>>>> back >>>>> and >>>>> forth to self using mac version of gpg, but trouble across >>>>> platform to >>>>> another user with windows version of gnu gpg. Their app correctly >>>>> received >>>>> my key, but the mac Mail.app on my computer appears to be having >>>>> difficulty >>>>> with their key. I can't seem to import the key when using GPG >>>>> Keychain >>>>> Access app on my mac. the file I receive from the windows pubkey >>>>> export is >>>>> listed as "0x0C0D89A8.asc.pgp" -- even though when I export it on >>>>> the >>>>> windows machine it appears to be a text file with a .txt extension >>>>> on the >>>>> windows end before mailing it. >>>> >>>> What you're trying to do should work just fine. I don't see >>>> anything >>>> wrong with your procedure. The file renaming dance is a common >>>> side >>>> effect of mail handling, but all the names you give should work the >>>> same. So, I'm puzzled. Let me ask more questions. >>>> >>>> You say "I can't seem to import the key." What does that mean? Do >>>> you get error messages? >>>> >>>> Open a Terminal window and type "head 0x0C0D89A8.asc.pgp". The >>>> format of this file is pretty rigid; does it look like this? >>>> >>>> The first line should be "-----BEGIN PGP PUBLIC KEY BLOCK-----". >>>> Well, that doesn't have to be the very first line, but it's the >>>> first >>>> line that gpg cares about. There must be exactly five dashes at >>>> the >>>> beginning and end of the line. The beginning dashes must begin at >>>> the very beginning of the line, no spaces first or "> " things or >>>> anything else. The ending dashes must end at the end of the line, >>>> nothing after them. >>>> >>>> The second line is probably something like "Version: GnuPG v1.4.6 >>>> (Darwin)". The actual version info may differ. actually, since >>>> you >>>> got this from your windows-using friend, it almost *certainly* >>>> won't >>>> say "Darwin", because that means "Macintosh" ;-) But something >>>> like >>>> this, anyway. >>>> >>>> There may be a third line, something like this: "Comment: PGP- >>>> encrypted email preferred" The comment line is optional, so it may >>>> not be there. If it is there, it might say pretty much anything at >>>> all - it's just a ... well ... comment ... provided your friend. >>>> >>>> The next line (third or fourth, depending on whether there was a >>>> comment) should be blank, empty, nothing there. >>>> >>>> After that come a bunch of lines containing unreadable goop, like >>>> "mQCNAyyg8RgAAAEEALN78k0ovUHn119cm8enD4oaDXWgImkSXPYNJFfo9VFeH14B" >>>> >>>> >>>> Does it look like that? I'm guessing it does not, or it would have >>>> worked for you. So, in what way is it different from that? >>>> Tell me >>>> how it's different, and maybe I can tell you how to fix it up, >>>> possibly how it got messed up in the first place, and hopefully how >>>> to avoid the problem the next time. >>>> >>>> -==- >>>> Jack Repenning >>>> Chief Technology Officer >>>> CollabNet, Inc. >>>> 8000 Marina Boulevard, Suite 600 >>>> Brisbane, California 94005 >>>> office: +1 650.228.2562 >>>> mobile: +1 408.835.8090 >>>> raindance: +1 877.326.2337, x844.7461 >>>> aim: jackrepenning >>>> skype: jrepenning >>>> >>>> >>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------- >>>> -- >>>> ---- >>>> Take Surveys. Earn Cash. Influence the Future of IT >>>> Join SourceForge.net's Techsay panel and you'll get the chance to >>>> share >>>> your >>>> opinions on IT & business topics through brief surveys-and earn >>>> cash >>>> http://www.techsay.com/default.php? >>>> page=join.php&p=sourceforge&CID=DEVDEV >>>> _______________________________________________ >>>> Macgpg-users mailing list >>>> Mac...@li... >>>> https://lists.sourceforge.net/lists/listinfo/macgpg-users >>>> >>>> >>> >>> -- >>> View this message in context: http://www.nabble.com/trouble- >>> figuring-out-how-to-import-a-public-key-from-windows-to-mac-gnugpg- >>> tf3571613.html#a9986663 >>> Sent from the macgpg-users mailing list archive at Nabble.com. >>> >>> >>> -------------------------------------------------------------------- >>> -- >>> --- >>> Take Surveys. Earn Cash. Influence the Future of IT >>> Join SourceForge.net's Techsay panel and you'll get the chance to >>> share your >>> opinions on IT & business topics through brief surveys-and earn cash >>> http://www.techsay.com/default.php? >>> page=join.php&p=sourceforge&CID=DEVDEV >>> _______________________________________________ >>> Macgpg-users mailing list >>> Mac...@li... >>> https://lists.sourceforge.net/lists/listinfo/macgpg-users >> >> -==- >> Jack Repenning >> Chief Technology Officer >> CollabNet, Inc. >> 8000 Marina Boulevard, Suite 600 >> Brisbane, California 94005 >> office: +1 650.228.2562 >> mobile: +1 408.835.8090 >> raindance: +1 877.326.2337, x844.7461 >> aim: jackrepenning >> skype: jrepenning >> >> >> >> >> >> --------------------------------------------------------------------- >> ---- >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net's Techsay panel and you'll get the chance to >> share >> your >> opinions on IT & business topics through brief surveys-and earn cash >> http://www.techsay.com/default.php? >> page=join.php&p=sourceforge&CID=DEVDEV >> _______________________________________________ >> Macgpg-users mailing list >> Mac...@li... >> https://lists.sourceforge.net/lists/listinfo/macgpg-users >> >> > > -- > View this message in context: http://www.nabble.com/trouble- > figuring-out-how-to-import-a-public-key-from-windows-to-mac-gnugpg- > tf3571613.html#a9989409 > Sent from the macgpg-users mailing list archive at Nabble.com. > > > ---------------------------------------------------------------------- > --- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to > share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php? > page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Macgpg-users mailing list > Mac...@li... > https://lists.sourceforge.net/lists/listinfo/macgpg-users Jack Repenning ja...@th... There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. - C.A.R. Hoare |
