Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [pgp]

Pretty Good Privacy (PGP)

Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security of e-mail communications.

PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and, finally, public-key cryptography; each step uses one of several supported algorithms. Each public key is bound to a user name and/or an e-mail address. The first version of this system was generally known as a web of trust to contrast with the X.509 system which uses a hierarchical approach based on certificate authority and which was added to PGP implementations later

Source: wikipedia

52 questions
33
votes
2 answers

How to verify a file using an asc signature file?

As an example, this project offers an *.asc file with a PGP signature to verify the contents of the download (as opposed to a checksum, you can see the empty column): https://ossec.github.io/downloads.html How would I use this file? I tried gpg…
user8897013
  • 443
  • 1
  • 4
  • 7
19
votes
5 answers

Using PGP keys for SSH

I use a 4096 byte RSA PGP key; since SSH also uses the RSA standard, is it at all possible to use the PGP key as an SSH key without installing additional software on the server (and as little as possible on the client)?
user18725
  • 191
  • 1
  • 1
  • 4
14
votes
4 answers

Validating signature trust with gpg?

We would like to use gpg signatures to verify some aspects of our system configuration management tools. Additionally, we would like to use a "trust" model where individual sysadmin keys are signed with a master signing key, and then our systems…
larsks
  • 41,276
  • 13
  • 117
  • 170
13
votes
1 answer

Automatically sign all commits with git

With git 1.7.9, it's possible to sign a commit with the -S option. Is it possible to set it default through git config --global? So instead of git commit -S -m 'Commit message', it would be just git commit -m 'Commit message'.
tamasd
  • 233
  • 2
  • 5
12
votes
6 answers

Generate entropy for PGP key

I'm logged onto a VM remotely and trying to generate a 4096bit PGP key, it just hangs forever because there is no entropy and since I'm working through remote desktop it probably does not detect the mouse movement as entropy. How can I generate…
redic
  • 121
  • 1
  • 3
11
votes
2 answers

Is it possible to use a gpg public key to encrypt a message without importing the key?

Sometimes I might want to use someone's gpg key to send a message but will have no need to ever use the key again. Importing the key in this instance seems unnecessary. I've searched, but can't find anything suggesting this is possible. It is a bit…
Patrick Keery
  • 113
  • 1
  • 4
10
votes
3 answers

apt-key add on Debian Stretch: no valid OpenPGP data found

I'm trying to follow the installation instructions for Debian provided on Docker website. Unfortunately adding a GPG key fails for me: $ curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - gpg: WARNING: nothing exported gpg: no…
Tad Lispy
  • 201
  • 1
  • 2
  • 7
7
votes
3 answers

Force the use of a gpg-key as an ssh-key for a given server

I configured ssh to use GPG as my ssh-agent and if I remove the ~/.ssh folder, I can ssh into my server fine using my gpg key. However, my ~/.ssh folder has over a dozen different ssh keys in it, and if I try to ssh when it is there, I get a…
Mike Dacre
  • 288
  • 3
  • 6
7
votes
1 answer

Mailing list + PGP/GPG support

I would like to create such mailing list where every contributor must sign his/her messages with PGP/GPG, otherwise mailing list software would block unsigned message. All PGP/GPG public keys of users allowed to post should be stored somewhere on…
user60133
6
votes
2 answers

Sending HIPAA compliant e-mails

At a small office, my clients' HR department needs to communicate with some vendors regarding HIPAA-covered material. How do most companies deal with securely sending e-mails regarding HIPAA. I would prefer to encrypt the e-mails themselves…
Brett G
  • 2,023
  • 1
  • 27
  • 45
5
votes
1 answer

Why does duplicity need a passphrase for OpenPGP encryption?

I'd like to use duplicity to backup files and I'd like to encrypt them with GnuPG. I was wondering why duplicity asks for a passphrase to encrypt the files. For asymmetric encryption the passphrase is only needed for decryption. I was using the…
john.dough
  • 103
  • 10
5
votes
3 answers

GPG/PGP Signatures & Encryption - An Academic Security Question

Digital Signatures Digital signatures take place whereby you apply your private key to a particular message (or the hash of that message in most cases). The recipient then takes your public key - not surprisingly publicly available - and then…
Xerxes
  • 4,133
  • 3
  • 26
  • 33
5
votes
3 answers

PGP: on the web, what if everything was tampered?

I am trying to wrap my head around how Public Key Cryptography can really work in a secure manner. From what I can gather, you go to example.com and download their PGP/GPG Public Key and add it to your keyring. They then send you a text file (or…
Ken R.
  • 63
  • 2
4
votes
1 answer

Implementing a PGP Key Server

I am fairly new to PGP and crypto in general. Let's say I have around 200 users and they are all going to have a PGP key for email encryption. I want to have a key server that can assign them keys and also have a directory of all of the users public…
user22492
4
votes
2 answers

Digital signatures and encryption in GMail

I just wonder if there is a way to use SSL certificates or PGP keys for signing my email. At the moment I have to setup S/MIME in Outlook (or another thick client) to send signed messages via SMTP. It works for me, but I'm looking for a way to do…
Antonio
  • 720
  • 4
  • 12
  • 29
1
2 3 4