Using GnuPG to decrypt message sent to multiple recipients - PGP

This is a discussion on Using GnuPG to decrypt message sent to multiple recipients - PGP ; Hi, I'm using GnuPG and I'm testing it for our company. When I'm trying to decrypt a message that was encrypted for multiple recipients, the command line utility is asking me for the passphrase for each person. Is there a ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Using GnuPG to decrypt message sent to multiple recipients

  1. Using GnuPG to decrypt message sent to multiple recipients

    Hi, I'm using GnuPG and I'm testing it for our company. When I'm trying
    to decrypt a message that was encrypted for multiple recipients, the
    command line utility is asking me for the passphrase for each person.
    Is there a way I can tell it who I am so it only prompts me for the
    passphrase for me? I've tried the --local-user option but it seems to
    ignore it. Also is there a way that I can prevent seeing who the people
    that the message is encrypted for?

    Thanks in advance.


  2. Re: Using GnuPG to decrypt message sent to multiple recipients


    dotnetdeveloper wrote:

    > Also is there a way that I can prevent seeing who the people
    > that the message is encrypted for?


    yes,
    use the option of ' hidden encrypt to'

    for the keyid's you want hidden, use the options of either::
    -R keyid or --hidden-encrypt-to keyid or --hidden-recipient
    keyid

    and for the ones you want visible, use either:
    -r keyid or --recipient keyid or --encrypt-to keyid


    and if you don't want 'any' of the keyid's visible, use:
    --throw-keyids

    n.b.
    this type of hiding, hides only the keyid, not the keysize or keytype,
    so, if someone has a distinctive keysize (i.e. 4001 rsa instead of
    standard 4096 rsa)
    the keyid can be reasonably 'guessed'


    vedaal


  3. Re: Using GnuPG to decrypt message sent to multiple recipients

    > Does your keyring have all the private keys for the recipients or only
    > your own private key? (In a test environment, this is not really a dumb
    > question.)


    Hi David, yes it does and no it's not a dumb question. I understand the
    problem. Thanks.


  4. Re: Using GnuPG to decrypt message sent to multiple recipients

    Hi vedaal,
    I've checked the command options on gpg and none of the ones you have
    listed appear. Am I using the wrong software or an older version?

    Thanks.


  5. Re: Using GnuPG to decrypt message sent to multiple recipients

    dotnetdeveloper wrote:

    > I've checked the command options on gpg and none of the ones you have
    > listed appear. Am I using the wrong software or an older version?


    what version are you using ?
    (at the gnupg commandline, type: gpg --version)

    the current version of gnupg is 1.4.6
    available here:
    http://www.gnupg.org/download/

    once you have this version installed, type: gpg --dump-options
    and all the gnupg options and commands will be displayed on the screen

    (n.b.
    these are *not* in alphabetical order,
    and do not include single letter option syntax
    [ i.e. -r for recipient -a for armor, etc.
    all these 'short' options, as well as the long ones, and their
    explanations,
    are listed in the gpg.man in the doc folder of gnupg ]


    vedaal


  6. Re: Using GnuPG to decrypt message sent to multiple recipients

    "vedaal" , wrote:
    -
    >dotnetdeveloper wrote:
    >
    >> I've checked the command options on gpg and none of the ones you have
    >> listed appear. Am I using the wrong software or an older version?

    >
    >what version are you using ?
    >(at the gnupg commandline, type: gpg --version)
    >
    >the current version of gnupg is 1.4.6
    >available here:
    >http://www.gnupg.org/download/
    >
    >once you have this version installed, type: gpg --dump-options
    >and all the gnupg options and commands will be displayed on the screen
    >
    >(n.b.
    >these are *not* in alphabetical order,
    >and do not include single letter option syntax
    >[ i.e. -r for recipient -a for armor, etc.
    >all these 'short' options, as well as the long ones, and their
    >explanations,
    >are listed in the gpg.man in the doc folder of gnupg ]
    >
    >
    >vedaal

    Hi, my problem is maybe not aligned with this topic.
    I am running GnuPG v1.4.7 on one machine and PGP v6.5
    on another (Win-XP) box.
    Keys built in GPG cannot be recognized by the PGP
    key import tool. The tool just refuses to acknowledge the
    pub block exists.
    I found this section in the GPG faq man but am confused
    as to if this applies to my problem.
    Anyone know of known problems importing GPG keys to PGP6.5?

    ===================================
    ...//GnuPG/share/gnupg/faq.html#q5.1


    5.7) PGP does not like my secret key.

    Older PGPs probably bail out on some private comment packets used by GnuPG.
    These packets are fully in compliance with OpenPGP; however PGP is not really
    OpenPGP aware. A workaround is to export the secret keys with this command:

    $ gpg --export-secret-keys --no-comment -a your-KeyID

    Another possibility is this: by default, GnuPG encrypts your secret key using the
    Blowfish symmetric algorithm. Older PGPs will only understand 3DES, CAST5, or
    IDEA symmetric algorithms. Using the following method you can re-encrypt your
    secret gpg key with a different algo:

    $ gpg --s2k-cipher-algo=CAST5 --s2k-digest-algo=SHA1 --compress-algo=1
    --edit-key

    Then use passwd to change the password (just change it to the same thing,
    but it will encrypt the key with CAST5 this time).

    Now you can export it and PGP should be able to handle it.

    For PGP 6.x the following options work to export a key:

    $ gpg --s2k-cipher-algo 3des --compress-algo 1 --rfc1991
    --export-secret-keys

+ Reply to Thread