HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
cancel
Showing results for 
Search instead for 
Did you mean: 

Need Help on GPG on HP-UX

 
SOLVED
Go to solution
Gaby1110
Frequent Advisor

Need Help on GPG on HP-UX

Hi,

We have installed GPG (gnupg-2.0.12-ia64-11.31.depot) on our HP-UX 11.31 machine and trying to run the command as below. Currently there are two issues, the encrypt is giving some message about key and is asking for overwrite.

We want to run this command non-interactively, need to figure out what options we need to use to run in quite mode.

$/usr/local/bin/gpg2 --encrypt -r cefs_prod im090715.txt
Warning: using insecure memory!
gpg: C0A382A8: There is no assurance this key belongs to the named user

pub 1024g/C0A382A8 2002-04-19 cefs_prod
Primary key fingerprint: 3CC4 39A2 902E 510F FBE5 0179 CAAD BBB3 9F1A 5AE4
Subkey fingerprint: C9F3 BCD9 F44C F499 402D 6528 7C48 F3FE C0A3 82A8

It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) y
File `im090715.txt.gpg' exists. Overwrite? (y/N) y

< oracrmdv@: /home/oracrmdv >


And the syntax we need to work is as below.


/usr/bin/pgp --encrypt --user \"%s\" --output %s/%s --overwrite %s/%s"

sprintf(pgpCommand,"/usr/bin/pgp --encrypt --user \"%s\" --output %s/%s --overwrite %s/%s"
,pUserID
,pDestDirectory
,pDestFilename
,pSrcDirectory
,pSrcFilename);
/*


Please help.

Thanks
Gaby
15 REPLIES
Steven Schweda
Honored Contributor

Re: Need Help on GPG on HP-UX

To the extent that I use it at all, which is
not much, I'm more of a GnuPG 1.x user, so I
know nothing, but ...

A Google search for the "no assurance"
message worked for me.


> [...] Overwrite? (y/N)

"Doctor, it hurts when I do this."

"Don't do that."

If you deleted the intended output file
first, then I'd expect that you wouldn't get
the warning/query about overwriting it.
Matti_Kurkela
Honored Contributor

Re: Need Help on GPG on HP-UX

PGP (and its successor gpg) measure the reliability of keys' ownership information by examining the signatures on the keys. A key is trusted if you're signed it yourself, or if the key has a signature from a person you already trust (i.e. you have his/her public key with a trusted signature).

If everyone used PGP/GPG, this would eventually build up into a complex "Web of Trust".

But if you're setting up an "one-to-one" type data transfer, this is not going to happen. You will need to tell GPG that you actually are certain the key belongs to whoever/whatever it's supposed to. This can be done by signing the cefs_prod public key that is in your GPG keyring. You can use a "local signature": it won't be exported along with the key if you later forward the cefs_prod key to someone else, but it is sufficient to make GPG trust the key.

See the GPG documentation on how to sign the key.

For your second problem, there is a wrapper that can convert PGP commands to GPG syntax:
http://www.nessie.de/mroth/pgpgpg/

But if you have the source code for your PGP-using application (as evidenced by the sprintf command in your message), it might be easier to change the code to use GPG natively.

MK
MK
Gaby1110
Frequent Advisor

Re: Need Help on GPG on HP-UX

Hi MK and Steven,

Thanks for your response.

I don't know much about the GPG. Could you please let me know if it is possible to
to run this command non-interactively,

$/usr/local/bin/gpg2 --encrypt -r cefs_prod im090715.txt

Is there any options we need to use to run it in quite mode so that we can put it in the script and we sud not get the overwrite option below

Use this key anyway? (y/N) y
File `im090715.txt.gpg' exists. Overwrite? (y/N) y


Thanks again,

Gaby
Michael Steele_2
Honored Contributor

Re: Need Help on GPG on HP-UX

Hi

GPG is usually one of two commands used together to accomplish a file transfer, i.e., ftp. 'ftp' however has some drawbacks so its more common to see 'cur' used instead.

http://curl.haxx.se/docs/manpage.html

http://curl.haxx.se/libcurl/c/libcurl-errors.html

This is a two step process. Exchanging keys is the first. Usually your alternate, i.e., a bank, will have a procedure for you to follow: Bank of America login id, password, download instructions, execute.

http://curl.haxx.se/docs/manual.html
Support Fatherhood - Stop Family Law
Gaby1110
Frequent Advisor

Re: Need Help on GPG on HP-UX

Hi Michael,

Thanks for the reponse. We need to use only GPG on HP-Ux as per our application requirement.

Could you please help me on my issue on HP-UX....

Thanks again,
Gaby
Michael Steele_2
Honored Contributor

Re: Need Help on GPG on HP-UX

Michael Steele_2
Honored Contributor

Re: Need Help on GPG on HP-UX

Gaby

Type curl into the HP search engine and see what you get.
Support Fatherhood - Stop Family Law
Steven Schweda
Honored Contributor

Re: Need Help on GPG on HP-UX

> GPG is usually one of two commands used
> together to accomplish a file transfer,
> i.e., ftp. [...]

This is nonsense. GPG (GnuPG) is entirely
unrelated to file transfers.

http://gnupg.org/

> Download here:
> [...]

And it's particularly unrelated to cURL.

> Type curl into the HP search engine and see
> what you get.

Do you mean, "even more confused"?

"GnuPG" and "cURL" are spelled differently
for a reason. They're different. They're
not even related. (One person _can_ use both
programs, but they're still unrelated.)


> Is there any options we need to use [...]

If GnuPG offers command-line options to solve
these problems, then I'm not aware of them.
Matti Kurkela already pointed you to a way to
stop the "Use this key anyway?" problem. I
already suggested a way to avoid the "exists.
Overwrite?" problem.

Is there something in the GnuPG documentation
which is unclear?

http://www.gnupg.org/documentation/index.en.html
Steven Schweda
Honored Contributor

Re: Need Help on GPG on HP-UX

> And it's particularly unrelated to cURL.

Strictly speaking, GnuPG _can_ be built using
the cURL _library_, to allow some fancy key
file transfers, so there is actually some
potential relationship between GnuPG and the
cURL _library_, and with (key) file
transfers, but that's a pretty tenuous (and
optional) connection, I claim. And
downloading some cURL kit will provide no
benefit for the problems cited in the
original question here.
Steven Schweda
Honored Contributor

Re: Need Help on GPG on HP-UX

Do you think that downloading a
cURL kit would fix my problems, too? Or does
that work only for GnuPG problems?
Radhakrishnan Nageswara
Occasional Visitor
Solution

Re: Need Help on GPG on HP-UX

Guys,

Please be nice to each other and say nice words if you can, other wise, stay quiet.
We should be teaching these basic values to our kids. (If you can't say something nice, don't say anything at all)

BTW,


I found the option to overwrite the file, it is --yes

--yes - says yes to most of the questions raised by pgp2. So, if the encrypted file that we are trying to encrpt already exists, we want to overwrite the file and reencrypt again and the option --yes worked like a charm.

Thanks for your time gentlemen.

RK
Steven E. Protter
Exalted Contributor

Re: Need Help on GPG on HP-UX

Shalom all,

Just to be clear here.

GPG is a program that encrypts files. After you encrypt the files, you can transfer them with ftp,sftp,curl, any program you want. It is actually nice to integrate GnuGPG with an email client to enable you to encrypt attachments as they go out(Or perhaps before).

GPG originally seems to be challenging the authenticity of the user, which could be due to the user having a different numeric ID or something else.

Problem seems solved, part of the exchange seems a little bizarre. Perhaps a form of humor I don't understand.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Radhakrishnan Nageswara
Occasional Visitor

Re: Need Help on GPG on HP-UX

Yes. We are doing a secure ftp of the file after encryption. We are doing encryption on HP-UX 11i V3 O/S - using all command line options to encrypt the file.

Thanks again.
Gaby1110
Frequent Advisor

Re: Need Help on GPG on HP-UX

Thank you all for your suggestions and advice. It's working now.
Gaby1110
Frequent Advisor

Re: Need Help on GPG on HP-UX

.