PGP Public Key

Syed Mehmood Ul-Hasan · ‎04-01-2009

I have been asked to find out the PGP Public key being used by our encryption process involving PGP. I'm new to PGP, does anyone have an idea how to get the PGP Public key from an HP-UX server?
Thanks
Mehmood

Steven Schweda · ‎04-01-2009

Knowing nothing about "our encryption
process" might make it hard to say much about
where the key files might be. Typically,
they're in some user's "~/.pgp" directory,
but many things are possible.

"man pgp"?

Syed Mehmood Ul-Hasan · ‎04-01-2009

man PGP doesn't work. I can however see the PGP directory. Where exactly and how can I find the key?
Thanks

Steven Schweda · ‎04-01-2009

> man PGP doesn't work.

Did you try "man PGP", or "man pgp", or what,
exactly? I don't know who installed which
PGP where, and my psychic powers are too weak
to tell me much about your installation. And
your description of what you're doing doesn't
seem to be too reliable. Or complete.

"pgp -h"?
"pgp -k"?

Look around?

Steven E. Protter · ‎04-01-2009

Shalom,

http://unix.derkeiler.com/Mailing-Lists/HP-UX-Admin/2003-11/0068.html

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Ganesan R · ‎04-01-2009

Hi Syed,

PGP called Pretty Good Privacy is a software to store the public key and encrypt and decrypt the file.

Normally public keys will be added into the database using the below command.

#pgp -ka

Use the below command to list all the keys.

#pgp -kv

To grep a particular key.

#pgp -kv |grep -i

Best wishes,

Ganesh.

Syed Mehmood Ul-Hasan · ‎04-01-2009

Steven, sorry I wasn't very clear in describing my request.
What I need is to extract the public key so that I can give it to our vendor for encryption.
Both man PGP and man pgp doesn't work, however pgp -h and pgp -k worked. Thank you for that.
Now I need the command to extract the publick key.
Ganesan, thanks for the syntax. I believe I need to run: #pgp -kx |grep -i to extract the public key but how will I know which to use?
pgp -kv returned number of key names.
Thanks

Steven Schweda · ‎04-01-2009

> [...] how will I know which to
> use?

What's my favorite color?

How do you expect anyone here to answer that
question?

> I have been asked [...]

Talk to the person who asked you that?

> [...] our encryption process [...]

Look at "our encryption process"?

Matti_Kurkela · ‎04-01-2009

Usually, in any PGP set-up, there are at least two or more public keys, but only one secret key.

The secret key is stored in a separate keyring file. If the user that runs PGP is named , then the PGP keyring files are stored in the .pgp sub-directory of the user's home directory, i.e. usually /home//.pgp.

To view the list of secret keys, use this command:

pgp -kv /home//.pgp/secring.skr

If your PGP version is very old, the name of the secret keyring might be "secring.pgp" instead of "secring.skr".

When you know the key name of the secret key, look at the list of public keys. (You already found out how to find it.) The public key that has the same name as the secret key is *your* public key.

To extract a copy of the public key in ASCII form, use a command like this:

pgp -kxa

Replace with the key name, and with the name of the file you wish to write the key to.

With Google, I found this reference card of PGP commands:

http://www.geocities.com/Athens/1802/pgpcard.html

MK

MK

Syed Mehmood Ul-Hasan · ‎04-01-2009

Thanks Matti.
pgp -kv /home//.pgp/secring.skr
and
pgp -kv they both returned exactly the same key names (12 of them). Not sure which one I should use with my pgp -kx.

Please note the the way our encryption process runs is:
1) we encrypt the file
2) encrypted file is ftp'd to another server (I don't have access to that server)
3) the other server decrypts the file

Do I need something from the other server?

Steven Schweda · ‎04-01-2009

> Do I need something from the other server?

What you seem to need most is to do some
reading on public key encryption. A quick
Web search should find many helpful
documents.

> 1) we encrypt the file

> 3) the other server decrypts the file

HOW?

Normally, when one uses PGP to encrypt a
file, he uses a public key which was supplied
by the intended recipient. Then, when the
recipient gets the encrypted file, she uses
her corresponding private key to decrypt it.

So, normally, you get a public key from the
intended recipient.

Steve Post · ‎04-02-2009

I'm going to talk concept and not commands. Other folks please correct me if I lead you wrong.

It looks like years ago, your customer created a public-private key pair.
They sent you the public part of the key.
They kept the private part of the key ...er...private.

They would encrypt a file with their private key.
They would send this encrypted file.
You would decrypt their file encrypted file with the public key your customer gave you.

This means that somewhere you have a program and decrypts their file. Which means there is a command doing it. Which means you have the name of THEIR public key in the command's text.

That was then. This is now.

Now the customer wants to reverse the process too. They want YOU to make a public and private key. They say they want your public key, but I don't see why you can't make a new one public-private key pair just for them. Let us call this key "MyKey4customer"

1. make the key "MyKey4customer"
2. send the public part of the key to them.
You extract the public part of the key out of PGP.

Then your process send files to them is:
1. you have a file.
2. you encrypt it with the private part of key "MyKey4customer"
3. you send it out.

Then the CUSTOMER,
1. gets your file.
2. decrypts it with their public copy of "MyKey4customer"
3. And they have the unencrypted, clear text that you wanted them to have.

steve

rariasn · ‎04-02-2009

Hi,

cd PGG install directory.

cat file en.hlp

rgs,

Steven Schweda · ‎04-02-2009

> cat file en.hlp

You clearly know more about this PGP
installation than I do. I don't even know
which version of PGP is being used, so I
don't know which files might be where.

> Now the customer wants [...]

I bow to the greater psychic powers of
others.

rariasn · ‎04-02-2009

Hi,

rariasn · ‎04-02-2009

Hi,

# pgp -k

Key management functions:
To generate your own unique public/secret key pair:
pgp -kg
To add a key file's contents to your public or secret key ring:
pgp -ka keyfile [keyring]
To remove a key or a user ID from your public or secret key ring:
pgp -kr userid [keyring]
To edit your user ID or pass phrase:
pgp -ke your_userid [keyring]
To extract (copy) a key from your public or secret key ring:
pgp -kx userid keyfile [keyring]
To view the contents of your public key ring:
pgp -kv[v] [userid] [keyring]
To check signatures on your public key ring:
pgp -kc [userid] [keyring]
To sign someone else's public key on your public key ring:
pgp -ks her_userid [-u your_userid] [keyring]
To remove selected signatures from a userid on a keyring:
pgp -krs userid [keyring]

sample:

#pgp -kv .pubring.pgp
No configuration file found.
Pretty Good Privacy(tm) 2.6.3ia - Public-key encryption for the masses.
(c) 1990-96 Philip Zimmermann, Phil's Pretty Good Software. 1996-03-04
International version - not for use in the USA. Does not use RSAREF.
Current time: 2009/04/02 15:34 GMT

Key ring: '.pubring.pgp'
Type Bits/KeyID Date User ID
pub 1024/01234567 1999/12/29 0088880001.0002
pub 1024/76543210 1997/01/27 0099990001.0002
pub 1024/00000000 1997/01/27 0099990001.0001
pub 1024/11111111 1999/10/19 0088880001.0001
4 matching keys found.

rgs.

rariasn

Steve Post · ‎04-02-2009

"I have been asked to find out the PGP Public key being used by our encryption process involving PGP. I'm new to PGP, does anyone have an idea how to get the PGP Public key from an HP-UX server?"

Here's MY psychic power. It is merely a Sherlock Holmes guess. He hasn't used PGP, but it is being used. Therefore it was already set up. Because he's been requested to find out about their public key, that means he's about to start sending stuff out. That's what a customer would want. (Yes. It's a stretch. I'm just guessing based on what I see in the text).

OK...
Outbound not setup.
PGP Already around.
There are only two directions, so inbound must already be set up.
It's Elementary.
Ok...it's elementary GUESSING.

Syed Mehmood Ul-Hasan · ‎04-02-2009

There is no en.hlp file.

As I mentioned before the way our encryption process runs is:
1) we encrypt the file
2) encrypted file is ftp'd to another server (I don't have access to that server)
3) the other server decrypts the file

Now we are transferring this process over to another vendor i.e. we no longer will be running the above process but our new vendor will.
The new vendor has asked us for the public keys we our using in our PGP encryption. Executing pgp -kv resulted in a number of keys. I didn't knew which one I need to send to the vendor. So, I found the script that is doing the pgp and found that there are 2 keys being used in the pgp command. (see I'm learning more on PGP in the process)
How can I know which one out of these 2 keys is the one being used by the decrypt process on the other server (I don't have access to)?
Thanks

Steven Schweda · ‎04-02-2009

> As I mentioned before the way our
> encryption process runs is:
> 1) we encrypt the file
> [...]
> 3) the other server decrypts the file

And, as I asked before, "HOW?" What's the
actual command used? I'm not asking for a
secret pass phrase, just a clear, complete
description of what you actually do.

The key used to decrypt is related to the key
used to encrypt. Normally, only the person
who created the key-pair gets to see both
the public key and the private key.

> we no longer will be running the above
> process but our new vendor will.

If this "new vendor" will be doing exactly
what you were doing, and if you're using only
public keys from your public key ring, then
you should be able to send your public key
ring file to the new vendor. Or else, use
some of those "-k" commands to extract the
public keys, and send the extracted data.

> [...] and found that there are 2 keys being
> used in the pgp command.

So, send those. "-kxa" might be a good way
to do it if you'd like to e-mail the key
data.

> Pretty Good Privacy(tm) 2.6.3ia - [...]

That's pretty old. I have one of those on my
VMS system:

alp $ pgp
Pretty Good Privacy(tm) 2.6.3ia - [...]

> [...] merely a Sherlock Holmes guess.

As I recall, Sherlock Holmes didn't make mere
guesses. But he did sometimes complain about
a lack of evidence.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

PGP Public Key

PGP Public Key

Re: PGP Public Key

Re: PGP Public Key

Re: PGP Public Key

Re: PGP Public Key

Re: PGP Public Key

Re: PGP Public Key

Re: PGP Public Key

Re: PGP Public Key

Re: PGP Public Key

Re: PGP Public Key

Re: PGP Public Key

Re: PGP Public Key

Re: PGP Public Key

Re: PGP Public Key

Re: PGP Public Key

Re: PGP Public Key

Re: PGP Public Key

Re: PGP Public Key