|

»

No secret key under different account

View: New views

8 Messages — Rating Filter: Alert me

	No secret key under different account by David Gray-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hello all, GPG 2.0.12 Windows Server 2003 I've written a C# application which scans for input files and decrypts using GPG. This applications works fine when run under the account (Administrator) that GPG was installed under but when run from a different account (SQLService) I get this error. gpg: encrypted with ELG key, ID 891AB7E7 gpg: decryption failed: No secret key Error Decrypting C:\Program Files\GNU\GnuPG\work\KLIOLB_20091002_11235900.PGP I've given full permissions to the SQLService account. Are there any permissions I need to set within GPG or do I need to specify anything else on the command line when running under a different account? The GPG command looks like this gpg --passphrase-fd 0 --batch --output KLIOLB_20091005_10021900.TMP --decrypt KLIOLB_20091005_10021900.PGP Thanks in advance. Dave _______________________________________________ Gnupg-users mailing list Gnupg-users@... http://lists.gnupg.org/mailman/listinfo/gnupg-users smime.p7s (4K) Download Attachment
	Re: No secret key under different account by David Shaw :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Oct 30, 2009, at 10:24 AM, David Gray wrote: > Hello all, > > GPG 2.0.12 > Windows Server 2003 > > > > I've written a C# application which scans for input files and > decrypts using > GPG. > This applications works fine when run under the account > (Administrator) that > GPG was installed > under but when run from a different account (SQLService) I get this > error. > > gpg: encrypted with ELG key, ID 891AB7E7 gpg: decryption failed: No > secret > key > Error Decrypting C:\Program > Files\GNU\GnuPG\work\KLIOLB_20091002_11235900.PGP > > I've given full permissions to the SQLService account. > > Are there any permissions I need to set within GPG or do I need to > specify > anything else on the command line when running under a different > account? Most likely your keyring is stored under the Administrator account, so when run as SQLService, you can't find the keys. Look at the .gnupg directory in the Administrator account - it needs to be available to the SQLService user. See also the --homedir option to GPG, which allows you to specify where the keyrings and config files go. David _______________________________________________ Gnupg-users mailing list Gnupg-users@... http://lists.gnupg.org/mailman/listinfo/gnupg-users
	RE: No secret key under different account by David Gray-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, Thanks for the info, that makes sense. That does however mean that I will end up with two sets of keyring files, does anyone know a way to share them to certain priv'd users on a server. Regards Dave -----Original Message----- From: Robert Hill [mailto:rhill@...] Sent: 30 October 2009 14:43 To: David Gray Subject: RE: No secret key under different account Logon to the server as the account you wish to use to encrypt the files. Import public key as you did prior and sign the key as you did prior. This worked for me. I am not in my office, but there are 2 command line steps that need to be done, on is import and the other I think is sign. It appears that each user that is to encrypt has to follow this procedure. -----Original Message----- From: gnupg-users-bounces@... [mailto:gnupg-users-bounces@...] On Behalf Of David Gray Sent: Friday, October 30, 2009 10:25 AM To: gnupg-users@... Subject: No secret key under different account Hello all, GPG 2.0.12 Windows Server 2003 I've written a C# application which scans for input files and decrypts using GPG. This applications works fine when run under the account (Administrator) that GPG was installed under but when run from a different account (SQLService) I get this error. gpg: encrypted with ELG key, ID 891AB7E7 gpg: decryption failed: No secret key Error Decrypting C:\Program Files\GNU\GnuPG\work\KLIOLB_20091002_11235900.PGP I've given full permissions to the SQLService account. Are there any permissions I need to set within GPG or do I need to specify anything else on the command line when running under a different account? The GPG command looks like this gpg --passphrase-fd 0 --batch --output KLIOLB_20091005_10021900.TMP --decrypt KLIOLB_20091005_10021900.PGP Thanks in advance. Dave Registered Office: Turpin Distribution Services Ltd, Pegasus Drive, Stratton Business Park, Biggleswade, Bedfordshire, SG18 8TQ, UK. *** Registered in England No. 1331778 *** This email may contain confidential information and/or copyright material. This email is intended for the use of the addressee only. Any unauthorised use may be unlawful. If you receive this email by mistake, please advise the sender immediately by using the reply facility in your email software. _______________________________________________ Gnupg-users mailing list Gnupg-users@... http://lists.gnupg.org/mailman/listinfo/gnupg-users
	Re: No secret key under different account by John Clizbe-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message David Gray wrote: > > Hi, > Thanks for the info, that makes sense. > > That does however mean that I will end up with two sets of keyring files, > does anyone know a way to share them to certain priv'd users on a server. Add the extra keyring(s) with 'keyring <keyring-filename>' or 'secret-keyring <keyring-filename>' line(s) in those users' gpg.conf file -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys@...?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" _______________________________________________ Gnupg-users mailing list Gnupg-users@... http://lists.gnupg.org/mailman/listinfo/gnupg-users signature.asc (693 bytes) Download Attachment
	RE: No secret key under different account by David Gray-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message What are peoples thoughts on which is the best option: a) copy the secring.gpg & pubring.gpg files to the second user account? b) export and import the keys to the second user account? c) add a reference to the second account's gpg.conf file? Also could anyone please give me an example of the syntax for adding keyring references to gpg.conf? Thanks Dave -----Original Message----- From: gnupg-users-bounces@... [mailto:gnupg-users-bounces@...] On Behalf Of John Clizbe Sent: 30 October 2009 21:27 To: GnuPG Users Subject: Re: No secret key under different account David Gray wrote: > > Hi, > Thanks for the info, that makes sense. > > That does however mean that I will end up with two sets of keyring > files, does anyone know a way to share them to certain priv'd users on a server. Add the extra keyring(s) with 'keyring <keyring-filename>' or 'secret-keyring <keyring-filename>' line(s) in those users' gpg.conf file -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys@...?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" _______________________________________________ Gnupg-users mailing list Gnupg-users@... http://lists.gnupg.org/mailman/listinfo/gnupg-users
	Re: No secret key under different account by John Clizbe-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message David Gray wrote: > > What are peoples thoughts on which is the best option: > > a) copy the secring.gpg & pubring.gpg files to the second user account? > b) export and import the keys to the second user account? > c) add a reference to the second account's gpg.conf file? it depends on what you are trying to accomplish. Any of the above may be the best option for a given set of requirements. If I wish to use my keys on a new machine, option a or redirecting gpg.conf to keyrings (& trustdb) on portable media is probably the route I'd take. If I wanted to share a central keyring of, for example, customer keys, I probably go with option c. > Also could anyone please give me an example of the syntax for adding keyring > references to gpg.conf? no-default-keyring primary-keyring pubring.gpg keyring O:\GnuPG\pubring.gpg keyring strong.gpg keyring trusted.gpg secret-keyring secring.gpg secret-keyring O:\GnuPG\secring.gpg These should be explained in gpg2.man which should be in the share\gnupg directory under gpg2's onstallation directory, default on Windows: C:\Program Files\GNU\GnuPG2\share\gnupg\gpg2.man. It can be read with Notepad -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys@...?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" _______________________________________________ Gnupg-users mailing list Gnupg-users@... http://lists.gnupg.org/mailman/listinfo/gnupg-users signature.asc (693 bytes) Download Attachment
	Re: No secret key under different account by Robert J. Hansen-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message David Gray wrote: > What are peoples thoughts on which is the best option: I will stay out of this except to say options A and B are substantively identical. Beyond that, this is a system administration question. I know nothing of your system, and that means the best thing I can do is to stay out of it. :) _______________________________________________ Gnupg-users mailing list Gnupg-users@... http://lists.gnupg.org/mailman/listinfo/gnupg-users
	RE: No secret key under different account by David Gray-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, Thanks for the info & detailed response. I'm going to go with option C as you suggest. Must admit I hadn't realised that .MAN pages are the docs. Cheers Dave -----Original Message----- From: John Clizbe [mailto:John@...] Sent: 02 November 2009 12:02 To: GnuPG Users Cc: David Gray Subject: Re: No secret key under different account David Gray wrote: > > What are peoples thoughts on which is the best option: > > a) copy the secring.gpg & pubring.gpg files to the second user account? > b) export and import the keys to the second user account? > c) add a reference to the second account's gpg.conf file? it depends on what you are trying to accomplish. Any of the above may be the best option for a given set of requirements. If I wish to use my keys on a new machine, option a or redirecting gpg.conf to keyrings (& trustdb) on portable media is probably the route I'd take. If I wanted to share a central keyring of, for example, customer keys, I probably go with option c. > Also could anyone please give me an example of the syntax for adding > keyring references to gpg.conf? no-default-keyring primary-keyring pubring.gpg keyring O:\GnuPG\pubring.gpg keyring strong.gpg keyring trusted.gpg secret-keyring secring.gpg secret-keyring O:\GnuPG\secring.gpg These should be explained in gpg2.man which should be in the share\gnupg directory under gpg2's onstallation directory, default on Windows: C:\Program Files\GNU\GnuPG2\share\gnupg\gpg2.man. It can be read with Notepad -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys@...?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" _______________________________________________ Gnupg-users mailing list Gnupg-users@... http://lists.gnupg.org/mailman/listinfo/gnupg-users