Stack Overflow
Stack Overflow

Questions tagged [openpgp]

The OpenPGP standard was originally derived from PGP (Pretty Good Privacy)

OpenPGP software uses a combination of strong public-key and symmetric cryptography to provide security services for electronic communications and data storage. These services include confidentiality, key management, authentication, and digital signatures.

See also:

362 questions
13
votes
4 answers

How to use GnuPG inside Docker containers, as it is missing entropy?

I need to dockerize an apt repository. The packages in it need to be signed, which is currently done by aptly publish snapshot -distribution="stable" -gpg-key="" my-snapshot Before that a key needs to be created using gpg --gen-key. But…
Michael Ivko
  • 1,232
  • 3
  • 13
  • 23
12
votes
3 answers

Exporting public key from GnuPG fails with "WARNING: nothing exported"

Im new to PGP and I'm trying to generate a PGP private key using GnuPG through this tutorial. Basically, I have type the following command in command prompt (in administrator mode): gpg --gen-key Entered all the commands as below: Then I entered…
AshT
  • 535
  • 1
  • 8
  • 20
12
votes
1 answer

What is the point of maven's OpenPGP signatures if anyone can create and upload any keys?

Sonatype requires the (non-SNAPSHOT version) artifacts to be GPG-signed; the public OpenPGP keys should be uploaded to a (MIT) key server. But anyone can create any OpenPGP key with any name an e-mail and upload them to the key server. There is (as…
mazi
  • 511
  • 1
  • 4
  • 13
12
votes
1 answer

OpenPGP encryption with BouncyCastle

I have been trying to put together an in-memory public-key encryption infrastructure using OpenPGP via Bouncy Castle. One of our vendors uses OpenPGP public key encryption to encrypt all their feeds, and requires us to do the same, so I'm stuck…
Jeremy Holovacs
  • 22,480
  • 33
  • 117
  • 254
10
votes
1 answer

GnuPG/PGP and SSL: Sharing the same private key?

I'm trying to sort out my use of digital signatures and encryption. I understand that there are 2 main ways to do this: the PGP way and the SSL way. What I would like to know if it's possible to use the same private key for both SSL certificate and…
Pedro
  • 1,134
  • 11
  • 26
10
votes
2 answers

When and why decorate OutputStream with ArmoredOutputStream when using BouncyCastle

I'm pretty new to BouncyCastle and pgp. I've seen many articles and samples on the internet. Almost every encryption sample contains the code snipped below if (armor) out = new ArmoredOutputStream(out); It seems that my local test passed…
Yugang Zhou
  • 7,123
  • 6
  • 32
  • 60
9
votes
1 answer

PGP key armored encoding in Go's openpgp package

I am trying to print a PGP public key in an ASCII armored encoding using Go's openpgp/armor package. The output I would expect: -----BEGIN PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY…
max
  • 677
  • 1
  • 9
  • 34
9
votes
1 answer

Decrypt Non-Armored PGP Files With OpenPGP.js

I am working on a Node application into which I have built a decrypter function, and have used the Openpgp.js npm module to make this work. I take in various submitted PGP client files made with our public key, decrypt them using our private key as…
threepears
  • 91
  • 1
  • 4
9
votes
3 answers

What happens to OpenPGP-signed git commits after key expiration?

If I sign a git commit with an OpenPGP key that has an expiration date, what does that mean for people looking at that commit after the expiration date? Should all keys used for commit signing like this be permanent? What if the verifying party have…
Captain Man
  • 6,997
  • 6
  • 48
  • 74
9
votes
1 answer

Are GnuPG subkeys to be sent to the keyserver instead of the master key?

Ok, so I've generated my PGP keys using GnuPG and sent the key to the keyservers. But then I found that GnuPG generates a pair of keys, one main and one subkey as I understand it. Did I make an error by uploading my main key to the keyserver using…
Matt
  • 161
  • 2
  • 9
8
votes
1 answer

Verify gpg signature in Go openpgp

I'm playing with writing a Go program that downloads and verifies files. I am hoping to avoid forcing the user to install gnupg (if possible). Is it possible to verify a downloaded file with a gpg signature (asc file) as described here or here using…
mikewilliamson
  • 24,303
  • 17
  • 59
  • 90
7
votes
1 answer

Implementing gpg Encryption in Ruby

Trying to convert some old shell/unix scripts into Ruby. I have the following encryption of a file that's accomplished via the gpg tool in Unix. I can pass in the recipient key, the file I want to encrypt, and the outfile to pgp encrypt…
user2490003
  • 10,706
  • 17
  • 79
  • 155
6
votes
2 answers

How do I use Go's openpgp package?

I've been looking through the documentation for Go's openpgp package, and I think I must be missing some obvious points. For example, there's a ReadKeyRing function, but no WriteKeyRing. I can, on the other hand, Serialize an Entity, but I have no…
Anschel Schaffer-Cohen
  • 901
  • 6
  • 17
6
votes
5 answers

Recommendations for Java + OpenPGP?

I want to develop a small OpenPGP client and I'm searching for a Java library for OpenPGP. Are there any (open source) recommendations for this approach? Cryptix.org does not seem alive anymore...
guerda
  • 23,388
  • 27
  • 97
  • 146
6
votes
2 answers

GitHub API OpenPGP key format

What is the format of the public_key field returned from GitHub REST API v3 for GPG Keys? For example, the command curl -v -H "Accept: application/vnd.github.cryptographer-preview" https://api.github.com/users/DurandA/gpg_keys returns the following…
DurandA
  • 1,095
  • 1
  • 17
  • 35
1
2
3
24 25