Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: users

No secret key under different account

  

 
GnuPG users RSS feed   Index | Next | Previous | View Threaded


David.Gray at turpin-distribution

Oct 30, 2009, 7:24 AM

Post #1 of 8 (1232 views)
Permalink
No secret key under different account
Hello all,

GPG 2.0.12
Windows Server 2003



I've written a C# application which scans for input files and decrypts using
GPG.
This applications works fine when run under the account (Administrator) that
GPG was installed
under but when run from a different account (SQLService) I get this error.

gpg: encrypted with ELG key, ID 891AB7E7 gpg: decryption failed: No secret
key
Error Decrypting C:\Program
Files\GNU\GnuPG\work\KLIOLB_20091002_11235900.PGP

I've given full permissions to the SQLService account.

Are there any permissions I need to set within GPG or do I need to specify
anything else on the command line when running under a different account?

The GPG command looks like this

gpg --passphrase-fd 0 --batch --output KLIOLB_20091005_10021900.TMP
--decrypt KLIOLB_20091005_10021900.PGP

Thanks in advance.

Dave
Attachments: smime.p7s (3.31 KB)


dshaw at jabberwocky

Oct 30, 2009, 7:42 AM

Post #2 of 8 (1168 views)
Permalink
Re: No secret key under different account [In reply to]
On Oct 30, 2009, at 10:24 AM, David Gray wrote:

> Hello all,
>
> GPG 2.0.12
> Windows Server 2003
>
>
>
> I've written a C# application which scans for input files and
> decrypts using
> GPG.
> This applications works fine when run under the account
> (Administrator) that
> GPG was installed
> under but when run from a different account (SQLService) I get this
> error.
>
> gpg: encrypted with ELG key, ID 891AB7E7 gpg: decryption failed: No
> secret
> key
> Error Decrypting C:\Program
> Files\GNU\GnuPG\work\KLIOLB_20091002_11235900.PGP
>
> I've given full permissions to the SQLService account.
>
> Are there any permissions I need to set within GPG or do I need to
> specify
> anything else on the command line when running under a different
> account?

Most likely your keyring is stored under the Administrator account, so
when run as SQLService, you can't find the keys.

Look at the .gnupg directory in the Administrator account - it needs
to be available to the SQLService user. See also the --homedir option
to GPG, which allows you to specify where the keyrings and config
files go.

David

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


David.Gray at turpin-distribution

Oct 30, 2009, 7:57 AM

Post #3 of 8 (1170 views)
Permalink
RE: No secret key under different account [In reply to]
Hi,
Thanks for the info, that makes sense.

That does however mean that I will end up with two sets of keyring
files,
does anyone know a way to share them to certain priv'd users on a
server.

Regards
Dave


-----Original Message-----
From: Robert Hill [mailto:rhill [at] wfubmc]
Sent: 30 October 2009 14:43
To: David Gray
Subject: RE: No secret key under different account

Logon to the server as the account you wish to use to encrypt the files.
Import public key as you did prior and sign the key as you did prior.
This worked for me. I am not in my office, but there are 2 command line
steps that need to be done, on is import and the other I think is sign.
It appears that each user that is to encrypt has to follow this
procedure.

-----Original Message-----
From: gnupg-users-bounces [at] gnupg
[mailto:gnupg-users-bounces [at] gnupg] On Behalf Of David Gray
Sent: Friday, October 30, 2009 10:25 AM
To: gnupg-users [at] gnupg
Subject: No secret key under different account

Hello all,

GPG 2.0.12
Windows Server 2003



I've written a C# application which scans for input files and decrypts
using GPG.
This applications works fine when run under the account (Administrator)
that GPG was installed under but when run from a different account
(SQLService) I get this error.

gpg: encrypted with ELG key, ID 891AB7E7 gpg: decryption failed: No
secret
key
Error Decrypting C:\Program
Files\GNU\GnuPG\work\KLIOLB_20091002_11235900.PGP

I've given full permissions to the SQLService account.

Are there any permissions I need to set within GPG or do I need to
specify anything else on the command line when running under a different
account?

The GPG command looks like this

gpg --passphrase-fd 0 --batch --output KLIOLB_20091005_10021900.TMP
--decrypt KLIOLB_20091005_10021900.PGP

Thanks in advance.

Dave





Registered Office: Turpin Distribution Services Ltd, Pegasus Drive, Stratton Business Park, Biggleswade, Bedfordshire, SG18 8TQ, UK. ***** Registered in England No. 1331778 ***** This email may contain confidential information and/or copyright material. This email is intended for the use of the addressee only. Any unauthorised use may be unlawful. If you receive this email by mistake, please advise the sender immediately by using the reply facility in your email software.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


John at Mozilla-Enigmail

Oct 30, 2009, 2:27 PM

Post #4 of 8 (1173 views)
Permalink
Re: No secret key under different account [In reply to]
David Gray wrote:
>
> Hi,
> Thanks for the info, that makes sense.
>
> That does however mean that I will end up with two sets of keyring files,
> does anyone know a way to share them to certain priv'd users on a server.

Add the extra keyring(s) with 'keyring <keyring-filename>' or
'secret-keyring <keyring-filename>' line(s) in those users' gpg.conf file


--
John P. Clizbe Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys [at] gingerbear?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
Attachments: signature.asc (0.66 KB)


David.Gray at turpin-distribution

Nov 2, 2009, 2:38 AM

Post #5 of 8 (1139 views)
Permalink
RE: No secret key under different account [In reply to]
What are peoples thoughts on which is the best option:

a) copy the secring.gpg & pubring.gpg files to the second user account?
b) export and import the keys to the second user account?
c) add a reference to the second account's gpg.conf file?


Also could anyone please give me an example of the syntax for adding keyring
references to gpg.conf?

Thanks
Dave

-----Original Message-----
From: gnupg-users-bounces [at] gnupg [mailto:gnupg-users-bounces [at] gnupg] On Behalf Of John Clizbe
Sent: 30 October 2009 21:27
To: GnuPG Users
Subject: Re: No secret key under different account

David Gray wrote:
>
> Hi,
> Thanks for the info, that makes sense.
>
> That does however mean that I will end up with two sets of keyring
> files, does anyone know a way to share them to certain priv'd users on a server.

Add the extra keyring(s) with 'keyring <keyring-filename>' or 'secret-keyring <keyring-filename>' line(s) in those users' gpg.conf file


--
John P. Clizbe Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys [at] gingerbear?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


John at Mozilla-Enigmail

Nov 2, 2009, 4:02 AM

Post #6 of 8 (1136 views)
Permalink
Re: No secret key under different account [In reply to]
David Gray wrote:
>
> What are peoples thoughts on which is the best option:
>
> a) copy the secring.gpg & pubring.gpg files to the second user account?
> b) export and import the keys to the second user account?
> c) add a reference to the second account's gpg.conf file?

it depends on what you are trying to accomplish. Any of the above may be the
best option for a given set of requirements. If I wish to use my keys on a new
machine, option a or redirecting gpg.conf to keyrings (& trustdb) on portable
media is probably the route I'd take.

If I wanted to share a central keyring of, for example, customer keys, I
probably go with option c.

> Also could anyone please give me an example of the syntax for adding keyring
> references to gpg.conf?

no-default-keyring
primary-keyring pubring.gpg
keyring O:\GnuPG\pubring.gpg
keyring strong.gpg
keyring trusted.gpg
secret-keyring secring.gpg
secret-keyring O:\GnuPG\secring.gpg

These should be explained in gpg2.man which should be in the share\gnupg
directory under gpg2's onstallation directory, default on Windows:
C:\Program Files\GNU\GnuPG2\share\gnupg\gpg2.man. It can be read with Notepad


--
John P. Clizbe Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys [at] gingerbear?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
Attachments: signature.asc (0.66 KB)


rjh at sixdemonbag

Nov 2, 2009, 7:19 AM

Post #7 of 8 (1136 views)
Permalink
Re: No secret key under different account [In reply to]
David Gray wrote:
> What are peoples thoughts on which is the best option:

I will stay out of this except to say options A and B are substantively
identical. Beyond that, this is a system administration question. I
know nothing of your system, and that means the best thing I can do is
to stay out of it. :)


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


David.Gray at turpin-distribution

Nov 9, 2009, 7:55 AM

Post #8 of 8 (1012 views)
Permalink
RE: No secret key under different account [In reply to]
Hi,
Thanks for the info & detailed response. I'm going to go with
option C as you suggest. Must admit I hadn't realised that .MAN
pages are the docs.

Cheers
Dave


-----Original Message-----
From: John Clizbe [mailto:John [at] Mozilla-Enigmail]
Sent: 02 November 2009 12:02
To: GnuPG Users
Cc: David Gray
Subject: Re: No secret key under different account

David Gray wrote:
>
> What are peoples thoughts on which is the best option:
>
> a) copy the secring.gpg & pubring.gpg files to the second user account?
> b) export and import the keys to the second user account?
> c) add a reference to the second account's gpg.conf file?

it depends on what you are trying to accomplish. Any of the above may be the best option for a given set of requirements. If I wish to use my keys on a new machine, option a or redirecting gpg.conf to keyrings (& trustdb) on portable media is probably the route I'd take.

If I wanted to share a central keyring of, for example, customer keys, I probably go with option c.

> Also could anyone please give me an example of the syntax for adding
> keyring references to gpg.conf?

no-default-keyring
primary-keyring pubring.gpg
keyring O:\GnuPG\pubring.gpg
keyring strong.gpg
keyring trusted.gpg
secret-keyring secring.gpg
secret-keyring O:\GnuPG\secring.gpg

These should be explained in gpg2.man which should be in the share\gnupg directory under gpg2's onstallation directory, default on Windows:
C:\Program Files\GNU\GnuPG2\share\gnupg\gpg2.man. It can be read with Notepad


--
John P. Clizbe Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys [at] gingerbear?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.