command line – How to get the gpg key for a repository?

When adding a repository through add-apt-repository a new gpg key will be add.

e,g:

sudo add-apt-repository ppa:some-ppa

You will be asked to press Enter to import the gpg key. I need to get the gpg key for ppa:some-ppa without executing add-apt-repository.

Is it possible to get the gpg key before adding the repository (before executing add-apt-repository) from command line.

encryption – gpg stopped decrypting a symmetrically encrypted file

Just yesterday I decrypted this same file using a key that I have written down, but today every time I try the same key gpg returns:

gpg: decryption failed: Bad session key

I suspect that either I was typing something wrong every time I decrypted this file and didn’t notice or there’s something wrong with the characters that are being entered by my keyboard.

I used gpg -c <file_name>

Also, gpg says it is AES256.CFB encrypted data, although I don’t remember seeing this CFB anytime I decrypted something in this computer, although I might be mistaken, neither did I set this option when encrypting.

I am using Manjaro 20.2.1 and gpg 2.2.25 with libgcrypt 1.8.7

Can anyone help me?

encryption – GPG KeyID when listing packets and into keyring

When I check file packets with

gpg --list-packets file.gpg

it shows that file is encrypted by some key with ID of 16 symbols. But when I try to check this key in my keyring using

gpg --list-keys

or with --with-fingerprint or --list-signatures, I can’t find this ID in a list.

How could I match ID of key that encrypted a file with ID of a key in my keyring? Where can I find the same ID?

encryption – GPG passphrase and secret key export

Assume that I have a GPG secret key Sk guarded by a passphrase and that I store the key in a safe in case a thief steals my laptop. Assume also that I am likely to lose my memory in a car accident while catching the thief.

  • I wouldn’t worry about the thief, as I used the passphrase to create Sk. The best the thief can do is to brute-force my passphrase.
  • However, I would worry about myself not being able to remember the key.

Is brute-forcing my own passphrase my only option here?

If so, am I better off storing my passphrase alongside my Sk on a different file in the safe?

ssh – GPG subkey seems to have different password

I have recently created a new OpenGPG key with Thunderbird and exported it to use it with gpg. However, I cannot decrypt anything outside Thunderbird because my subkey – which is used for encryption – seems to be protected by a different passphrase than my primary key.

When I try to change the passphrase for the key, I am asked to provide my current passphrase for the first key (FF120B…) and then I enter a new passphrase, nothing out of the ordinary. But afterwards I am further asked to provide a passphrase for my subkey (ABC1AA…), which I do not know.

I have read here, that it is not possible to set up individual passphrases for subkeys, so what could be the reason for this issue?

>gpg --expert --edit-key 3A069C...
gpg (GnuPG) 2.2.25; Copyright (C) 2020 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  ed25519/FF120B...
     created: 2020-11-25  expires: 2024-11-24  usage: SC
     trust: ultimate      validity: ultimate
ssb  cv25519/ABC1AA...
     created: 2020-11-25  expires: 2024-11-24  usage: E
(ultimate) (1). Name <email>

gpg>

linux – DNS: Unable to find specific GPG server

I would like to upgrade my system on Arch Linux distro by

yay -Syu

but unfortunately, when I try to import new GPG key, I’ve got DNS error

    :: PGP keys need importing:
 -> 8FD3D9A8D3800305A9FFF259D1742AD60D811D58, required by: spotify
==> Import? (Y/n) y
:: Importing keys with gpg...
dirmngr(1062283.5): handler for fd 5 started
dirmngr(1062283.5): DBG: chan_5 -> # Home: /home/pilec/.gnupg
dirmngr(1062283.5): DBG: chan_5 -> # Config: (none)
dirmngr(1062283.5): DBG: chan_5 -> OK Dirmngr 2.2.23 at your service
dirmngr(1062283.5): connection from process 1067439 (1000:1000)
dirmngr(1062283.5): DBG: chan_5 <- GETINFO version
dirmngr(1062283.5): DBG: chan_5 -> D 2.2.23
dirmngr(1062283.5): DBG: chan_5 -> OK
dirmngr(1062283.5): DBG: chan_5 <- KS_GET -- 0x8FD3D9A8D3800305A9FFF259D1742AD60D811D58
dirmngr(1062283.5): DBG: get_dns_cname(hkps.pool.sks-keyservers.net): No name
dirmngr(1062283.5): DBG: dns: resolve_dns_name(hkps.pool.sks-keyservers.net): No name
dirmngr(1062283.5): resolving 'hkps.pool.sks-keyservers.net' failed: No name
dirmngr(1062283.5): DBG: Using TLS library: GNUTLS 3.6.15
dirmngr(1062283.5): DBG: http.c:connect_server: trying name='hkps.pool.sks-keyservers.net' port=443
dirmngr(1062283.5): DBG: get_dns_cname(hkps.pool.sks-keyservers.net): No name
dirmngr(1062283.5): DBG: dns: resolve_dns_name(hkps.pool.sks-keyservers.net): No name
dirmngr(1062283.5): resolving 'hkps.pool.sks-keyservers.net' failed: No name
dirmngr(1062283.5): can't connect to 'hkps.pool.sks-keyservers.net': host not found
dirmngr(1062283.5): error connecting to 'https://hkps.pool.sks-keyservers.net:443': No name
dirmngr(1062283.5): command 'KS_GET' failed: No name
dirmngr(1062283.5): DBG: chan_5 -> ERR 167772380 No name <Dirmngr>
gpg: keyserver receive failed: No name
dirmngr(1062283.5): DBG: chan_5 <- BYE
dirmngr(1062283.5): DBG: chan_5 -> OK closing connection
dirmngr(1062283.5): handler for fd 5 terminated

But, I’m able to get proper DNS response from dig:

dig hkps.pool.sks-keyservers.net                                             

; <<>> DiG 9.16.8 <<>> hkps.pool.sks-keyservers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10985
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;hkps.pool.sks-keyservers.net.  IN      A

;; ANSWER SECTION:
hkps.pool.sks-keyservers.net. 3555 IN   A       209.244.105.201

;; Query time: 20 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Nov 25 23:58:01 CET 2020
;; MSG SIZE  rcvd: 73

Additional info:

# cat /etc/resolv.conf

search home
nameserver 8.8.8.8


# cat /etc/nsswitch.conf 
# Name Service Switch configuration file.
# See nsswitch.conf(5) for details.

passwd: files systemd
group: files systemd
shadow: files

publickey: files

hosts: files mymachines myhostname resolve (!UNAVAIL=return) dns
networks: files

protocols: files
services: files
ethers: files
rpc: files

netgroup: files

What am I overlooking?

Thanks in advance

updates – Unable to get backup due to GPG error

I involuntarily erased all data from my hard drive, but I have a new backup on an external drive.
Trying to restore I get:

GPGError: GPG Failed, see log below:  
===== Begin GnuPG log =====  
gpg: AES256 encrypted data  
gpg: encrypted with 1 passphrase  
gpg: decryption failed: Bad session key  
===== End GnuPG log =====  

I had to reinstall Ubuntu as well – is that the problem? How do I get my files back?

terminal – gpg: no valid OpenPGP data found. É a resposta quando tento adicionar um repositorio no linux, como resolver?

Estou tentando executar o comando add-apt-repository ppa:linuxuprising/java
Mas estou recebendo a resposta abaixo
gpg: keybox ‘/tmp/tmpn8pp_nua/pubring.gpg’ created
gpg: /tmp/tmpn8pp_nua/trustdb.gpg: trustdb created
gpg: key EA8CACC073C3DB2A: public key “Launchpad PPA for Linux Uprising” imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no valid OpenPGP data found.

Se alguem puder me ajudar agradeço muito mesmo de verdade.

security – Can I decrypt a gpg encrypted file on any computer?

I am storing some 2FA recovery keys inside a txt file, which I then encrypted using gpg -c file, I can decrypt it fine in my own computer (virtual machine actually).

But I was wondering, if something happens to my virtual machine, can I still decrypt the file on any other computer? Or do I need to export some private key or something like that to be able to do it?