Endpoint Encryption

 View Only
Expand all | Collapse all

1080: No private key found : PGP Command Line

  • 1.  1080: No private key found : PGP Command Line

    Posted Dec 03, 2013 05:31 AM

    Dears,

     

    I'm new to PGP command line and now install two instance of PGP command line in differant meachines

    on first machine i create private and public key and encrypt some of file using below command:

    pgp --encrypt --input F:\PGPTest\Original\A1.txt --output F:\PGPTest\Encrypted\A1.txt.pgp -r "SAQWA"

     

    after that im export the public key of first machine (the machine that create encrypted file) to the second machine

    and i import the key and sign itand trust it, after that im try to decrypt the encripted files using:

     

    pgp --decrypt --input C:\PGPTest\Encrypted\A1.txt.pgp --output C:\PGPTest\Encrypted\A1.txt --passphrase "P@ssw0rd"   --overwrite remove  --temp-cleanup remove  --input-cleanup remove

     

     

    error occured 1080: No private key found?

     

     

    HELP ASAP :(

     



  • 2.  RE: 1080: No private key found : PGP Command Line

    Posted Dec 03, 2013 02:17 PM

    You have to decrypt in the server where you have the private key. The public key should be used for encrypt.  



  • 3.  RE: 1080: No private key found : PGP Command Line

    Posted Dec 03, 2013 11:05 PM

    I'm import sender public key into the server and try to decrypt the recived files in the server. is this right?



  • 4.  RE: 1080: No private key found : PGP Command Line

    Posted Dec 03, 2013 11:13 PM

    Ok...

     

    maybe the correct is below senario:

     

    * Sender Server A

    * Reciver Server B

    to send file from server A to Server B

     

    1- Import public key of Server B into Server A

    2- Server A encrypt files using (B) public key.

    3- Server B decrypt file using its private key.

     

     



  • 5.  RE: 1080: No private key found : PGP Command Line

    Broadcom Employee
    Posted Dec 07, 2013 11:00 AM

    Hello kkhelawy,

    That's correct. The private key should never leave the "hands" of the key owner. Otherwise it would be useless to encrypt data.

    Encryption is done to the public key (which everyone can have access) and then only the private portion (of that same key pair) will be able to decrypt that data.

    The only exception to the above line is when you encrypt to multiple public keys, then, any private key of those same keys can access the encrypted data. This is basically what does an Additional Decryption Key (ADK).

    Regards,
    dcats



  • 6.  RE: 1080: No private key found : PGP Command Line

    Posted Nov 30, 2020 12:00 AM
    Can I create a pgp command-line user with third party generated keys (using openssl for example) ? 
    I mean without using "pgp --gen-key "pgp --gen-key" .

    So, I want to:
    1-create user with no keys
    2-give this user public and private keys that were generated using OpenSSL not pgp command-line.

    If possible, kindly help with the required options from this guide

    https://techdocs.broadcom.com/content/dam/broadcom/techdocs/symantec-security-software/information-security/pgp-solutions/10-4-2/generated-pdfs/pgpCmdline_usersguide_en.pdf


  • 7.  RE: 1080: No private key found : PGP Command Line

    Broadcom Employee
    Posted Nov 30, 2020 11:18 AM
    Ahmed, 

    To import keys into a user with no existing keyrings, you must first create the keyrings:

    pgp --create-keyrings

    Then import the key(s) you require

    pgp --import key_file_name.asc

    You can view imported keys on the keyring by issuing: 

    pgp --list-keys

    Josh


  • 8.  RE: 1080: No private key found : PGP Command Line

    Posted Nov 30, 2020 01:47 PM
    Dear Josh,

    Thanks for valuable help.

    Now, is it possible to link the imported keys to a specific user ?
    Example:
    =======
    1-I imported "key1"
    2-create a user with no keys (I don't know hot to da that)
    3-Enforce the user to use the imported keypairs only to encrypt/decrypt

    Regards,



  • 9.  RE: 1080: No private key found : PGP Command Line

    Broadcom Employee
    Posted Nov 30, 2020 02:03 PM
    PGP Command Line doesn't have the concept of different users.  By default, it will store its keyrings and preferences in the user's home directory but the software doesn't do any user management or anything like that.  If you have a keyring that you need a different user to access then replace the user's keyring with the desired keyring.  You can also use --export to export a key from an existing keyring and --import to import them into the new user's keyring if there are only a subset of keys desired for the new user.

    Josh


  • 10.  RE: 1080: No private key found : PGP Command Line

    Posted Nov 30, 2020 02:13 PM
    If the user has multiple keys. Can I encrypt a file using one of them ? I mean specific one.

    BR,


  • 11.  RE: 1080: No private key found : PGP Command Line

    Broadcom Employee
    Posted Nov 30, 2020 02:21 PM
    Yes.  When you issue the --encrypt command the key(s) you wish to encrypt to should be specified as a --recipient. If a recipient is ambiguous (for example, multiple keys with the same email address) then use an unambiguous property as the --recipient, like a keyid.

    Josh


  • 12.  RE: 1080: No private key found : PGP Command Line

    Posted Nov 30, 2020 03:45 PM
    Thanks for your. You probably found me everything I need. <3 :)


  • 13.  RE: 1080: No private key found : PGP Command Line

    Posted Dec 02, 2020 08:23 AM
    Dear Josh,

    Greetings.

    I have a windows machine that a lot of Operating system users (windows users) can access.
    I want all of these users to be able to import keys to the same shared rings (pub and priv).

    I had edited the Environment Variable on the machine and also the "C:\ProgramData\PGP Corporation\PGP\PGPprefs.xml" with the below configuration:

    <key>rngSeedFile</key>
    <string>C:\pgp_home\randseed.rnd</string>
    <key>privateKeyringFile</key>
    <string>C:\pgp_home\rings\secring.skr</string>
    <key>publicKeyringFile</key>
    <string>C:\pgp_home\rings\pubring.pkr</string>

    when I execute the command " pgp --version --verbose "

    I get the below output for each user:
    Administrator:

    File information:
    Home Directory: C:\pgp_home\
    Personal Directory: C:\pgp_home\
    Public Keyring: C:\pgp_home\rings\pubring.pkr
    Private Keyring: C:\pgp_home\rings\secring.skr
    Random Seed: C:\pgp_home\randseed.rnd

    WCG:

    File information:
    Home Directory: C:\Users\wcg\AppData\Roaming\PGP Corporation\PGP\
    Personal Directory: C:\Users\wcg\Documents\PGP\
    Public Keyring: C:\pgp_home\rings\pubring.pkr
    Private Keyring: C:\pgp_home\rings\secring.skr
    Random Seed: C:\pgp_home\randseed.rnd


    Could you please help me to make both identical ?
    That will help me import any key with any windows account .

    In the above case I can import any key with Administrator account only and list the keys normally and I can find the key.
    But with WCG account, the key is imported but it's not listed.

    BR,
    Ahmed Magdy


  • 14.  RE: 1080: No private key found : PGP Command Line

    Broadcom Employee
    Posted Dec 02, 2020 09:52 AM
    Ahmed, 

    For the WCG account, set the PGP_HOME_DIR environmental variable to C:\pgp_home and what you are trying to do should work:

    Josh



  • 15.  RE: 1080: No private key found : PGP Command Line

    Posted Dec 02, 2020 07:12 PM
    Unfortunately, I can't add a new Environment Variable as long as I'm not an Administrator.

    I can't do that with WCG user but I can with Administrator user.





  • 16.  RE: 1080: No private key found : PGP Command Line

    Posted Dec 02, 2020 07:22 PM
    Thanks, I figured it out and was able to change it.

    Best regards,



  • 17.  RE: 1080: No private key found : PGP Command Line

    Posted Dec 02, 2020 08:50 PM
    I have three users.

    Two of them can import the keys successfully.

    But the third one can not.
    output for third user:

    pgp --import admin-pub.asc
    0x28BD7DE4:import key (4007:key failed signature check)
    admin-pub.asc:import key (0:key imported as 0x28BD7DE4 admin <admin@adminmail.co
    m>)

    I excute pgp --list-keys, but I can't find the imported key (admin-pub.asc).


    I copied all keys I want to import to the home directory like mentioned in the below link, but I faced the same problem.

    https://community.broadcom.com/symantecenterprise/communities/community-home/digestviewer/viewthread?MessageKey=a143c303-7284-4474-9c89-c9b8a28fe9d6&CommunityKey=e2df79f2-16d7-4498-9a6a-2dcf642fbb86&tab=digestviewer#bma143c303-7284-4474-9c89-c9b8a28fe9d6


    Kindly, help.

    BR,