[Eng: Tutorial] PGP Signature - Encrypt/Decrypt message - Fingerprint

[DdmrDdmr]

Stumbling myself a fair share on my local board with PGP (no need to see PGP ¿Puedes enviar mensajes cifrados?), so exploring the PGP Newbie avenues myself.

Doing so, I’ve encountered the following issue:
-   I’ve created a new PGP pair, and published my PGP public key (using Kleopatra).

-   @FullNode published a message on a post, using my PGP public key to create his (not sure though which software he used).

-   When I try to decrypt the message, I get:

Code:

El cifrado falló: sin protección de identidad (MDC) ..
Nombre de archivo incrustado: 'text.txt'
Pista:Si este archivo se cifró antes del año 2003 es muy posible que sea ilegítimo. Esto es debido a que la protección de integridad no se usaba ampliamente.

Si usted confía en que el archivo no se manipuló, debería volver a cifrarlo antes de forzar el descifrado.

Destinatario: ddmrddmr (E68F 78F5 AE23 5184)

Pressing "diagnostics" shows:

Code:

gpg: NOTA: el cifrado CAST5 no aparece en las preferencias del receptor
gpg: cifrado con clave de 3072 bits RSA, ID E68F78F5AE235184, creada el 2020-11-19
      "ddmrddmr"
gpg: ATENCIÓN: la intgridad del mensaje no está protegida
gpg: Hint: If this message was created before the year 2003 it is
     likely that this message is legitimate.  This is because back
     then integrity protection was not widely used.
gpg: Use the option '--ignore-mdc-error' to decrypt anyway.
gpg: decryption forced to fail!

The "force cypher" button on Kleopatra does nothing.

The quote’s above are in Spanglish, but the basic issue that does not allow for the message to be decrypted, seems to be that my cypher default algorithm on Kleopatra is "AES", while @ FullNode encrypted the message using "CAST5".

I would have expected the PGP tools to be able to figure it out on their own, but it seems not, which is also something to ponder (that or my Newbie PGP status). I tries changing from AES to CAST5 on Kleopatra’s configuration, but still got nowhere (when I closed/reopened Kleopatra, it went back to AES anyway).

Anyone know how frequent these cypher algorithm clashes occur, and whether it is tool dependent and/or resoluble using Kleopatra on the message decoding side ?

[1714526549]

1714526549

[1714526549]

1714526549

[Husna QA]

-snip-
After trying to verify, Kleopatra tells me this:

Not enough information to check signature validity.
Signed on Thursday, 19 November 2020 10:57:13 CET by mycryptomixer@protonmail.com (Key ID: 0x77379A5D).
The validity of the signature cannot be verified.

There may be a problem importing a public key/fingerprint at Kleopatra.
I was able to verify the message using GPG Keychain on macOS.



Then I tried it at Kleopatra. I tried to import the public key via the Tools menu -> Clipboard -> Certificate Import (I see this method is not in the OP). Then verify the message, and here are the results:

[LoyceV]

Then I tried it at Kleopatra. I tried to import the public key via the Tools menu -> Clipboard -> Certificate Import (I see this method is not in the OP).

I don't have that option (in Kleopatra, running Linux) under the Tools menu, but it works from the system tray. I have the Certificate imported under "Other Certificates".

Then verify the message

I did this also from the system tray, but get this:

I have no idea how to proceed
I have another message I want to verify (for a potential scam accusation thread), and that one I can't share.

[Husna QA]

I don't have that option (in Kleopatra, running Linux) under the Tools menu, but it works from the system tray. I have the Certificate imported under "Other Certificates". -snip-

Recently I tried Kleopatra version 3.0.1 on Ubuntu 18.04.5 LTS and managed to verify the message.
Maybe the following methods worked for you too:

- Copy the Public Key into Clipboard.
- At Kleopatra, click the Clipboard button, select Certificate Import.





- The User ID is still not certified; Right-click selects Certify...











- Copy the signed message to Text Editor and save it with the file extension * .asc.



- Click the Decrypt/Verify button and select the * .asc file.



- Here are the results:

[LoyceV]

Recently I tried Kleopatra version 3.0.1 on Ubuntu 18.04.5 LTS and managed to verify the message.
Maybe the following methods worked for you too:

- Copy the Public Key into Clipboard.
- At Kleopatra, click the Clipboard button, select Certificate Import.

I have a different version, and it's asking me for my password when I try to Certify Certificate. The ones I tried don't work, or it doesn't even tell me they're wrong, it just says it can't be certified.
But wait, if I certify for everyone instead of just myself, it works!
I'm amazed how complicated verifying a PGP message is, compared to how easy it is to verify a Bitcoin signed message.

[Myfe]

Is it possible to create a PGP Signature from any wallet address?

I appreciate the Kleopatra tutorial, but I don't use Kloepatra and I shouldn't have to use a new wallet simply to sign my wallet address...right?

Thanks.

[LoyceV]

@Myfe: You're confusing PGP signatures and Bitcoin signed messages.

[logfiles]

         Now open your internet browser and go to

Code:

https://sks-keyservers.net/pks/lookup?op=get&search=0x<FINGERPRINT>

On this step I am getting an error once I enter the link into the browser. Is anybody else facing the same problem, or I am just doing something wrong?

This is what i used with the experimental fingerprint I have

Code:

https://sks-keyservers.net/pks/lookup?op=get&search=0xBD59862EB1AB87499ADBA1CACB277B51176DD381

This is the error I get

[mdayonliner]

A bit surprise to see the discussion still going on. Thank you Husna QA to keep posting on behalf of me when I was not active in the forum.

@LoyceV, I am not clear if you were able to solve your problem yet, this did not give me a clear idea of your struggling.

But wait, if I certify for everyone instead of just myself, it works!

Did you have your own PGP private key imported? I hope you did not import your public key instead of thinking that you are importing your private key.

It's not that hard. Let's start over.

1. You will need to have your private key imported first of all.


Do you see yours in bold? If not bold then you have imported your public key and this is the reason it's not working.

2. You will need to import the public key of the message senders, this will ask your password so have it with you.

And this is the PGP public key:

3. Copy the message and from the try verify it.

I'm trying to verify a PGP signed message.

Only three times you are interacting with the software. This is not too hard 

This is the error I get

This is where it was discussed. Credit to Husna QA. I also just noticed that the server in my initial post is down.

[LoyceV]

@LoyceV, I am not clear if you were able to solve your problem yet

Yes, I solved it

[mdayonliner]

Yes, I solved it

Good!
This interest me, what was you missing in the first place?

[logfiles]

This is the error I get

This is where it was discussed. Credit to Husna QA. I also just noticed that the server in my initial post is down.

Thanks, I used http://keyserver.ubuntu.com and it now works like charm. You won't believe I spent almost 2 hours trying to figure out what I had done wrong.

Maybe a small update in the op about errors from https://sks-keyservers.net and alternative servers to use wouldn't be a bad idea.

[mdayonliner]

Maybe a small update in the op about errors from https://sks-keyservers.net and alternative servers to use wouldn't be a bad idea.

I will absolutely do that. I was not active on the forum since I left last year so I had no idea that this topic still had demand. Now since I am back I will start looking at the topics I left and will start updating them. Still I am trying to find the habit I had before, to be online most of the time of the day and have things to say in almost all the topics 

[LoyceV]

Yes, I solved it

Good!
This interest me, what was you missing in the first place?

I'm not sure, I first tried to "certify for myself", which didn't work. But when I choose "certify for everyone" it worked. I still don't know why, but I gave up (for now) as I got the result I needed.
I don't think I'll be comfortable using PGP until I feel like I know what I'm doing. Just following a tutorial isn't enough to be confident I won't mess it up.

[hossamdz]

Im sure i made every thing as the books said but im still getting this error here and i dont know where is the source of it

any one can help with this ? 

[Husna QA]

I Dont know if i did it right tell me if i did something wrong!
-snip-

Can you also add your Public key? So that I can try to verify your PGP signature.

https://i.ibb.co/q55XtDC/not-found.png

Im sure i made every thing as the books said but im still getting this error here and i dont know where is the source of it

any one can help with this ?  :-\

Can you explain in more detail about the “Not found” message? Which stage of the OP tutorial did you have trouble?

[mdayonliner]

I am working on updating the topic. The update has been done until the following block.

[--------------still updating below contents ------------- 21/12/2020]

[Husna QA]

-snip-

I think it would be much more interesting to display the results of what you learned from this thread, such as sending an encrypted message to the OP, creating a PGP Sign message, or verifying the PGP signature. So it's not just saying thank you for appreciating it.

[Hispo]

Is there a way to use a hardware wallet with this program?

[Husna QA]

Is there a way to use a hardware wallet with this program?

As far as I know, most hardware wallets don't have the feature to create encrypted messages using PGP.
But there is one device, namely Keyxentic KX 906, which was able to secure email signing and encryption with S/MIME and PGP protocol.

At the moment, I don't know how the reputation and reviews from its users are. -Do With Your Own Risk-
For further information, you may find it here: https://www.keyxentic.com/kx906.

Capabilities

- Multi-modal authentication : Biometric, Public Key, PIN authentication
-  Secure key container
-  Key backup with smart card with multi-modal authentication
-  Hardware cryptographic acceleration(AES 256 Bits) for data and disk(MicroSD Card) encryption
-  Public key infrastructure(PKI) function and X.509 certificate supported
-  Open Authentication Reference Architecture(OATH) one time password(OTP) and OATH challenge-response algorithm(OCRA) supported
-  Fingerprint (ISO 19794-2 / Proprietary format) Match-On-Card supported
-  Bitcoin wallet supported

Applications

-  Secure Email signing and encryption with S/MIME and PGP protocol
-  File encryption and data protection
-  PDF Security (signing and encryption)
-  Secure access control with identification and authentication
-  Cryptocurrency transaction

Cryptography

-  RSA 1024/2048
-  ECC 192/256/320 (Multiple Named Curves)
-  ECDSA, NIST and Brainpool Curves
-  ECDH
-  Wrap/Unwrap
-  SHA-1, SHA-2
-  Hardware Crypto-Accelerator(AES256)