Silk Road forums
Discussion => Security => Topic started by: GurneyHalleck on May 10, 2012, 01:15 am
-
I know that GPG is a GNU product, and thus the work of Linux programmers, but while I use Ubuntu Linux and have a minimal working knowledge of UNIX, I have no idea how to install GPG on my Ubuntu system. The directions at the GPG site itself assume I know what I am doing, which I DO NOT! Can anyone guide me step by step through the command line process? I can open a terminal and I know the general syntax of UNIX commands, but I need the precise commands necessary to install, in the correct order, and please assume I am clueless since I most certainly am!
-
I think Ubuntu comes with GPG you just need to get a GUI to control it
-
yeah, it's installed by default. if you wanna use cli --
paste the vendors key into key.txt, and your address into address.txt then
gpg --import key.txt
gpg --armor --recipient who@ever.com --encrypt address.txt
then cat the address.asc, all ready to copy & paste :)
-
I think Ubuntu comes with GPG you just need to get a GUI to control it
Any suggestions for which gui to use. I run Lubuntu (like Ubuntu KDE) and have at the Synaptic Package manager.
-
What version of ubuntu? It's not 11 or over is it (actually not sure about 12, haven't tried it)? If so, many of the gui tools are broke because of how they butchered gnome. I wrote a script to do my encryption stuff, it's easy as fuck to use and for silk road it works great. If you want I can post it.
-
I'll probably get into trouble for saying this but I simply use Symantec's PortablePGP which will work on any OS including Ubuntu provided you have the "Java Runtime Environment" installed. The reason this option isn't favoured by those who are very keen on protecting their privacy is because the source code isn't available for peer review and Symantec don't have the best reputation when it comes to computer security.
To answer your question, as hatedpatriot says it's not very easy any more to find a good GUI for GPG in newer versions of Ubuntu. My own solution was to install Mozilla Thunderbird from the software centre then install the "Enigmail" plugin (http://enigmail.mozdev.org/home/index.php.html) which allows you to use PGP to read and encode messages, as well as add/remove keys.
This is not the most elegant solution but will do at a pinch, I'm sure hatedpatriot's script is much quicker to use! :-)
V.
-
Seeing as how any gui or application you use, even closed source shit from symantech, does nothing more than work all the command line switches for you, I wouldn't think that it being closed would be too scary. If the encryption engine itself were closed, that would be hard to trust. Really though, even doing it on the command line without scripting it, it's not that hard. There are a thousand switches to be thrown at the command line, and turning them into buttons in a gui still doesn't help you understand how to encrypt strongly/properly. I know dick about encryption, it's a complicated thing. Speaking of, though, I just read an interesting article that really shows you how nosey and big brother like the fbi is. I'll just paste it here since it's not THAT long. I'll include a source link as well, but just remember it's a clearnet link, so use a new browser instance to open it. Not saying anybody doesn't already know that, but just thought I should mention it.
http://cryptome.org/2012/01/0032.htm
12 January 2012
FBI OpenBSD Backdoors and RSA Cipher Vulnerability
Previous: http://cryptome.org/0003/fbi-backdoors.htm
From: Gregory Perry <Gregory.Perry[at]govirtual.tv>
Subject: Follow up to OpenBSD Crypto Framework Backdoors Thread
Date: Thu, 12 Jan 2012 01:57:39 +0000
Here is a follow up to the FBI / OpenBSD / OCF encryption backdoors thread as promised. We had a three alarm fire at our house over the Christmas holidays and I am just now getting plugged back in.
1) At ~1997 or thereabouts, the FBI approached a fellow by the name of Lew Jenkins, the Chairman and CEO of Premenos Technology Corp., about their development of an Electronic Data Interchange (EDI) software suite used for corp-to-corp EDI transactions called "Templar".
2) At that point in time encryption technology (especially public key encryption algorithms) were still considered munitions by the United States government, and presumably the FBI was interested in Premenos research related to key escrow and session recovery of RSA-encrypted communication sessions.
3) A portion of Mr. Jenkins' research was conducted with a Ecuadorian national that provided Premenos with at least one mathematical vulnerability in the RSA encryption algorithm related to changing the base numbering system of the resulting RSA modulus after a block of plaintext had been encrypted. Mr. Jenkins and Premenos also maintained extensive contacts with the Crown of England, including prominent English Lords involved with Internet communications technology.
4) One of the investors in Premenos was a fellow by the name of Ross Pirasteh, who was either the Prime Minister of Finance for the Shah of Iran or actually the Shah of Iran himself. As the story goes, Ross and his family were snuck out of Iran rolled up in Persian rugs just prior to or during the 1979 revolution headed by Ayatollah Ruhollah Khomeini; once Ross and his family emigrated to the United States, the FBI gave him and his family new identities for obvious reasons. I initially met Ross in the early 90s from a GPS-based automobile tracking project (nonmilitary-grade GPS), and in 1995 I gave him some information about Templar and he became an investor in Premenos shortly thereafter.
5) In 1999 I co-founded a computer security engineering firm with Ken Ammon and Jerry Harold, Network Security Technologies Inc. (NETSEC). Ken was the CEO, Jerry was the COO, I was the CTO. Ken and Jerry were high rank and file ex-NSA InfoSec employees and had extensive contacts in the DoD and federal government; we offered managed network security, penetration testing, vulnerability analysis, and reverse engineering services to the federal government and private sector.
6) NETSEC's first investor was Ross Pirasteh, he provided a bridge loan to get the company started. The first friends family fools round of Preferred A investment was via a Boca Raton angel syndicate that I believe Ross had introduced to Ken and his wife, but I was not privy to those details.
7) Our first intended product was an ATM-based high speed embedded network security appliance that was to be placed on customer networks for remote network protocol analysis, surveillance, and intrusion detection and prevention. Each hardware appliance would be monitored from a cryptographically accelerated encrypted VPN tunnel from the NETSEC NOC, and I designed the initial NOC prototype and network management system. For the embedded hardware appliance development and contract manufacturing process, I hired Doug Bostrom and Wayne Mitzen, two very talented EE-types that had worked for Ross at a previous venture in Boston related to wireless telemetry (for example, U.S. Patent 6,208,266).
8.) During that development effort I approached Theo de Raadt of the OpenBSD project about funding and implementing real-time preemptive POSIX-complaint threads capability to the OpenBSD operating system, instead of using a VxWorks RTOS due to Wind River's exorbitant licensing costs (OpenBSD and the BSD license were free and unencumbered of patents). NETSEC provided the OpenBSD Project with hardware and funding to implement the beginning stages of the OpenBSD Cryptographic Framework, based on a HiFN line of cryptographic accelerators that were eventually worked into the OpenBSD kernel and OCF (our first choice was BroadCom, but Ken had connections at HiFN so that was the initial chipset used with the OCF). x86-based hardware in the late 90s simply could not handle the computational effort required for high speed FIPS 140-1 and FIPS 140-2 compliant DES and 3DES encryption, so a dedicated crypto processor was needed to support ATM+ wire speeds.
9) Shortly thereafter, NETSEC started a project with the GSA called the GSA Technical Support Center . The GSA Technical Support Center was a joint FBI and DoD collaboration to provide reverse engineering and cryptanalytic services to federal government and military components. The project lead was FBI executive Ron Bitner (or at least that's the name he gave me), and the GSA representative tasked with funding the project was Dave Jarrell. When I started working on the project I voiced concerns to Ken about the demarcation point between the FBI and DoD (or lack thereof), which at the time was a fairly egregious violation of the Posse Comitatus Act. Ken's answer was that Multi Level Security (MLS) systems such as Trusted Solaris would be used to share information of varying classification levels between the FBI and DoD to preserve the age old separation between the military and civil government, but I saw the proverbial writing on the wall and didn't want to participate in the project any longer.
10) Later in the year I resigned my position at NETSEC during a company-wide meeting, and went on to start an embedded wireless bandwidth management company. I had a two year non-compete with NETSEC so I couldn't work in security any longer at that time.
Obviously there is a lot more to this story than a one page synopsis, but I think what is important to make mention of is the close nexus between supposedly unfriendly governments such as Iran and the US. In 1995 the FBI was adamantly against any relaxation of encryption export regulations, yet they did an abrupt about-face on the issue in 1999 (for example,
http://www.nytimes.com/1999/10/11/business/technology-easing-on-software-exports-has-limits.html
?scp=1&sq=Gregory%20Perry%20encryption&st=cse).
I personally believe that the FBI, or at least certain officials within the administration at that time, willingly advocated the relaxation of encryption export regulations only due to their discovery of critical vulnerabilities and weaknesses in the RSA encryption algorithm not exhibited by the predominant public key encryption method used at the time which was Diffie-Hellman. Of equal interest was RSA Security's decision to not pursue an extension of the RSA patent after its 20-year expiration, which they could have easily obtained on national security grounds. They simply waived their rights and let RSA become an open and public domain standard despite their significant revenues in licensing of the RSA encryption algorithm in the USA based on U.S. Patent 4,405,829.
If any of this conjecture is the case, then it could reasonably be said that the FBI intentionally - and very seriously - weakened the United States critical infrastructure and our military capabilities by advocating the use of a fundamentally weak encryption algorithm as a tradeoff between US National Security and their need to observe domestic communications in the United States. This of course has serious implications for any technology predicated upon the RSA encryption algorithm and its progeny, such as military grade GPS which uses RSA for weapons targeting, military smart card technology such as the Common Access Card, commercial smart card technologies used in RFID and contactless payment solutions, etc. Most of these standards are now literally set in stone insofar as embedded systems are concerned, and the vast majority of OpenBSD / OCF installations are embedded-based without an upgrade path due to the small footprint of OpenBSD and the BSD licensing scheme used by the OpenBSD project. Literally millions (and potentially hundreds of millions) of OpenBSD installations are out there in the embedded space such as routers, firewalls, VPN devices etc, and this goes without mentioning the many other operating systems that have incorporated the OpenBSD OCF and PF firewalling stack without any audit of the source code based on the security and reputation inherent to the OpenBSD Project.
Let me know if you have any other questions, and Happy 2012 to you and Cryptome.
Gregory Perry
-
+1 to the hatedpatriot for posting an excellent article.
For the "tldr" crowd, this has to do with potential weaknesses in the RSA cryptosystem which underpins the security of PGP messages, as well as Onion routing and even the Bitcoin network itself.
Before we begin weeping into our cereal just yet I would like to make an observation, in that while I know only a small amount about cryptography but it's clear even to me that if one of the many mathematical experts in the world (not all of whom live in the USA!) were to discover a fundamental flaw in RSA, using the resources of one of the well funded mathematical institutions around the world, then they would instantly have fame and wealth beyond measure so this begs the question, if this has weakness has been rediscovered, why hasn't anyone else mentioned it? It is certainly a very hot topic in Cryptographic circles.
Let's assume however that the flaw is either very obscure or that the FBI has somehow managed to convince every other major government / academic institution to keep its discovery quiet. This is not unthinkable - the British government hushed up their cracking of the Nazi enigma code after the war and redistributed captured Enigma machines amongst their former colonies as supposed gifts - they merrily cracked their confidential messages for decades afterwards!
You have probably seen already the dilemma here - indeed it was one the British faced during the war which was that in acting upon information received they could accidentally reveal they had broken what the Germans believed was an unbreakable form of encryption and force the Nazis to use a more advanced way to code the messages.
The FBI would be faced with the same dilemma - by decrypting your e-mail revealing your address to receive drugs for instance would be tantamount to revealing their hand. Do you really think they're going to do this for the sake of the miniscule amounts of narcotics on SR or would you simply not act on any correspondence unless the security of your country was at stake?
The point is also moot for those of us outside the USA in any case. I know for certain that the Police in the UK cannot crack RSA encryption having being used as a consultant during two investigations. Both times the investigating officers frankly admitted they couldn't break open correspondence protected in this way any more than they could AES encrypted file containers. For this reason, British Police have resorted to RIPA (Regulation of Investigatory Powers Act) which empowers them to insist individuals reveal their passwords or be faced with up to two year's imprisonment.
All in all with PGP I'd say you are PDS (Pretty Damn Safe).
V.
-
Does Seahorse still work on the new Ubuntu now they don't use GNOME any more?
V.
I know that GPG is a GNU product, and thus the work of Linux programmers, but while I use Ubuntu Linux and have a minimal working knowledge of UNIX, I have no idea how to install GPG on my Ubuntu system. The directions at the GPG site itself assume I know what I am doing, which I DO NOT! Can anyone guide me step by step through the command line process? I can open a terminal and I know the general syntax of UNIX commands, but I need the precise commands necessary to install, in the correct order, and please assume I am clueless since I most certainly am!
I don't use Ubuntu, but if memory serves, it should include a plugin called Seahorse.
Seahorse will allow you to encrypt/decrypt/sign/verify from within the GEdit editor.
See the following for help with seahorse: http://www.makeuseof.com/tag/do-encryption-decryption-signing-easily-with-seahorse-linux/
Guru
-
No, seahorse is broke.
-
Hi there, i use Xubuntu (Ubuntu with Xfce) but i'm too lazy too use command line for gpg ;D
I use and recommend Kleopatra for gpg encryption, it's a KDE application but works properly on Xubu, maybe in Ubu works too
-
Hi there, i use Xubuntu (Ubuntu with Xfce) but i'm too lazy too use command line for gpg ;D
I use and recommend Kleopatra for gpg encryption, it's a KDE application but works properly on Xubu, maybe in Ubu works too
+1 Karma to you verde for the expert advice.
V.
-
>:( Scratch this, it doesn't work since GNOME killed GNOME2 and started solely supporting GNOME3
Make sure you have GPG installed with this:
XXXXgpg -v
This will output a "command not found" error if it's not installed,
It will spit out version information if you have a working install of GPG.
Install with this if not already installed
XXXXsudo apt-get install gpg
To install GPA(graphical interface for GPG) run this:
XXXXsudo apt-get install gpa
Now type this into terminal and GPA should start:
XXXXgpa
This has worked for me in v10, v11, and v12
[If you have problems with the Unity desktop is interfering with GPA just message back and I'll post a tut on installing a different desktop environment that will make it work(ie GNOME).]
-
Nice one Ordos, +1
~Digi
-
Yeah, it's just 11.04 and above with ubuntu afaik. Unity broke gnome 3. Getting rid of unity fixes it, so I hear.
Guru, I don't know about the feds planting a back door. The way I read the article, the issue is some math knurd found a vulnerability, which the feds kept quiet and then even promoted the use of this flawed encryption scheme, since they thought they had it pwned at that point. The guy who wrote that article, Gregory Perry I guess his name is, is very credible from what I hear. His saying the feds found a weakness then kept it secret is accepted as fact, not really some tin foil hat theory or iffy accusations of them building and installing a back door. Maybe I'm misunderstanding you or you are talking about a different article. I don't know myself how credible the guy is but people who I believe that know much better than I, have no issue with his credibility. Besides, concealing the discovery of a vulnerability, then advocating the use of the flawed software in order to illegally obtain evidence, sounds just like the fbi I've always heard about.
You obviously know a lot more about the issue as a whole than I do, so I'm pretty reluctant to insist you are wrong, you very well could be right. It's just the I didn't get anything about the feds installing a back door, from that article. Just covering up a discovery, as I said earlier.
-
Ordos, I tried installing GNU privacy assistant a few times when I first realized gnome was broke. It was never able to find it, no matter which repos I had active. I just gave up and did the script. I'd like to get gpa running, that would be awesomeness. Thanks for the reminder.
Has anyone here who uses 11.04 or greater had any success simply apt-get install'ing it? I might fuck with it again if so. It seems like I started to build it and it had a dependency that I could not satisfy, it never would get over that hump, and as I said, apt-get installing wasn't hitting on shit either, so I gave up on gpa.
-
Oh sadness!! :'( You are correct hatedpatriot, last time I set it up Gnome2 was still clinging to life. GPA does not work in Ubuntu for the time being.
-
It was not intentional to loose seahorse, from what I understand. It was that fucking unity bullshit that fractured the fuck out of gnome. Now, all sorts of previously useful shit, like seahorse, won't work. Ubuntu is absolute shit right now. I don't have the bandwidth to grab 10.04 or I would. I'm stuck with 11.1 and god damn I hate it. I've been a linux user all my computing life. I have never been a windows user besides having the occasional windows dual boot for playing games. Though lots of geeks talk shit about ubuntu, I really liked it and have been using it for almost 8 years. I used Slackware previous to that. The first time I did a sudo apt-get install I was hooked on Ubuntu, night and day from Slack where everything had to be built. Though Slack now has a thing called slapt-get iirc, that works like apt-get. Anyway, Ubuntu just made shit too easy to not love it. Now, it's fucking trash. They seriously fucked up a great distro and from what I can tell, they don't plan on doing away with unity or going back to what everybody loved, what made them blow up to begin with. I find it ironic that Ubuntu, the distro that even with it's name claims that community is the most important part of your OS selection, gives not a single fuck that all but 3 people hate what they have done to it with unity. Ubuntu, you had a nice run, but I can't wait to get shed of the stupid new you.
-
I use KGPG
cheers
-
I am making a GUI for GPG using Ruby and TK. It will be platform independent, as long as you have ruby interpreter. I will post the source here when it's done, it would have been today but my VM fucked up and I lost a few hundred lines of code. I tried to make it as noob friendly as possible and it includes detailed on screen instructions. It will not be full featured but will provide all of the features of GPG that anyone here really uses (key generation, crypto operations, key management). If people like it I may add full functionality and possibly even more features like automatic clipboard encryption etc.
-
It was not intentional to loose seahorse, from what I understand. It was that fucking unity bullshit that fractured the fuck out of gnome. Now, all sorts of previously useful shit, like seahorse, won't work. Ubuntu is absolute shit right now. I don't have the bandwidth to grab 10.04 or I would. I'm stuck with 11.1 and god damn I hate it. I've been a linux user all my computing life. I have never been a windows user besides having the occasional windows dual boot for playing games. Though lots of geeks talk shit about ubuntu, I really liked it and have been using it for almost 8 years. I used Slackware previous to that. The first time I did a sudo apt-get install I was hooked on Ubuntu, night and day from Slack where everything had to be built. Though Slack now has a thing called slapt-get iirc, that works like apt-get. Anyway, Ubuntu just made shit too easy to not love it. Now, it's fucking trash. They seriously fucked up a great distro and from what I can tell, they don't plan on doing away with unity or going back to what everybody loved, what made them blow up to begin with. I find it ironic that Ubuntu, the distro that even with it's name claims that community is the most important part of your OS selection, gives not a single fuck that all but 3 people hate what they have done to it with unity. Ubuntu, you had a nice run, but I can't wait to get shed of the stupid new you.
You might like mint, it's like how Ubuntu used to be but even better. Ubuntu is complete shit now. Every distro it gets worse too.
-
yeah, it's installed by default. if you wanna use cli --
paste the vendors key into key.txt, and your address into address.txt then
gpg --import key.txt
gpg --armor --recipient who@ever.com --encrypt address.txt
then cat the address.asc, all ready to copy & paste :)
AH! Thank you SO much for this! I've finally figured it out!
To everyone in this thread here is how to use gpg with Ubuntu 12.04. Yes it comes installed by default, no need to install anything else. Just takes a little command line knowledge.
Open up a Terminal and type: cd Desktop/
To import a vendor's public PGP key first Copy the key and in Terminal type: gedit pgpkey
(I will be using gedit for this tutorial as it is the default text editor but I recommend vim)
This will open gedit. Paste the vendor's PGP key and then Save the file (it does not need an extension)
You should see a file on your Desktop called pgpkey.
Now we need to import the PGP key to our keyring, do this with Terminal by typing: gpg --import pgpkey
The vendor's PGP key is now stored.
To send an encrypted message first write the message as plain text using gedit. In Terminal, type: gedit theMSG
Type your message (or mailing address) and then click Save (no extension necessary).
You should now see theMSG on your Desktop.
Before we encrypt theMSG we need to find the user id (uid) of the vendor we want to send the encrypted message to.
To find the vendor's uid, using Terminal type: gpg --list-keys
this will give you a list of all the PGP keys you have imported, take note of the uid of the vendor you wish to send your encrypted message to.
Now we want to encrypt theMSG and sign it with the vendor's PGP key,
In Terminal, type: gpg --armor --recipient uid -e theMSG
***Remember to replace uid in the above command with your vendor's uid****
For example, SKYY's uid is SKYY_SR so the full command would read: gpg --armor --recipient SKYY_SR -e theMSG
(you do not need to type their email address, just their name)
if Terminal prompts you to 'Use this key anyway' say yes
Now you will notice a file called theMSG.asc on your Desktop.
To view this as a readable encrypted message, in Terminal type: cat theMSG.asc > encryptedMSG.txt
This will export the encrypted message as a .txt file to your Desktop.
Open encryptedMSG.txt and you should now see your encrypted message ready to copy/paste.
Big thanks to fred5, I was not using --armor when trying to encrypt messages at first. Glad I now have it figured out ;D
-
here is the GPG command line info from OVDB. All a GUI does is build up the command from user inputs (ie: clicking buttons) and then sends it to the GPG CLI and process the output / displays some of it to the user in a visual widget like a text box. I think it is much nicer to just learn the commands, but I need to practice programming this sort of GUI anyway so figured what the hell :P.
DISCLAIMER:
Some of these have been edited and may be missing some posts. I didn't get everyones nyms so if you know a post is yours and want attributation, post that it is. It's not much but its what i got right now on my thumb. I'll dig around for more later. Peace and much love, OVDB survivors..
"N30M3: This is cross platform. These commands are meant for being typed into a terminal. It really is very easy to use GPG this way and I prefer doing it this way to using any GUI solution.
To clear sign a message, so the message is displayed with a signature, type the following:
echo 'Message to sign here' | gpg --clearsign
hit enter and you will be asked for your passphrase. After providing your passphrase, it will print the signed message
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Message to sign here
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk7Oi6AACgkQZU8eyBD0KgmoHACffnfJAVsStRRBWUStd/0GeEwY
QWUAnA2IcQeZp7MWgsRKs6jyJO743NLC
=TqKf
-----END PGP SIGNATURE-----
To verify a signature type the following:
gpg --verify | cat -v
hit enter and a blank line is printed. Paste the message you would like to verify directly here, and hit ctrl-d. The signature will now be verified.
To asymmetrically encrypt a message type the following
gpg -e -a | cat -v
hit enter, and you will be asked for the user ID to encrypt the message to. Here you can enter either the E-mail, name or user ID of the recipient. This is why it is important for people to use the same name on their key as they use on forums, so vendors can simply type the name in here. People who use different key names than forum names should seriously just be ignored because they are fucking annoying. Anyway, enter the user information of everyone you want to encrypt your message to, hitting the enter key after each name. You can enter as many user IDs as you like.
after you have entered every nym you would like to encrypt the message to, hit enter again without adding an additional nym. A blank line will be printed. Now type the message you would like to encrypt on this blank line.
When you are done typing the message to encrypt, hit ctrl-d and the ciphertext of your message will be printed
To symmetrically encrypt a message type the following
gpg -c -a | cat -v
type the symmetric password you would like to encrypt the message with. You will need to do this two times to verify the password.
After typing the password twice, a blank line will be printed. Type the message you want to symmetrically encrypt here, followed by hitting ctrl-d. The ciphertext of your message will be printed.
To decrypt a message type the following
gpg -d | cat -v
a blank line is returned. Paste the ciphertext of the message you would like to decrypt. You should immediately be asked to enter your passphrase. After typing your passphrase and hitting enter hit ctrl-d to display the plaintext of the message. If the message was signed with a private key that correlates with a public key you have on your keyring, the message will be authenticated automatically.
important note: you should prepend the signature command with a space so that you don't save the plaintext of what you sign in your terminal history. Adding a space prior to a terminal command makes it so that it is not saved in the history. Does not work on FreeBSD (tested on 7.1 and 8.1)"
-
You might like stealing some of my script. I never messed with ruby, what's it like? At one point in my script's short life, so far, I was using zenity dialogs, but they leave much to be desired, especially when you're not that good at scripting anyway, like me. This does work, though. It's called roadhash. When you invoke it by typing roadhash on the command line it first checks the clipboard for an encrypted message. If it finds it, it decrypts and dumps it so you can read it. Seems like last time I used it, that feature got it my way. This is by no means done. Kinda like my pet project that was/is necessary because seamonkey aint coming home anytime soon. If it doesn't find any encrypted data on the clipboard, it lists all your public keys and you pick who it is you're messaging. Then an instance of nano pops up, you type your message the exit nano (it already saves it the right name ect, you just hit ctrl+X then Y for save. After you hit Y to save, it puts the encrypted message on your clipboard then you just go back to silkroad messenger, right click and paste.
Like I said, since adding the first part that searches for preexisting roadhash, I've had some times when it got in my way. I had planned to remove it and there are several things it still needs. Pet project from hell lol. But here is what I have it may give you some ideas and I'd love to see what you are doing with yours as well. It worked much better before adding the other shit then not finishing it. I haven't touched this script in weeks.
*Edit* actually, that first script I posted wont work because I never finished one new function I was adding. Here is the last version that worked, and it's the one where I used zenity. That'll let you see how easy zenity is to fuck with.
#!/bin/bash
# Roadhash.
# Checks if an encrypted message is on the clipboard and decrypts and dumps to dialog if so.
# Otherwise lets you write and encrypt a message to someone whos key you have.
#
#
rashcheck (){ #checks the clipboard for encrypted text and decrypts and calls rashdump if it finds it
state=$(xsel -ob|grep BEGIN)
if [ -n "$state" ];
then xsel --clipboard>rash.asc&&rashdump;
fi
}
rashdump (){
gpg -d .rash.asc|zenity --text-info --width 600
echo roadhash decrypted and dumped, clearing clipboard
echo -e "\n"
xsel -bc
exit 1
}
rashcheck
# remove old shit if there
rm .rash.asc 2>/dev/null
# List all available keys
echo -e "\n"
echo -e "************* cryptofags you may contact *******************"
echo ---
gpg --list-keys|grep uid
echo ---
# Recipient?
echo -e "Wut key use? \c"
read keyuse
#
nano .rash
# Encrypt
gpg -r $keyuse -a -e .rash
rm .rash
# copy contents to clipboard--need the option to save here too
xsel --clipboard < .rash.asc
echo -e "\n"
echo -e "Paste has roadhash \n"
exit 1
-
here is what I have so far, it only does key generation though. I had it all finished and then my VM fucked up and I had to start over and this is how far back I am done (minus nice formatting too). Will finish it again though, I just wanted to play with TK.
require 'tk'
require 'open3'
require 'securerandom'
root = TkRoot.new do
minsize(600,700)
maxsize(600,700)
end
root.title = "Ruby GPG"
notebook = Tk::Tile::Notebook.new(root) do
place('height' => 700, 'width' => 600, 'x' => 0, 'y' => 0)
end
frame_one = TkFrame.new(notebook)
frame_two = TkFrame.new(notebook)
frame_three = TkFrame.new(notebook)
notebook.add frame_one, :text => 'Generate Keys'
notebook.add frame_two, :text => 'Manage Contacts'
notebook.add frame_three, :text => 'Encryption / Decryption Operations'
perform_operation_button = TkButton.new(frame_three) do
text "Generate Account"
borderwidth 2
state "normal"
font TkFont.new('10')
foreground "black"
background "grey"
activebackground "#bfb7ae"
relief "groove"
command (proc {generate_key_pair})
place('x' => 0, 'y' => 0)
end
@@crypto_io = TkText.new(frame_three) do
self.exportselection = false
self.borderwidth = 0
self.background = "grey"
place('height'=> 350,'width' => 600,'x' => 0, 'y' => 327)
end
@@operation_selection = TkListbox.new(frame_three) do
self.selectmode = "browse"
self.selectbackground = "#c7b6b8"
self.background = "grey"
insert 0, "Decryption", "Asymmetric Encryption", "Symmetric Encryption", "Sign", "Verify Signature"
place('height'=> 80,'width' => 200,'x' => 75, 'y' => 100)
end
@@operation_selection.selection_set 0
@@embed_key_fingerprints_selection = TkListbox.new(frame_three) do
self.exportselection = false
self.selectmode = "browse"
self.selectbackground = "#c7b6b8"
self.background = "grey"
insert 0, "Show recipient key", "Hide recipient key"
end
@@embed_key_fingerprints_selection.selection_set 0
@@pseudonym_entry = TkEntry.new(frame_one) do
place('height'=> 25,'width' => 250,'x' => 50, 'y' => 155)
self.value = "Pseudonym"
end
@@pseudonym_entry.background = "grey"
@@password_entry1 = TkEntry.new(frame_one) do
show '*'
place('height'=> 25,'width' => 250,'x' => 50, 'y' => 185)
self.value = "starslol"
end
@@password_entry1.background = "grey"
@@password_entry2 = TkEntry.new(frame_one) do
show '*'
place('height'=> 25,'width' => 250,'x' => 50, 'y' => 215)
self.value = "password"
end
@@password_entry2.background = "grey"
@@email_entry = TkEntry.new(frame_one) do
place('height'=> 25,'width' => 250,'x' => 50, 'y' => 240)
self.value = "valid format potentially made up E-mail"
end
@@email_entry.background = "grey"
generate_keys_button = TkButton.new(frame_one) do
text "Generate Key pair"
borderwidth 2
state "normal"
font TkFont.new('10')
foreground "black"
background "grey"
activebackground "#bfb7ae"
relief "groove"
command (proc {generate_key_pair})
place('x' => 80, 'y' => 275)
end
@@key_type = TkListbox.new(frame_one) do
self.selectmode = "browse"
self.selectbackground = "#c7b6b8"
self.background = "grey"
insert 0, "RSA and RSA", "DSA and El-Gamal"
place('height'=> 80,'width' => 200,'x' => 340, 'y' => 240)
end
@@key_type.selection_set 0
@@key_strength = TkListbox.new(frame_one) do
self.exportselection = false
self.selectmode = "browse"
self.selectbackground = "#c7b6b8"
self.background = "grey"
insert 0, "1024", "2048", "3072", "4096"
place('height'=> 80,'width' => 200,'x' => 340, 'y' => 155)
end
@@key_strength.selection_set 3
key_generation_explanation = TkText.new(frame_one) do
self.exportselection = false
self.borderwidth = 0
self.background = "grey"
place('height'=> 150,'width' => 600,'x' => 0, 'y' => 0)
self.value = "
To generate a new key you are required to provide the following information. You may choose between RSA/RSA and DSA/ElGamal, both are secure. You also can select a key size. The larger the key size, the more securely encrypted messages sent to you will be 1,024 is not considered to be secure for much longer. 2,046 is the minimum suggested key size, however 4,096 bit keys offer significantly more protection from some realistic attacks. The number of qubits required to break susceptilble asymmetric algorithms grows with the number or bits in the key. After you have filled out the relevant information, click the generate keypair button to begin the process of key generation. "
end
key_generation_explanation.state = "disabled"
@@finished_key = TkText.new(frame_one) do
self.exportselection = false
self.borderwidth = 0
self.background = "grey"
place('height'=> 350,'width' => 600,'x' => 0, 'y' => 327)
end
def generate_key_pair
if @@password_entry1.value != @@password_entry2.value then
passwords_must_match = Tk.messageBox(
'type' => "ok",
'icon' => "warning",
'title' => "Warning!",
'message' => "The provided passwords do not match!"
)
else if @@pseudonym_entry.value.length < 5 then
pseudonym_too_short = Tk.messageBox(
'type' => "ok",
'icon' => "warning",
'title' => "Warning!",
'message' => "The GPG base engine requires your pseudonym to be at least five characters long"
)
elsif @@password_entry1.value.length < 7 then
password_too_short = Tk.messageBox(
'type' => "ok",
'icon' => "warning",
'title' => "Warning!",
'message' => "Your password must be at least eight characters long"
)
elsif not @@email_entry.value.to_s.include?("@") then
invalid_email = Tk.messageBox(
'type' => "ok",
'icon' => "warning",
'title' => "Warning!",
'message' => "This does not appear to be a valid E-mail address (gpg enforced)"
)
else
starting = `gpg --list-keys`.bytesize
stdin, stderr = Open3.popen3('gpg --gen-key --batch')
entropy_explanation = Tk.messageBox(
'type' => "ok",
'icon' => "info",
'title' => "Entropy Gathering Is Required",
'message' => "You must gather entropy to generate your key. Do so by typing randomly into the text box that will pop up momentarily. Gathering sufficient entropy may take a very long time on virtual machines, and depending on the key size selected."
)
selected_algorithms = @@key_type.curselection
selected_key_strength = @@key_strength.curselection
key_type = "RSA" and subkey_type = "RSA" if selected_algorithms[0].to_i == 0
key_type = "DSA" and subkey_type = "ELG-E" if selected_algorithms[0].to_i == 1
puts key_type
key_strength = "1024" if selected_key_strength[0].to_i == 0
key_strength = "2046" if selected_key_strength[0].to_i == 1
key_strength = "3072" if selected_key_strength[0].to_i == 2
key_strength = "4096" if selected_key_strength[0].to_i == 3
puts key_strength
stdin.puts("Key-Type: #{key_type}")
stdin.puts("Key-Length: #{key_strength}")
stdin.puts("Subkey-Type: #{subkey_type}")
stdin.puts("Subkey-Length: #{key_strength}")
stdin.puts("Name-Real: #{@@pseudonym_entry}")
stdin.puts("Name-Email: #{@@email_entry.value.to_s}")
stdin.puts("Expire-Date: 0")
stdin.puts("Passphrase: #{@@password_entry1.value}")
stdin.puts("%commit")
entropy_input_window = TkToplevel.new do
self.title = "gather entropy"
self.height = 500
self.width = 500
end
entropy_input = TkText.new(entropy_input_window) do
self.background = "#e3dede"
place('height'=> 500,'width' => 500,'x' => 0, 'y' => 0)
end
gather_entropy = Thread.new do #this may be insecure way of piping randomness to the GPG engine depending on how they have implemented entropy accumulation
until `gpg --list-keys`.bytesize > starting do
stdin.puts("entropy_input.value")
entropy_input.value = ""
sleep(10)
end
entropy_input_window.destroy
done = Tk.messageBox(
'type' => "ok",
'icon' => "info",
'title' => "Key Generated!",
'message' => "Your key has finished generating!"
)
@@finished_key.value = `gpg -a --export #{@@pseudonym_entry.value}`.to_s
end
end
end
end
Tk.mainloop
-
I'm no Linux expert and I use a portable GPG program, but the only reason that seahorse "doesn't work" is the no longer existing gedit integration...right?
Geany got a GPG plugin that works just fine with ubuntu 12.04. 'geanypg'
Or is there another problem that i did not see?
Seahorse seems to work with ubuntu 12.04 as far as i can tell.(with gnome classic/gnome-panel. I don't know about unity)
I used Linux Mint too, until ubuntu 12.04 came out. But now with the Gnome classic desktop(sudo apt-get install gnome-panel) and the convenient way for Full Disk Encryption when using the text based installer of the alternate cd..
it is not so bad anymore.
-
Dare I say I've learned more about security / useful how-to's on this board than any other I've been on? Yes, yes I do dare say that.
I'm no Linux expert and I use a portable GPG program, but the only reason that seahorse "doesn't work" is the no longer existing gedit integration...right?
Geany got a GPG plugin that works just fine with ubuntu 12.04. 'geanypg'
Or is there another problem that i did not see?
Seahorse seems to work with ubuntu 12.04 as far as i can tell.(with gnome classic/gnome-panel. I don't know about unity)
I used Linux Mint too, until ubuntu 12.04 came out. But now with the Gnome classic desktop(sudo apt-get install gnome-panel) and the convenient way for Full Disk Encryption when using the text based installer of the alternate cd..
it is not so bad anymore.
What portable GPG program do you use?
-
I like to keep it simple. :) Therefore i use gpg4usb.
If you run a 64bit version of Linux, it might be necessary to install ia32-libs to start it. (sudo apt-get install ia32-libs)
-
Thanks for the recommendation, Guru. I have used Mepis before. One upon a time my cure for boredom was to go to distrowatch.com, download whatever new distro I had not tried, burn it, boot it, play with it for a few minutes or hours, maybe a day or two, then trash it lol. So, when i say I have used Mepis, it followed those lines. I have played with it before, that is more accurate. I also hate KDE. Which is funny since I used KDE for the first ten years of my modern computing life. I thought gnome looked cartoony and KDE was just killer. Now, it's the opposite. I don't like the feel of KDE, the atmosphere it has, or whatever you wanna blame. I do appreciate the suggestions, though.
I ended up grabbing Tails, LinuxMint 12 and Archbang to try out. I forget who here suggested LinuxMint, but it has grown up A LOT since I last used it. I have been really impressed with it and think my Ubuntu days are over. Of course, Mint is just another Debian based distro like Ubuntu, nearly the same thing as Ubuntu, but much better implemented. It doesn't have that stupid Unity dock like the new Ubuntus, but it doesn't have the old school menu I'm partial too either. Their solution to replace the old menu is the first I've seen that works great. After only a day I can get around pretty quick and everything works very fluid like and smoothly. Until such time as they fuck it up, I will be a Mint user for my main OS.
The first thing I did after installing Mint, was install VirtualBox and let it run Tails. Tails is also pretty awesome, if you're really in need of a deeply inconvenient and paranoid computing scheme. It's just not for me at this point. Maybe for some browsing I will use it, for purchasing or surfing new boards around the onion when I don't really know what to expect, but prefer my butthole be in the fully clamped and guarded condition, I'll use it. But I spend most of my time at a small group of boards and I don't need so many layers of anonymity when it means I cannot bookmark sites, save pictures, import bookmarks etc.
I'm still "test driving" my Mint install, really. Now that I know I like it and it works well for everything I want it to do with it, I'll take my hdd to the bone, repartition it (have a new layout I want to use anyway) and put Mint in the number one spot and just ditch Ubuntu, it's trash. I want to play around more with ArchBang, but it won't boot. It will run in a VM, though. I like having lots of VMs available. Though I do nothing practical with them, I like that I have all those OSs' to see if any do what I need one to do.
Anyway, thanks again for the recommendations, Guru!
HC, I'm not sure of the really specific specifics regarding seahorse's brokenness. I do know that it was more than Gedit integration. It was integration period. Since GPG is a command line tool, like most linux utilities, any gui given you to make shit easier is not considered necessary for the main application to still work and therefore broken guis can take a low priority on the fixme list. Seahorse is just a suite of graphical tools for GPG. That definition may leave a lot to be desired, but I'm totally an armchair user here, I can't break it down for you like I went to school for this stuff, but essentially that's all seahorse is to me. I tried every possible solution I could find for giving GPG a gui in Ubuntu 11.1 and they all failed. If i were still trying to salvage 11.1 or Ubuntu period, I would definitely try the things you listed as working. But, I'm on to a new OS now and Ubuntu can get bent. I hope it enjoys the tablet market :^)
TL;DR No more Ubuntu, Tails is not for me and ArchBang should be fun
-
Thanks for all the help, especially kmfkewm, hatedpatriot & Bob Loblaw, the precise coding is exactly what I was looking for!
-
Hello all.
I supposedly created a key pair using this guide when i last booted up my ubuntu on usb http://dkn255hz262ypmii.onion/index.php?topic=42031.0
However i've just loaded up my gpg and typed in -a --export ddsfdsioj@dslkjfdsfl.com
But it gives me the message gpg: WARNING: nothing exported
??????
It seems ubuntu doesn't remember ANYTHING i do. Or is that the point ?? For e.g i have to download and install tor upon each use.
Do i have to create a new key to start encrypting messages every single time ?? I'm sure last time it told me my key was created.
-
Hello all.
I supposedly created a key pair using this guide when i last booted up my ubuntu on usb http://dkn255hz262ypmii.onion/index.php?topic=42031.0
However i've just loaded up my gpg and typed in -a --export ddsfdsioj@dslkjfdsfl.com
But it gives me the message gpg: WARNING: nothing exported
??????
It seems ubuntu doesn't remember ANYTHING i do. Or is that the point ?? For e.g i have to download and install tor upon each use.
Do i have to create a new key to start encrypting messages every single time ?? I'm sure last time it told me my key was created.
You're missing an option in the key export command. What you should be using is: gpg --armor --export ddsfdsioj@dslkjfdsfl.com >export.asc
If you use the command as I've shown, your key will be exported to export.asc
Naturally, you can use any name you wish, if you don't like export.asc
-
Hi there that doesn't work - but thanks alot.
Like i said everytime i load ubuntu up - it's forgotten everything i've ever done.
When i type in gpg -k for .eg to list keys it gives me this :
ubuntu@ubuntu:~$ gpg -k
gpg: directory `/home/ubuntu/.gnupg' created
gpg: new configuration file `/home/ubuntu/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/ubuntu/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/ubuntu/.gnupg/secring.gpg' created
gpg: keyring `/home/ubuntu/.gnupg/pubring.gpg' created
gpg: /home/ubuntu/.gnupg/trustdb.gpg: trustdb created
I make my bootable usb drive using these instructions : http://www.ubuntu.com/download/help/create-a-usb-stick-on-windows
Many thanks
-
You're missing an option in the key export command. What you should be using is: gpg --armor --export ddsfdsioj@dslkjfdsfl.com >export.asc
If you use the command as I've shown, your key will be exported to export.asc
Naturally, you can use any name you wish, if you don't like export.asc
It is okay to use -a instead of --armor, it's faster and does exactly the same thing.
If you type:
gpg -a --export "keyname" > mypubkey.txt
It will create a file named mypubkey.txt. You can open that file with a text editor (gedit on Ubuntu) and copy/paste public key.
If you leave out the "> mypubkey.txt.asc" it will just directly print your public key in the terminal window. Then you can copy paste it from there. I tend to do that more often these days, as it is faster. But it is personal preference.
@r00b00cup: See my comment in your other topic ;-)