encrypted gists about gist HOT 14 CLOSED

The encypt flag requires two dashes in front.

from gist.

Oops, typo in the issue (not the command tried!!!)...

from gist.

No problem. What is the command that you tried?

from gist.

echo test | gist create dummy --encrypt and gist create dummy --encrypt

both with exactly the same result (except for the timestamp of course ;) )

from gist.

Have you configured gist to use gnupg? https://github.com/jdowner/gist#configuration

from gist.

Yep...

[gist]
token: XXXX
editor: /usr/bin/vim
gnupg-homedir: /home/Rene/.gnupg
gnupg-fingerprint: XXXX

(The XXXX of course represent the correct values)

from gist.

Would you mind running this short script for me? It just encrypts a short message and then tries to decrypt it. I'm just trying to narrow down where the problem is coming from.

#!/usr/bin/env python

import os
import gnupg


def main():

    gpg = gnupg.GPG(gnupghome=os.path.expanduser("~/.gnupg"))

    fingerprint = "<your gpg fringerprint>"
    message = "test message"

    # Encrypt message
    ciphertext = gpg.encrypt(message, fingerprint)
    print(ciphertext.status)

    # Decrypt message
    plaintext = gpg.decrypt(ciphertext.data)
    print(plaintext.status)


if __name__ == "__main__":
    main()

from gist.

Problem, thanks to your script, partly solved:

I'm using gpg2(!!!), when your script gave me an error message I generated a gpg-key and nearly everything worked fine....
Nearly because while the creation of an encrypted gist now worked as expected, gist content XXXX --decrypt (like the decryption part of your test script) worked only as long as the private key isn't protected by a passphrase!!!
Since that obviously is a no go, I've got two new questions:

1. Is it planed to switch to the newer gpg version?
2. How do I supply the passphrase? (hopefully not via environment or commandline, both are no goes!)

PS.:
gist content XXXX at least gave me the clear signed content....

from gist.

It sounds like you need to install some version of pinentry. pinentry allows you to securely enter your passphrase. There are a variety of different pinentry packages,

• pinetry-curses
• pinetry-qt4
• pinentry-gtk2

It sounds like you want something like pinetry-gtk2. That will bring up a window for you to enter your passphrase whenever you want to decrypt a file with gnupg.

The issue of gpg versus gpg2 is a little awkward. The package I use in gist is python-gnupg. It tries to use whatever you have on your system. Apparently there is an issue with gpg2 on windows, and so the recommendation that comes with python-gnupg is to use v1.4.x. As such, I don't want to require that users install gpg2.

from gist.

Ouch, and currently I've got only a windoze machine (using cygwin)...

Which also means, that I've got pinentry-w32 installed (yes!, it is already installed!!!)

from gist.

So I just wanted to make sure: this issue is resolve for you?

from gist.

Not truly...
OK, the gpg2 part is unfortunate, but understandable...

But there is still the problem concerning the password...
As I wrote:
I have pinentry installed, neverthelessm there was no request for a password....
I know, that the pinentry is working, since it got called when generating the gpg2 key, though not for the gpg key, for that one I just got a standard request in the tty and also nothing when using --decrypt for gist...

from gist.

It sounds like this is an issue with gpg-agent not running or not configured with the correct pinetry. But, that is something outside of gist so I am going to close this issue.

from gist.

Ah!!!
Ok, that last comment most likely solved the problem (while pinentry was a cygwin requirement to install gpg2, it was previously unknown by me...)

Update:
After manualy starting the gpg-agent 2.x and exporting the expected environment variable for gpg 1.4 it's now working :)

from gist.