Importing a p7b
JWL
It's the root certificates that come with XP (and one of their
updates).
I just went into explorer/Tools/Internet
Options/Content/certificates/trusted root certification authorities,
then shift-clicked on the first one, shift-clicked on the last one,
then went through the export process.
Anybody know how to import it into GPG or PGP?
It would be nice to know if anybody ever negotiated the politics, or
fees, or schmoozing, or whatever put some cross-links and uplinks into
the old "web of trust" that works so well, mostly because there are
not very many people trying to write into channels that are ultimately
burned on disk.
David W. Hodgins
> I hav a 356784 byte file called store.p7b.
> Anybody know how to import it into GPG or PGP?
The certificates used for ssl encryption are not in a format
suitable for used with gpg/pgp. For those type of certificates
the appropriate tool is called OpenSSL. You can get a windows
version from
http://www.openssl.org/related/binaries.html
Regards, Dave Hodgins
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
JWL
Hash: SHA1
David W. Hodgins wrote:
> On Sun, 20 Mar 2011 20:02:37 -0400, JWL
> <brew...@freenet.edmonton.ab.ca> wrote:
>> I hav a 356784 byte file called store.p7b.
>> Anybody know how to import it into GPG or PGP?
>
> The certificates used for ssl encryption are not in a format
> suitable for used with gpg/pgp. For those type of certificates
> the appropriate tool is called OpenSSL. You can get a windows
> version from
> http://www.openssl.org/related/binaries.html
>
> Regards, Dave Hodgins
I am led to believe that PGP can import pem.
http://www.minstrel.org.uk/wot-faq/q1.html
I tried openssl to get a pem and got this:
C:\PROGRA~1\OpenSSL-Win32\bin>openssl pkcs7 -in store.p7b
- -print_certs -out store.pem
unable to load PKCS7 object
2784:error:0906D06C:PEM routines:PEM_read_bio:no
start line:.\crypto\pem\pem_lib.c:696:Expecting: PKCS7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)
iQCVAwUBTYf0gB47apzXdID2AQKd9wQAij8KviPGVM2R9sshVvtuV415gX4c8Y3m
JOntU3lRzZkBwfC1SyuKB1NqITig7mpdCvf2qQfbn8kFNP0Vz/0N+HOqULKDBG4h
Eu993dPteoRgWdpnNQxsFNA60QY9w4bBnwRxBhRpkguTHD80e3nV5MEW0Vf8HdcI
rFaAPbHONMg=
=S82i
-----END PGP SIGNATURE-----
http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric_Litwyn_Jay.mp3.pgp
David W. Hodgins
> I am led to believe that PGP can import pem.
> http://www.minstrel.org.uk/wot-faq/q1.html
Read the site again. PGP has the ability to generate a
certificate request (a feature added since I switched to
linux).
That request is then sent to Thawte, who convert it into
a signed gpg key, and only for rsa pgp keys.
JWL
Version: GnuPG v1.2.2 (MingW32)
Comment:
http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric_Litwyn_Jay.mp3.pgp
owFlVV1oHFUUThussLhVoVVQkUMf0thOZjeh2JLYNDFN47amDd1oqPjg3Zm7MzeZ
uXdy753MbqEoCFIt/qD4UGh90Tep+CClD77ok5SioAUVLPiD+GSkKCIUwXPubP7w
bZl7zne+833fvftWtb9v+7ZHxxYvfWtf+nvblR2nW3dnB1u+7djZ13746ihbESEs
+PCUCiMhDRRaWT5arYzDKQmzSnowMgyzTMNIfXgYf4/WD4zWD8FQ/UC97sHxhaep
9ImW5kXMYjbR1pxLbn0epkpaJX3W8gM2vgE7Dg1gKSQ8BKugxRPBVzjYmFmYm5mD
gEkQaaa0hYynvmuIrc1Ga7WiKPwUKVrNE1/pyM+XaoWyQ222XFse9mObJlhOdE5z
hugxByMsBxYxIX1w8DEz7oC1RCJslyhEyFczqqPWgGsr2iKgD5ov59xYGGTQ5szm
GmvCEIkbIQOOe5hC2CB2m1BvImTeeQw5VytnVO5WibgFtgW0rVXqqLS6kCNQRHyE
rlaWeNdwvcI1pEzmLEm6gJr0dl8/HPGzKPMDlda8aoXJEGJhbQ+FCCyBsGC4DA3t
1lW5Bj6UMpEQdc2NcfQaFoQB1YYACwyuhTP1opAsgUyrAMuo2+rc2N4Y4Tpa3Fok
iG5JkMrGONjhjcM8GbgmmHAiS+JhCQgPC8s9KGKFEyWuYR2gLHVjKGgkUcYoiwA3
9YAmKokKtJUGbRjg0nRC7HsOR0yHxgPML1/LLjE51xsGhUgSJISuSadNW0hhyKvN
ZrRwB8BIMDjJrQlYxglhalNFEGN4HB9XNndiqnnw/wUeSC5wiiZNi1gEMeGQy7kM
uTYWAYwPTeWBUSnviWCEkqQVySY0UhtyTDkzglQsWJdQhPPCZJhXd1xSKHmRgqhy
VgZ402amlDC3We66jFsMOyabU40GyZqiX0OwiA6DIQ23Qvl4+VCypARyveWldGW0
2GAZ3r0neLfWcGd73UzDEx6sJ3IDp7wXDYn5wfcBpjtZojQKFiqcgVkC3nEDnFc5
epflrUQE5PpYmQU62bQi4h1D1dqq40GsCnxFtFe63kPC0R65ts8PtPVQ8zRLuEsG
mk5gGxMQaxIbG/g+uGcpVKg+GSNZSreDNqDvayJs6DBc97GtUGQzOs9stVKmreOy
m8tetENmGV4oJk3GEDbollRbfAyfQnyDS72qlT2kbbMxc3L6KMxON5uTM9N7IMb3
DOOCQ484EUmv3ptZDsOE0RrIpGSIA2N2Fsuqla23Hyhx1lnx5PyCh+0YL0HJjpQK
KXLlk2jdlXRvnikHobyi3QV61Kk2QkGYDmKxwo3/at+7/Xf10d/J+v/Mdn2z/99d
Hx7+7s/PPn1x4sHGoSMz53995YXVU3NXznxvb7z/+3M/Tpy79fO9/YcvXhwcOPvH
tYfeGLj+Ufr5N8+L+y4lO9nM6sTjD+z7IH79nvufXb3818s7f3vkmYdv293HLvxz
Z8cn57/8ZTfc/OLrn/Zf6wzcnn2H7Z8fXx7hx6+a9M1bYxdS7/Kdtz9+b9d/
=9i1V
-----END PGP MESSAGE-----
David W. Hodgins
> -----BEGIN PGP MESSAGE-----
> Version: GnuPG v1.2.2 (MingW32)
> Comment:
> http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric_Litwyn_Jay.mp3.pgp
>
> owFlVV1oHFUUThussLhVoVVQkUMf0thOZjeh2JLYNDFN47amDd1oqPjg3Zm7MzeZ
As I posted before, in usenet articles, please use clear text
signatures. Trying to decrypt what ever you posted using gpg
shows ...
$ gpg msg.asc
gpg: invalid armor header: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric_Litwyn_Jay.mp3.pgp\n
gpg: invalid radix64 character 3A skipped
gpg: invalid radix64 character 2E skipped
gpg: invalid radix64 character 2E skipped
gpg: invalid radix64 character 7E skipped
gpg: invalid radix64 character 5F skipped
gpg: invalid radix64 character 5F skipped
gpg: invalid radix64 character 5F skipped
gpg: invalid radix64 character 2E skipped
gpg: invalid radix64 character 2E skipped
gpg: CRC error; 47A6BA - F62D55
gpg: packet(1) with unknown version 156
If you can't figure out how to clear sign your messages, please
stop trying to sign them, and just post plain text messages.
I will not bother trying to decrypt any further messages from you.
JWL
Hash: SHA1
It was not encrypted. I went "gpg -sa", so it was signed and
compressed.
What you are saying illustrates a bug. The _advantage_ is simply that
my
signatures *should* survive archive treatment. As things are, I can't
verify cleartext signatures from google.
David W. Hodgins wrote:
> On Mon, 21 Mar 2011 21:04:08 -0400, JWL
> <brew...@freenet.edmonton.ab.ca> wrote:
>> I am led to believe that PGP can import pem.
>> http://www.minstrel.org.uk/wot-faq/q1.html
>
> Read the site again. PGP has the ability to generate a
> certificate request (a feature added since I switched to
> linux).
You can get a certificate from PGP by using their
keyserver manually at http://keyserver2.pgp.com/,
and hitting the link it sends to your e-mail address.
It is of course a marjinal process to trust,
and it is better than nothing.
> That request is then sent to Thawte, who convert it into
> a signed gpg key, and only for rsa pgp keys.
>
> Regards, Dave Hodgins
} Thawte will return the finished certificate both as a Netscape
} Certificate chain and as a PKCS7 Certificate chain, neither of which
} PGP understands. So, some conversion is required - the easiest way
} is to split the PKCS7 chain into seperate certificates and output
these
} in ASCII format - just save into seperate .pem files and
} import into PGP (using 'Key/Import' and selecting the .pem files).
Internet Explorer does not export the full public key; only the
certificate.
Firefox, however, will export pem, as *.crt, complete with the public
key.
All I had to do was rename a file to import it into PGP10. I wonder
what
the fix for unsigned data transparency will be; leaving the
"PGP SIGNED MESSAGE" headers in?
I note that the first key I imported haz no
e-mail address on it.
BTW, this is a good way to get signatures that verify onto google
archives.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)
Comment:
http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric_Litwyn_Jay.mp3.pgp
iQCVAwUBTYrtKx47apzXdID2AQJgIgQAgIdIqmV/rWA6oD6wh4CEXQEaWEtdAUwi
YwQI3okKYLg5CxJUgywpCr7/UwMInEM8XFoOG9nNU1pYR3MAOGA+ZY/m1cVo3mOx
LTvLRGYk1AIPJeoVVseH7NTsdTHpRdMFgHWpwLOG+e2J5Ku3CVc0Y9R9iwa38sJS
Wh4BO1MqA2U=
=9RTF
-----END PGP SIGNATURE-----
JWL
"pgp -sa".
JWL
comment:
then gpg might be able to verify that message.
JWL
> $ gpg msg.asc
> gpg: invalid armor header:
> http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric_Litwyn_Jay.mp3.pgp\n
> gpg: invalid radix64 character 3A skipped gpg: invalid radix64
> character 2E skipped
> gpg: invalid radix64 character 2E skipped
That's a double-slash.
> gpg: invalid radix64 character 7E skipped
That's a tilde.
> gpg: invalid radix64 character 5F skipped
> gpg: invalid radix64 character 5F skipped
> gpg: invalid radix64 character 5F skipped
> gpg: invalid radix64 character 2E skipped
> gpg: invalid radix64 character 2E skipped
2E is hexadecimal for a period. None of the above are within the
base64 character set, and I suspect that gpg would accept anything but
a line break or a carriage return after the comment header.
David W. Hodgins
Replacing the linefeed with a space does allow the message
signature to be verified.
The only problem I see with the armored messages, as well as
the archives on google seem to be caused by the Comment field
getting wrapped.
Perhaps you should use a shorter comment, especially since
http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric_Litwyn_Jay.mp3.pgp
returns 404 Not Found.
Bohgosity BumaskiL
> On Thu, 24 Mar 2011 03:52:48 -0400, JWL
> <brew...@freenet.edmonton.ab.ca> wrote:
>> If you take out the line break after
>> comment:
>> then gpg might be able to verify that message.
>
> Replacing the linefeed with a space does allow the message
> signature to be verified.
>
> The only problem I see with the armored messages, as well as
> the archives on google seem to be caused by the Comment field
> getting wrapped.
>
> Perhaps you should use a shorter comment, especially since
> http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric_Litwyn_Jay.mp3.pgp
> returns 404 Not Found.
>
> Regards, Dave Hodgins
That is because I moved it to
http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp shortly
after
I realized that a line wrap was causing the problem.