Endpoint Encryption

Hi, I'm new to PGP command line and need some help with some specific instructions for encryption.  I have created a key pair.  I have received a public key from someone I want to encrypt a file to send to. I have added their key to my key ring.  That person has asked that I use their "Public Key to encrypt a test file in ASCII   ARMORED FORMAT, and sign it with the Private Key of the Public Key  that you sent to us. (Single step, encrypt and sign.)”

I am entering this:

Pgp –encrypt file.txt –armor –sign –signer “myemailsignature”  (the "myemailsignature" was what I entered with my userid when I created my key pair).

When I run this, I keep receiving an error to speciffy a recipient.  Is this right?  Who would the recipient be?  A user on the receiving end?  Also how do I specify which public key (this particular vendor's that I'm working with) is the one that I want to encrypt to.  Any help would be appreciated.

Thank you.

CLN

You specify your recipient with the "-r" option.  So:

pgp --encrypt --recipient  "user id or key id" --armor --sign file.txt

Or a little shorter:

pgp -er "user id or key id" -a -s file.txt

The "user id or key id of your recipient" is something that identifies the key to encrypt to.  You can run "pgp --list-keys" to list all the Key IDs and User IDs.

In this list, you should see one key (the keypair you generated) with a '*' (asterix) in front of the listing.  This indicates that the key is your default signing key.  If you sign something, this key will be used.  If you have more than one key pair, you can select a "non-default" signing key by using the "--signer" option.  But if you just have the one (or it is the one you like you use) you don't need to specify "--signer".

You may also want to specify "--encrypt-to-self" so that you can decrypt the file later if you need.

Regards,

Great, thanks.  I now have

pgp --encrypt --recipient  "user id or key id" --armor --sign file.txt exactly.  Now I get 'invalid key' error (I've checked it, I'm definitely typing it right) and I've tried using the key id and the user id from the --list-keys function for the public key of the recipient that I have.  I also get the error 'invalid passphrase' even though they told me they didn't use a passphrase when they generated the public key for me.

Any thoughts?

Feh, I can't believe I did that.

Yes, to sign the message, you need to provide the passphrase for *your* key.  So the actual invocation would be

pgp --encrypt --recipient "user id or key id" --armor --sign file.txt --passphrase "your private key passphrase"

You should never share you private key material or passphrase with anyone.

When you first import a key into PGP Command Line, it is not trusted.  So if you try to encrypt to that key, you will get a "key invalid" warning, though the encryption will complete.  If you have verified that you do indeed have the public key for your recipient (by confirming with them the key fingerprint), you can sign the key to indicate that the key is valid.  You do this as follows:

pgp --sign-key "user id or key id" [--signer "a signer, if not your default signer"] --passphrase "your private key passphrase"

You don't have to specify the --signer if you are using your default signing key.

This warning message is discussed in the PGP Command Line User's Guide in the FAQ (Appendix C) under "Invalid Keys".

That appears to have done the trick.  I will send this test file off to them and hopefully they will be able to decrypt it ok. 

Thanks a ton!!!

Great, I'm glad everything is working for you.