Need some help about GPG signatures... !
- 
 Hello, guys, Of course, I could have continued to check the integrity, of the downloaded Notepad++ archives, with the SHA-256check-sum, but I’m curious and decided to have a look at the GPG signatures !So, reading first, from the N++ link : https://notepad-plus-plus.org/news/v7.6.5-with-gpg-signatures.html I downloaded the most recent version of Gnupgsoftware,gnupg-w32-2.2.15_20190326.exefrom that site :https://gnupg.org/ftp/gcrypt/binary/ And, from the end of the page, below, I have recovered the SHA-1sum of thegnupg-w32-2.2.15_20190326.exesoftware :https://gnupg.org/download/integrity_check.html Its SHA-1check-sum isf5f7eeadfdf6ad971b5313f045083b4f95ace07bBy a right click on this archive and the choice, in the context dialog, of the CRC - SHA > SHA-1option ( from 7-zip ) , I could verify that it was the same. Good !Now, on my old XP SP3laptop, from the folderC:\Program Files\gnupg\bin, I started, in console mode,gpg.exe --helpand it answers :gpg (GnuPG) 2.2.15 libgcrypt 1.8.4 Copyright (C) 2019 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: C:\Documents and Settings\Guy\Application Data\gnupg Algorithmes pris en charge : Clef publique : RSA, ELG, DSA, ECDH, ECDSA, EDDSA Chiffrement : IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hachage : SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression : Non compressé, ZIP, ZLIB, BZIP2 Syntaxe : gpg [options] [fichiers] Signer, vérifier, chiffrer ou déchiffrer L'opération par défaut dépend des données entrées Commandes : -s, --sign faire une signature --clear-sign faire une signature en texte clair -b, --detach-sign faire une signature détachée -e, --encrypt chiffrer les données -c, --symmetric chiffrement symétrique seulement -d, --decrypt déchiffrer les données (défaut) --verify vérifier une signature -k, --list-keys afficher les clefs --list-signatures afficher les clefs et les signatures --check-signatures afficher et vérifier les signatures de clefs --fingerprint afficher les clefs et les empreintes -K, --list-secret-keys afficher les clefs secrètes --generate-key générer une nouvelle paire de clefs --quick-generate-key générer rapidement une nouvelle paire de clefs --quick-add-uid quickly add a new user-id --quick-revoke-uid quickly revoke a user-id --quick-set-expire quickly set a new expiration date --full-generate-key générer une paire de clefs complètes --generate-revocation générer un certificat de révocation --delete-keys supprimer les clefs du porte-clefs public --delete-secret-keys supprimer les clefs du porte-clefs secret --quick-sign-key signer rapidement une clef --quick-lsign-key signer rapidement une clef localement --sign-key signer une clef --lsign-key signer une clef localement --edit-key signer ou éditer une clef --change-passphrase modifier une phrase secrète --export exporter les clefs --send-keys exporter les clefs vers un serveur de clefs --receive-keys importer les clefs d'un serveur de clefs --search-keys chercher les clefs avec un serveur de clefs --refresh-keys mettre à jour les clefs depuis un serveur --import importer ou fusionner les clefs --card-status afficher l'état de la carte --edit-card modifier les données d'une carte --change-pin modifier le code personnel d'une carte --update-trustdb mettre la base de confiance à jour --print-md indiquer les fonctions de hachage --server exécuter en mode serveur --tofu-policy VALUE set the TOFU policy for a key Options : -a, --armor créer une sortie ASCII avec armure -r, --recipient IDENTITÉ chiffrer pour l'IDENTITÉ -u, --local-user IDENTITÉ utiliser l'IDENTITÉ pour signer ou déchiffrer -z N niveau de compression N (0 désactive) --textmode utiliser le mode texte canonique -o, --output FICHIER écrire la sortie dans le FICHIER -v, --verbose bavard -n, --dry-run ne rien modifier -i, --interactive demander avant d'écraser un fichier --openpgp utiliser le comportement strict d'OpenPGP (Consultez la page de manuel pour obtenir une liste complète des commandes et options) Examples: -se -r Bob [file] sign and encrypt for user Bob --clear-sign [file] make a clear text signature --detach-sign [file] make a detached signature --list-keys [names] show keys --fingerprint [names] show fingerprints Veuillez signaler toutes anomalies sur <https://bugs.gnupg.org> (en anglais) et tout problème de traduction à <traduc@traduc.org>. C:\Program Files\gnupg\bin (20:50:52)Right ! ( Of course, it’s in French, sorry ! ) Then, following the N++ GPG-signatures page, I verified that the Key fingerprintvalue of the Release Key, below :Signer: Notepad++ E-mail: don.h@free.fr Key ID: 0x8D84F46E Key fingerprint: 14BC E436 2749 B2B5 1F8C 7122 6C42 9F1D 8D84 F46E Key type: RSA 4096/4096 Created: 2019-03-11 Expiries: 2021-03-10was identical from the 4indicated sites, i.e. the value14BC E436 2749 B2B5 1F8C 7122 6C42 9F1D 8D84Well ! I decided to have a try : - 
First, I downloaded the two files npp.7.6.5.bin.7zand its signaturenpp.7.6.5.bin.7z.sig, in a same location (D:\Téléchargements), as stated.
- 
Then, as specified at the beginning of the page https://gnupg.org/download/integrity_check.html , I type, in console mode, the similar command : 
 "C:\Program Files\gnupg\bin\gpg.exe" --verify npp.7.6.5.bin.7z.sig npp.7.6.5.bin.7zAnd I got : gpg: Signature faite le 03/30/19 20:40:08 Paris, Madrid gpg: avec la clef RSA 14BCE4362749B2B51F8C71226C429F1D8D84F46E gpg: Impossible de vérifier la signature : Pas de clef publique D:\Téléchargements (21:40:54)The last French phrase means : Can’t check signature: No public key But, in the N++ GPP signatures page, it is said, just before the Validating Digital Signature paragraph : Then sign the Release Key with your private key and set the level of trust which you like. So I’m really confused : one speaks abour private key and the gpg software speaks about public key !? I feel stuck, wondering which way to go ! I also see, in the page, below, at the paragraph Integrity & Authenticity validation : https://notepad-plus-plus.org/download/v7.6.5.html a link to the GPG Notepad++ Public key:https://notepad-plus-plus.org/gpg/nppGpgPub.asc but I don’t see how to use this public key with the gpg.exe software ! Of course, it’s my first immersion in that field and, may be, I should read general articles, about cryptography to begin with ! 
 Oh ! , I’ve just seen that Don have modified the article, adding pictures of GPG4Win and PGP Desktop ! So, I would rather use the GPG4Winsoftware, instead of the console version !So, please, do not be in a hurry to answer me. I’m still digging into the problem ;-)) I’ve got some elements but I don’t know how to gather them up ! Really disconcerting ;-)) Best regards, guy038 
- 
- 
 since it’s my fault he started using gpg, I’ll try to help. :-) First, it’s okay to use the command-line. I did. (I don’t like the Kleopatra GUI; if I’m going to do GUI, I use the GPG4Win version of GPA, not of Kleopatra… but I’m weird that way.) First, you need to have the Notepad++ public key added to your keyring. To do so, you can either download https://notepad-plus-plus.org/gpg/nppGpgPub.asc, saving to your working directory, and use gpg --import nppGpgPub.asc. Alternately (and the way I would recommend) is to usegpg --search-keys 14BCE4362749B2B51F8C71226C429F1D8D84F46E(*: that’s the whole fingerprint, which you quoted above): it should list only one match. Then dogpg --receive-keys 14BCE4362749B2B51F8C71226C429F1D8D84F46E, which will put it in your keyring.At this point, if you tried to verify the signature (I’ll do the .zip, not the .7z, since that’s what I have): C:\usr\local\apps\npp.installers>gpg --verify npp.7.6.5.bin.x64.zip.sig npp.7.6.5.bin.x64.zip gpg: Signature made 03/30/19 12:40:11 Pacific Daylight Time gpg: using RSA key 14BCE4362749B2B51F8C71226C429F1D8D84F46E gpg: Good signature from "Notepad++ <don.h@free.fr>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 14BC E436 2749 B2B5 1F8C 7122 6C42 9F1D 8D84 F46EYou would see “good signature” but “WARNING: THis key is not certified with a trusted signature!” The “good signature” is an indication that the .sig matches the downloaded file. The “WARNING” is because you have not told gpg that you trust Notepad++ don.h@free.fr’s signature. In an ideal world, before doing any of the following, you would independently verify from Don himself that 14BCE4362749B2B51F8C71226C429F1D8D84F46E is the fingerprint of his key (in person, on an encrypted phone line, or something similar). In a less-than-ideal world, because you can verify that the same person has access to both the notepad++ website and the notepad++ github repo, and posted the same fingerprint in both locations, you have a certain level of belief that it’s the right fingerprint for Notepad++ development. At this point, you can either live with the warning (if you are paranoid in the less-than-ideal world). Or you can “sign” the Notepad++ public key (using your private key). There are two levels of signing it: you could sign it locally, which would just make tell your keyring that you “trust” the key… but your local-signing wouldn’t be able to go out in public to give public approval of his signature. (You will want to research the Web of Trust to find out more about that.) I will assume a local signing for now. (If you ever want to change to a non-local signing, that’s easy to do.) gpg --lsign-key 14BCE4362749B2B51F8C71226C429F1D8D84F46E, then reply “y” to indicate you really want to: this will locally sign it. Now, if you redo the verification,C:\usr\local\apps\npp.installers>gpg --verify npp.7.6.5.bin.x64.zip.sig npp.7.6.5.bin.x64.zip gpg: Signature made 03/30/19 12:40:11 Pacific Daylight Time gpg: using RSA key 14BCE4362749B2B51F8C71226C429F1D8D84F46E gpg: checking the trustdb gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 3 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: depth: 1 valid: 3 signed: 0 trust: 1-, 0q, 0n, 0m, 2f, 0u gpg: next trustdb check due at 2021-03-11 gpg: Good signature from "Notepad++ <don.h@free.fr>" [full]It no longer gives the warnings. (*: Footnote: in the old days, they used to only use the last 8 hex digits of the fingerprint as the a shorthand, so many tutorials would have said 0x8D84F46E; but in modern days, there have been collisions in those last 8 digits, so it’s safest to use the full fingerprint, to avoid ambiguity. ) 
- 
 hi @guy038 whenever i hear gpg i feel like a caveman that sees an airplane for the first time ;-) 
 but maybe @saelic has an answer, if you need even more information than provided by @PeterJones .in the mean time, maybe there’s some information at the github gpg discussion that could be useful: https://github.com/notepad-plus-plus/notepad-plus-plus/issues/2524 it’s currently all way above my capabilities. 
- 
 (sorry about the multiedit to my post; akismet was getting in the way at first, and I had to cut some out, post, then paste it back in, and repost; and then I missed part of it, so had to grab my original from my NPP window, and re-edit/post again.) 
- 
 Hi, @peterjones, @meta-chuh and All, Off topic : Sorry I have not been around in the last few days, as I’ve been pretty busy… modifying my kitchen worktop, due to the installation of a new induction cooktop ( not yet finished…! ) Thank you very much, Peter, for your valuable advice. You put me on the right direction ;-)) Of course, I read some articles on gpg software, from current documentation : https://gnupg.org/documentation/manuals/gnupg/ https://gnupg.org/documentation/manuals/gnupg/Option-Index.html#Option-Index And from the old documentation : https://www.gnupg.org/gph/en/manual/book1.html I also got some pieces of information from, these two sites : http://www.amssolarempire.com/Documents/GPGHowto3.htm http://irtfweb.ifa.hawaii.edu/~lockhart/gpg/ Finally, I found out some valuable information, about all these cryptographic notions, in chapters 2,4,24and25, of the complete pdf manual of Gpg4 Win ( the Windows-GUI version of gpg.exe ), below, that you may download :https://files.gpg4win.org/doc/gpg4win-compendium-en.pdf So, roughly, from what I understand : - 
A GPG certificate contents two parts : - 
A secretorprivatekey, which must be kept totally secret !
- 
A publickey, which should be totally public !
 
- 
- 
Encryption / Decryption process, based on the certificate of the recipient ( User B) :- 
User Acrypts a file with thepublickey part, of a certificate ofUser B( previously sent to User A, by User B )
- 
Later, User Bcan decrypts this file, with theprivatekey part of his own certificate (B)
 
- 
- 
Signing process, based on the certificate of the sender ( User A) :- 
User Acreates a signature of a file with theprivatekey part of his own certificate (A).
- 
Later, User Bcan authenticate this signature, with thepublic keypart of the certificate ofUser A( previously sent to User B, by User A )
 
- 
 
 Now, I’ll try to explain the different steps and GPG commands that I have used ! Sorry, because almost all output text is, partially, in French ;-)) I tried to translate the main messages. Peter, you omitted to mention the creation of a first key pair. But, as it’s needed to sign a key, I think it’s better to generate a key-pair first, anyway. - So I began, using the --gen-keycommand :
 >gpg --gen-key gpg (GnuPG) 2.2.15; Copyright (C) 2019 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Remarque : Utilisez « gpg --full-generate-key » pour une fenêtre de dialogue de génération de clef complète. GnuPG doit construire une identité pour identifier la clef. Nom réel : guy038 Adresse électronique : xxxx.xxx@gmail.com Vous avez sélectionné cette identité : « xxxxxx <xxxx.xxx@gmail.com> » Changer le (N)om, l'(A)dresse électronique ou (O)ui/(Q)uitter ? o De nombreux octets aléatoires doivent être générés. Vous devriez faire autre chose (taper au clavier, déplacer la souris, utiliser les disques) pendant la génération de nombres premiers ; cela donne au générateur de nombres aléatoires une meilleure chance d'obtenir suffisamment d'entropie. De nombreux octets aléatoires doivent être générés. Vous devriez faire autre chose (taper au clavier, déplacer la souris, utiliser les disques) pendant la génération de nombres premiers ; cela donne au générateur de nombres aléatoires une meilleure chance d'obtenir suffisamment d'entropie. gpg: clef 1B9616F3F01385D1 marquée de confiance ultime. gpg: répertoire « C:/Documents and Settings/Guy/Application Data/gnupg/openpgp-revocs.d » créé gpg: revocation certificate stored as 'C:/Documents and Settings/Guy/Application Data/gnupg/openpgp-revocs.d\245CFFF794538086A34E1E5B1B9616F3F01385D 1.rev' les clefs publique et secrète ont été créées et signées. pub rsa2048 2019-04-04 [SC] [expire : 2021-04-03] 245CFFF794538086A34E1E5B1B9616F3F01385D1 uid xxxxxx <xxxx.xxx@gmail.com> sub rsa2048 2019-04-04 [E] [expire : 2021-04-03]After entering yes, you’ll be asked to enter a “passphrase”. Be creative using more than 12characters, different case-letter, digits and symbols, based on a phrase relative to one event of your *life, for instance !Remark : I calculated that, with my 16-charschosen password, taken from the list of ASCII chars, except for the control chars, there are96 ^ 16 = 52,040,292,466,647,269,602,037,015,248,896possibilities. So, even if a computer could test10^12combinations per second ( or1,000computers could test10^9combinations per second ) , it would take52,040,292,466,647,269,602seconds or about1,650billion years to test all the possibilities !!After validating your “passphrase”, you’ll be asked to type on your keyboard or move the mouse around and click, in order to seed a random number for the key generating process ! After a while, I got the confirmation message “The public and secret keys have been created and signed”. A key size of 2048bytes has been used, by default.Note : I could have used the gpg --full-gen-keycommand, which, in addition, allows you to choose the key type and size, as described below :>gpg --full-gen-key gpg (GnuPG) 2.2.15; Copyright (C) 2019 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Sélectionnez le type de clef désiré : (1) RSA et RSA (par défaut) (2) DSA et Elgamal (3) DSA (signature seule) (4) RSA (signature seule) Quel est votre choix ? 1 les clefs RSA peuvent faire une taille comprise entre 1024 et 4096 bits. Quelle taille de clef désirez-vous ? (2048) 4096 La taille demandée est 4096 bits Veuillez indiquer le temps pendant lequel cette clef devrait être valable. 0 = la clef n'expire pas <n> = la clef expire dans n jours <n>w = la clef expire dans n semaines <n>m = la clef expire dans n mois <n>y = la clef expire dans n ans Pendant combien de temps la clef est-elle valable ? (0) 0 La clef n'expire pas du tout Est-ce correct ? (o/N) o GnuPG doit construire une identité pour identifier la clef. Nom réel : Smith001 Adresse électronique : ^C ... ...- Then, I imported the public key of Notepad++, with the command gpg --import
 >gpg --import nppGpgPub.asc gpg: clef 6C429F1D8D84F46E : clef publique « Notepad++ <don.h@free.fr> » importée gpg: Quantité totale traitée : 1 gpg: importées : 1- So, I verified the signature of my downloaded npp.7.6.5.bin.7zarchive, with the--verifycommand :
 >"C:\Program Files\gnupg\bin\gpg.exe" --verify npp.7.6.5.bin.7z.sig npp.7.6.5.bin.7z gpg: Signature faite le 03/30/19 20:40:08 Paris, Madrid gpg: avec la clef RSA 14BCE4362749B2B51F8C71226C429F1D8D84F46E gpg: Bonne signature de « Notepad++ <don.h@free.fr> » [inconnu] gpg: Attention : cette clef n'est pas certifiée avec une signature de confiance. gpg: Rien n'indique que la signature appartient à son propriétaire. Empreinte de clef principale : 14BC E436 2749 B2B5 1F8C 7122 6C42 9F1D 8D84 F46E In English : Good signature from « Notepad++ <don.h@free.fr> » [unknown] WARNING: This key is not certified with a trusted signature! There is no indication that the signature belongs to the owner.- Now, I tell GPG to trust the Notepad++ signature, from Don Ho, with the gpg --lsign-keycommand :
 >gpg --lsign-key 14BCE4362749B2B51F8C71226C429F1D8D84F46E pub rsa4096/6C429F1D8D84F46E créé : 2019-03-11 expire : 2021-03-11 utilisation : SC confiance : inconnu validité : inconnu sub rsa4096/C7295A84DFABBC55 créé : 2019-03-11 expire : 2021-03-11 utilisation : E [ inconnue] (1). Notepad++ <don.h@free.fr> pub rsa4096/6C429F1D8D84F46E créé : 2019-03-11 expire : 2021-03-11 utilisation : SC confiance : inconnu validité : inconnu Empreinte clef princip. : 14BC E436 2749 B2B5 1F8C 7122 6C42 9F1D 8D84 F46E Notepad++ <don.h@free.fr> Cette clef va expirer le 2021-03-11. Voulez-vous vraiment signer cette clef avec votre clef « xxxxxx <xxxx.xxx@gmail.com> » (1B9616F3F01385D1) La signature sera marquée comme non exportable. Voulez-vous vraiment signer ? (o/N) oIt asked me to confirm signing that key with my private key and answer that this signature is marked as non-exportable - Tring again to verify the signature of npp.7.6.5.bin.7z, with the--verifycommand, I got, this time :
 >"C:\Program Files\gnupg\bin\gpg.exe" --verify npp.7.6.5.bin.7z.sig npp.7.6.5.bin.7z gpg: Signature faite le 03/30/19 20:40:08 Paris, Madrid gpg: avec la clef RSA 14BCE4362749B2B51F8C71226C429F1D8D84F46E gpg: vérification de la base de confiance gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: profondeur : 0 valables : 1 signées : 1 confiance : 0 i., 0 n.d., 0 j., 0 m., 0 t., 1 u. gpg: profondeur : 1 valables : 1 signées : 0 confiance : 1 i., 0 n.d., 0 j., 0 m., 0 t., 0 u. gpg: la prochaine vérification de la base de confiance aura lieu le 2021-03-11 gpg: Bonne signature de « Notepad++ <don.h@free.fr> » [totale]- For information, I ran the --list-keys,--list-signaturesand--list-secret-keyscommands :
 >gpg --list-keys C:/Documents and Settings/Guy/Application Data/gnupg/pubring.kbx ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ pub rsa2048 2019-04-04 [SC] [expire : 2021-04-03] 245CFFF794538086A34E1E5B1B9616F3F01385D1 uid [ ultime ] xxxxxx <xxxx.xxx@gmail.com> sub rsa2048 2019-04-04 [E] [expire : 2021-04-03] pub rsa4096 2019-03-11 [SC] [expire : 2021-03-11] 14BCE4362749B2B51F8C71226C429F1D8D84F46E uid [ totale ] Notepad++ <don.h@free.fr> sub rsa4096 2019-03-11 [E] [expire : 2021-03-11] >gpg --list-signatures C:/Documents and Settings/Guy/Application Data/gnupg/pubring.kbx ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ pub rsa2048 2019-04-04 [SC] [expire : 2021-04-03] 245CFFF794538086A34E1E5B1B9616F3F01385D1 uid [ ultime ] xxxxxx <xxxx.xxx@gmail.com> sig 3 1B9616F3F01385D1 2019-04-04 xxxxxx <xxxx.xxx@gmail.com> sub rsa2048 2019-04-04 [E] [expire : 2021-04-03] sig 1B9616F3F01385D1 2019-04-04 xxxxxx <xxxx.xxx@gmail.com> pub rsa4096 2019-03-11 [SC] [expire : 2021-03-11] 14BCE4362749B2B51F8C71226C429F1D8D84F46E uid [ totale ] Notepad++ <don.h@free.fr> sig 3 6C429F1D8D84F46E 2019-03-11 Notepad++ <don.h@free.fr> sig L 1B9616F3F01385D1 2019-04-04 xxxxxx <xxxx.xxx@gmail.com> sub rsa4096 2019-03-11 [E] [expire : 2021-03-11] sig 6C429F1D8D84F46E 2019-03-11 Notepad++ <don.h@free.fr> >gpg --list-secret-keys C:/Documents and Settings/Guy/Application Data/gnupg/pubring.kbx ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sec rsa2048 2019-04-04 [SC] [expire : 2021-04-03] 245CFFF794538086A34E1E5B1B9616F3F01385D1 uid [ ultime ] xxxxxx <xxxx.xxx@gmail.com> ssb rsa2048 2019-04-04 [E] [expire : 2021-04-03]- Then I tried to export my public key to a plain text file with the --exportcommand and the-aoption ( I’ll have to send it to users to enable them to send me back some encrypted messages or files ! )
 >gpg --export -a "guy038" > guy038GpgPub.asc C:\Program Files\gnupg\bin (22:17:36) >type guy038GpgPub.asc -----BEGIN PGP PUBLIC KEY BLOCK----- mQENBFyl+4gBCACXFnrTr5On/3RoANq0UY41UoTzUpyiCbknPcpbMzIWwGQdJUz3 3Xm+jLzK6WZiiZL/9WzfSzTl5iFmH+x/jASbb4X80q8+XpWneKC3hqh+awqBmUT5 JBgABJxijdj5PVCKMKQsDgf0mLgah1Jax7Im/4Ydvc3EkgoWXSNcUVrFtlh4tC+U FYeFay1mSLUjAxEgQ7XYom91GtxhMiO5dgTo5x8/4Dw8KGSMefnsV2OQI9vUld2H VLbjCa013MB/4wD3y1QESyFooDZUMeyzXg/zL67XqLf14LPwS0fkcy/PcsdGWtiz a5QGk4Me5rfgzQxVSO8Df6cXBnl0MvcGjCZXABEBAAG0G2d1eTAzOCA8dGd1eS4w MzhAZ21haWwuY29tPokBVAQTAQgAPhYhBCRc//eUU4CGo04eWxuWFvPwE4XRBQJc pfuIAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEBuWFvPwE4XR s5IH/R2p2A2RdPf6314uVQSlG6GoXrzv8OBn4oepc7QksVUAFmKJcQjqIfiKEa3a GV5p4X6GdJVa1BE5LuaGtveSifrhJCm7ABIWGn4K+Tq5IhEg+S2ZZs0d2mKDM0Tm I6Ph9TLJ0qxYWfV5um/pyVZlTF8E0NafaL6ZkFMWAeCwCOa42pk/SVnX7s6hI9Np wLk01mxBSnMv32nNPWrMke7TIdd4tEZFTl16hd9Dkl+ypH9fUSiMuW7g8oHBu6R5 MfYtzm9ti1/cA8tD0ID9yU5hWDV1jmqeiPQaH/MuXt5YCYwJaIQLvEpnoEDz/X5Z 2v00QBRCDRUlGbJVaUVbsSKraEy5AQ0EXKX7iAEIANW3k2JOxwE80wkZsPfPhbaL sLXn2bNPiHYdwLm9MMEMhpgRvXDLPNsFILEyYEerCA+Xu+X9N1ONq58p2Qh0r2Cs p/7utRYbyQUIAMcvUtt5DMQVaiopIeG9AIw7y8rPFfSSTQXUNBGQeykuVRFKATPt ny1XlPDURp6P78eixUrLTVuecMeDqLQapT8F0mvePPKNerAWVLm5lhsyMLBxnybK DtnDE3rXj8UknLx77SyBRwKQ05IWw4gtv7FYDRrGvac1M8hkXQBPdwu5RO2meAgc ZMMEGIvTXZoZdpqFtV6V/bGnNVE5eUibwdefxPcNBqLSjLOqi10OGdCDkItOQZEA EQEAAYkBPAQYAQgAJhYhBCRc//eUU4CGo04eWxuWFvPwE4XRBQJcpfuIAhsMBQkD wmcAAAoJEBuWFvPwE4XRshUH/21+qFp7b2vGjlbQCu9U3sd93F8/wzBEfXpKpqTl QMuGQ84e5T2rN7TT/boHlFtBDsBP5YjDI9jTbp7KH4ReKnP/TRY1hnafovqVr00I rp9S0EX0ac0zxk+8LUNmf5MwoBqDgOSsd66oNfJWjQwm09OQpg+qsbZTn/Ho0i1n b77Rde/bipf+ayzW/+6o2dJMfGFJYHQMoeEFj1QO0TFW2NnGk+0P/TUR7UWzubRQ gyF7YxXe7uI5AQjJSsgP26LxbHxoiOKmVcZj1dZOjUNNFG9SFY1iR8QGIo/KCVe3 tQVT9B0+RwsPzkRDNM4mHXkbYEPl4eSxtqTuxQ2jaPqYGQU= =tVgX -----END PGP PUBLIC KEY BLOCK-----Remarks - 
This is just an example ! Do not paste it for further use, as I will change my certificate, very soon ! 
- 
If, the -aoption is absent, the public key will be outputted as a binary file :
 >gpg --export "guy038" > guy038GpgPub.gpg C:\Program Files\gnupg\bin (23:28:24) >type guy038GpgPub.gpg ♦\ѹ ù▬zË»ôº th ┌┤QÄ5Rä¾R£ó ╣'=╩[32▬└d↔%L¸¦y¥î╝╩ÚfbëÆ §l▀K4Õµ!f▼ý⌂î♦øoà³Ê»>^òºxáÀå¿~k üÖD¨$↑ ♦£bìϨ=Pè0ñ,♫¶ÿ© C:\Program Files\gnupg\bin (23:30:47)More in the next post ! guy038 
- 
- 
 Hi, @peterjones, @meta-chuh and All, At this point I asked myself about the encryption/decryption processes : The general GPG commands to encrypt /decrypt a file, named <File.ext>, are :- 
To encrypt : gpg [ -a ] [ -u <Sender User Name> ] -r <Receiver User Name> [ -o <Output File> ] -e <File.ext>
- 
To decrypt : gpg [ -u <Sender User Name> ] -o <Output File> -d <File.ext.gpg> | <File.ext.asc>
 In case you’re paranoid and you want to encrypt/decrypt your OWN files : - 
During encryption : - 
As you choose yourself as a recipient, the option -rshould be-r <Your User Name>and the-uoption is not necessary
- 
The -ooption is optional. In that case, the default output file is ( idem for signing ) :- 
<File.ext.gpg>in case of an encryption of a binary file ( without the-aoption )
- 
<File.ext.asc>in case of an encryption of a text file ( with the-aoption )
 
- 
 
- 
- 
During decryption : - 
The -u <Sender User Name>option is generally useless as your right private key, in order to decrypt, should be chosen automatically !
- 
Then, GPG will ask you for the “passphrase” of your according certificate 
- 
Note that the -ooption is mandatory, otherwise the binary/text file is dumped to the standard output !
 
- 
 To that purpose, I used the well-known binary file sol.exe( The Window Solitaire card game ! ) and a simple text file, namedTest.txt, containing the line----- This is a test --------, surrounded with two line-breaksSo : - To encrypt the binary file sol.exein a file, namedencrypted.exe, use the-ecommand with-ooption :
 >gpg -r guy038 -o encrypted.exe -e sol.exe C:\Program Files\gnupg\bin ( 0:37:07) >type encrypted.exe à☺♀♥ÇÕ╬øâ-Õ Ö↓tü►m ♦¸O@ö-Q█ÀAa=╔ÄÙ¨C/X¿╩Ðyf♥▄c▬î┬÷┐kÕ ºÝ¼¢Râ³░╣╝¤µ╚↕äa;û/¹)y╣¶Uhy▀ɺ╠±-áÎ\┐┘O&·BV¨8♫♀‗á↑║│c©Ø╬┌uä└= *QÙ4ê?éIÓh;:O├óÿ9õåN¨è`mÙ+╝╔1¥=9Q╝ñ:!±7█┘¶-↨f♣░╣I═←orq*ïÇ┤♀ÐÛ²eì┌- To encrypt the binary file sol.exein a file, with default namesol.exe.gpg, use the-ecommand, without-ooption :
 >gpg -r guy038 -e sol.exe C:\Program Files\gnupg\bin ( 0:40:20) >type sol.exe.gpg à☺♀♥ÇÕ╬øâ-Õ╩☺ mI¡ÔØt↓├¤«☺do Ô·¶◄£Ï^R╩Õ³©R½░J└pV C:\Program Files\gnupg\bin ( 0:40:36)- To decrypt the encrypted.exefile and create the decrypted file, namedsol_bis.exe, use the-dcommand and the-ooption :
 >gpg -u guy038 -o sol_bis.exe -d encrypted.exe gpg: chiffré avec une clef RSA de 2048 bits, identifiant 80E5CE9B832DE5CA, créée le 2019-04-04 « xxxxxx <xxxx.xxx@gmail.com> » C:\Program Files\gnupg\bin ( 0:51:10) >fc sol.exe sol_bis.exe Comparaison des fichiers sol.exe et SOL_BIS.EXE FC : aucune différence trouvéeThe DOS fccommand ( File Compare ) confirms thatno difference foundbetween the originalsol.exeand the decrypted filesol_bis.exe- To decrypt the sol.exe.gpgfile and create the decrypted file, namedsol_ter.exe, use the-dcommand and the-ooption :
 >gpg -u guy038 -o sol_ter.exe -d sol.exe.gpg gpg: chiffré avec une clef RSA de 2048 bits, identifiant 80E5CE9B832DE5CA, créée le 2019-04-04 « xxxxxx <xxxx.xxx@gmail.com> » C:\Program Files\gnupg\bin ( 0:56:16) >fc sol.exe sol_ter.exe Comparaison des fichiers sol.exe et SOL_TER.EXE FC : aucune différence trouvéeAgain, the DOS fccommand confirms that the filessol.exeandsol_ter.exeare strictly identical !- To encrypt the text file test.txtin a file, namedencrypted.txt, use the-ecommand with-aand-ooptions :
 >gpg -a -r guy038 -o encrypted.txt -e test.txt C:\Program Files\gnupg\bin ( 1:00:00) >type encrypted.txt -----BEGIN PGP MESSAGE----- hQEMA4DlzpuDLeXKAQf/TbCa25cxoNZAm5BKEZ0x9CFgImUx4ch27C94N6MeOcHw OA2zlMj9XsS7X81qhFv+j10zg14AV03UFvSkmUj361Lav5L+hwW1lfe6p6lOjMP0 VbIolo6vc+/MZS3QhE6wwCGyr69FMFD7PFFjCSbMqGtrysn6x+RwHBtV1drnHYu/ nf+D4/aHuIFFdjSHdqopE5fUWlfMQkCcDrfTUkqTMhFcqwD/uT8CuflRkozjj6OY 6icJm/azcog1kJ5sSHEfCPCSMDUYchMUGC/Kbk38wQc0W9F6ErkfaIKk5hQcQM6V q6OauTsg2TDD2I2Bq/kWE+SNUEcW4gxmGbX1HE0qgNJYAb0dZ0k0gupCneuEWBRh bzcwDBFKEwcyONk6oKLgYFPhBXcmImiSGSB9FVPDGJ+nh1Kx7cbAoTLsMbFEDPEx Gz4i87sacXGb4t8uFB0p208ASVK8vTuruw== =T62g -----END PGP MESSAGE------ To encrypt the text file test.txtin a file, with default nametest.txt.asc, use the-ecommand with the-aoption, and without the-ooption :
 >gpg -a -r guy038 -e test.txt C:\Program Files\gnupg\bin ( 1:04:55) >type test.txt.asc -----BEGIN PGP MESSAGE----- hQEMA4DlzpuDLeXKAQf+KQ17Vtom6Ln4nsv1S4HbCaKIuIZLkJAuopxtXMGT3ThS 0DESEcj/nNjZFUUuSGmOXalQeOw4/EVjFPeCrLqLiNXoazwZsy0UMqw3BYbvH4Yi 77UenaOYhEzmoUX+9Y5DsHZSkoUpmcTzZmdgDuypiwMg7AQwu7v/NJwK1Vkg4g1n koXApV0843NjQoC7zJyK76E1PN/TegJwH1IQ2nWJeaAsdF0h9c1Xgidk1wlBOzb1 CkSZZONRYbVS0d06hWBZqep70TdEseVq2Pt1g06dXBJRTN1sVSncotZG35eGVycV FCTmnsGd12bNONIkB6GXtEYjpRSULPHMxNvLLxyk1tJYAcdjEtx55SzMzq2tb4Vq 4o4DPaBZmV4RyqT36DC6IzHRjEwJbpxZGJBniaN9m0C9V6gGL1gtSVxb1zuO/jAv /3yDqsJHEAyqOhJYiSbbsOeqkD/8DEztYg== =aUbu -----END PGP MESSAGE------ To decrypt the encrypted.txtfile and create the decrypted file, namedTest_bis.txt, use the-dcommand and the-ooption :
 >gpg -u guy038 -o Test_bis.txt -d encrypted.txt gpg: chiffré avec une clef RSA de 2048 bits, identifiant 80E5CE9B832DE5CA, créée le 2019-04-04 « xxxxxx <xxxx.xxx@gmail.com> » C:\Program Files\gnupg\bin ( 1:40:53) >fc test.txt Test_bis.txt Comparaison des fichiers test.txt et TEST_BIS.TXT FC : aucune différence trouvéeAgain, the files test.txtandTest_bis.txtare identical- To decrypt the test.txt.ascfile and create the decrypted file, namedTest_ter.txt, use the-dcommand and the-ooption :
 >gpg -u guy038 -o Test_ter.txt -d test.txt.asc gpg: chiffré avec une clef RSA de 2048 bits, identifiant 80E5CE9B832DE5CA, créée le 2019-04-04 « xxxxxx <xxxx.xxx@gmail.com> » C:\Program Files\gnupg\bin ( 1:57:15) >fc test.txt Test_ter.txt Comparaison des fichiers test.txt et TEST_TER.TXT FC : aucune différence trouvéeAgain, the files test.txtandTest_ter.txtare identical
 Finally, I tried to test the signing process, but… I’m not so confident about what I’ve found out, below :-(( - To sign the sol.exeprogram, use the-scommand and the-ooption :
 >gpg -u guy.038 -o sol.exe.sig -s sol.exe C:\Program Files\gnupg\bin (14:58:59) >type sol.exe.sig ú☺ý╣♂XTÕ÷8╝å↓`Èü↓§♀‼ì¶O¶ÛAG:↕Y ♀Ä):82â) 8l÷8XÇÏH9mº¼Ë═Äòfv:ı´dùôf7♠¿Ö¿®®§ÜÍãí─←óó¹[Ù¦3Ç&þ£´{×´ ³ ▀¾mX¾ÌÍ{[´zÎÝ]↓ñ♦ÁbðK♥╬À÷»nT³OSð#üÑEàú‗╩‗f µÁ☼▓·tV×^0ÎF}{Z½╔ 0Eíä¬e§±¥║&ð*·(☻☺▓░P)ÎUgÒÅ♫íÿ§§,´ÓÅY☻Uþê◄ÅõEöÏ↨F¶,îH×fÄXPöø7*(¿wñwîó)☺│úG┌┤¦ß▲äãÓ(ûFÅ,ðZX¨QÝ}ÿ~◄<Æıƒ F┤G☻§È\┼ îh:╣?t&ý;└'öALx╝gÜF¶ Åö╚└I▀±Nó÷Ù↓o¶ƒWãSÜÚ]►ÝUu#N♦└£Q╣9|♫µW►3ðÌi╠Gn─K ¿↓URZ2↨╝{á¢ö#õ■☺/ß█1ı±F╠´┴ÈýMþ`J§♂╝eªJ}u³‼Ì·§ÿÄ╣^◄ JÀ▒▬ö.Ü[┬Å╩-,ä─dKóiÆ~♀+L6Lƒj S|¿IËRôf°3← Õû#Ä╝AG∟ºç▲q∟- Oddly, to check the signature, with the --verifycommand, gives :
 >gpg --verify sol.exe.sig sol.exe gpg: la signature n'est pas détachéei.e. In English, the message gpg: the signature is not detached- But to check and extract the original document, from sol.exe.sig, use the-dcommand and the-ooption :
 >gpg -u guy038 -o sol_4th.exe -d sol.exe.sig gpg: Signature faite le 04/06/19 14:58:15 Paris, Madrid (heure d'ÚtÚ) gpg: avec la clef RSA 245CFFF794538086A34E1E5B1B9616F3F01385D1 gpg: issuer "xxxx.xxx@gmail.com" gpg: Bonne signature de « xxxxxx <xxxx.xxx@gmail.com> » [ultime] C:\Program Files\gnupg\bin (15:06:02) >fc sol.exe sol_4th.exe Comparaison des fichiers sol.exe et SOL_4TH.EXE FC : aucune différence trouvéeOnce more time, the files sol.exeandsol_4th.exeare identicalRemark : @peterjones, I don’t understand something, yet :-(( From what it is said, just before the Clearsigned Documents section, of that article, below : https://www.gnupg.org/gph/en/manual/x135.html Given a signed document, you can either check the signature or check the signature and recover the original document. To check the signature use the --verify option. To verify the signature and extract the document use the --decrypt option. The signed document to verify and recover is input and the recovered document is output. In that case, the command gpg -u guy038 -o Test.7z -d npp.7.6.5.bin.7z.sigshould verify the signature and recover the original archive, in theTest.7zfile, in the same way it did, with the commandgpg -u guy038 -o sol_4th.exe -d sol.exe.sig, above !. However, this does not work as theTest.7zfile is not created. It just says :>"c:\Program Files"\gnupg\bin\gpg -u guy038 -o Test.7z -d npp.7.6.5.bin.7z.sig gpg: les données signées sont supposées être dans « npp.7.6.5.bin.7z » gpg: Signature faite le 03/30/19 20:40:08 Paris, Madrid gpg: avec la clef RSA 14BCE4362749B2B51F8C71226C429F1D8D84F46E gpg: Bonne signature de « Notepad++ <don.h@free.fr> » [totale]i.e. in English language : >"c:\Program Files"\gnupg\bin\gpg -u guy038 -o Test.7z -d npp.7.6.5.bin.7z.sig gpg: the signed data are supposed to be in « npp.7.6.5.bin.7z » gpg: Signature made on 03/30/19 20:40:08 Paris, Madrid gpg: With key RSA 14BCE4362749B2B51F8C71226C429F1D8D84F46E gpg: Good signature from « Notepad++ <don.h@free.fr> » [full]Why ??? May be it’s because that old documentation ( from 1999 ) is really obsolete ! - To sign the sol.exeprogram and create a signature, with default namesol.exe.gpg, use the-scommand, without the-ooption :
 >gpg -u guy.038 -s sol.exe C:\Program Files\gnupg\bin (15:13:44) >type sol.exe.gpg ú☺ý╣♂XTÕ÷8╝å↓`Èü↓§♀‼ì¶O¶ÛAG:↕Y ♀Ä):82â) 8l÷8XÇÏH9mº¼Ë═Äòfv:ı´dùôf7♠¿Ö¿®®§ÜÍãí─←óó¹[Ù¦3Ç&þ£´{×´ ³ ▀¾mX¾ÌÍ{[´zÎÝ]↓ñ♦ÁbðK♥╬À÷»nT³OSð#üŶõÄ╩+╦ø ²╬·3®☼»♦% ¿►$ `‼╚_☻³þO¥cs0|ÊÙø;7)ª|sþ♀[AiDqIÐ╝Æ£♣◄ss▬.,Ô#▲╔ï(▒/î(X↑æ<═∟▒á(7oTPP´H´↑ES☻fGÅ┤i╗├ì┴Q,ì▲YáÁ░‗ú┌¹0²"x$½?←╠k▼d§Ú¼<¢`«ì·÷┤Vô☺`èB U╦*Ô }uMáU¶Q♦☻daíR«½╬ã▼↔B1+*XÌ☼└▼│♦¬╬◄§îhÅ♦*¿╣è§↑Ðtr⌂ÞLÏw°◄ÇO(âÿx¤4ìÞ►■▼)☼Éüô¥ÒØDÝÎ3Ì(>»îº4Ë╗ ┌½ÛFÇ9úrs°∟╠» fá¢ËÿÅ▄êù P3¬ñ┤d.x¸@{)G╚²♥^┬Àc¬Òìÿ▀â®┘ø╬┴öÛ↨ x╦♫Lò·Û°'╝§+0↔s¢"■ònc-(]4Àä▼ò[ë╔ûDË$²↑Vÿlÿ>ı0┼[ÿÿý½N7←ª{│IëËô═,g6 C:\Program Files\gnupg\bin (15:20:31)- To check and extract the original document, from sol.exe.gpg, use the-dcommand and the-ooption :
 >gpg -u guy038 -o sol_5th.exe -d sol.exe.gpg gpg: Signature faite le 04/06/19 15:13:19 Paris, Madrid (heure d'ÚtÚ) gpg: avec la clef RSA 245CFFF794538086A34E1E5B1B9616F3F01385D1 gpg: issuer "xxxx.xxx@gmail.com" gpg: Bonne signature de « xxxxxx <xxxx.xxx@gmail.com> » [ultime] C:\Program Files\gnupg\bin (15:31:54) >fc sol.exe sol_5th.exe Comparaison des fichiers sol.exe et SOL_5TH.EXE FC : aucune différence trouvéeFor the last time, the comparison of the files sol.exeandsol_5th.exeare identicalBest Regards, guy038 P.S. : Peter, I would like to re-create my key-pair, with a size of 4096bytes ( instead of2048) I suppose that the best way is to delete my present key-pair and generate a new key-pair, afterwards, isn’t it ? So, from the manual, I would have to use, first, one of these three commands, below :--delete-keys name Remove key from the public keyring. In batch mode either --yes is required or the key must be specified by fingerprint. This is a safeguard against accidental deletion of multiple keys. --delete-secret-keys name Remove key from the secret keyring. In batch mode the key must be specified by fingerprint. The option --yes can be used to advice gpg-agent not to request a confirmation. This extra pre-caution is done because gpg can’t be sure that the secret key (as controlled by gpg-agent) is only used for the given OpenPGP public key. --delete-secret-and-public-key name Same as --delete-key, but if a secret key exists, it will be removed first. In batch mode the key must be specified by fingerprint. The option --yes can be used to advice gpg-agent not to request a confirmation.
- 
- 
 due to the installation of a new induction cooktop ( not yet finished…! ) off topic: i hope it’s not one of those types, where you have touch controls on top of the cooktop. nowadays the majority of cooktops are this utterly birdbrained kind, and i really hate this, as i would always move some pan or pot on top of it, causing emergency switch offs of all 4-6 cooking plates. (worse on some models with built in multi timer, doing a complete multi-timer reset after shutdown) i think those cooktop types are about the only thing, which can cause that i lose my temper completely ! 😂😂😂 
 especially if i burn my fingers, touching the controls that are now super-heated by a pan, because on almost all models, the touch controls would not even react to are-switch-on to salvage the dinnerattempt, if i touch the controls through a cloth or glove. 😤😤😤on topic: kudos and thank you so much for digging into this matter so incredibly quick, as well as for sharing the learning in progress while doing so. 
 i think it helps everyone like me, to get up to date on that, as it is written not assuming any non written or linked prerequisite of knowledge beforehand, and we have a good reference topic for the future. 👍
- 
 Hi, @meta-chuh, Thanks for your kind words ! But the most incredible thing is that my new induction cooktop is fully installed and functional ;-)) … … Without any burned fingers ! By the way, a simple first try just showed us that cooking is rather quick and requires less energy than our old vitro-ceramic cooktop ;-)) BR guy038 
- 
 now completely off topic: 👨🍳🍳 
 (my apologies to all readers, the following is perhaps triggered by me skipping dinner today)a simple first try just showed us that cooking is rather quick and requires less energy than our old vitro-ceramic cooktop ;-)) yes, induction is definitively the closest you can get to gas speed. 
 do you have knobs or front control, or does it have top touch controls on the glass ?i ask because i’m planning to get a new one with at least one extendable oval or “rectangular” field, but i’m so stubbornly old school, that i refuse anything that doesn’t have a knob i can turn at the front, or any other kind of simulated analog control … i even get a personal crisis if i have to use a microwave oven that has a numeric keyboard, and not just a mechanical time knob which hits a real metal bell when it reaches zero 😉 hmmmmmh … now that i said that, i’m wondering if i.t. was the right choice of job for me 😂 
- 
 Hey, guys, we’re talking about serious things but completely off topic :-)) So, @meta-chuh, here is my new induction cooktop : Sauter reference SPI4664B: It has 3burners ( 1 of2200Won the front right corner, 1 of3100W, on the rear right corner and 1 of5000W, on all the left part : the oval / rectangular field, that you spoke of ). Unfortunately, NO knob at all and, as you said, only top touch controls on the vitro-ceramic glass. Power is adjustable from1to14, along with the “Boost” position, the strongest and the possibility of a timer, between1and99minutes.Initially, I thought that Sauter was a Swiss enterprise, but, from some sources, that seems rather a French mark ? Now, It’s up to you ! In a couple of weeks, I could tell you if this product mostly satisfy us :-)) BR guy038 P.S. : Note that the indicated powers are the maximum values, rarely reached. For instance, with the 3burners on, at medium position, it consumed about4800Wonly !
- 
 Hi, @peterjones, I’m getting serious again :-)) In a post, above, I asked you about the fact that the GPG command gpg -u guy038 -o Test.7z -d npp.7.6.5.bin.7z.sigdoes not create aTest.7zarchive, identical to thenpp.7.6.5.bin.7zarchiveWhereas the previous GPG command gpg -u guy038 -o sol_4th.exe -d sol.exe.sigworks nice and create a decrypted executable, identical to the originalSol.exeprogramI think that’s this behavior is quite logic : Firstly, I used my private part of my own certificate in order to sign the sol.exeprogram and create the signaturesol.exe.sigSecondly, I used my private key, again, to decrypt the sol.exe.sigsignature and get an identical executable file
 Now, when Don HO created the npp.7.6.5.bin.7z.sigsignature, and all the others, he used his own private key. So, now, I cannot decrypt thenpp.7.6.5.bin.7z.sigsignature, because I would use my private key and not Don’s private one !In other words, Don must be the ONLY person which could be able to recover the original .7zarchive in theTest.7zfile , from thenpp.7.6.5.bin.7z.sigsignature, with the command :gpg -u Notepad++ -o Test.7z -d npp.7.6.5.bin.7z.sig, because he would use the private key of his certificate ! Peter, am I right about it ?BR guy038 
- 
 Sorry about the delay. I had a busy family weekend this weekend. @guy038 said: I would like to re-create my key-pair, with a size of 4096 bytes ( instead of 2048 ) I suppose that the best way is to delete my present key-pair and generate a new key-pair, afterwards, isn’t it ? Yes. In other words, Don must be the ONLY person which could be able to recover the original .7z archive in the Test.7z file , from the npp.7.6.5.bin.7z.sig signature, with the command : gpg -u Notepad++ -o Test.7z -d npp.7.6.5.bin.7z.sig, because he would use the private key of his certificate ! Peter, am I right about it ? Not quite. A signature is a one-way hash: you can take a file, and easily create the signature of the file; however, it is impossible to go the reverse direction. For example, if I were to sign my copy of the gpg.exe, I would see: C:\Program Files (x86)\GnuPG\bin>gpg --detach gpg.exe C:\Program Files (x86)\GnuPG\bin>ls -latr gpg.exe* -rwxrwxrwx 1 Peter.Jones 0 1122816 2018-11-12 03:52 gpg.exe -rw-rw-rw- 1 Peter.Jones 0 566 2019-04-08 06:05 gpg.exe.sigThere aren’t any compression algorithms that I know of that are good enough to encrypt-and-compress a 1.1MB gpg.exeinto 566 bytes ofgpg.exe.sig.All you can do with the signature for a file is (1) verify that the file matches the signature, and (2) that the person who claimed to sign it is the one who signed it (based on whether the public key matches what’s in your keyring). I think one of the confusions is that there are three different kinds of “signing” for files: Commands: -s, --sign make a signature --clear-sign make a clear text signature -b, --detach-sign make a detached signature- The --sign(-s) creates an output file that includes the original file, plus your signature of that file. For example, in signing the standard-input as the input file:
 C:\Program Files (x86)\GnuPG\bin>gpg -a --sign hello world ^Z -----BEGIN PGP MESSAGE----- owEBWgKl/ZANAwAIAa7S8NjBGc6nAcsTYgBcq0qBaGVsbG8gd29ybGQNCokCMwQA ... -----END PGP MESSAGE------ The --clear-signwill do the same, but it will include the message in plain text, rather than encoded in the base-64 message, like:
 C:\Program Files (x86)\GnuPG\bin>gpg -a --clear-sign hello world ^Z -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 hello world -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEUi8A41Z69RBzWhJIrtLw2MEZzqcFAlyrSs0ACgkQrtLw2MEZ ... -----END PGP SIGNATURE------ Finally, --detach-sign(-b) creates a file that has only the signature, without the original file embedded. This is as my example above, with the signature forgpg.exebeing only 566 bytes
 (in the examples above, I used the -ato “ascii-armor” the results, so the signatures were printable on the screen)When a software distributor has available for download the original file blah.zip, alongside another file calledblah.zip.sig, the.sigfile is usually the detached signature created by--detach-sign, so does not contain the original file as well.If you want a copy of the file that has the signature embedded in the archive, you would use just the --signargument: without the-aascii-armoring, it will go inblah.zip.gpg; with the-aascii-armoring, it would go inblah.zip.asc.Maybe this series of examples will make more sense: ---- Directory of C:\Users\PETER~1.JON\AppData\Local\Temp\gpg-example 04/08/2019 06:37 AM <DIR> . 04/08/2019 06:37 AM <DIR> .. 04/08/2019 06:36 AM 52,087 Temp.zip 1 File(s) 52,087 bytes 2 Dir(s) 110,105,284,608 bytes free C:\Users\PETER~1.JON\AppData\Local\Temp\gpg-example>gpg --sign Temp.zip C:\Users\PETER~1.JON\AppData\Local\Temp\gpg-example>dir Volume in drive C is Windows Directory of C:\Users\PETER~1.JON\AppData\Local\Temp\gpg-example 04/08/2019 06:37 AM <DIR> . 04/08/2019 06:37 AM <DIR> .. 04/08/2019 06:36 AM 52,087 Temp.zip 04/08/2019 06:37 AM 49,525 Temp.zip.gpg 2 File(s) 101,612 bytes 2 Dir(s) 110,105,165,824 bytes free C:\Users\PETER~1.JON\AppData\Local\Temp\gpg-example>gpg -o NewTemp.zip --decrypt Temp.zip.gpg gpg: Signature made 04/08/19 06:37:27 Pacific Daylight Time gpg: using RSA key ZZZ___WORK_SIG___ZZZ gpg: Good signature from "Peter C. Jones <peter.jones@__work__>" [ultimate] gpg: aka "Peter C. Jones <peter.jones@__work__>" [ultimate] C:\Users\PETER~1.JON\AppData\Local\Temp\gpg-example>dir Volume in drive C is Windows Directory of C:\Users\PETER~1.JON\AppData\Local\Temp\gpg-example 04/08/2019 06:37 AM <DIR> . 04/08/2019 06:37 AM <DIR> .. 04/08/2019 06:37 AM 52,087 NewTemp.zip 04/08/2019 06:36 AM 52,087 Temp.zip 04/08/2019 06:37 AM 49,525 Temp.zip.gpg 3 File(s) 153,699 bytes 2 Dir(s) 110,105,092,096 bytes free C:\Users\PETER~1.JON\AppData\Local\Temp\gpg-example>fc Temp.zip NewTemp.zip Comparing files Temp.zip and NEWTEMP.ZIP FC: no differences encountered C:\Users\PETER~1.JON\AppData\Local\Temp\gpg-example>del Temp.zip.gpg NewTemp.zip C:\Users\PETER~1.JON\AppData\Local\Temp\gpg-example>gpg --detach-sign Temp.zip C:\Users\PETER~1.JON\AppData\Local\Temp\gpg-example>dir Volume in drive C is Windows Directory of C:\Users\PETER~1.JON\AppData\Local\Temp\gpg-example 04/08/2019 06:39 AM <DIR> . 04/08/2019 06:39 AM <DIR> .. 04/08/2019 06:36 AM 52,087 Temp.zip 04/08/2019 06:39 AM 566 Temp.zip.sig 2 File(s) 52,653 bytes 2 Dir(s) 110,105,157,632 bytes free C:\Users\PETER~1.JON\AppData\Local\Temp\gpg-example>gpg --verify Temp.zip.sig gpg: assuming signed data in 'Temp.zip' gpg: Signature made 04/08/19 06:39:03 Pacific Daylight Time gpg: using RSA key ZZZ___WORK_SIG___ZZZ gpg: Good signature from "Peter C. Jones <peter.jones@__work__>" [ultimate] gpg: aka "Peter C. Jones <peter.jones@__work__>" [ultimate] C:\Users\PETER~1.JON\AppData\Local\Temp\gpg-example>dir Volume in drive C is Windows Directory of C:\Users\PETER~1.JON\AppData\Local\Temp\gpg-example 04/08/2019 06:39 AM <DIR> . 04/08/2019 06:39 AM <DIR> .. 04/08/2019 06:36 AM 52,087 Temp.zip 04/08/2019 06:39 AM 566 Temp.zip.sig 2 File(s) 52,653 bytes 2 Dir(s) 110,105,157,632 bytes free C:\Users\PETER~1.JON\AppData\Local\Temp\gpg-example>gpg -o OutTemp.zip --decrypt Temp.zip.sig gpg: assuming signed data in 'Temp.zip' gpg: Signature made 04/08/19 06:39:03 Pacific Daylight Time gpg: using RSA key ZZZ___WORK_SIG___ZZZ gpg: Good signature from "Peter C. Jones <peter.jones@__work__>" [ultimate] gpg: aka "Peter C. Jones <peter.jones@__work__>" [ultimate] C:\Users\PETER~1.JON\AppData\Local\Temp\gpg-example>dir Volume in drive C is Windows Directory of C:\Users\PETER~1.JON\AppData\Local\Temp\gpg-example 04/08/2019 06:39 AM <DIR> . 04/08/2019 06:39 AM <DIR> .. 04/08/2019 06:36 AM 52,087 Temp.zip 04/08/2019 06:39 AM 566 Temp.zip.sig 2 File(s) 52,653 bytes 2 Dir(s) 110,105,100,288 bytes free
- The 

