Information Classification: ll Limited Access
Hi Spencer, hope these info can help:
1. Create the new IFS link if doesn't exist:
CALL QP2TERM
mkdir /MyLink/GnuPG
mkdir /MyLink/GnuPG/KeysToBeImported
Assuming you have already created the public/private key pair set into iSeries /MyLink/GnuPG
Add a counterparty Key for encrypt files
1. Copy and Past using WinSCP or binary FTP the public key sent by the counterparty (this can be received by e-mail) into /MyLink/GnuPG/KeysToBeImported folder.
E.g. XXX_2018_pub.asc
Note: the default for the key is with extension .asc
2. Connect to the iSeries using PuTTY. (or CALL QP2TERM)
3. Enter the following to set the correct PATH:
PATH=$PATH:/QOpenSys/usr/local/bin
4. Enter the following to set the HOME dir
HOME=/MyLink/GnuPG
5. In order to import the key enter the following commands:
gpg --homedir /MyLink/GnuPG/.gnupg --import /MyLink/GnuPG/KeysToBeImported/XXX_2018_pub.asc
gpg: key AC71AE52: public key "XXX <PGPAdministrator@xxxxxxxx>" imported
6. Trust and validate the key in order to use it without any confirmation. Enter commands:
gpg --homedir /MyLink/GnuPG/.gnupg --edit-key SSC
pub 4096R/AC71AE52 created: 2014-07-11 expires: never usage: CS
trust: unknown validity: unknown
sub 4096R/ABF51EB2 created: 2014-07-11 expires: never usage: E
[ unknown] (1). XXX <PGPAdministrator@xxxxxxxx>
Command> trust
pub 4096R/AC71AE52 created: 2014-07-11 expires: never usage: CS
trust: unknown validity: unknown
sub 4096R/ABF51EB2 created: 2014-07-11 expires: never usage: E
[ unknown] (1). XXX <PGPAdministrator@xxxxxxxx>
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
pub 4096R/AC71AE52 created: 2014-07-11 expires: never usage: CS
trust: ultimate validity: unknown
sub 4096R/ABF51EB2 created: 2014-07-11 expires: never usage: E
[ unknown] (1). XXX <PGPAdministrator@xxxxxxxx>
Command> check
uid XXX <PGPAdministrator@xxxxxxxx>
sig! N AC71AE52 2014-07-11 [self-signature]
Command> CTRL C
7. To check/display the keys currently imported:
gpg --homedir /MyLink/GnuPG/.gnupg --list-keys
8. In order to avoid the waring message: gpg: WARNING: using insecure memory!
Edit the /UtgeLnk/GnuPG/.gnupg/gpg.conf file, by adding the following to the file end:
no-secmem-warning
Encrypt files:
For this example consider the file /MyLink/All.txt
1. Connect to the iSeries using PuTTY. (or CALL QP2TERM)
2. Enter the following to set the correct PATH:
PATH=$PATH:/QOpenSys/usr/local/bin
3. Enter the following to set the HOME dir
HOME=/MyLink/GnuPG
4. In order to import the key enter the following commands:
gpg --output /MyLink/All.txt.gpg --encrypt --recipient SSC /MyLink/All.txt
I'm using ILERPG API Qp2RunPase for encrypt the file. I guess it's possible use Qp2shell with CLLE
Riccardo
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Kevin Bucknum
Sent: martedì 3 aprile 2018 17:53
To: Midrange Systems Technical Discussion
Subject: RE: GnuPG encryption
Besides importing the key, you have to trust it. I don't remember the exact steps, but you have to SSH into the box because it has to be done interactively.
We also wrap the call to avoid the TTY issue you have below.
Browse : /medtron/Gpg/medgpg.sh
Record : 1 of 4 by 18 Column : 1
86 by 131
Control :
...+....1....+....2....+....3....+....4....+....5....+....6....+....7..
.+....8....+.
************Beginning of data**************
# Medtron wrapper for gpg. Set some environment variables and call what is passed in.
HOME=/medtron/gpg
export PASE_SYSCALL_NOSIGILL=plock=0
$1
************End of Data********************
Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Carter.Spencer
Sent: Tuesday, April 3, 2018 10:32 AM
To: MIDRANGE-L@xxxxxxxxxxxx
Subject: GnuPG encryption
I have a project where I need to send out real CC numbers to a vendor
for a
short period of time.
They want these files PGP encrypted.
I found GnuPG for the I on Scott K's page.
https://www.scottklement.com/gnupg/
I followed his instructions and got it installed.
I was also able to import my public key using " gpg -import".
When I did the import of the key I got the message:
/homedir/.gnupg/trustdb.gpg: trustdb created Key xxx:
emailaddr@xxxxxxxxxx<mailto:emailaddr@xxxxxxxxxx> imported
I can't seem to do a test encryption. Mainly I can't determine how to
specify
the key to use even though it is the only key loaded.
This is what I am doing to just get a test done.
CALL QP2TERM
PATH=$PATH:/QOpenSys/usr/bin:/QOpenSys/usr/local/bin
Some of the things I tried:
gpg --batch --yes --armor --recipient emailaddr@xxxxxxxxxx --encrypt
/homedir/pgp_example.txt
CAA3F16F: There is no assurance this key belongs to the named user gpg
--
encrypt /homedir/pgp_example.txt.
cannot open `/dev/tty': No such device or address
Ideally I want to do the encryption from a CL and then FTP it to a
server.
Can you help me out?
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related questions.
Help support midrange.com by shopping at amazon.com with our affiliate link:
http://amzn.to/2dEadiD
midrange.com
