Hello- I am new to kleopatra and have run into the following, I still do not know if this is an issue or not.
user 1 created a key pair for encryption purposes. The user 1 cannot certify their own key for everyone it is grayed out ( what/why is causing this?)
User 2 will be used to run encrypt/decypt steps but we need to sign the file as the key created by user 1 how do we go about this task ? In the test environment this worked but in another dev it is saying user 2 needs to create own keypair to certify other cert.
The cert created by user 1 does have a passphrase coudl that be used to certify by user 2 if so how we do we go on about this ?
A keypair that you create is automatically signed by your own private key.
So you cannot indicate something more to others.
but we need to sign the file as the key created by user 1 how do we go about this task ?
Can you describe in more detail what you are trying to do?
In a public key crypto setup, your need the private key to decrypt data, but not more.
The cert created by user 1 does have a passphrase coudl that be used to certify by user 2 if so how we do we go on about this ?
(We are talking OpenPGP key, aren’t we?)
User 1 can use their private key to sign the public keys of others, e.g. to sign the public key of user2. The first advantace of this is that in users 1’s keystore, the signed public key of user 2 is trusted to belong to user 2. (A second advantage would appear if this signature is given to others. A few years ago, public keyservers would be used for this, but this is currently not possibible.)
What am I doing ?: Created a cert/key-pair and sent this to recipient and obtained their public key and imported to Kleopatra as the user who installed and created the pair who I referred to as user 1( this is on windows and a domain user account)
Then for future planning/usage we decided it might be better to use a service account so in case a user leaves the org that would not cause issues further down the road. So then as service account we tried to open kleopatra and encrypt files but the 1st sign as drop down is gray so I thought maybe we should in deed certify that key but since this other account did not have it’s own keys it cannot certify and if I did as user 2 then will the recipient able to decrypt the files ?
Again i am so new to all this I do not know whether certify is needed or only choosing encrypt for others will still work without certifying the key again as the different/new user.
Also with cmd prompt gpg -d(decypt), will that work as the new user if we do not certify the keys that are being used for this process.
if you want to use a private key from a different (windows) account, you need to transfer the keypair from the account where it was created to this account. Have you done this or did you create a new keypair for user 2?
The “certification” (or signing other users public keys (aka “pubkeys”)) is a step that is optional. You can still encrypt to pubkeys without them being signed by your private key.
You may just see a warning.