7/20/2011

GPG 2

GNU Privacy guard 2

  •  Encryption and Decryption
We now try to encrypt messages or text file by using GPG , For Example i have a file (example.txt) contain

Testing GPG encryption 
1 2 3 4 5 6 7 8 9 10
11 12 13 14 15 16 17 18 19 20

i will encrypt it with my public key ,let's list our keys by command gpg --list-key

pub   2048R/55728FBB 2010-11-20
uid                  example <example@example.com>
sub   2048R/5A5F62F0 2010-11-20

we will encrypt example.txt with my public key (so just me who can decrypt this file because i have the private key that match this public key)
the slandered command gpg -option -r (ID of recipient) file to be encrypt 
55728FBB --> ID of my public key
let's encrypt gpg -- encrypt -r  55728FBB example.txt
it will generate new file (example.txt.gpg)
to decrypt .gpg files
gpg --decrypt example.txt.gpg

user: "example <example@example.com>"
2048-bit RSA key, ID B7512E52, created 2011-07-20 (main key ID
55728FBB)
 
gpg: encrypted with 2048-bit RSA key, ID 5A5F62F0, created 2011-07-20
      "example <example@example.com>"
Testing GPG encryption
1 2 3 4 5 6 7 8 9 10
11 12 13 14 15 16 17 18 19 20

  • Armor option (Encryption and Decryption)
let's improve encryption by using armor option to generate ASCII armored file

gpg -ea
-r  55728FBB example.txt
will generate example.txt,asc file
let's see the contents of this file  
cat example.txt.asc
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2.0.14 (GNU/Linux)

hQEMA9gg9Pa3US5SAQf/Tkra15Cvy6AV7L8BW0s13Z9MKbzGy6f6pa2YrbQA7KUM
A+uEP+zWXt8R53Qe5CJj11uIuVNQ03GhZ7RJCPwQoaMTWdnAtjRUlFLILH/8EEDj
NUc8TE/KVwUEMFTV27dt3Gsb8f9yWWLOSM8if9akhvIy3/Ahgad8PuzfGpuN0O5L
y8vrytGoBI7dv3tKzTpJ0kK+Phrlt4aVXXt3zTh9ULQaI9TLJazbP1KvhfnzagCI
sMsSRfS7oxLcljWkr6KhDblMy3DHAZDi7AUsTlMScBcuJo/81l2xgqcxST9tbyA0
OkR1EnrCwV5ofTp5bNZc959kb4Z7ePG+BFnS4AwQkdKLAR+vUtASXYNUs/2Uq2/5
JVj64hZbOVyxIAJWyGYcl2ikwA7xHnNhGevACZlCyaKrAk5CjqmaNDMmQuvZJoLv
pKLjE2k24/kxyxR4GcTY+jx++Ke6YnOEJFFZbDlsJ/VltFSh3VkAY/opM80i2b8Q
ny+SaC8Ki3RKV8o1P0FyPmDS6G767ei2O5QrZQ==
=Yq4y
-----END PGP MESSAGE-----

it's the encrypted file 
gpg -e example.txt.asc
or you can save output in a file by using -o option
gpg -o example2.txt -d example.txt.asc
  • Import and Export
Now, how to export my public key (in armor form) to allow others to add my public key to send me encrypted files gpg --export -a -o output file
for example gpg --export -a -o hamza.pub-key
cat hamza.pub-key

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.14 (GNU/Linux)

mQENBE4m7kMBCACtNn36aL5sxaS9KCWoZjkkWGKQWu1ik1CjC1CTfQBfQIwJM77L
B0qDjK7lg7ts+LDpJ03O3cNrcLHWpWiwMiOkg3j2kjEXQYvBRDwJXpRInWsOMt+x
KdDXcm650V00VNQdAtTLONF61ZPRGZTs4vKzqK0TjB5v0QF8tpsb+2KhVYZ8CLs/
xl4PWuTAh/LPurA32QNCKP3KhWm0z/ZGjCdGp2vbrFQJdd00j4Y8MjqeOm4BLFxc
xeDc4843yLYHymudzYAyQ0n64s9D5MP+eTIjZsQMeIUBlVH5yYFZO8UmyYpBBOCB
DEAdSOv9iZgdwJlKEO1sE6xfFIKT31YoqDPFABEBAAG0HWV4YW1wbGUgPGV4YW1w
bGVAZXhhbXBsZS5jb20+iQE4BBMBAgAiBQJOJu5DAhsDBgsJCAcDAgYVCAIJCgsE
FgIDAQIeAQIXgAAKCRD1GTv8yJYDoaTUB/46J4ADDrIWxfLCcGio/FJpnCMSbcIx
hyEHXrz0OyLi4yLbwnwu8sfI0rebCEkqNteCm7rbawmhXNLLTQxR6kBiw/36rFSG
C2RZoF3LGPkTPNikykHqvfJpPUHGBBcy0YBCyiwJ6gYPXBRqyt+Hbq2fZkqYfWo3
CVSsVCZXwkRbcP3/nZU+UFwYtGyiw5C1ZwIuCYIs5/0zED33mq0dMaPBgYV4VJ5W
+SlBRBheYqvQZMrmppdoYQN+Y5921PrKhrAxofFunYuz7qYIQhJhXK4ir61RcIz1
mWFXcbVhKJ7TpJ7dtKx+7sjUS27jnbv09Rw3GJNguk6yASFZcQn3oOveuQENBE4m
7kMBCACxKf+lgfDCpHmCMHW9+Va4j1/8/ykyfTZ6lqvL9Nc8o4PPqnN7+FwZpgVW
CrPgcP9FwUZDPpEbc3ZLFTcJ4SXX7wmd5ttjT9JKKfeOV+WpIsazSlvE4it8spMt
a0EYCP/yoFuSXcCv9YFB285ZrDC/ylCzil92SSBqLqQLp+Kpc2944A91BRE9TV9Q
brDTGYwmREBd1OXCZzbUUbpSNcAjtySmeUHBwBXkNdYPDRMbiWIyaJxVfvEss0NI
GCDhLUZHY/BsOv/s7QFknKQ9LRwEpkf+7FaA3qze27vw0D0cw5SCwNo+lrVD6cy5
NKzl4rEjOelaumrdWhWAnmdp5u+3ABEBAAGJAR8EGAECAAkFAk4m7kMCGwwACgkQ
9Rk7/MiWA6Ez0wf+PR2qWxxdPC5vbAkyRAQ85jedPCmXGEaQBNjWmBIOmWQ2rmdE
36Wtv1khqiNNMzjVejJoGchlMiO1/Rzeo0pVfKncWDvqYDJqNnCyo8sMtowPrHqq
nFY900GcNhmZQz42wVyaWrSN4oGfhwjTHmGGuMqXzEIlVdZL9FO5rL76801Y0WzF
H4wJ+TuhLfEfvzCMUVX4Ew9vmaje3ZK3crOjT5CDK6uRdt3IRmulHugva+8zbSu2
GXN+hv8pZmXhqyU6MQ+pkXQPcXKLwnI0TCHKN6b3E2KuBtSeYukerexYDV9ZAI7A
aRMJ3dFlvQsWEvtZreruzGvZmide26dUtruhVA==
=uaNC
-----END PGP PUBLIC KEY BLOCK-----

Now i can send this file to anyone to send me encrypted message.
To import anyone public key to send to him encrypted message or to verify
gpg --import (public key file name)
gpg --import hamza.pub-key

  • Signing and Encryption
Signing is different from encryption , It's used to prove the authenticity, Signing is created from private key of the sender (signer) and signature is verification by using the sender public key.
We using signing to verify that we receiving  from trusted person .
 To make a good signing , The sender and receiver should increase level of trust for each one public key .
For example:
I want to send encrypted file with signing to Debian server , To make a good signing , I should increase level of trust of Debian's public key , and Debian should do the same of my my public key .
So , How now to increase the level of trust 
If i import a public key of another computer on my network 
and list my keys gpg --list-key
pub   2048R/55728FBB 2010-11-20
uid                  example <example@example.com>
sub   2048R/5A5F62F0 2010-11-20


pub   2048R/AC5A8F7A 2011-03-20
uid                  example2 <example2@example.com>
sub   2048R/A85BBC19 2011-03-20

To increase level of trust of example2 on my computer and run 
gpg --edit-key AC5A8F7A
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub  2048R/AC5A8F7A  created: 2011-03-20  expires: never       usage: SC 
                     trust: undefined     validity: unknown
sub  2048R/A85BBC19  created: 2011-03-20  expires: never       usage: E  
[ unknown] (1). example2 <example2@example.com>

Command>

Write trust (if you want more options enter help)
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 
now i chose 5 I trust ultimately, Then Enter quit .Now you trust this public key , To make sure  
gpg --edit-key AC5A8F7A
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub  2048R/AC5A8F7A  created: 2011-03-20  expires: never       usage: SC 
                     trust: ultimate      validity: ultimate
sub  2048R/A85BBC19  created: 2011-03-20  expires: never       usage: E  
[ultimate] (1). example2 <example2@example.com>

On a remote machine should do the same to my public key.
now on the remote machine : How to encrypt and sign a file(example.txt) to me
gpg -sea -r 55728FBB example2.txt  ,will generate example2.txt.asc
Then he send it to me , To decrypt this file ,GPG will tell me if it a good signing or not .
gpg -o example2.output.txt -d example2.txt.asc
user: "example <example@example.com>"
2048-bit RSA key, ID B7512E52, created 2011-03-20 (main key ID AC5A8F7A)

gpg: encrypted with 2048-bit RSA key, ID A85BBC19, created 2011-03-20
gpg: Signature made Thu 21 March 2011 01:30:39 AM EET using RSA key ID 55728FBB
gpg: Good signature from "example2 <example2@example.com>"

We notice here Good signature 
  • Detach Signature
  We use it to sure that encrypted file meet the sender public key 
To generate  verifying file for our file (example.txt.asc) received from example2
gpg -b example.txt.asc , will generate (example.txt.asc.sig)
To verifying a encrypted file 
gpg --verify example.txt.asc.sig example.txt.asc
gpg: Signature made Thu 21 Jul 2011 02:04:46 AM EET using RSA key ID AC5A8F7A
gpg: Good signature from "example2 <example2@example.com>"

We notice again Good signature.
Hint1: to encrypt in armor form directly by command
gpg -ea -r (ID of public key of receiver) (file to encrypt)
Hint2:to encrypt in armor form with signing
gpg -sea -r (ID of public key of receiver) (file to encrypt)
Hint3:to verify downloaded file 
1- import public key 
2- Download the file 
3- Download signature file (.sig)
4- increase level of trust gpg --edit-key (ID of public key to increase trust)
5- check verification gpg --verify (file.sig) (downloaded file)

No comments:

Post a Comment