GPG: minimal how to

GPG minimal how-to !

GPG is a free and easy way to encrypt and/or verify your exchanges.
This HowTo was done with "gpg (GnuPG) 1.4.22" a GNU GPLv3 tool.

 This post includes GPG basic commands:
- generate your key
- send/receive encrypted content
- sign or verify a content
- export/import your secret key

on windows host, you could install and use git bash to follow this steps



  • Initialize GPG tool using 'list keys' ?

$ gpg --list-keys
gpg: répertoire « /home/osboxes/.gnupg » créé
gpg: nouveau fichier de configuration « /home/osboxes/.gnupg/dirmngr.conf » créé
gpg: nouveau fichier de configuration « /home/osboxes/.gnupg/gpg.conf » créé
gpg: le trousseau local « /home/osboxes/.gnupg/pubring.kbx » a été créé
gpg: /home/osboxes/.gnupg/trustdb.gpg : base de confiance créée



First time a gpg command is executed, gpg produces base gpg init: a ~/.gnupg directory

  • How to generate my key ?

$ gpg --gen-key
      Keep default options, and answer question about real name, and email, and passphrase.

      That's all. 
      Now you can list your key:
      

      

      



      

      

      

      $ gpg --list-secret-keys

      You could distribute your public key:

      $ gpg --keyserver hkp://keyserver.ubuntu.com:80 --send-keys KEYIDHERE

        • How to send encrypted content ?
          • Search (or ask) your recipient KEYID using the following command:

        $ gpg --keyserver hkp://keyserver.ubuntu.com:80 --search-keys robert
            • Receive the key (require KEYID)
          $ gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys KEYIDHERE
            • Encrypt file using a given recipient (require related key)
          $ gpg -r jojo@yoyo.fr -o encrypted.gpg -e clear_content.txt
          this command will encrypt "clear_content.txt" into "encrypted.gpg" using "jojo@yoyo.fr" key.
          you could add multiple recipient by repeating -r option
          you coul ascii encode by using -a option
            • Use your favorite email client to send encrypted file.

          • How to receive encrypted content from somebody
            • You will need the following requirements:
              • generate and distribute your own key (step above)
              • communicate about the way to encrypt content (step above) to you recepient
            • Use your favorite email client to receive encrypted file.
            • Decrypt received file using the following command:
          $ gpg -o decrypted.txt -d encrypted.gpg



          • How to add detached signature?
          You would like to prove that YOU send clear information (this command doesn't encrypt the message itself) 

          $ gpg -o doc.sig --clearsign doc
              You will need to answer you passphrase.
              This will add a clear signature from doc and generate doc.sig as result

              • How to verify message with detached signature?
              You would like to prove clear information associated signature identity (this command doesn't decrypt the message itself)

              Assume you message with detached signature is in a file called "doc.sig"

                $ gpg -o doc -d doc.sig


                    • How to backup your secret key?
                    export it (in a very very secure place)
                    $ gpg --list-secret-keys
                    $ gpg --export-secret-keys -a MYKEYID > username_gpg_export_secret.asc
                        import it
                        $ gpg --import -a username_gpg_export_secret.asc
                            "-a" means ascii export/import. You could omit this option to export/import binary.



                            Related documentations
                            - sonatype: working with php suignatures
                            - gnupg.org: manual(signature)



                            le

                            Aucun commentaire:

                            Enregistrer un commentaire