rss

GPG: minimal how to

GPG minimal how-to !

GPG is a free and easy way to encrypt and/or verify your exchanges.
This HowTo was done with "gpg (GnuPG) 1.4.22" a GNU GPLv3 tool.


This post includes GPG basic commands:
- generate your key
- send/receive encrypted content
- sign or verify a content
- export/import your secret key

on windows host, you could install and use git bash to follow this steps



  • Initialize GPG tool using 'list keys' ?

$ gpg --list-keys
gpg: répertoire « /home/osboxes/.gnupg » créé
gpg: nouveau fichier de configuration « /home/osboxes/.gnupg/dirmngr.conf » créé
gpg: nouveau fichier de configuration « /home/osboxes/.gnupg/gpg.conf » créé
gpg: le trousseau local « /home/osboxes/.gnupg/pubring.kbx » a été créé
gpg: /home/osboxes/.gnupg/trustdb.gpg : base de confiance créée




First time a gpg command is executed, gpg produces base gpg init: a ~/.gnupg directory

  • How to generate my key ?

$ gpg --gen-key
      Keep default options, and answer question about real name, and email, and passphrase.

      That's all. 
      Now you can list your key:

      $ gpg --list-secret-keys

      You could distribute your public key:

      $ gpg --keyserver hkp://keyserver.ubuntu.com:80 --send-keys KEYIDHERE

        • How to send encrypted content ?
          • Search (or ask) your recipient KEYID using the following command:

        $ gpg --keyserver hkp://keyserver.ubuntu.com:80 --search-keys robert
            • Receive the key (require KEYID)
          $ gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys KEYIDHERE
            • Encrypt file using a given recipient (require related key)
          $ gpg -r jojo@yoyo.fr -o encrypted.gpg -e clear_content.txt
          this command will encrypt "clear_content.txt" into "encrypted.gpg" using "jojo@yoyo.fr" key.
          you could add multiple recipient by repeating -r option

          you coul ascii encode by using -a option
            • Use your favorite email client to send encrypted file.

          • How to receive encrypted content from somebody
            • You will need the following requirements:
              • generate and distribute your own key (step above)
              • communicate about the way to encrypt content (step above) to you recepient
            • Use your favorite email client to receive encrypted file.
            • Decrypt received file using the following command:
          $ gpg -o decrypted.txt -d encrypted.gpg



          • How to add detached signature?
          You would like to prove that YOU send clear information (this command doesn't encrypt the message itself) 

          $ gpg -o doc.sig --clearsign doc
              You will need to answer you passphrase.
              This will add a clear signature from doc and generate doc.sig as result

              • How to verify message with detached signature?
              You would like to prove clear information associated signature identity (this command doesn't decrypt the message itself)

              Assume you message with detached signature is in a file called "doc.sig"

                $ gpg -o doc -d doc.sig


                    • How to backup your secret key?
                    export it (in a very very secure place)
                    $ gpg --list-secret-keys
                    $ gpg --export-secret-keys -a MYKEYID > username_gpg_export_secret.asc
                        import it
                        $ gpg --import -a username_gpg_export_secret.asc
                            "-a" means ascii export/import. You could omit this option to export/import binary.



                            Related documentations
                            - sonatype: working with php suignatures
                            - gnupg.org: manual(signature)



                            Aucun commentaire:

                            Enregistrer un commentaire

                            Mots clés du blog

                            10.1 4G acceptancetest adb androï Android androïd Android7 api appender appengine application applications archive array assistantematernelle astuce auth0 authentication authority automation Axis bash bearer blog boot bootloader bower build bundle c calendrier camille combal cdi certificate cf client cloudfoundry collaboratif command commandes connexion console css cyanogen decrypt démasquées démasquer développement dll dump easter eggs écologie écrit employeur EMUI EMUI5.0 encrypt enfant évènement export-package ExtJS fab fastboot fiche find firefox gadget galaxytab gelf gem git gmail gnupg gooelappengine google gparted gpg gpg2 gps graylog grenoble Grid gui harddrive heroku hover howto HTML http https IE ihm immobilier imprimante innovation insolite instance integration Java JavaScript jenkins jeu jobs json json-schema-validator key keystore labs linux livre log log4j logger logs lombok masquées masquer maven maven-gae-plugin Mémoire microsoft mobile mockito mondialisation monitor MUSE musique en ligne myopera nodejs npm NT NTEventLogger onglet openstack osgi paas package parameters parent php politique prosyst prototype proxies proxy quartz radio rappel recherche regex repository resize RIA ridge rock ROM route ruby rubygems s8500 samsung scheduler scm secret secure sel selenium Serializer server shared shell sign signature slf4j smartphone so société song spy ssh ssl struct swagger swig tâches téléphone téléréalité test thunderbird timeout token Tomcat tooltip tooltips truststore TWRP ubuntu unit test validator verify virgin virtualbox wave waze web WebApp wiki wikimedia wikipédia wikipen wiko windows windows10 yahoo youtube yum