GNU Privacy Guard 2
We now try to encrypt messages or text file by using GPG, for example i have a file (example.txt) contain
Testing GPG encryption
1 2 3 4 5 6 7 8 9 10
11 12 13 14 15 16 17 18 19 20
Let’s encrypt it with my public key, let’s list our keys by command gpg --list-key
pub 2048R/55728FBB 2010-11-20
uid example <[email protected]>
sub 2048R/5A5F62F0 2010-11-20
We will encrypt example.txt with my public key (so just me who can decrypt this file because i have the private key that matchs this public key)
he slandered command gpg -option -r ID_of_recipient file_to_encrypt
55728FBB –> ID of my public key
let’s encrypt gpg -- encrypt -r 55728FBB example.txt
it will generate new file example.txt.gpg
to decrypt .gpg files gpg --decrypt example.txt.gpg
user: "example <[email protected]>"
2048-bit RSA key, ID B7512E52, created 2011-07-20 (main key ID 55728FBB
gpg: encrypted with 2048-bit RSA key, ID 5A5F62F0, created 2011-07-20
"example <[email protected]>"
Testing GPG encryption
1 2 3 4 5 6 7 8 9 10
11 12 13 14 15 16 17 18 19 20
let’s improve encryption by using armor option to generate ASCII armored file gpg -ea -r 55728FBB example.txt
will generate example.txt.asc file
let’s see the contents of this file cat example.txt.asc
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2.0.14 (GNU/Linux)
hQEMA9gg9Pa3US5SAQf/Tkra15Cvy6AV7L8BW0s13Z9MKbzGy6f6pa2YrbQA7KUM
A+uEP+zWXt8R53Qe5CJj11uIuVNQ03GhZ7RJCPwQoaMTWdnAtjRUlFLILH/8EEDj
NUc8TE/KVwUEMFTV27dt3Gsb8f9yWWLOSM8if9akhvIy3/Ahgad8PuzfGpuN0O5L
y8vrytGoBI7dv3tKzTpJ0kK+Phrlt4aVXXt3zTh9ULQaI9TLJazbP1KvhfnzagCI
MsSRfS7oxLcljWkr6KhDblMy3DHAZDi7AUsTlMScBcuJo/81l2xgqcxST9tbyA0
OkR1EnrCwV5ofTp5bNZc959kb4Z7ePG+BFnS4AwQkdKLAR+vUtASXYNUs/2Uq2/5
JVj64hZbOVyxIAJWyGYcl2ikwA7xHnNhGevACZlCyaKrAk5CjqmaNDMmQuvZJoLv
pKLjE2k24/kxyxR4GcTY+jx++Ke6YnOEJFFZbDlsJ/VltFSh3VkAY/opM80i2b8Q
ny+SaC8Ki3RKV8o1P0FyPmDS6G767ei2O5QrZQ==
=Yq4y
-----END PGP MESSAGE-----
it’s the encrypted file , gpg -e example.txt.asc, or you can save output in a file by using -o option gpg -o example2.txt -d example.txt.asc
Now, how to export my public key (in armor form) to allow others to add my public
key to send me encrypted files gpg --export -a -o output file, example: gpg --export -a -o hamza.pub-key
Let’s look at the output file cat hamza.pub-key
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.14 (GNU/Linux)
mQENBE4m7kMBCACtNn36aL5sxaS9KCWoZjkkWGKQWu1ik1CjC1CTfQBfQIwJM77L
B0qDjK7lg7ts+LDpJ03O3cNrcLHWpWiwMiOkg3j2kjEXQYvBRDwJXpRInWsOMt+x
KdDXcm650V00VNQdAtTLONF61ZPRGZTs4vKzqK0TjB5v0QF8tpsb+2KhVYZ8CLs/
xl4PWuTAh/LPurA32QNCKP3KhWm0z/ZGjCdGp2vbrFQJdd00j4Y8MjqeOm4BLFxc
xeDc4843yLYHymudzYAyQ0n64s9D5MP+eTIjZsQMeIUBlVH5yYFZO8UmyYpBBOCB
DEAdSOv9iZgdwJlKEO1sE6xfFIKT31YoqDPFABEBAAG0HWV4YW1wbGUgPGV4YW1w
bGVAZXhhbXBsZS5jb20+iQE4BBMBAgAiBQJOJu5DAhsDBgsJCAcDAgYVCAIJCgsE
FgIDAQIeAQIXgAAKCRD1GTv8yJYDoaTUB/46J4ADDrIWxfLCcGio/FJpnCMSbcIx
hyEHXrz0OyLi4yLbwnwu8sfI0rebCEkqNteCm7rbawmhXNLLTQxR6kBiw/36rFSG
C2RZoF3LGPkTPNikykHqvfJpPUHGBBcy0YBCyiwJ6gYPXBRqyt+Hbq2fZkqYfWo3
CVSsVCZXwkRbcP3/nZU+UFwYtGyiw5C1ZwIuCYIs5/0zED33mq0dMaPBgYV4VJ5W
+SlBRBheYqvQZMrmppdoYQN+Y5921PrKhrAxofFunYuz7qYIQhJhXK4ir61RcIz1
mWFXcbVhKJ7TpJ7dtKx+7sjUS27jnbv09Rw3GJNguk6yASFZcQn3oOveuQENBE4m
7kMBCACxKf+lgfDCpHmCMHW9+Va4j1/8/ykyfTZ6lqvL9Nc8o4PPqnN7+FwZpgVW
CrPgcP9FwUZDPpEbc3ZLFTcJ4SXX7wmd5ttjT9JKKfeOV+WpIsazSlvE4it8spMt
a0EYCP/yoFuSXcCv9YFB285ZrDC/ylCzil92SSBqLqQLp+Kpc2944A91BRE9TV9Q
brDTGYwmREBd1OXCZzbUUbpSNcAjtySmeUHBwBXkNdYPDRMbiWIyaJxVfvEss0NI
GCDhLUZHY/BsOv/s7QFknKQ9LRwEpkf+7FaA3qze27vw0D0cw5SCwNo+lrVD6cy5
NKzl4rEjOelaumrdWhWAnmdp5u+3ABEBAAGJAR8EGAECAAkFAk4m7kMCGwwACgkQ
9Rk7/MiWA6Ez0wf+PR2qWxxdPC5vbAkyRAQ85jedPCmXGEaQBNjWmBIOmWQ2rmdE
36Wtv1khqiNNMzjVejJoGchlMiO1/Rzeo0pVfKncWDvqYDJqNnCyo8sMtowPrHqq
nFY900GcNhmZQz42wVyaWrSN4oGfhwjTHmGGuMqXzEIlVdZL9FO5rL76801Y0WzF
H4wJ+TuhLfEfvzCMUVX4Ew9vmaje3ZK3crOjT5CDK6uRdt3IRmulHugva+8zbSu2
GXN+hv8pZmXhqyU6MQ+pkXQPcXKLwnI0TCHKN6b3E2KuBtSeYukerexYDV9ZAI7A
aRMJ3dFlvQsWEvtZreruzGvZmide26dUtruhVA==
=uaNC
-----END PGP PUBLIC KEYBLOCK-----
Now i can send this file to anyone to send me encrypted message.
To import someone’s public key to send to him encrypted message or to verify
gpg --import (public key file name), example: gpg --import hamza.pub-key
Signing is different from encryption , It’s used to prove the authenticity. Signing is created from private key of the sender (signer) and signature is verification by using the sender public key.
We will use signing to verify that we receiving from trusted person.
To make a good signing, the sender and receiver should increase level of trust for each one public key.
For example:
I want to send encrypted file with signing to Debian server, to make a good signing i should increase level of trust of Debian’s public key, and Debian should do the same with my public key.
If i import a public key of another computer on my network and list my keys gpg --list-key
pub 2048R/55728FBB 2010-11-20
uid example <[email protected]>
sub 2048R/5A5F62F0 2010-11-20
pub 2048R/AC5A8F7A 2011-03-20
uid example2 <[email protected]>
sub 2048R/A85BBC19 2011-03-20
To increase level of trust of example2 on my computer and run gpg --edit-key AC5A8F7A
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub 2048R/AC5A8F7A created: 2011-03-20 expires: never usage: SC trust: undefined validity: unknown
sub 2048R/A85BBC19 created: 2011-03-20 expires: never usage: E unknown (1). example2 <[email protected]>
Command>
Enter trust and if you want more options enter help
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources,
etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision?
Now i chose 5 I trust ultimately then enter. Now you trust that public key ,to make sure of this change gpg --edit-key AC5A8F7A
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub 2048R/AC5A8F7A created: 2011-03-20 expires: never usage: SC trust: ultimate validity: ultimate
sub 2048R/A85BBC19 created: 2011-03-20 expires: never usage: E ultimate\] (1). example2 <[email protected]>
On a remote machine should do the same to my public key.
Now on the remote machine, how to encrypt and sign a file(example.txt) to me
gpg -sea -r 55728FBB example2.txt will generate example2.txt.asc
Then he send it to me, to decrypt this file ,GPG will tell me if it a good signing or not.
gpg -o example2.output.txt -d example2.txt.asc
user: "example <[email protected]>"
2048-bit RSA key, ID B7512E52, created 2011-03-20 (main key ID AC5A8F7A)
gpg: encrypted with 2048-bit RSA key, ID A85BBC19, created 2011-03-20
gpg: Signature made Thu 21 March 2011 01:30:39 AM EET using RSA key ID 55728FBB
gpg: Good signature from "example2 <[email protected]>"
We notice here Good signature
We use it to sure that encrypted file meet the sender public key, to generate verifying file for our file (example.txt.asc) received from example2 gpg -b example.txt.asc will generate example.txt.asc.sig
To verifying an encrypted file gpg --verify example.txt.asc.sig example.txt.asc
gpg: Signature made Thu 21 Jul 2011 02:04:46 AM EET using RSA key ID AC5A8F7A
gpg: Good signature from "example2 <[email protected]>"
We notice again Good signature
Note 1: To encrypt in armor form directly by commandgpg -ea -r ID_of_public_key_of_receiver file_to_encrypt
Note 2: To encrypt in armor form with signinggpg -sea -r ID_of_public_key_of_receiver file_to_encrypt
Note 3: To verify downloaded file
1- import public key
2- Download the file
3- Download signature file (.sig)
4- increase level of trustgpg --edit-key ID_of_public_key
5- check verificationgpg --verify file.sig downloaded_file