GnuPG uses public-key cryptography so that users may communicate securely.
In a public-key system, each user has a pair of keys consisting of
a private key and a public key.
A user's private key is kept secret.
The public key may be given to anyone with whom the user wants to
communicate.
Following steps illustrates how to generate a key pair and using it for secure communication in ubuntu12.04
In the terminal use the command gpg --gen-key to create a new primary keypair.
Then you will be given three options. Option 1 creates two keypairs. A DSA keypair and an ElGamal keypair is also created for encryption. Option 2 creates only a DSA keypair. Option 4 creates a single ElGamal keypair usable for both making signatures and performing encryption.Default option is better.
Then you must choose a key size. GnuPG, however, requires that keys be no smaller than 768 bits.if Option 1 was chosen then you choose a keysize larger than 1024 bits.
Then you are asked to choose a expiry date of the key. Select any of the following
Then you must provide a user ID. The user ID is used to associate the key being created with a real person.Enter your name email id. A user ID should be created carefully since it cannot be edited after it is created.
Then you need a passphrase to protect the private key.Enter the passphrase and kept it as secret. You should'nt forget your passphrase.
gpg --sign-key <name>
Gpg :Encryption And Decryption
Following steps illustrates how to generate a key pair and using it for secure communication in ubuntu12.04
Generating a new keypair
In the terminal use the command gpg --gen-key to create a new primary keypair.
Then you will be given three options. Option 1 creates two keypairs. A DSA keypair and an ElGamal keypair is also created for encryption. Option 2 creates only a DSA keypair. Option 4 creates a single ElGamal keypair usable for both making signatures and performing encryption.Default option is better.
Then you must choose a key size. GnuPG, however, requires that keys be no smaller than 768 bits.if Option 1 was chosen then you choose a keysize larger than 1024 bits.
About to generate a new ELG-E keypair.
minimum keysize is 768 bits
default keysize is 1024 bits
highest suggested keysize is 2048 bits
What keysize do you want? (1024)
Then you are asked to choose a expiry date of the key. Select any of the following
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
For most users a key that does not expire is adequate.
Then you must provide a user ID. The user ID is used to associate the key being created with a real person.Enter your name email id. A user ID should be created carefully since it cannot be edited after it is created.
You need a user ID to identify your key; the software
constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) "
Real name:xyz
Email address: xyz@gmail.com
Comment: testing demo key
You selected this USER-ID:
"xyz"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
Then you need a passphrase to protect the private key.Enter the passphrase and kept it as secret. You should'nt forget your passphrase.
Enter passphrase: ******
Repeat passphrase:******
We need to generate a lot of random bytes. It is a good idea
to perform some other action (type on the keyboard, move the
mouse, utilize the disks) during the prime generation; this
gives the random number generator a better chance to gain
enough entropy.
.+++++++++++++++++++++++++.+++++++++++++++++++++++
gpg: key 90130E51 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 1024D/90130E51 2010-01-02
Key fingerprint = B8BD 46EF 41E7 44B9 F934 7C47 3215 5713 9013 0E51
uid Ramesh Natarajan (testing demo key)
sub 2048g/35C5BCDB 2010-01-02
Exporting a public key
To send your public key you must first export it.
The command-line option --export
is used to do this.
gpg --armor --export xyz@gmail.com > pb.gpg cat pb.gpg Then we get the public key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: SKS 1.0.10 mQENBFDqmqoBCADV2F3P.......
...........................
........................
-----END PGP PUBLIC KEY BLOCK-----
Copy the public key then go to http://keyserver.ubuntu.com/ and paste it and submit.
Importing a public key
A public key may be added to your public keyring with the
--import option.You need to copy the public key from http://keyserver.ubuntu.com/ and save it in a plain text.Use the command line to import the public key. For example if you need abc 's public key use abc's id to get the public key.
gpg –import Filename eg: gpg --import abcpublickey
To see the list of public keys use
xyz% gpg --list-keys /users/xyz/.gnupg/pubring.gpg --------------------------------------- pub 1024D/BB7576AC 2013-01-07 xyz(testing) <xyz@gmail.com> sub 1024g/78E9A8FA 2013-01-07 pub 1024D/9E98BC16 2013-01-07 abcpublickey (Executioner) <abc@gmail.com> sub 1024g/5C8CBD41 2013-01-07
Encryption and Decryption
To encrypt a document the option
--encrypt is used.
You must have the public keys of the intended recipients. Use the command line to encrypt and send the asc file to the recipient.
gpg --recipient abc@gmail.com --armor --encrypt test-file
To decrypt use the command.
$ gpg --decrypt test-file.asc
abc uses his private key to decrypt the file
Adding photo to the public key
A photo ID attached to a public key can help
other users to identify the owner of the key. To add a photo ID to your own
public key, use the command "gpg --edit-key <name>" and then
enter "addphoto". GnuPG will ask for the filename of a suitable
JPEG.
For example
xyz:~$ gpg --list-keys
/home/xyz/.gnupg/pubring.gpg
--------------------------------
pub 2048R/BC29E290 2013-01-07 [expires: 2014-01-07]
uid xyz (testing) <xyz@gmail.com>
sub 2048R/E78C832F 2013-01-07 [expires: 2014-01-07]
pub 2048R/652D1453 2013-01-07 [expires: 2014-01-07]
uid abc <twintuh@gmail.com>
sub 2048R/7237282A 2013-01-07 [expires: 2014-01-07]
/home/xyz/.gnupg/pubring.gpg
--------------------------------
pub 2048R/BC29E290 2013-01-07 [expires: 2014-01-07]
uid xyz (testing) <xyz@gmail.com>
sub 2048R/E78C832F 2013-01-07 [expires: 2014-01-07]
pub 2048R/652D1453 2013-01-07 [expires: 2014-01-07]
uid abc <twintuh@gmail.com>
sub 2048R/7237282A 2013-01-07 [expires: 2014-01-07]
xyz~$ gpg --edit-key BC29E290
gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
pub 2048R/BC29E290 created: 2013-01-07 expires: 2014-01-07 usage: SC
trust: ultimate validity: ultimate
sub 2048R/E78C832F created: 2013-01-07 expires: 2014-01-07 usage: E
[ultimate] (1). xyz (testing) <xyz@gmail.com>
gpg> addphoto
Pick an image to use for your photo ID. The image must be a JPEG file.
Remember that the image is stored within your public key. If you use a
very large picture, your key will become very large as well!
Keeping the image close to 240x288 is a good size to use.
Enter JPEG filename for photo ID: XYZ.JPG
This JPEG is really large (8978 bytes) !
Are you sure you want to use it? (y/N) y
Is this photo correct (y/N/q)? y
You need a passphrase to unlock the secret key for
user: "xyz(testing) <xyz@gmail.com>"
2048-bit RSA key, ID BC29E290, created 2013-01-07
pub 2048R/BC29E290 created: 2013-01-07 expires: 2014-01-07 usage: SC
trust: ultimate validity: ultimate
sub 2048R/E78C832F created: 2013-01-07 expires: 2014-01-07 usage: E
[ultimate] (1). xyz (testing) <xyz@gmail.com>
[ unknown] (2) [jpeg image of size 8978]
gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
pub 2048R/BC29E290 created: 2013-01-07 expires: 2014-01-07 usage: SC
trust: ultimate validity: ultimate
sub 2048R/E78C832F created: 2013-01-07 expires: 2014-01-07 usage: E
[ultimate] (1). xyz (testing) <xyz@gmail.com>
gpg> addphoto
Pick an image to use for your photo ID. The image must be a JPEG file.
Remember that the image is stored within your public key. If you use a
very large picture, your key will become very large as well!
Keeping the image close to 240x288 is a good size to use.
Enter JPEG filename for photo ID: XYZ.JPG
This JPEG is really large (8978 bytes) !
Are you sure you want to use it? (y/N) y
Is this photo correct (y/N/q)? y
You need a passphrase to unlock the secret key for
user: "xyz(testing) <xyz@gmail.com>"
2048-bit RSA key, ID BC29E290, created 2013-01-07
pub 2048R/BC29E290 created: 2013-01-07 expires: 2014-01-07 usage: SC
trust: ultimate validity: ultimate
sub 2048R/E78C832F created: 2013-01-07 expires: 2014-01-07 usage: E
[ultimate] (1). xyz (testing) <xyz@gmail.com>
[ unknown] (2) [jpeg image of size 8978]
Signing public keys
To sign a public key using GnuPG, you can use the command
gpg --sign-key <name>
where <name> is the user ID of the key.Then you sign the public key with your passphrase .
Signing a file in clear text using the secret key
Signing can be done using the command --clearsign.Then you will be asked to provide the passphrase to sign the file.
xyz% gpg --clearsign doc You need a passphrase to unlock the secret key for user: "xyz (testing) <xyz@gmail.com>" 1024-bit DSA key, ID BB7576AC, created 2013-01-04 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [...] -----BEGIN PGP SIGNATURE----- Version: GnuPG v0.9.7 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjdYCQoACgkQJ9S6ULt1dqz6IwCfQ7wP6i/i8HhbcOSKF4ELyQB1 oCoAoOuqpRqEzr4kOkQqHRLE/b8/Rw2k =y6kj -----END PGP SIGNATURE-----
No comments:
Post a Comment