Encryption PGP and GPG

From Ever changing code
Revision as of 00:00, 9 October 2019 by Pio2pio (talk | contribs) (Created page with "= Standards = * Symantec PGP * Gnu OpenPGP = OpenPGP = There are two main OpenPGP compatible tools: <source lang=bash> dpkg -l | grep gnupg # gnupg 1.4.20-1ubuntu3.3 GNU pri...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Standards

  • Symantec PGP
  • Gnu OpenPGP

OpenPGP

There are two main OpenPGP compatible tools: 

dpkg -l | grep gnupg
# gnupg  1.4.20-1ubuntu3.3 GNU privacy guard - a free PGP replacement
# gnupg2 2.1.11-6ubuntu2.1 GNU privacy guard - a free PGP replacement (new v2.x)


Install 

sudo apt install gnupg2 # gpa - is GNU Privacy Assistant (GPA), GUI


Usage 

# Generate a key pair
gpg2 --full-gen-key
gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024
Requested keysize is 1024 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: _acme_dev
Email address: support@acme.com
Comment: Decrypt messages from miniSAP
You selected this USER-ID:
    "_acme_dev (Decrypt messages from miniSAP) <support@support@acme.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

# this step can take ~5 min
# try this to speed up
sudo dd if=/dev/sda of=/dev/zero
find / | xargs file

gpg: /home/vagrant/.gnupg/trustdb.gpg: trustdb created
gpg: key 6687E4B1 marked as ultimately trusted
gpg: directory '/home/vagrant/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/vagrant/.gnupg/openpgp-revocs.d/534A409E81C366A95E17B307DEDD3CD06687E4B1.rev'
public and secret key created and signed.

gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: PGP
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   rsa1024/6687E4B1 2019-10-08 [S]
      Key fingerprint = 534A 409E 81C3 66A9 5E17  B307 DEDD 3CD0 6687 E4B1
uid         [ultimate] _acme_dev (Decrypt messages from miniSAP) <support@support@acme.com>
sub   rsa1024/38C5D363 2019-10-08 []
Retrieved from ‘http://wiki.ciscolinux.co.uk/index.php?title=Encryption_PGP_and_GPG&oldid=4729