Differences

This shows you the differences between two versions of the page.

--- gpg [2013/06/19 19:56]
hkoller [Import a public key]
+++ gpg [2013/06/19 19:57] (current)
hkoller [Import a public key]
@@ Line 1: / Line 1: @@
+====== Asymmetric (Public/Private key pairs) ======
+===== Create a key pair =====
+<code bash>
+gpg --gen-key
+</code>
+===== Things to do after a key pair is created =====
+**Create a revocation certificate**
+<code bash>
+gpg --output revoke.asc --gen-revoke key
+# store revoke.asc somewhere safe!
+</code>
+**Upload the public key to a keyserver**
+After you have created a key pair, you should export your public key and put it on keyserver:
+<code bash>
+gpg --export --armor name-of-key
+</code>
+Then put key on a keyserver. eg. :
+  * https://keyserver.pgp.com
+  * http://keys.gnupg.net/
+  * http://keyserver.ubuntu.com:11371/
+===== Import a public key =====
+**Step 1**: Import the key to your keychain
+<code bash>
+wget http://someserver.com/key.asc
+gpg --import key.asc
+</code>
+**Step 2**: Validate the key
+If the key is already signed by an entity you trust, this can be skipped. Otherwise
+<code bash>
+gpg --edit key
+fpr  # validate fingerprint with owner
+sign # certify it as a valid key
+</code>
+**Step 3**: Trust the key-owner
+<code bash>
+gpg --edit key
+trust # select trust level
+</code>
+**Step 4**: Export the signed key to a keyserver
+<code bash>
+gpg --keyserver keys.gnupg.net --send-key key
+</code>
+===== Encrypt a message =====
+A neat trick is to write the message in the texteditor, then copy it to clipboard and in the commandline do
+<code bash>
+xsel -b | gpg --encrypt --armor -r recipient@mail.com | xsel -b
+# now you have the encrypted message in your clipboard.
+</code>
+To directly send the encrypted text by mail (also showing a shorter version of the above gpg command):
+<code bash>
+xsel -b | gpg -ear recipient | mail -s"Subject" recipient@mail.com
+# or send message directly from commandline
+echo "The cake is a lie" | gpg -ear reciever | mail -s "Subject" receiver@cia.com
+</code>
+===== Decrypt a message =====
+<code bash>
+gpg -d message
+# or copy encrypted message to clipboard then do
+xsel -b | gpg -d
+</code>
+===== Backup =====
+A simple way is to backup your ~/.gnupgp directory :
+<code bash>
+# create encrypted backup archive
+tar cfvz - ~/.gnupg/  | gpg -c > gnupgp.tgz.pgp
+# decrypt and unpack
+gpg -d gnupgp.tgz.pgp  | tar xvz
+</code>
+===== Useful Bash Functions =====
+==== Encrypt Clipboard (verbose) ====
+Put in bashrc
+<code bash>
+# gpg encrypt clipboard for recipient
+encclip() {
+    echo "Encrypting for $1"
+    echo "---------------"
+    echo
+    xsel -b
+    echo
+    echo "---------------"
+    echo
+    xsel -b | gpg -ear $1 | xsel -b
+    echo
+    echo "Done. Encrypted contents are in clipboard."
+}
+</code>
+Use:
+<code bash>
+# first copy text to clipboard, then do
+encclip recipient
+</code>
+====== Symmetric ======
+==== Encrypt====
+<code bash>
+gpg -c doc.txt # enter a secure passphrase
+# the file doc.txt.gpg now contains the encrypted contents
+</code>
+==== Decrypt====
+<code bash>
+gpg -d doc.txt.gpg  > doc.txt
+</code>

Small heaps of code

User Tools

Site Tools

Differences

Page Tools