This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
gpg [2013/06/19 19:56] hkoller [Import a public key] |
gpg [2013/06/19 19:57] (current) hkoller [Import a public key] |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Asymmetric (Public/Private key pairs) ====== | ||
+ | |||
+ | ===== Create a key pair ===== | ||
+ | <code bash> | ||
+ | gpg --gen-key | ||
+ | </code> | ||
+ | |||
+ | ===== Things to do after a key pair is created ===== | ||
+ | **Create a revocation certificate** | ||
+ | <code bash> | ||
+ | gpg --output revoke.asc --gen-revoke key | ||
+ | # store revoke.asc somewhere safe! | ||
+ | </code> | ||
+ | |||
+ | **Upload the public key to a keyserver** | ||
+ | |||
+ | After you have created a key pair, you should export your public key and put it on keyserver: | ||
+ | <code bash> | ||
+ | gpg --export --armor name-of-key | ||
+ | </code> | ||
+ | |||
+ | Then put key on a keyserver. eg. : | ||
+ | * https://keyserver.pgp.com | ||
+ | * http://keys.gnupg.net/ | ||
+ | * http://keyserver.ubuntu.com:11371/ | ||
+ | |||
+ | |||
+ | ===== Import a public key ===== | ||
+ | **Step 1**: Import the key to your keychain | ||
+ | <code bash> | ||
+ | wget http://someserver.com/key.asc | ||
+ | gpg --import key.asc | ||
+ | </code> | ||
+ | |||
+ | **Step 2**: Validate the key | ||
+ | |||
+ | If the key is already signed by an entity you trust, this can be skipped. Otherwise | ||
+ | |||
+ | <code bash> | ||
+ | gpg --edit key | ||
+ | fpr # validate fingerprint with owner | ||
+ | sign # certify it as a valid key | ||
+ | </code> | ||
+ | |||
+ | **Step 3**: Trust the key-owner | ||
+ | |||
+ | <code bash> | ||
+ | gpg --edit key | ||
+ | trust # select trust level | ||
+ | </code> | ||
+ | |||
+ | |||
+ | **Step 4**: Export the signed key to a keyserver | ||
+ | <code bash> | ||
+ | gpg --keyserver keys.gnupg.net --send-key key | ||
+ | </code> | ||
+ | ===== Encrypt a message ===== | ||
+ | A neat trick is to write the message in the texteditor, then copy it to clipboard and in the commandline do | ||
+ | <code bash> | ||
+ | xsel -b | gpg --encrypt --armor -r recipient@mail.com | xsel -b | ||
+ | # now you have the encrypted message in your clipboard. | ||
+ | </code> | ||
+ | |||
+ | To directly send the encrypted text by mail (also showing a shorter version of the above gpg command): | ||
+ | |||
+ | <code bash> | ||
+ | xsel -b | gpg -ear recipient | mail -s"Subject" recipient@mail.com | ||
+ | |||
+ | # or send message directly from commandline | ||
+ | |||
+ | echo "The cake is a lie" | gpg -ear reciever | mail -s "Subject" receiver@cia.com | ||
+ | </code> | ||
+ | |||
+ | ===== Decrypt a message ===== | ||
+ | |||
+ | <code bash> | ||
+ | gpg -d message | ||
+ | |||
+ | # or copy encrypted message to clipboard then do | ||
+ | |||
+ | xsel -b | gpg -d | ||
+ | </code> | ||
+ | |||
+ | |||
+ | ===== Backup ===== | ||
+ | A simple way is to backup your ~/.gnupgp directory : | ||
+ | |||
+ | <code bash> | ||
+ | # create encrypted backup archive | ||
+ | tar cfvz - ~/.gnupg/ | gpg -c > gnupgp.tgz.pgp | ||
+ | |||
+ | # decrypt and unpack | ||
+ | gpg -d gnupgp.tgz.pgp | tar xvz | ||
+ | </code> | ||
+ | |||
+ | ===== Useful Bash Functions ===== | ||
+ | ==== Encrypt Clipboard (verbose) ==== | ||
+ | Put in bashrc | ||
+ | <code bash> | ||
+ | # gpg encrypt clipboard for recipient | ||
+ | encclip() { | ||
+ | echo "Encrypting for $1" | ||
+ | echo "---------------" | ||
+ | echo | ||
+ | xsel -b | ||
+ | echo | ||
+ | echo "---------------" | ||
+ | echo | ||
+ | xsel -b | gpg -ear $1 | xsel -b | ||
+ | echo | ||
+ | echo "Done. Encrypted contents are in clipboard." | ||
+ | } | ||
+ | </code> | ||
+ | |||
+ | Use: | ||
+ | <code bash> | ||
+ | # first copy text to clipboard, then do | ||
+ | encclip recipient | ||
+ | </code> | ||
+ | |||
+ | ====== Symmetric ====== | ||
+ | |||
+ | ==== Encrypt==== | ||
+ | <code bash> | ||
+ | gpg -c doc.txt # enter a secure passphrase | ||
+ | # the file doc.txt.gpg now contains the encrypted contents | ||
+ | </code> | ||
+ | |||
+ | ==== Decrypt==== | ||
+ | <code bash> | ||
+ | gpg -d doc.txt.gpg > doc.txt | ||
+ | </code> | ||