User Tools

Site Tools


gpg

Asymmetric (Public/Private key pairs)

Create a key pair

gpg --gen-key

Things to do after a key pair is created

Create a revocation certificate

gpg --output revoke.asc --gen-revoke key
# store revoke.asc somewhere safe!

Upload the public key to a keyserver

After you have created a key pair, you should export your public key and put it on keyserver:

gpg --export --armor name-of-key

Then put key on a keyserver. eg. :

Import a public key

Step 1: Import the key to your keychain

wget http://someserver.com/key.asc
gpg --import key.asc 

Step 2: Validate the key

If the key is already signed by an entity you trust, this can be skipped. Otherwise

gpg --edit key
fpr  # validate fingerprint with owner
sign # certify it as a valid key

Step 3: Trust the key-owner

gpg --edit key
trust # select trust level 

Step 4: Export the signed key to a keyserver

gpg --keyserver keys.gnupg.net --send-key key

Encrypt a message

A neat trick is to write the message in the texteditor, then copy it to clipboard and in the commandline do

xsel -b | gpg --encrypt --armor -r recipient@mail.com | xsel -b
# now you have the encrypted message in your clipboard.

To directly send the encrypted text by mail (also showing a shorter version of the above gpg command):

xsel -b | gpg -ear recipient | mail -s"Subject" recipient@mail.com
 
# or send message directly from commandline
 
echo "The cake is a lie" | gpg -ear reciever | mail -s "Subject" receiver@cia.com  

Decrypt a message

gpg -d message
 
# or copy encrypted message to clipboard then do 
 
xsel -b | gpg -d

Backup

A simple way is to backup your ~/.gnupgp directory :

# create encrypted backup archive
tar cfvz - ~/.gnupg/  | gpg -c > gnupgp.tgz.pgp  
 
# decrypt and unpack
gpg -d gnupgp.tgz.pgp  | tar xvz  

Useful Bash Functions

Encrypt Clipboard (verbose)

Put in bashrc

# gpg encrypt clipboard for recipient
encclip() {
    echo "Encrypting for $1"
    echo "---------------"
    echo
    xsel -b
    echo
    echo "---------------"
    echo
    xsel -b | gpg -ear $1 | xsel -b
    echo 
    echo "Done. Encrypted contents are in clipboard."
}

Use:

# first copy text to clipboard, then do
encclip recipient

Symmetric

Encrypt

gpg -c doc.txt # enter a secure passphrase
# the file doc.txt.gpg now contains the encrypted contents

Decrypt

gpg -d doc.txt.gpg  > doc.txt
gpg.txt · Last modified: 2013/06/19 19:57 by hkoller