Saturday, August 15, 2009

Quick and easy GPG


GPG is a nice security feature which enables us to encrypt /decrypt our valuable info.
It's widely spread amongst the *nix community since it's a great tool to make sure your valuable data will remain untouched.

Usage:

(Symmetric authentication):
gpg -c filename
will encrypt the filename, you will be asked for a passphrase, eventually a new filename.gpg will be created - this is you encrypted file and it's ready to be sent.

gpg filename.gpg
will decrypt the file, via the same passphrase (symetric authentication) - preety simple.

(Asymmetric authentication):
You will need to generate a public and a private keys, to do so run:

$ gpg --gen-key


This will generate a pair of keys, during the process you will be asked for couple of questions such as your name, your e-mail etc.. eventually the keys will be stored in the ~/.gnupg directory. Once you’ve generated your keys, you can export your public key to some file:

$ gpg --export name > gpg.pub

Adding the --armor option produces ASCII output, which may be preferable if you intend
to e‑mail the public key. You can make the file accessible on your Web site, transfer it as an
e‑mail attachment, or distribute it in various other ways.
To encrypt e‑mail you send to others, you must obtain their public keys. Ask your
fellas how to obtain them. Once you’ve done so, you can add their keys to
your key database (that is, the set of keys GPG maintains):

$ gpg --import some_ones_public_key.pub

This command adds some_ones_public_key.pub to your set of public keys belonging to other people.

You can use:
$ gpg --list-keys to see list of keys.

To encrypt data, you use gpg with its --out and --encrypt options:

$ gpg --out encrypted-file --recipient uid --armor --encrypt original-file

The --recipient and --armor are optional but good options if you intend to transfer this data by mail.
If you receive a message or file that was encrypted with your public key, you can reverse
the encryption by using the --decrypt option:

$ gpg --out decrypted-file --decrypt encrypted-file


You’ll be asked to enter your passphrase. The result should be a decrypted version of the
original file.

GPG can be used to sign messages so that recipients know they come from
you. To do so, use the --sign or --clearsign option to gpg:

$ gpg --clearsign original-file


If you receive a signed message, you can verify the signature using the --verify option
to gpg:

$ gpg --verify received-file

Friday, August 7, 2009

Using the "at" command

At is a nice command that resembles crontab, but more straightforward.
Suppose you need to run a command once, at a pre-determined time, it's ideal to use "at".
Verify atd deamon is running:
chkconfig --list | grep atd
atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off

Here are couple of examples:
at 1:00 am tomorrow my_cron_script.sh
at -m 10:20 at -f my_cron_script 2:00 july 11


You can use "atq" to view your que:
paul@machine2 ~]$ atq
16 Wed Jul 11 02:00:00 2007 a paul
17 Sat Jul 14 02:00:00 2007 a paul
14 Sun Jul 8 22:00:00 2007 a paul
15 Tue Jul 10 02:00:00 2007 a paul

Your can use atrm, to remove undesired jobs in que:

[paul@machine2 ~]$ atrm 16 14 15

Pay attention that the undesired jobs are gone now:
[paul@machine2 ~]$ atq
17 Sat Jul 14 02:00:00 2007 a paul

The at command can always be issued by a privileged user.
Other users must be listed in the file /etc/at.allow if it exists;
otherwise, they must not be listed in /etc/at.deny.
If neither file exists, only a privileged user can issue the command.