Saturday, August 15, 2009
Quick and easy GPG
GPG is a nice security feature which enables us to encrypt /decrypt our valuable info.
It's widely spread amongst the *nix community since it's a great tool to make sure your valuable data will remain untouched.
gpg -c filename
will encrypt the filename, you will be asked for a passphrase, eventually a new filename.gpg will be created - this is you encrypted file and it's ready to be sent.
will decrypt the file, via the same passphrase (symetric authentication) - preety simple.
You will need to generate a public and a private keys, to do so run:
$ gpg --gen-key
This will generate a pair of keys, during the process you will be asked for couple of questions such as your name, your e-mail etc.. eventually the keys will be stored in the ~/.gnupg directory. Once you’ve generated your keys, you can export your public key to some file:
$ gpg --export name > gpg.pub
Adding the --armor option produces ASCII output, which may be preferable if you intend
to e‑mail the public key. You can make the file accessible on your Web site, transfer it as an
e‑mail attachment, or distribute it in various other ways.
To encrypt e‑mail you send to others, you must obtain their public keys. Ask your
fellas how to obtain them. Once you’ve done so, you can add their keys to
your key database (that is, the set of keys GPG maintains):
$ gpg --import some_ones_public_key.pub
This command adds some_ones_public_key.pub to your set of public keys belonging to other people.
You can use:
$ gpg --list-keys to see list of keys.
To encrypt data, you use gpg with its --out and --encrypt options:
$ gpg --out encrypted-file --recipient uid --armor --encrypt original-file
The --recipient and --armor are optional but good options if you intend to transfer this data by mail.
If you receive a message or file that was encrypted with your public key, you can reverse
the encryption by using the --decrypt option:
$ gpg --out decrypted-file --decrypt encrypted-file
You’ll be asked to enter your passphrase. The result should be a decrypted version of the
GPG can be used to sign messages so that recipients know they come from
you. To do so, use the --sign or --clearsign option to gpg:
$ gpg --clearsign original-file
If you receive a signed message, you can verify the signature using the --verify option
$ gpg --verify received-file