about summary refs log tree commit diff stats
path: root/tools/gnupg.html
diff options
context:
space:
mode:
authorSilvino Silva <silvino@bk.ru>2016-09-20 20:40:25 +0100
committerSilvino Silva <silvino@bk.ru>2016-09-20 20:41:53 +0100
commite4b9fd6157b8b5eedf67006719a0ef5f1ac0027e (patch)
tree67281a7f9b36acc4d42da15e893a8e15c6e42ba4 /tools/gnupg.html
parente77894b32b609572f46e30d25372166016b500d4 (diff)
downloaddoc-e4b9fd6157b8b5eedf67006719a0ef5f1ac0027e.tar.gz
initial r-0.2.1
Diffstat (limited to 'tools/gnupg.html')
-rw-r--r--tools/gnupg.html294
1 files changed, 294 insertions, 0 deletions
diff --git a/tools/gnupg.html b/tools/gnupg.html
new file mode 100644
index 0000000..61bfaba
--- /dev/null
+++ b/tools/gnupg.html
@@ -0,0 +1,294 @@
+<!DOCTYPE html>
+<html dir="ltr" lang="en">
+    <head>
+        <meta charset='utf-8'>
+        <title>GnuPG</title>
+    </head>
+    <body>
+
+        <a href="index.html">Tools Index</a>
+
+        <h1>GnuPG</h1>
+
+        <p>Install gnupg;</p>
+
+        <pre>
+        $ sudo prt-get depinst gnupg
+        </pre>
+
+        <p>Create a skeleton configuration to be copied by useradd to
+        each user home directory;</p>
+
+        <pre>
+        $ sudo mkdir /etc/skel/.gnupg
+        $ sudo cp /usr/share/gnupg/gpg-conf.skel /etc/skel/.gnupg/gpg.conf
+        </pre>
+
+        <p>Configure GnuPG to automatically fetch public keys,
+        uncomment following line to ~/.gnupg/gpg.conf;</p>
+
+        <pre>
+        keyserver-options auto-key-retrieve
+        </pre>
+
+        <p>And add a server, in this example wwwkeys.pgp.net;</p>
+
+        <pre>
+        # keyserver wwwkeys.pgp.net
+        # keyserver search.keyserver.net
+        keyserver pgp.mit.edu
+        </pre>
+
+        <p>Test your configuration as described by Justin R. Miller <a href="http://codesorcery.net/old/mutt/mutt-gnupg-howto">Mutt Gnupg Howto</a>;</p>
+
+        <pre>
+        $ gpg --recv-keys 0xC9C40C31
+        </pre>
+
+        <p>Confirm;</p>
+
+        <pre>
+        gpg --list-keys justin
+        </pre>
+
+        <h2 id="gpg-genkey">1. Generate keys</h2>
+
+        <p>Options for creating a DSA and ElGamal key;</p>
+        <dl>
+            <dt>Key Size</dt>
+            <dd>the defaults are ok.</dd>
+            <dt>Expiring Date</dt>
+            <dd>Choose a non-expiring key for your own use. For public
+            at least choose yearly expiration.</dd>
+            <dt>Name and Email</dt>
+            <dd>Real name and e-mail address used to identify your key.</dd>
+            <dt>Comment</dt>
+            <dd>Can be empty, make a small comment to help indentify.</dd>
+            <dt>Passphrase</dt>
+            <dd>Password should use numebers and special chars.</dd>
+        </dl>
+
+        <p>Generate keys;</p>
+
+        <pre>
+        $ gpg2 --full-gen-key
+        gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc.
+        This is free software: you are free to change and redistribute it.
+        There is NO WARRANTY, to the extent permitted by law.
+
+        Please select what kind of key you want:
+           (1) RSA and RSA (default)
+           (2) DSA and Elgamal
+           (3) DSA (sign only)
+           (4) RSA (sign only)
+        Your selection? 2
+        DSA keys may be between 1024 and 3072 bits long.
+        What keysize do you want? (2048) 2049
+        Requested keysize is 2049 bits
+        rounded up to 2112 bits
+        Please specify how long the key should be valid.
+                 0 = key does not expire
+              &lt;n&gt;  = key expires in n days
+              &lt;n&gt;w = key expires in n weeks
+              &lt;n&gt;m = key expires in n months
+              &lt;n&gt;y = key expires in n years
+        Key is valid for? (0) 1y
+        Key expires at Tue May 30 20:29:36 2017 WEST
+        Is this correct? (y/N) y
+
+        GnuPG needs to construct a user ID to identify your key.
+
+        Real name: User Name
+        Email address: user@external.org
+        Comment: user at external dot org
+        You selected this USER-ID:
+            "User Name (user at external dot org) &lt;user@external.org&gt;"
+
+        Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+        </pre>
+
+        <p>This will create the follow files;</p>
+
+        <pre>
+        .gnupg/pubring.gpg
+        .gnupg/random_seed
+        .gnupg/secring.gpg
+        .gnupg/trustdb.gp
+        </pre>
+
+        <p>List keys;</p>
+
+        <pre>
+        $ gpg --list-keys
+        /home/droid/.gnupg/pubring.kbx
+        ------------------------------
+        pub   dsa3072/EE29B7D3 2016-05-30 [SC] [expires: 2017-05-30]
+        uid         [ultimate] User Name (user at external dot org) &lt;user@external.org&gt;
+        sub   elg2112/9BC2DC12 2016-05-30 [E] [expires: 2017-05-30]
+        </pre>
+
+        <p>In this case pub key ID is EE29B7D3, add to .profile;</p>
+
+        <pre>
+        export GPGKEY=0xEE29B7D3
+        </pre>
+
+        <h2 id="management">2. Key Management</h2>
+
+        <p>Key Management;</p>
+
+        <pre>
+        $ gpg --list-keys
+        $ gpg --list-secret-keys
+        $ gpg --fingerprint
+        $ gpg --delete-key UID
+        $ gpg --delete-secret-key
+        $ gpg --edit-key UID
+        </pre>
+
+        <h3>2.1 Edit key</h3>
+
+        <pre>
+        $ gpg --edit-key KEYID
+        adduid
+        </pre>
+
+        <p>Follow the instructions and then select the user you
+        want to revoque, where N is the UID of the user;</p>
+
+        <pre>
+        uid N
+        revuid
+        save
+        </pre>
+
+        <h2 id="gpg-ei">3. Export and import keys</h2>
+
+        <h3>3.1. Export Key</h3>
+
+        <p>Public keys can be exported in binary format
+        or ASCII-armored format. To export binary format;</p>
+
+        <pre>
+        $ gpg --list-keys
+        </pre>
+
+        <pre>
+        $ gpg --output user.gpg --export user@localhost
+        </pre>
+
+        <p>Generate an ASCII version of your public key;</p>
+
+        <pre>
+        $ gpg --armor --output user.asc --export 'User Name'
+        </pre>
+
+        <h3>3.2. Export to keyserver</h3>
+
+        <p>The primary public key's ID is referenced in the pub 
+        line after the key size, for example the key created above,
+        the short key ID is EE29B7D3:
+        <pre>
+        gpg --keyserver search.keyserver.net --send-key EE29B7D3
+        </pre>
+
+        <h3>3.3. Import Key</h3>
+
+        <p>Is very easy to import public keys;</p>
+
+        <pre>
+        $ gpg --import user.gpg
+        </pre>
+
+        <p>To list imported keys;</p>
+
+        <pre>
+        $ gpg --list-keys
+        </pre>
+
+        <h2 id="gpg-crypt">4. Encrypt, decrypt and signing</h2>
+
+        <h3>4.1. Encrypt file</h3>
+
+        <p>To be abble to decrypt the document we need to include
+        public key in the recipient list;</p>
+
+        <pre>
+        $ gpg --output index.html.gpg --encrypt \
+        --recipient user@localhost \
+        --recipient bob@localhost \
+        index.html
+        </pre>
+
+        <h3>4.2. Decrypt file</h3>
+
+        <p>To decrypt the file;</p>
+
+        <pre>
+        $ gpg --output index.html --decrypt index.html.gpg
+        </pre>
+
+        <h3>4.3. Signing a File</h3>
+
+        <p>A digital signature certifies and timestamps a document.
+        If the document is subsequently modified in any way,
+        a verification of the signature will fail. A digital
+        signature can serve the same purpose as a hand-written
+        signature with the additional benefit of being
+        tamper-resistant. Example on how to sign a file;</p>
+
+        <p>To send document uncompressed and wrapped in an ASCII-armored
+        signature;</p>
+
+        <pre>
+        $ gpg --clearsign index.html
+        </pre>
+
+        <p>Verify signature;</p>
+
+        <pre>
+        $ gpg --verify index.html.asc
+        </pre>
+
+        <p>To encrypt and sign a file;</p>
+
+        <pre>
+        $ gpg --output index.html.gpg --sign --encrypt \
+        --recipient bob@localhost \
+        index.html
+        </pre>
+
+        <p>To decrypt;</p>
+
+        <pre>
+        $ gpg --output index.html --decrypt index.html.gpg
+        </pre>
+
+        <p>You should see this message on the output;</p>
+
+        <pre>
+        gpg: Good signature from "User (user at localhost) &lt;user@localhost&gt;"
+        </pre>
+
+        <p>Detached signatures create a separate file for
+        signature;</p>
+
+        <pre>
+        $ gpg --output index.html.sig --detach-sig index.html
+        </pre>
+
+        <p>Now you can send index.html.sig and on the other end;</p>
+
+        <pre>
+        $ gpg --verify index.html.sig
+        </pre>
+
+        <a href="index.html">Systools Index</a>
+        <p>This is part of the SysDoc Manual.
+        Copyright (C) 2016
+        Silvino Silva.
+        See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
+        for copying conditions.</p>
+
+    </body>
+</html>