diff options
| author | Silvino Silva <silvino@bk.ru> | 2016-09-20 20:40:25 +0100 |
|---|---|---|
| committer | Silvino Silva <silvino@bk.ru> | 2016-09-20 20:41:53 +0100 |
| commit | e4b9fd6157b8b5eedf67006719a0ef5f1ac0027e (patch) | |
| tree | 67281a7f9b36acc4d42da15e893a8e15c6e42ba4 /tools | |
| parent | e77894b32b609572f46e30d25372166016b500d4 (diff) | |
| download | doc-e4b9fd6157b8b5eedf67006719a0ef5f1ac0027e.tar.gz | |
initial r-0.2.1
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/gnupg.html | 294 | ||||
| -rw-r--r-- | tools/index.html | 4 | ||||
| -rw-r--r-- | tools/tar.html | 17 |
3 files changed, 305 insertions, 10 deletions
diff --git a/tools/gnupg.html b/tools/gnupg.html new file mode 100644 index 0000000..61bfaba --- /dev/null +++ b/tools/gnupg.html @@ -0,0 +1,294 @@ +<!DOCTYPE html> +<html dir="ltr" lang="en"> + <head> + <meta charset='utf-8'> + <title>GnuPG</title> + </head> + <body> + + <a href="index.html">Tools Index</a> + + <h1>GnuPG</h1> + + <p>Install gnupg;</p> + + <pre> + $ sudo prt-get depinst gnupg + </pre> + + <p>Create a skeleton configuration to be copied by useradd to + each user home directory;</p> + + <pre> + $ sudo mkdir /etc/skel/.gnupg + $ sudo cp /usr/share/gnupg/gpg-conf.skel /etc/skel/.gnupg/gpg.conf + </pre> + + <p>Configure GnuPG to automatically fetch public keys, + uncomment following line to ~/.gnupg/gpg.conf;</p> + + <pre> + keyserver-options auto-key-retrieve + </pre> + + <p>And add a server, in this example wwwkeys.pgp.net;</p> + + <pre> + # keyserver wwwkeys.pgp.net + # keyserver search.keyserver.net + keyserver pgp.mit.edu + </pre> + + <p>Test your configuration as described by Justin R. Miller <a href="http://codesorcery.net/old/mutt/mutt-gnupg-howto">Mutt Gnupg Howto</a>;</p> + + <pre> + $ gpg --recv-keys 0xC9C40C31 + </pre> + + <p>Confirm;</p> + + <pre> + gpg --list-keys justin + </pre> + + <h2 id="gpg-genkey">1. Generate keys</h2> + + <p>Options for creating a DSA and ElGamal key;</p> + <dl> + <dt>Key Size</dt> + <dd>the defaults are ok.</dd> + <dt>Expiring Date</dt> + <dd>Choose a non-expiring key for your own use. For public + at least choose yearly expiration.</dd> + <dt>Name and Email</dt> + <dd>Real name and e-mail address used to identify your key.</dd> + <dt>Comment</dt> + <dd>Can be empty, make a small comment to help indentify.</dd> + <dt>Passphrase</dt> + <dd>Password should use numebers and special chars.</dd> + </dl> + + <p>Generate keys;</p> + + <pre> + $ gpg2 --full-gen-key + gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc. + This is free software: you are free to change and redistribute it. + There is NO WARRANTY, to the extent permitted by law. + + Please select what kind of key you want: + (1) RSA and RSA (default) + (2) DSA and Elgamal + (3) DSA (sign only) + (4) RSA (sign only) + Your selection? 2 + DSA keys may be between 1024 and 3072 bits long. + What keysize do you want? (2048) 2049 + Requested keysize is 2049 bits + rounded up to 2112 bits + Please specify how long the key should be valid. + 0 = key does not expire + <n> = key expires in n days + <n>w = key expires in n weeks + <n>m = key expires in n months + <n>y = key expires in n years + Key is valid for? (0) 1y + Key expires at Tue May 30 20:29:36 2017 WEST + Is this correct? (y/N) y + + GnuPG needs to construct a user ID to identify your key. + + Real name: User Name + Email address: user@external.org + Comment: user at external dot org + You selected this USER-ID: + "User Name (user at external dot org) <user@external.org>" + + Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O + </pre> + + <p>This will create the follow files;</p> + + <pre> + .gnupg/pubring.gpg + .gnupg/random_seed + .gnupg/secring.gpg + .gnupg/trustdb.gp + </pre> + + <p>List keys;</p> + + <pre> + $ gpg --list-keys + /home/droid/.gnupg/pubring.kbx + ------------------------------ + pub dsa3072/EE29B7D3 2016-05-30 [SC] [expires: 2017-05-30] + uid [ultimate] User Name (user at external dot org) <user@external.org> + sub elg2112/9BC2DC12 2016-05-30 [E] [expires: 2017-05-30] + </pre> + + <p>In this case pub key ID is EE29B7D3, add to .profile;</p> + + <pre> + export GPGKEY=0xEE29B7D3 + </pre> + + <h2 id="management">2. Key Management</h2> + + <p>Key Management;</p> + + <pre> + $ gpg --list-keys + $ gpg --list-secret-keys + $ gpg --fingerprint + $ gpg --delete-key UID + $ gpg --delete-secret-key + $ gpg --edit-key UID + </pre> + + <h3>2.1 Edit key</h3> + + <pre> + $ gpg --edit-key KEYID + adduid + </pre> + + <p>Follow the instructions and then select the user you + want to revoque, where N is the UID of the user;</p> + + <pre> + uid N + revuid + save + </pre> + + <h2 id="gpg-ei">3. Export and import keys</h2> + + <h3>3.1. Export Key</h3> + + <p>Public keys can be exported in binary format + or ASCII-armored format. To export binary format;</p> + + <pre> + $ gpg --list-keys + </pre> + + <pre> + $ gpg --output user.gpg --export user@localhost + </pre> + + <p>Generate an ASCII version of your public key;</p> + + <pre> + $ gpg --armor --output user.asc --export 'User Name' + </pre> + + <h3>3.2. Export to keyserver</h3> + + <p>The primary public key's ID is referenced in the pub + line after the key size, for example the key created above, + the short key ID is EE29B7D3: + <pre> + gpg --keyserver search.keyserver.net --send-key EE29B7D3 + </pre> + + <h3>3.3. Import Key</h3> + + <p>Is very easy to import public keys;</p> + + <pre> + $ gpg --import user.gpg + </pre> + + <p>To list imported keys;</p> + + <pre> + $ gpg --list-keys + </pre> + + <h2 id="gpg-crypt">4. Encrypt, decrypt and signing</h2> + + <h3>4.1. Encrypt file</h3> + + <p>To be abble to decrypt the document we need to include + public key in the recipient list;</p> + + <pre> + $ gpg --output index.html.gpg --encrypt \ + --recipient user@localhost \ + --recipient bob@localhost \ + index.html + </pre> + + <h3>4.2. Decrypt file</h3> + + <p>To decrypt the file;</p> + + <pre> + $ gpg --output index.html --decrypt index.html.gpg + </pre> + + <h3>4.3. Signing a File</h3> + + <p>A digital signature certifies and timestamps a document. + If the document is subsequently modified in any way, + a verification of the signature will fail. A digital + signature can serve the same purpose as a hand-written + signature with the additional benefit of being + tamper-resistant. Example on how to sign a file;</p> + + <p>To send document uncompressed and wrapped in an ASCII-armored + signature;</p> + + <pre> + $ gpg --clearsign index.html + </pre> + + <p>Verify signature;</p> + + <pre> + $ gpg --verify index.html.asc + </pre> + + <p>To encrypt and sign a file;</p> + + <pre> + $ gpg --output index.html.gpg --sign --encrypt \ + --recipient bob@localhost \ + index.html + </pre> + + <p>To decrypt;</p> + + <pre> + $ gpg --output index.html --decrypt index.html.gpg + </pre> + + <p>You should see this message on the output;</p> + + <pre> + gpg: Good signature from "User (user at localhost) <user@localhost>" + </pre> + + <p>Detached signatures create a separate file for + signature;</p> + + <pre> + $ gpg --output index.html.sig --detach-sig index.html + </pre> + + <p>Now you can send index.html.sig and on the other end;</p> + + <pre> + $ gpg --verify index.html.sig + </pre> + + <a href="index.html">Systools Index</a> + <p>This is part of the SysDoc Manual. + Copyright (C) 2016 + Silvino Silva. + See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> + for copying conditions.</p> + + </body> +</html> diff --git a/tools/index.html b/tools/index.html index 0c8e449..7e02974 100644 --- a/tools/index.html +++ b/tools/index.html @@ -16,9 +16,9 @@ <ul> <li><a href="tar.html">Tar</a> <ul> - <li><a href="tar.html#tarbkup">1, Create Backup</a></li> + <li><a href="tar.html#tarbkup">1. Create Backup</a></li> <li><a href="tar.html#tarview">2. View content of tar</a></li> - <li><a href="tar.html#tarextract">2. Extract content from tar</a></li> + <li><a href="tar.html#tarextract">3. Extract content from tar</a></li> <li><a href="tar.html#taradd">4. Add content to tar</a></li> <li><a href="tar.html#tarrm">5. Remove content from tar</a></li> </ul> diff --git a/tools/tar.html b/tools/tar.html index edd733d..31a8485 100644 --- a/tools/tar.html +++ b/tools/tar.html @@ -6,11 +6,11 @@ </head> <body> - <a href="index.html">Systolls Index</a> - <h1>2. Tar</h1> + <a href="index.html">Tools Index</a> + <h1>Tar</h1> - <h2 id="tarbkup">2.1. Create Backup</h2> + <h2 id="tarbkup">1. Create Backup</h2> <p>Script in core/scripts/<a href="scripts/backup-system.sh">backup-system.sh</a> use tldp <a href="http://tldp.org/LDP/lame/LAME/linux-admin-made-easy/server-backup.html">server backup</a> @@ -47,7 +47,7 @@ --exclude=sys . </pre> - <h2 id="tarview">1.2. View content of tar</h2> + <h2 id="tarview">2. View content of tar</h2> <p>List files inside tar;</p> @@ -62,7 +62,7 @@ $ tar -ztvpf full-backup-11-November-2045.tar.gz > file.lst </pre> - <h2 id="tarextract">1.3. Extract content from tar</h2> + <h2 id="tarextract">3. Extract content from tar</h2> <p>If you want to extrat to different directory;</p> @@ -82,7 +82,7 @@ $ tar --extract --file=core.tar.gz libidn#1.32-1.pkg.tar.gz </pre> - <h2 id="taradd">1.4. Add content to tar</h2> + <h2 id="taradd">4. Add content to tar</h2> <p>Only uncompressed tar can append files without having to extract and compress again.</p> @@ -101,7 +101,7 @@ $ tar -tvf core.tar </pre> - <h2 id="tarrm">1.5. Remove content of tar</h2> + <h2 id="tarrm">5. Remove content of tar</h2> <pre> $ tar -tvf core.tar @@ -109,7 +109,8 @@ $ tar -tvf core.tar </pre> - <a href="index.html">Systolls Index</a> + <a href="index.html">Tools Index</a> + <p> This is part of the c9-doc Manual. Copyright (C) 2016 |