diff options
Diffstat (limited to 'tools/gnupg.html')
| -rw-r--r-- | tools/gnupg.html | 294 |
1 files changed, 294 insertions, 0 deletions
diff --git a/tools/gnupg.html b/tools/gnupg.html new file mode 100644 index 0000000..61bfaba --- /dev/null +++ b/tools/gnupg.html @@ -0,0 +1,294 @@ +<!DOCTYPE html> +<html dir="ltr" lang="en"> + <head> + <meta charset='utf-8'> + <title>GnuPG</title> + </head> + <body> + + <a href="index.html">Tools Index</a> + + <h1>GnuPG</h1> + + <p>Install gnupg;</p> + + <pre> + $ sudo prt-get depinst gnupg + </pre> + + <p>Create a skeleton configuration to be copied by useradd to + each user home directory;</p> + + <pre> + $ sudo mkdir /etc/skel/.gnupg + $ sudo cp /usr/share/gnupg/gpg-conf.skel /etc/skel/.gnupg/gpg.conf + </pre> + + <p>Configure GnuPG to automatically fetch public keys, + uncomment following line to ~/.gnupg/gpg.conf;</p> + + <pre> + keyserver-options auto-key-retrieve + </pre> + + <p>And add a server, in this example wwwkeys.pgp.net;</p> + + <pre> + # keyserver wwwkeys.pgp.net + # keyserver search.keyserver.net + keyserver pgp.mit.edu + </pre> + + <p>Test your configuration as described by Justin R. Miller <a href="http://codesorcery.net/old/mutt/mutt-gnupg-howto">Mutt Gnupg Howto</a>;</p> + + <pre> + $ gpg --recv-keys 0xC9C40C31 + </pre> + + <p>Confirm;</p> + + <pre> + gpg --list-keys justin + </pre> + + <h2 id="gpg-genkey">1. Generate keys</h2> + + <p>Options for creating a DSA and ElGamal key;</p> + <dl> + <dt>Key Size</dt> + <dd>the defaults are ok.</dd> + <dt>Expiring Date</dt> + <dd>Choose a non-expiring key for your own use. For public + at least choose yearly expiration.</dd> + <dt>Name and Email</dt> + <dd>Real name and e-mail address used to identify your key.</dd> + <dt>Comment</dt> + <dd>Can be empty, make a small comment to help indentify.</dd> + <dt>Passphrase</dt> + <dd>Password should use numebers and special chars.</dd> + </dl> + + <p>Generate keys;</p> + + <pre> + $ gpg2 --full-gen-key + gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc. + This is free software: you are free to change and redistribute it. + There is NO WARRANTY, to the extent permitted by law. + + Please select what kind of key you want: + (1) RSA and RSA (default) + (2) DSA and Elgamal + (3) DSA (sign only) + (4) RSA (sign only) + Your selection? 2 + DSA keys may be between 1024 and 3072 bits long. + What keysize do you want? (2048) 2049 + Requested keysize is 2049 bits + rounded up to 2112 bits + Please specify how long the key should be valid. + 0 = key does not expire + <n> = key expires in n days + <n>w = key expires in n weeks + <n>m = key expires in n months + <n>y = key expires in n years + Key is valid for? (0) 1y + Key expires at Tue May 30 20:29:36 2017 WEST + Is this correct? (y/N) y + + GnuPG needs to construct a user ID to identify your key. + + Real name: User Name + Email address: user@external.org + Comment: user at external dot org + You selected this USER-ID: + "User Name (user at external dot org) <user@external.org>" + + Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O + </pre> + + <p>This will create the follow files;</p> + + <pre> + .gnupg/pubring.gpg + .gnupg/random_seed + .gnupg/secring.gpg + .gnupg/trustdb.gp + </pre> + + <p>List keys;</p> + + <pre> + $ gpg --list-keys + /home/droid/.gnupg/pubring.kbx + ------------------------------ + pub dsa3072/EE29B7D3 2016-05-30 [SC] [expires: 2017-05-30] + uid [ultimate] User Name (user at external dot org) <user@external.org> + sub elg2112/9BC2DC12 2016-05-30 [E] [expires: 2017-05-30] + </pre> + + <p>In this case pub key ID is EE29B7D3, add to .profile;</p> + + <pre> + export GPGKEY=0xEE29B7D3 + </pre> + + <h2 id="management">2. Key Management</h2> + + <p>Key Management;</p> + + <pre> + $ gpg --list-keys + $ gpg --list-secret-keys + $ gpg --fingerprint + $ gpg --delete-key UID + $ gpg --delete-secret-key + $ gpg --edit-key UID + </pre> + + <h3>2.1 Edit key</h3> + + <pre> + $ gpg --edit-key KEYID + adduid + </pre> + + <p>Follow the instructions and then select the user you + want to revoque, where N is the UID of the user;</p> + + <pre> + uid N + revuid + save + </pre> + + <h2 id="gpg-ei">3. Export and import keys</h2> + + <h3>3.1. Export Key</h3> + + <p>Public keys can be exported in binary format + or ASCII-armored format. To export binary format;</p> + + <pre> + $ gpg --list-keys + </pre> + + <pre> + $ gpg --output user.gpg --export user@localhost + </pre> + + <p>Generate an ASCII version of your public key;</p> + + <pre> + $ gpg --armor --output user.asc --export 'User Name' + </pre> + + <h3>3.2. Export to keyserver</h3> + + <p>The primary public key's ID is referenced in the pub + line after the key size, for example the key created above, + the short key ID is EE29B7D3: + <pre> + gpg --keyserver search.keyserver.net --send-key EE29B7D3 + </pre> + + <h3>3.3. Import Key</h3> + + <p>Is very easy to import public keys;</p> + + <pre> + $ gpg --import user.gpg + </pre> + + <p>To list imported keys;</p> + + <pre> + $ gpg --list-keys + </pre> + + <h2 id="gpg-crypt">4. Encrypt, decrypt and signing</h2> + + <h3>4.1. Encrypt file</h3> + + <p>To be abble to decrypt the document we need to include + public key in the recipient list;</p> + + <pre> + $ gpg --output index.html.gpg --encrypt \ + --recipient user@localhost \ + --recipient bob@localhost \ + index.html + </pre> + + <h3>4.2. Decrypt file</h3> + + <p>To decrypt the file;</p> + + <pre> + $ gpg --output index.html --decrypt index.html.gpg + </pre> + + <h3>4.3. Signing a File</h3> + + <p>A digital signature certifies and timestamps a document. + If the document is subsequently modified in any way, + a verification of the signature will fail. A digital + signature can serve the same purpose as a hand-written + signature with the additional benefit of being + tamper-resistant. Example on how to sign a file;</p> + + <p>To send document uncompressed and wrapped in an ASCII-armored + signature;</p> + + <pre> + $ gpg --clearsign index.html + </pre> + + <p>Verify signature;</p> + + <pre> + $ gpg --verify index.html.asc + </pre> + + <p>To encrypt and sign a file;</p> + + <pre> + $ gpg --output index.html.gpg --sign --encrypt \ + --recipient bob@localhost \ + index.html + </pre> + + <p>To decrypt;</p> + + <pre> + $ gpg --output index.html --decrypt index.html.gpg + </pre> + + <p>You should see this message on the output;</p> + + <pre> + gpg: Good signature from "User (user at localhost) <user@localhost>" + </pre> + + <p>Detached signatures create a separate file for + signature;</p> + + <pre> + $ gpg --output index.html.sig --detach-sig index.html + </pre> + + <p>Now you can send index.html.sig and on the other end;</p> + + <pre> + $ gpg --verify index.html.sig + </pre> + + <a href="index.html">Systools Index</a> + <p>This is part of the SysDoc Manual. + Copyright (C) 2016 + Silvino Silva. + See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> + for copying conditions.</p> + + </body> +</html> |