From e4b9fd6157b8b5eedf67006719a0ef5f1ac0027e Mon Sep 17 00:00:00 2001 From: Silvino Silva Date: Tue, 20 Sep 2016 20:40:25 +0100 Subject: initial r-0.2.1 --- tools/gnupg.html | 294 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ tools/index.html | 4 +- tools/tar.html | 17 ++-- 3 files changed, 305 insertions(+), 10 deletions(-) create mode 100644 tools/gnupg.html (limited to 'tools') diff --git a/tools/gnupg.html b/tools/gnupg.html new file mode 100644 index 0000000..61bfaba --- /dev/null +++ b/tools/gnupg.html @@ -0,0 +1,294 @@ + + + + + GnuPG + + + + Tools Index + +

GnuPG

+ +

Install gnupg;

+ + 
+        $ sudo prt-get depinst gnupg
+
+ +

Create a skeleton configuration to be copied by useradd to + each user home directory;

+ + 
+        $ sudo mkdir /etc/skel/.gnupg
+        $ sudo cp /usr/share/gnupg/gpg-conf.skel /etc/skel/.gnupg/gpg.conf
+
+ +

Configure GnuPG to automatically fetch public keys, + uncomment following line to ~/.gnupg/gpg.conf;

+ + 
+        keyserver-options auto-key-retrieve
+
+ +

And add a server, in this example wwwkeys.pgp.net;

+ + 
+        # keyserver wwwkeys.pgp.net
+        # keyserver search.keyserver.net
+        keyserver pgp.mit.edu
+
+ +

Test your configuration as described by Justin R. Miller Mutt Gnupg Howto;

+ + 
+        $ gpg --recv-keys 0xC9C40C31
+
+ +

Confirm;

+ + 
+        gpg --list-keys justin
+
+ +

1. Generate keys

+ +

Options for creating a DSA and ElGamal key;

+
+
Key Size
+
the defaults are ok.
+
Expiring Date
+
Choose a non-expiring key for your own use. For public + at least choose yearly expiration.
+
Name and Email
+
Real name and e-mail address used to identify your key.
+
Comment
+
Can be empty, make a small comment to help indentify.
+
Passphrase
+
Password should use numebers and special chars.
+
+ +

Generate keys;

+ + 
+        $ gpg2 --full-gen-key
+        gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc.
+        This is free software: you are free to change and redistribute it.
+        There is NO WARRANTY, to the extent permitted by law.
+
+        Please select what kind of key you want:
+           (1) RSA and RSA (default)
+           (2) DSA and Elgamal
+           (3) DSA (sign only)
+           (4) RSA (sign only)
+        Your selection? 2
+        DSA keys may be between 1024 and 3072 bits long.
+        What keysize do you want? (2048) 2049
+        Requested keysize is 2049 bits
+        rounded up to 2112 bits
+        Please specify how long the key should be valid.
+                 0 = key does not expire
+              <n>  = key expires in n days
+              <n>w = key expires in n weeks
+              <n>m = key expires in n months
+              <n>y = key expires in n years
+        Key is valid for? (0) 1y
+        Key expires at Tue May 30 20:29:36 2017 WEST
+        Is this correct? (y/N) y
+
+        GnuPG needs to construct a user ID to identify your key.
+
+        Real name: User Name
+        Email address: user@external.org
+        Comment: user at external dot org
+        You selected this USER-ID:
+            "User Name (user at external dot org) <user@external.org>"
+
+        Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+
+ +

This will create the follow files;

+ + 
+        .gnupg/pubring.gpg
+        .gnupg/random_seed
+        .gnupg/secring.gpg
+        .gnupg/trustdb.gp
+
+ +

List keys;

+ + 
+        $ gpg --list-keys
+        /home/droid/.gnupg/pubring.kbx
+        ------------------------------
+        pub   dsa3072/EE29B7D3 2016-05-30 [SC] [expires: 2017-05-30]
+        uid         [ultimate] User Name (user at external dot org) <user@external.org>
+        sub   elg2112/9BC2DC12 2016-05-30 [E] [expires: 2017-05-30]
+
+ +

In this case pub key ID is EE29B7D3, add to .profile;

+ + 
+        export GPGKEY=0xEE29B7D3
+
+ +

2. Key Management

+ +

Key Management;

+ + 
+        $ gpg --list-keys
+        $ gpg --list-secret-keys
+        $ gpg --fingerprint
+        $ gpg --delete-key UID
+        $ gpg --delete-secret-key
+        $ gpg --edit-key UID
+
+ +

2.1 Edit key

+ + 
+        $ gpg --edit-key KEYID
+        adduid
+
+ +

Follow the instructions and then select the user you + want to revoque, where N is the UID of the user;

+ + 
+        uid N
+        revuid
+        save
+
+ +

3. Export and import keys

+ +

3.1. Export Key

+ +

Public keys can be exported in binary format + or ASCII-armored format. To export binary format;

+ + 
+        $ gpg --list-keys
+
+ + 
+        $ gpg --output user.gpg --export user@localhost
+
+ +

Generate an ASCII version of your public key;

+ + 
+        $ gpg --armor --output user.asc --export 'User Name'
+
+ +

3.2. Export to keyserver

+ +

The primary public key's ID is referenced in the pub + line after the key size, for example the key created above, + the short key ID is EE29B7D3: + 

+        gpg --keyserver search.keyserver.net --send-key EE29B7D3
+
+ +

3.3. Import Key

+ +

Is very easy to import public keys;

+ + 
+        $ gpg --import user.gpg
+
+ +

To list imported keys;

+ + 
+        $ gpg --list-keys
+
+ +

4. Encrypt, decrypt and signing

+ +

4.1. Encrypt file

+ +

To be abble to decrypt the document we need to include + public key in the recipient list;

+ + 
+        $ gpg --output index.html.gpg --encrypt \
+        --recipient user@localhost \
+        --recipient bob@localhost \
+        index.html
+
+ +

4.2. Decrypt file

+ +

To decrypt the file;

+ + 
+        $ gpg --output index.html --decrypt index.html.gpg
+
+ +

4.3. Signing a File

+ +

A digital signature certifies and timestamps a document. + If the document is subsequently modified in any way, + a verification of the signature will fail. A digital + signature can serve the same purpose as a hand-written + signature with the additional benefit of being + tamper-resistant. Example on how to sign a file;

+ +

To send document uncompressed and wrapped in an ASCII-armored + signature;

+ + 
+        $ gpg --clearsign index.html
+
+ +

Verify signature;

+ + 
+        $ gpg --verify index.html.asc
+
+ +

To encrypt and sign a file;

+ + 
+        $ gpg --output index.html.gpg --sign --encrypt \
+        --recipient bob@localhost \
+        index.html
+
+ +

To decrypt;

+ + 
+        $ gpg --output index.html --decrypt index.html.gpg
+
+ +

You should see this message on the output;

+ + 
+        gpg: Good signature from "User (user at localhost) <user@localhost>"
+
+ +

Detached signatures create a separate file for + signature;

+ + 
+        $ gpg --output index.html.sig --detach-sig index.html
+
+ +

Now you can send index.html.sig and on the other end;

+ + 
+        $ gpg --verify index.html.sig
+
+ + Systools Index +

This is part of the SysDoc Manual. + Copyright (C) 2016 + Silvino Silva. + See the file Gnu Free Documentation License + for copying conditions.

+ + + diff --git a/tools/index.html b/tools/index.html index 0c8e449..7e02974 100644 --- a/tools/index.html +++ b/tools/index.html @@ -16,9 +16,9 @@