Difference between revisions of "Use gpg"

From Linuxintro
imported>ChrisM
imported>ChrisM
Line 11: Line 11:
 
=== Creating a key ===
 
=== Creating a key ===
  
...
+
First, you should create an own key. This will allow you to sign data with your key, so other people can be sure it stems from you (if they trust the authenticity of your key) and it will allow people to encrypt data with your public key that only you, using your private key, can decrypt.
 +
 
 +
GPG stores all of its data under ~/.gnupg, though that will be created automatically. So just run:
 +
gnupg --gen-key
 +
 
 +
Select "DSA and ElGamal" as key type and select a decent key length. If you are not concerned about how long your key will be in its ASCII representation (so you do not want to attach it to every mail or so), you should probably just use 4096.
 +
 
 +
Now you can select when the key will expire. This is up to you, however for a first test, you might want to create a key that expires after some days, so no one thinks that this is a permanent key though you do not use it any longer.
 +
 
 +
Confirm and enter you name, mail address and an optional comment. The mail address should be one that people will try to mail to later (if using the key for mailing) so that they get the key right off the key server.
 +
 
 +
Confirm another time and now choose a '''secure''' passphrase for the private key. This will protect your private key from illicit use, even if someone gets it (you should make sure it does not come this far!). Now just generate some entropy, surf the web, move the move etc., and your key should be generated and ready to use.
 +
 
 +
Perhaps you want to deploy your key to a key server now for your contacts to download. Read more about this below.
  
 
=== Exporting your key ===
 
=== Exporting your key ===

Revision as of 12:14, 25 April 2009

Introduction

gpg (more specific: GnuPG) can be used to encrypt/decrypt all sort of data, text including mails and binary files, for use of a recipient or for everyone who knows the passphrase (symmetric encryption). It is one of the most established standards for encryption and embedded into many applications, though this article focuses on direct use of gpg on the CLI.

Installation

Packages should be available for all distributions. The package is usually called "gnupg". If you do not know how to install packages, look here.

Usage

Creating a key

First, you should create an own key. This will allow you to sign data with your key, so other people can be sure it stems from you (if they trust the authenticity of your key) and it will allow people to encrypt data with your public key that only you, using your private key, can decrypt.

GPG stores all of its data under ~/.gnupg, though that will be created automatically. So just run:

gnupg --gen-key

Select "DSA and ElGamal" as key type and select a decent key length. If you are not concerned about how long your key will be in its ASCII representation (so you do not want to attach it to every mail or so), you should probably just use 4096.

Now you can select when the key will expire. This is up to you, however for a first test, you might want to create a key that expires after some days, so no one thinks that this is a permanent key though you do not use it any longer.

Confirm and enter you name, mail address and an optional comment. The mail address should be one that people will try to mail to later (if using the key for mailing) so that they get the key right off the key server.

Confirm another time and now choose a secure passphrase for the private key. This will protect your private key from illicit use, even if someone gets it (you should make sure it does not come this far!). Now just generate some entropy, surf the web, move the move etc., and your key should be generated and ready to use.

Perhaps you want to deploy your key to a key server now for your contacts to download. Read more about this below.

Exporting your key

...

Importing keys

...

Listing all known keys

...

Encryption

...

Decryption

...

Signing and verifying signs

...

Symmetric encryption/decryption

...

Going further

  • Setup gpg-agent which helps you by caching pass phrases, if you want.
  • Install a graphical frontend like kgpg (good KDE frontend, albeit a bit buggy).