GnuPG

Create a DSA & Elgamal private and public key pair

  1. Move to your home directory
  2. Run: gpg –gen-key
  3. gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
    This program comes with ABSOLUTELY NO WARRANTY.
    This is free software, and you are welcome to redistribute it
    under certain conditions. See the file COPYING for details.
    Please select what kind of key you want:
    (1) DSA and Elgamal (default)
    (2) DSA (sign only)
    (5) RSA (sign only)
    Your selection? 1
    DSA keypair will have 1024 bits.
    ELG-E keys may be between 1024 and 4096 bits long.
    What keysize do you want? (2048) 4096
    Requested keysize is 4096 bits
    Please specify how long the key should be valid.
    0 = key does not expire
    <n>  = key expires in n days
    <n>w = key expires in n weeks
    <n>m = key expires in n months
    <n>y = key expires in n years
    Key is valid for? (0) 1y
    Key expires at Sat 01 Oct 2011 11:52:59 AM PDT
    Is this correct? (y/N) y
    You need a user ID to identify your key; the software constructs the user ID
    from the Real Name, Comment and Email Address in this form:
    “Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>”
    Real name: FirstName LastName
    Email address: email@example.com
    Comment:
    You selected this USER-ID:
    “First Last <email@example.com>”
    Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
    You need a Passphrase to protect your secret key.
    We need to generate a lot of random bytes. It is a good idea to perform
    some other action (type on the keyboard, move the mouse, utilize the
    disks) during the prime generation; this gives the random number
    generator a better chance to gain enough entropy.
    +++++.+++++++++++++++.+++++..+++++.++++++++++.+++++++++++++++…+++++++++++++++++++++++++..+++++++++++++++++++++++++.++++++++++.+++++++++++++++.+++++……….+++++
    Not enough random bytes available.  Please do some other work to give
    the OS a chance to collect more entropy! (Need 282 more bytes)
    kfgonoinbofndosnboijdnfobnosfnobnlkfdnbosfbnosfdnbos;d
    onvdkn;lkbnosnfonbondsonfbkndsofkbnofidnoibnodnbondsnbondfnbnlknblksdnlbkndsflknbodsfnbodnfbodnfobnlksdnfbknsdfonblkv
    aWe need to generate a lot of random bytes. It is a good idea to perform
    some other action (type on the keyboard, move the mouse, utilize the
    disks) during the prime generation; this gives the random number
    generator a better chance to gain enough entropy.
    ..
    .+++++++++++++++..+++++…+++++…+++++..+++++…++++++++++…++++++++++..++++++++++…++++++++++..++++++++++.+++++..+++++++++++++++++++++++++++++++++++..+++++++++++++++++++++F++++.+++++..J++++++++++>+++++++++++++++.+++++..+++++++++++++++++++++++++.+++++>+++++>+++++FN…………………………………..>+++++…….<.+++++………+++++^^^
    gpg: /home/username/.gnupg/trustdb.gpg: trustdb created
    gpg: key E7C229E3 marked as ultimately trusted
    public and secret key created and signed.
    gpg: checking the trustdb
    gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
    gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
    gpg: next trustdb check due at 2011-10-01
    pub   1024D/E7C229E3 2010-10-01 [expires: 2011-10-01]
    Key fingerprint = 1DA3 7DAD 5240 D864 2DA7  4B00 659D F41C E7C2 29E3
    uid                  First Last <email@example.com>
    sub   4096g/04E6486C 2010-10-01 [expires: 2011-10-01]

    gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.This program comes with

List key information

gpg –list-keys; gpg –list-secret-keys; gpg –fingerprint email@example.com

Sign a file

To sign a file: gpg –clearsign -a test_file.txt

The -a is to keep the file readable, It specifies ASCII armor format. After providing your passphrase, the contents of the file will be wrapped in a digital signature and a new file will be created with the new contents. Even if one space is added to the file, the signature verification will fail! gpg –verify test_file.asc

Encrypt a file

To encrypt a file use:

gpg -e -r ‘RecipientName’ file_name.txt

This will create an encrypted file named file_name.txt.gpg.  It will still leave the original file in place and in clear text.

Decrypt a file

gpg –output foo.txt –decrypt filename.txt.gpg

Send your public key to a central keyserver

gpg –list-keys

/Users/dlopez/.gnupg/pubring.gpg

——————————–

pub   2048R/233884F8 2010-10-04 [expires: 2011-10-04]

uid                  Denise Lopez <email@example.com>

Send to keyserver:
gpg –send-keys 233884F8

gpg: sending key 233884F8 to hkp server keys.gnupg.net

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s