Sunday, April 11, 2010

Setting up GNUPG for public key encryption:-

zodiac@zodioc:~$ gpg --gen-key
gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection?
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) "

Real name: Celsius Thomas
Email address: aarklon@gmail.com
Comment: My work key
You selected this USER-ID:
"Celsius Thomas (My work key) "

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++.++++++++++...+++++..+++++.++++++++++++++++++++++++++++++...+++++++++++++++..+++++++++++++++++++++++++.+++++..+++++.+++++++++++++++.+++++.+++++>+++++..+++++...>+++++<+++++....................+++++

Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 265 more bytes)
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
++++++++++.+++++++++++++++.+++++++++++++++.++++++++++++++++++++..+++++.++++++++++++++++++++++++++++++.++++++++++...++++++++++.+++++.++++++++++...+++++++++++++++>++++++++++.......................................................................................................................>..+++++.................+++++^^^
gpg: key 56B304BA marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
pub 1024D/56B304BA 2010-04-03
Key fingerprint = B532 09BB DBE5 4D7B 1D8F 04BA BC4A 2B17 56B3 04BA
uid Celsius Thomas (My work key)
sub 2048g/6D422200 2010-04-03
Posted by at No comments:

Listing your Keyring:-

zodiac@zodioc:~$ gpg --list-secret-keys
/home/zodiac/.gnupg/secring.gpg
-------------------------------
sec 1024D/C1DA93D0 2010-02-10
uid celsius thomas (sample demo key)
ssb 2048g/4352773F 2010-02-10

sec 1024D/56B304BA 2010-04-03
uid Celsius Thomas (My work key)
ssb 2048g/6D422200 2010-04-03

zodiac@zodioc:~$ gpg --list-public-keys
/home/zodiac/.gnupg/pubring.gpg
-------------------------------
pub 1024R/881574DE 2009-03-10
uid Launchpad PPA for Bisigi

pub 1024D/C1DA93D0 2010-02-10
uid celsius thomas (sample demo key)
sub 2048g/4352773F 2010-02-10

pub 1024D/56B304BA 2010-04-03
uid Celsius Thomas (My work key)
sub 2048g/6D422200 2010-04-03
Posted by at No comments:

Signing and encrypting files:-

To sign myfile:- gpg -s myfile

To sign and encrypt myfile :- gpg -e -s myfile
Posted by at No comments:

signing a text file:-

zodiac@zodioc:~$ gpg --clearsign myfile

You need a passphrase to unlock the secret key for
user: "Celsius Thomas (My work key) "
1024-bit DSA key, ID 56B304BA, created 2010-04-03

original file has this content:- hello world


Then the signed file will look something like this:-


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hello world
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAku3WEgACgkQvEorF1azBLrqgQCePziUoHP6zspKJhSfZRT+Fxfs
X/AAnRUevcz5vZ94dI1lhVH7ubdEissR
=jQ5/
-----END PGP SIGNATURE-----


Anyone who has your public key can check the signature in this file using gpg , thereby confirming that the file is from you.
Posted by at No comments:

Creating a detached Signature File

Problem

You want to sign a file digitally, but have the signature reside in a separate file

Solution:-

To create a binary format detached signature, myfile.sig :-
gpg --detach-sign myfile

To create an ASCII format detached signature, myfile.asc:-
gpg --detach-sign -a myfile

Discussion:-

A detached signature is placed into a file by itself, not inside the file it represents. Detached signatures are commonly used to validate sw distributed in compressed tar files , ex., myprogram.tar.gz. You can't sign such a file internally without altering its contents, so the signature is created in a separate file such as myprogram.tar.gz.sig
Posted by at No comments:

Friday, April 2, 2010

Encrypting Directories

To produce a single encrypted file containing all files in the directory, with symmetric encryption:

tar cvf -name_of_directory | gpg -c > files.tar.gpg

or key-based encryption:-

tar cvf -name_of_directory | gpg -e > files.tar.gpg

To encrypt each file separately:-

find name_of_directory -type f -exec gpg -e '{}' \;
Posted by at No comments:
Subscribe to: Comments (Atom)