GnuPG (gpg)

 


Overview

GnuPG (gpg) uses public-key cryptography to encrypt files.

In public key cryptography, each user has a private key and a public key. The private key is kept secret. The public key is distributed to the public.

GnuPG has the ability to generate zero or more additional subordinate keypairs.

 

Useful Commands

  1. Create a key:

    gpg --gen-key

    Key files are written to $HOME/.gpg

    $ ls -ltra $HOME/.gnupg
    total 32
    -rw-------   1 map      map          7695 Mar  1 12:04 gpg.conf
    -rw-------   1 map      map             0 Mar  1 12:04 pubring.gpg~
    drwx------   2 map      map          4096 Mar  1 12:06 .
    -rw-------   1 map      map           904 Mar  1 12:06 pubring.gpg
    -rw-------   1 map      map          1042 Mar  1 12:06 secring.gpg
    -rw-------   1 map      map          1240 Mar  1 12:06 trustdb.gpg
    -rw-------   1 map      map           600 Mar  1 12:06 random_seed
    drwxr-xr-x  22 map      map          4096 Mar  1 12:07 ..
    

  2. Generate a revoke certificate, revoke.asc, for use if the key is ever compromised:

    gpg --output revoke.asc --gen-revoke your@email.address

    Certificate is written to the current directory:

    $ ls -ltr
    total 4
    -rw-rw-r--   1 map      map           263 Mar  1 12:10 revoke.asc
    

  3. Generate a binary public key:

    gpg --output yourname.gpg --export your@email.address

    $ cd $HOME/.gnupg
    [map@amsterdam .gnupg]$ gpg --output MichaelPareene.gpg --export yourname@yourcompany.com
    [map@amsterdam .gnupg]$ ls -l MichaelPareene.gpg
    Total 1
    -rw-rw-r--   1 map      map           896 Mar  1 12:16 yourname.gpg
    

  4. Generate an ASCII-armored public key, for use on web pages and in email sigs:

    gpg --armor --export your@email.address

    $ gpg --armor --export yourname@yourcompany.com
    -----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: GnuPG v1.2.1 (GNU/Linux)
    
    mQGiBEQF4r8RBACW8xVD4P/Scqjsu9DK4Yr5SBW29s2RcNZZ8U7OD8eJruLgS/9m
    uUS2F6kzkpezttv6Z3KLMo72y9VksngV9PGG9E5x+OxwlN1Mbp7IxwSrLH2C2IM6
    UMQeYD2cgAF1gZL2lrwPPgYaaYx+6pxqufd3ELlBzX/sYgprz/RfVFpTSwCgmvha
    9FbF7f0pCwbFT4AvMWHn83MD/0Aeg7QcdXWxuaIYscUIE6+qr7pE4YuHrX+Z5Xg9
    f+AcABzdUfxGho/f6vMahRxTv6avdixevny0claMtsXxT+0AlVg/2MumUnQy72Cv
    5Xu5wpL9NPL5V+JIQ0xJ5JOpr7/EBrUi3zhapXMzGRIgzln/YFtgqIBJywDc5LT5
    FuMAnj8f/AxesaBpydkh6hWXSii3x0+6uQENBEQF4sEQBACLq0PY13Z8qJB/Ri/z
    EF1JPG+l45sDEmaeCQrUXT7mOpjbpIG6FbC2CJ0Pr3NOAktnL3bOg61x/qPz/4Hw
    zk2ImNLkeGkTp2VygsFY0UhUI0LdEcmcuMIN18LkS+sIBKWB/KjKIPAjh2L8ERVz
    e4+MlPnvRpmGJxJokd+TJ7k3BwADBQP/YedhAUCfYD1pwYQe+xfhXdr5o+MDZZzx
    gQWn2JgT0h/4s6Ph8X355AEUWFVh0w1Nuqu1/Q2zBgzmvDbKVkUZMpLZbNxBhpOc
    VUKZvpk2ZrYPKZMy2Si93UvF68V+jBao0wAbGGYJEZnzBCDIbbSX7PiDfjW/mH7M
    Nhtz+2yVR7KIRgQYEQIABgUCRAXiwQAKCRC7wBMH+dxS0DNBAJ9YZbtTHU/oXXE9
    0mL8cJi6e0rtnQCdFSQtUgHWHL+Iolznx8FbcycdxyE=
    =eEFx
    -----END PGP PUBLIC KEY BLOCK-----
    

  5. Add a public key to your keyring

    gpg --import blake.gpg

  6. List the public keys on your keyring

    gpg --list-keys

  7. Validate a public key

    gpg --edit-key blake@cyb.org
    Command> fpr
    Command> sign
    Command> check

 

Encrypting/Decrypting documents

To encrypt a document:

cat filename.suffix | gpg --output filename.gpg --encrypt --recipient mpareene@msiinet.com

To encrypt a document for your own personal use, use your email address for the recipient value.

To decrypt a document:

gpg --output outputfile.suffix --decrypt filename.gpg

If you get the message...

gpg: conflicting commands

...you might have forgotten to add a double-dash (--) to one of the options...

$ gpg --output test1 -decrypt test.gpg


 

Home

 

 

 

 

 


audio = true; //$MTC->notify = 'michael.pareene@gmail.com'; $MTC->init('my page'); ?>

 


Add your comment...