Document Objective
- GnuPG implementation in details
- Fun with encryption in security/ privacy
- Integrate-able with BlockChain
Importing key
gpg --import <keyfile>Generating key
gpg --gen-key
gpg --default-new-key-algo rsa4096 --gen-keyGenerating a revocation key
gpg --gen-revoke --armor --output 20180717_revoke.asc <key_id>Exporting key
- Exporting a public key
gpg --output exported.gpg --export my@email.org
gpg --armor --export my@email.org
gpg --armor --export --outfile file.asc <key_id>- Exporting a private key
gpg --armor --export-private-keys <key_id>Editing key (trusting key)
gpg --edit-key my@email.orggpg> trust
Check https://www.gnupg.org/gph/en/manual/x334.html to trust and validate keys
Listing key(s)
gpg -k # --list-public-keys
gpg --list-keys <name>List secret keys
gpg --list-secret-keys --with-colonFingerprint
gpg --fingerprint my@email.orgEncrypting
- Sending encrypted message to a specific recipient
gpg -e -r <recipient_name> <file>
gpg --output doc.gpg --encrypt --recipient my@mail.org gpg --encrypt --sign --armor -r recipient@email -r my@mail filename
- Encrypt with a symmetric cipher without using a public key
gpg --output doc.gpg --symmetric docDecrypting
gpg --output doc --decrypt doc.gpgSigning public key
- Sign
gpg --sign-key <uid>
gpg --output doc.sig --sign doc- Verify signature
gpg --output doc --decrypt doc.sig- Clearsigned doc, to sign usenet post or email msg
gpg --clearsign doc~/.gnupg/gpg.conf
- cat ~/.gnupg/gpg.conf
default-key ABCDEFAB12345678 cipher-algo AES256Uploading key to public key server
gpg --keyserver hkp://keyring.debian.org --send-key <key_id>
gpg --keyserver hkp://pool.sks-keyservers.net --send-key <key_id>Cipher
3DES, Blowfish, and IDEA all use 128-bit keys, which means there are `$2^{128}$` possible keys. DES has `$2^{56}$` possible keys, which is lack of security for current computing power.
Backup your keys
umask 077; tar -cf $HOME/gnupg-backup.tar -C $HOME .gnupgWorking with Git
gpg --list-secret-keys --keyid-format LONG
git config --global user.signingkey <key_id>
echo 'export GPG_TTY=$(tty)' >> ~/.bashrcReferences
https://www.gnupg.org/gph/en/manual/book1.html
https://www.digitalocean.com/community/tutorials/how-to-use-gpg-to-encrypt-and-sign-messages
http://www.queen.clara.net/pgp/art4.html
https://wiki.debian.org/Subkeys?action=show&redirect=subkeys
https://www.laurencegellert.com/2011/04/gnupg-howto-tutorial-notes/
https://help.github.com/articles/telling-git-about-your-gpg-key/
