Admin at 16:56, 23 September 2024

2024-09-23T16:56:22Z

← Older revision		Revision as of 16:56, 23 September 2024
Line 70:		Line 70:

	gpg --send-keys 156DF784C8EACD80 # OpenPGP		gpg --send-keys 156DF784C8EACD80 # OpenPGP
	gpg --keyserver ~~pgp~~.~~mit~~.~~edu~~ --send-keys 156DF784C8EACD80 # ~~Mit~~		gpg --keyserver keys.openpgp.org --send-keys 156DF784C8EACD80 # OpenGPG
	gpg --keyserver keyserver.ubuntu.com --send-keys 156DF784C8EACD80 # Ubuntu		gpg --keyserver keyserver.ubuntu.com --send-keys 156DF784C8EACD80 # Ubuntu

	Search a keystore for a persons key.		Search a keystore for a persons key.

	gpg --keyserver ~~pgp~~.~~mit~~.~~edu~~ --search-keys email@example.com		gpg --keyserver keys.openpgp.org --search-keys email@example.com

	== Signing & Encrypting ==		== Signing & Encrypting ==

Admin: Created page with "= GPG - GNU Privacy Guard = == Overview == GPG is an alternative implementation of the OpenPGP standard. GPG/PGP uses asymmetric encryption to generate a public / private key pair. With asymmetric encryption, any data encrypted by the public key can only be decrypted by the private key and vice versa. The intention is to make your public key known and freely available while keeping your private k..."

2023-10-04T11:13:21Z

Created page with "= GPG - GNU Privacy Guard = == Overview == GPG is an alternative implementation of the OpenPGP standard. GPG/PGP uses asymmetric encryption to generate a public / private key pair. With asymmetric encryption, any data encrypted by the public key can only be decrypted by the private key and vice versa. The intention is to make your public key known and freely available while keeping your private k..."

New page

= GPG - GNU Privacy Guard =

== Overview ==

GPG is an alternative implementation of the OpenPGP standard. GPG/PGP uses [[Encoding_vs_Encryption_vs_Hashing#Symmetric_vs_Asymmetric_Encryption|asymmetric encryption]] to generate a public / private key pair. With asymmetric encryption, any data encrypted by the public key can only be decrypted by the private key and vice versa.

The intention is to make your public key known and freely available while keeping your private key secret. Other’s can then use your public key to encrypt some data and send it to you, knowing that only you can decrypt it with your private key.

== Common Commands ==

Note: We'll be using email@example.com as a stand in for a key's identifier. The GPG tool will let you use a few different things in place of email@example.com to work as a key's identifier.

To create a new key pair run the command below and follow the dialogue options.

gpg --full-generate-key

After generating your keys you can list them with the command below.

gpg --list-keys

You can list the secret keys you have with the command below.

gpg --list-secret-keys

Immediately after creating a new keypair you’ll want to sign your own key.

gpg --sign-key email@example.com

From there you’re ready to export your public key and give it to others.

gpg --output ~/gpg_key.pub --armor --export email@example.com

Once your friend has your public gpg key they can import it using the command below.

gpg --import ~/gpg_key.pub

Then to encrypt something with your public key your friend can run the below with your public key.

gpg --encrypt --sign --armor -r email@example.com file.txt

That will generate a file.txt.gpg which is the encrypted copy of the message.

Once your friend sends you the encrypted file.txt.gpg back you can verify its authenticity by running the commmand below.

gpg --always-trust --verify file.txt.gpg

Finally you can decrypt it with the below command.

gpg --decrypt file.txt.gpg

Here are some additional commands.

To delete someone else's public key from your keychain.

gpg --delete-key email@example.com

To delete your own secret key.

gpg --delete-secret-key email@example.com && gpg --delete-key email@example.com

To see how much GPG clout a particular key has check the number of signatures.

gpg --list-sig email@example.com

To list the longform keyid format ([https://phar.io/howto/uploading-public-keys.html#:~:text=Alternate%20way%20to%20submit%20your%20public%20key%20to%20the%20key%20servers%20using%20the%20CLI needed to get sub fingerprint for later upload]).

gpg --keyid-format LONG --list-keys email@example.com

To send a key to the three major key stores out there.

gpg --send-keys 156DF784C8EACD80 # OpenPGP
gpg --keyserver pgp.mit.edu --send-keys 156DF784C8EACD80 # Mit
gpg --keyserver keyserver.ubuntu.com --send-keys 156DF784C8EACD80 # Ubuntu

Search a keystore for a persons key.

gpg --keyserver pgp.mit.edu --search-keys email@example.com

== Signing & Encrypting ==

GPG offers the ability to sign data and to encrypt data. Message signing ensures data integrity (aka the message has not been changed) and message authenticity (aka the message came from where it says it came from). Where as encryption ensure confidentiality (aka that the data cannot be read in transit).

In reality, signing is just encrypting a message using the private key. Then it can only be decrypted by the corresponding public key. Anyone can with the public key can decrypt and read a signed message. They know since they used the public key to decrypt it that it must have been encrypted (aka signed) with the private key and therefore must have come from the private key holder.

Signing and encryption are not mutually exclusive. With GPG its possible for data to be, encrypted and signed; encrypted and not signed; and signed but not encrypted.

The most secure method is to first encrypt a message with the recipient’s public key and then sign the message using your private key before sending it. That way on the receiving side anyone can verify that the message came from you because it can only be decrypted with your public key. Likewise, they can know that the message has not been altered in transit because again the signed file could only have been created by your private key.

The signature on a message becomes invalid if the message is altered, even if the message is sent in plain text. If someone changed the message the signature file would also need changed and the only person who can change the signature file is the private key holder.

Finally once the recipient receives the message and verifies its authenticity they can then decrypt it using their private key.

== Sources ==

https://gist.github.com/F21/b0e8c62c49dfab267ff1d0c6af39ab84

https://www.digitalocean.com/community/tutorials/how-to-use-gpg-to-encrypt-and-sign-messages

GPG Encryption - Revision history

Admin at 16:56, 23 September 2024