GPG-PGP

From aldeid
Jump to navigation Jump to search

Description

GPG or GnuPG (GNU Privacy Guard) is the GPL licensed alternative to PGP (Pretty Good Privacy). It enables to encrypt and decrypt documents. This suite is included in some mail clients. If your mail client doesn't natively support GPG/PGP, you can attach an encrypted file to your mail.

Usage

Commands

-s, --sign
make a signature
--clearsign
make a clear text signature
-b, --detach-sign
make a detached signature
-e, --encrypt
encrypt data
-c, --symmetric
symetric encryption only
-d, --decrypt
decrypt data
--verify
check a signature
-k, --list-keys
list keys
--list-sigs
list keys and signatures
--check-sigs
list and check key signatures
--fingerprint
list keys and fingerprints
-K, --list-secret-keys
list secret keys
--gen-key
generates a new key pair
--gen-revoke
generates a revocation certificate
--delete-keys
withdraw keys from public keyring
--delete-secret-keys
withdraw keys from secret keyring
--sign-key
sign a key
--lsign-key
sign a key locally
--edit-key
sign or edit a key
--passwd
change a passphrase
--export
export keys
--send-keys
exporter keys to a keys server
--recv-keys
import keys from a keys server
--search-keys
search keys from a keys server
--refresh-keys
update keys from a server
--import
import/merge keys
--card-status
display card status
--card-edit
edit card status
--change-pin
update card PIN
--update-trustdb
Update trust database
--print-md
print message digests
--server
run in server mode

Options

-a, --armor
create an ASCII output with armor
-r, --recipient <USER-ID>
encrypt for USER-ID
-u, --local-user <USER-ID>
use USER-ID to sign or decrypt
-z <number>
set compress level to N (0 disables)
--textmode
use canonical text mode
-o, --output <FILE>
write output to FILE
-v, --verbose
verbose mode
-n, --dry-run
do not change anything
-i, --interactive
ask confirmation before replacing an existing file
--openpgp
use OpenPGP strict behavior

Examples

Generate your own key

$ gpg --gen-key
gpg (GnuPG/MacGPG2) 2.0.17; Copyright (C) 2011 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Sélectionnez le type de clé désiré:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (signature seule)
   (4) RSA (signature seule)
Votre choix ? 1
les clés RSA peuvent faire entre 1024 et 4096 bits de longueur.
Quelle taille de clé désirez-vous ? (2048) 1024
La taille demandée est 1024 bits                 
Spécifiez combien de temps cette clé devrait être valide.
         0 = la clé n'expire pas
      <n>  = la clé expire dans n jours
      <n>w = la clé expire dans n semaines
      <n>m = la clé expire dans n mois
      <n>y = la clé expire dans n années
La clé est valide pour ? (0) 
La clé n'expire pas du tout   
Est-ce correct ? (o/N) o
                        
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <[email protected]>"

Nom réel: Thomas Sanchez
Adresse e-mail: [email protected]
Commentaire:                            
Vous avez sélectionné ce nom d'utilisateur:
    "Thomas Sanchez <[email protected]>"

Changer le (N)om, le (C)ommentaire, l'(E)-mail ou (O)K/(Q)uitter ? o
Vous avez besoin d'une phrase de passe pour protéger votre clé      
secrète.

Un grand nombre d'octets aléatoires doit être généré. Vous devriez faire
autre-chose (taper au clavier, déplacer la souris, utiliser les disques)
pendant la génération de nombres premiers; cela donne au générateur de
nombres aléatoires une meilleure chance d'avoir assez d'entropie.
Un grand nombre d'octets aléatoires doit être généré. Vous devriez faire
autre-chose (taper au clavier, déplacer la souris, utiliser les disques)
pendant la génération de nombres premiers; cela donne au générateur de
nombres aléatoires une meilleure chance d'avoir assez d'entropie.
gpg: clé 30A7E4D8 marquée comme ayant une confiance ultime.
les clés publique et secrète ont été créées et signées.

gpg: vérifier la base de confiance
gpg: 3 marginale(s) nécessaires, 1 complète(s) nécessaires, modèle
de confiance PGP
gpg: profondeur: 0  valide:   2  signé:   0
confiance: 0-. 0g. 0n. 0m. 0f. 2u
pub   1024R/30A7E4D8 2011-11-19
    Empreinte de la clé = 5D91 543F EBE2 5BC5 F37F  F060 56D3 ADB4 30A7 E4D8
uid                  Thomas Sanchez <[email protected]>
sub   1024R/A39DAC11 2011-11-19

You will then be prompted for a passphrase:

Gpg-passphrase.png

List your keys

To list your keys, just issue following command:

$ gpg --list-keys

Installed keys will appear as follows:

/Users/myself/.gnupg/pubring.gpg
-----------------------------------------
pub   2048D/00D026C4 2010-08-19 [expire: 2015-08-18]
uid                  GPGTools Project Team (Official OpenPGP Key) <[email protected]>
uid                  GPGMail Project Team (Official OpenPGP Key) <[email protected]>
sub   2048g/DBCBE671 2010-08-19 [expire: 2015-08-18]

pub   2048R/DE8BEF93 2012-02-29 [expire: 2016-02-29]
uid                  Firstname Lastname <[email protected]>
sub   2048R/BD6056E3 2012-02-29 [expire: 2016-02-29]

Backup/restore/revoke your keys

It is highly recommended to backup your keys to be able to restore them later.

Backup

To backup your keys, proceed as follows:

$ gpg -ao public.key --export <ID>
$ gpg -ao private.key --export-secret-keys <ID>

It's also highly recommended to have a revocation key:

$ gpg -o revoke.key --gen-revoke <ID>

Restore

To restore your keys, proceed as follows:

$ gpg --import public.key
$ gpp --import private.key

Revoke

If you are in one of the following cases, it's recommended to revoke your key:

  • Your private key has been compromised (someone else is able to decrypt your files)
  • You lost your backup keys (but you still have the revocation key)
  • You forgot your passphrase (the password required to decrypt the encrypted files)

Notice that you need to have a revocation key to be able to revocate your key (see here).

To revoke a key, proceed as follows.

First import your revocation key:

$ gpg --import revoke.key

Notice that importing the revocation key automatically revokes the associated key:

$ gpg --list-keys
pub   2048R/C71CF72C8 2012-02-29 [revoked: 2012-02-29]
uid                  FirstName LastName <[email protected]>

Then inform the servers that the key has been revoked, just by publishing it:

$ gpg ---send-keys <ID>

Publish your key

First list the keys to find the one you wish to publish:

$ gpg --list-keys
~/.gnupg/pubring.gpg
-----------------------------------------
pub   1024R/30A7E4D8 2011-11-19
uid                  Thomas Sanchez <[email protected]>
sub   1024R/A39DAC11 2011-11-19

Then publish your key:

$ gpg --send-keys 30A7E4D8
gpg: envoi de la clé 30A7E4D8 au serveur hkp keys.gnupg.net

Wait a few minutes and check that the key has been published:

$ gpg --search-keys "thomas sanchez" 
gpg: recherche de « thomas sanchez » du serveur hkp keys.gnupg.net
(1)	Thomas Sanchez <[email protected]>
	  1024 bit RSA key 30A7E4D8, créé: 2011-11-19

Encrypt a text for someone

Find and import the key

Before encrypting a text for someone, there are a few prerequisites:

  • the recipient must have a public key
  • the public key has to be published on public servers
  • you have to import the public key

First look for the recipient's public key:

$ gpg --search-keys  someone
gpg: recherche de « someone » du serveur hkp keys.gnupg.net
(1)	Someone1 (Personal Key) <[email protected]>
	  2048 bit RSA key 3E440800, créé: 2011-10-13
(2)	Someone2 <[email protected]>
	  2048 bit RSA key 373E1F4C, créé: 2010-11-02
(3)	Someone3 (Personal Key) <[email protected]>
	  1024 bit DSA key 5E2F1C09, créé: 2010-05-24
(4)	Someone4 <[email protected]>
	  1024 bit DSA key 1F1C2B89, créé: 2009-07-09
Keys 1-11 of 89 for "someone".  Entrez le(s) nombre(s), S)uivant, ou Q)uitter > 

At this stage, here are the possibilities:

  • Enter a number to import the selected key
  • Go to the next page
  • Quit

If you enter a number, it will import the key

List keys

To list the keys you have, use following commands:

$ gpg --list-keys
~/.gnupg/pubring.gpg
-----------------------------------------
pub   1024D/D34E4FAF 2011-10-27
uid                  User1 <[email protected]>
sub   1024g/DF3E4D0D 2011-10-27

pub   1024D/1634FD5E 2003-06-23
uid                  User21 <[email protected]>
uid                  User22 <[email protected]>
uid                  User23 <[email protected]>
sub   2048g/2D045823 2003-06-23

Encrypt the text

First create a file (e.g. mytext.txt) with the text in clear:

This is a simple text
for testing purposes
This will be encrypted

Then encrypt the text for a given recipient:

$ gpg -r D361CFAF --encrypt mytext.txt

Check the difference:

In clear Encrypted
$ cat mytext.txt
This is a simple text
for testing purposes
This will be encrypted
$ cat mytext.txt.gpg
%;?ʌ??~??S??iO??q_/??}??S??o?_NW??c?`?kAd? ?
g??:?Xź椅p"Ş?W???0x??l?B<?O? ??c??????O?hpY
޳q?Fc??u?p??{OV?{=?/????4֜`?/\??W?jK??;?|@V
*?q3?tA???v???ba3b#?????.?1M?Ŗ?ܬ>PVL/?b?q
Uo?c$ ?%LJ?a??m?1?R???iUn4?-??{?,|?p"??z?8?*
$ file mytext.txt
mytext.txt: ASCII text
$ file mytext.txt.gpg
mytext.txt.gpg: data

Decrypt an encrypted file

To decrypt a file that has been encrypted for you, issue following command:

$ gpg -o mytext.txt --decrypt mytext.txt.gpg

Vous avez besoin d'une phrase de passe pour déverrouiller la
clé secrète pour l'utilisateur: « Sebastien Damaye <[email protected]> »
clé de 1024 bits ELG, ID DF004D0D, créée le 2011-10-27 (ID clé principale D36E4FAF)

gpg: chiffré avec une clé de 1024 bits ELG, ID DF004D0D, créée le 2011-10-27
      « Sebastien Damaye <[email protected]> »

Then read the message:

$ cat mytext.txt
This is a simple text
for testing purposes
This will be encrypted

GPG/PGP frontends & clients

Frontends:

Clients:

Comments

blog comments powered by Disqus

Keywords: gpg pgp encryption mail