Introduction to Linux - A Hands on Guide | Linux Bible | Linux From Scratch | A Newbie's Getting Started Guide to Linux | Linux Command Line Cheat Sheet | More Linux eBooks



Sunday, 8 September 2013

GnuPG : Basics of Key Generation and File Encryption/Decryption

GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG

GnuPG refers to GNU Privacy Guard and it is the tool from GNU used for secure data storage and secure data communication. With this tool, a user can encrypt and decrypt a file using a password. Along with data encryption, it can be used for generating digital signatures. Other widely used tool that provides cryptographic privacy is PGP (Pretty Good Privacy). GnuPG and PGP, both of the programs implement OpenPGP standard.

Remember, in a public-key system, every user is allotted a pair of keys, Public key and Private key. Public key can be shared with any user who wants to communicate with you. But, Private key is kept disclosed.

This article explains installation and basic key generation process with the use of GPG command. Here we go!

Installation

For all the systems running Debian-based distros, use following command to install GnuPG:

sudo apt-get install gnupg

As mentioned earlier, there are two kinds of keys, Public and Private. So, our first step will be generating public and private keys using GnuPG.

Step 1: Generating the Key Pair

To generate the key pair, use the following command:

gpg --gen-key

This command runs in Interactive modes i.e. it expects various inputs to be given from the user side.

Step 2: Select the Algorithm

It will ask you to select one of the four algorithms to generate the keys, with each of them having certain advantages and disadvantages. Select the one of your choice or Press 1 or Enter to use the default RSA and RSA algorithm.

GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG


Step 3: Key Size

After selecting the algorithm, you will be asked to select the key size. It is obvious that, larger is the key size, more is the security. A 2048 bits long key would be enough secure. Enter the key size or hit Enter to use the default value (2048 bits). 

GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG


Step 4: Validity of the Key

Next thing you will have to is to determine validity of the key i.e. the number of days for which the key will remain valid. If you do not want your key to expire, enter 0 (zero). 

GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG

You will be asked for the confirmation, press Y to confirm. 

GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG


Step 5: Creating a User ID & Password

There is an User ID and a password associated with each and every key. To create a User ID and Password, you will have to provide your Name, Email Address and a Passphrase. 

GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG


Step 6: Get Your Key

So as to create a unique key, the system requires some random bytes. 

GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG

So, it will ask you to perform some operations so that the system gets sufficiently random bytes.

GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG

Thus, we have created the key pair for using with GnuPG. The output generated will provide important information which is Key-ID: 913527C0 and we need this Key ID to perform the several operations (which will be discussed later).

Step 7: Listing the Key Pair

The key pair can be listed with the use of --list-keys and --list-secret-keys options.

GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG GnuPG

Step 8: Exporting your Public Keys

We now have with us a key pair, its time to publish our public key on the internet, using which other people can communicate with us.

gpg --armor --export --output my_pubkey.gpg mandar

Now, my_pubkey.gpg will contain my public key. Here, I have used my User ID (mandar)as an argument. You may use your Key-ID or Email address as an alternative for User ID. So, it may become:

gpg –armor –export –output my_pubkey.gpg 913527C0
Or
gpg --armor --export --output my_pubkey.gpg mandar.shinde2007@gmail.com

We are ready to send the "my_pubkey.gpg" file to the person we wish to communicate with.

Step 9: Sending Keys to a Key Server

In case you want to communicate with many individuals, it will be very difficult to share your public key with each and every person separately. Instead, you can share your public key on a server called Key-Sever. So anybody who wants to communicate with you can get your public key from the key server.

gpg --send-keys --keyserver keyserver.ubuntu.com 913527C0

Encrypt a File

You can encrypt single file with a passphrase using the command given below:

sudo gpg -c <file_name>

While encrypting a file, you will be asked to enter a passphrase and repeat it. Once it is done, it will create an encrypted version of your original file as "file_name.gpg"

Please remember that, if somehow you forget your passphrase, then you cannot decrypt the file, the encryption process being very strong.

Decrypt a File

You can decrypt an encrypted file "file_name.gpg" using following command:

sudo gpg <file_name.gpg>

You will be asked to enter the passphrase for decryption. If it is found to be correct, your file will be recovered.

In case you want to decrypt a file and store the output in some file "output_file", use following command:

sudo gpg <file_name.gpg> -o <output_file> 

That's all! I hope you will like this article. Feel free to comment for your valuable feedback.

0 comments:

Post a Comment