Sunday, April 17, 2005

GPG tutorial

from http://webber.dewinter.com/gnupg_howto/english/GPGMiniHowto-1.html

***Now the ***sender*** will crypt the message with the ***public key belonging to the receiver***.
Then decryption will be done with the secret key of the receiver.***

Classic methods for encryption only use one key for encryption. The sender encrypts the message
with this key. To be able to decrypt this the receiver needs to have this very same key. This key
must have been given to the receiver in a way, that others won't have had the opportunity to obtain
this key. If somebody else does have the key, this method of encryption is useless.


The use of so-called Public Keys can solve this problem. Public Keys is a concept where two keys
are involved. One key is a Public Key that can be spread through all sorts of media and may be
obtained by anyone. The other key is the Private Key. This key is secret and cannot be spread. This
key is only available to the owner. When the system is well implemented the secret key cannot be
derived from the public key. Now the sender will crypt the message with the public key belonging to
the receiver. Then decryption will be done with the secret key of the receiver.


Crucial in this concept is that the secret key remains a secret and should not be given away or
become available to anyone else but the owner of this key. YOU CANNOT SEND THIS KEY OVER THE
INTERNET. Also it is very unwise to use GnuPG over telnet (you might consider never to use telnet
based on the high security risks).


Creating a key With

gpg --gen-key



The command for exporting a key for a user is:

gpg --export [UID]



When you received someone's public key (or several public keys) you have to add them to your key database in order to be able to use them. To import into the database the command looks like this:

gpg --import [Filename]

e.g.:

C:\gnupg>
C:\gnupg>gpg --import maritz.asc
gpg: key A643961E: public key "Maritz Data Security " i
mported
gpg: Total number processed: 1
gpg: imported: 1

C:\gnupg>


4. Encrypt and decrypt
After installing everything and configuring everything in the way we want, we can start on encrypting and decrypting.

When encrypting or decrypting it is possible to have more than one private key in use. If this occurs you need to select the active key. This can be done by using the option -u UID or by using the option --local-user UID. This causes the default key to use to be replaced by wanted key.

If you want to change recipient this can be done by the option -r or by the option --recipient.


4.1 Encrypt

The command to encrypt is

gpg -e Recipient [Data]

or
gpg --encrypt Recipient [Data]

To avoid the risk that somebody else claims to be you, it is very useful to sign everything you encrypt, see signatures.

4.2 Decrypt
The command for decrypting is:

gpg [-d] [Data]

or
gpg [--decrypt] [Data]

Also here stdout is preset, but with the -o option you can redirect the output to a file.

No comments: