gpg
gpg (GnuPG) is an encryption and signing tool. More information is available at http://www.gnupg.org/documentation.
gpg is currently installed on all Linux machines in the department. The man page is available on those machines and at http://www.gnupg.org/documentation/manpage.en.html. Also see the GnuPG mini HOWTO.
Simple encryption:
To encrypt myfile
lec:/home/bob>gpg -c myfile gpg will prompt for passphrase to encrypt
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected
lec:/home/bob>ls -al myfile* Note encrypted version has .gpg extension
-rw------- 1 bob bob 13023 Feb 24 11:21 myfile
-rw------- 1 bob bob 5073 Feb 24 11:20 myfile.gpg
lec:/home/bob>rm myfile remove original file, leaving only encrypted version
lec:/home/bob>ls -al myfile*
-rw------- 1 bob bob 5073 Feb 24 11:20 myfile.gpg
To decrypt myfile.gpg
lec:/home/bob>gpg myfile.gpg gpg will prompt for passphrase to decrypt
lec:/home/bob>ls -al myfile* myfile is restored from myfile.gpg
-rw------- 1 bob bob 13023 Feb 24 11:21 myfile
-rw------- 1 bob bob 5073 Feb 24 11:20 myfile.gpg
To encrypt - specifying output filename
lec:/home/bob>gpg -c -o myfile.enc myfile creates encrypted file myfile.enc
To decrypt - specifying output filename
lec:/home/bob>gpg -o myfilenew myfile.enc creates decrypted myfilenew from myfile.enc
Encryption with keys:
The first step is to create a key pair:
lec:/home/bob>gpg --gen-key generate secret and public keys (follow prompts -- can leave comment blank)
To list keys
lec:/home/bob>gpg --list-keys
/home/bob/.gnupg/pubring.gpg
----------------------------
pub 1024D/45F39F41 2006-02-23
uid Bob User <bob@somewhere.edu>
sub 2048g/FA303B4D 2006-02-23
Note username is Bob User and email is bob@somewhere.com
To encrypt with a key
lec:/home/bob>gpg -e -r 'Bob User' myfile encrypts with key based on name
lec:/home/bob>gpg -e -r 'bob@somewhere.edu' myfile encrypts with key based on email addresslec:/home/bob>ls -al myfile* Note that either command creates encrypted file myfile.gpg
-rw------- 1 bob bob 13023 Feb 24 11:25 myfile
-rw------- 1 bob bob 5484 Feb 24 11:32 myfile.gpg
To delete keys
- First, list keys
lec:/home/bob>gpg --list-keys Note that there are two sets of keys for Bob
/home/bob/.gnupg/pubring.gpg
----------------------------
pub 1024D/45F39F41 2006-02-23
uid Bob User <bob@somewhere.edu>
sub 2048g/FA303B4D 2006-02-23
pub 1024D/30849979 2006-02-24
uid Bob User <bob@somewhere.edu>
sub 2048g/7F08115A 2006-02-24
- Next, delete the keys
Delete the secret key first
lec:/home/bob>gpg --delete-secret-key 45F39F41
gpg (GnuPG) 1.4.2.1; Copyright (C) 2005 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
sec 1024D/45F39F41 2006-02-23 Bob User <bob@somewhere.edu>
Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y
Then delete the public key
lec:/home/bob>gpg --delete-key 45F39F41
gpg (GnuPG) 1.4.2.1; Copyright (C) 2005 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
pub 1024D/45F39F41 2006-02-23 Bob User <bob@somewhere.edu>
Delete this key from the keyring? (y/N) y
- Then, list the keys to confirm
lec:/home/bob>gpg --list-keys
gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u /home/bob/.gnupg/pubring.gpg ---------------------------- pub 1024D/30849979 2006-02-24 uid Bob User <bob@somewhere.edu> sub 2048g/7F08115A 2006-02-24Note that the first key pair is gone
Caveats
- Be sure to delete original file after creating encrypted version. Otherwise, there is no protection.
- Be sure to remember keys or passphrases. There is no recovery.
No comments:
Post a Comment