GPG Encrypt and Decrypt-EN

Introduction

GnuPG (the encryption system from the command line default PoliArch) uses public key cryptography to allow those who use it to communicate securely. In a public key system, each user has a pair of keys consisting of a private key and a public key. The user's private key is kept secret, must never be revealed. The public key can be given to all those with whom you want to communicate.

Generate a key

1. From the console, type:

# gpg --gen-key

1. You will see a selection screen like this:

 Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)

The default choice, "(1)" is the best, as it provides greater strength of the key.

1. Will be prompted for the size of our key

The RSA key length is between 1024 and 4096 bits.
Key size you want? (2048)

It is recommended to leave the default setting.

1. You will be asked to set an expiration date:

Key is valid for? (0)

Many people create their own keys with no expiration. If you make that choice, remember to revoke the key when not in use anymore. Press "Y" to continue with the configuration process.

1. The next step is the creation of the identifier:
2. * Enter your real name
3. * Enter your email address
4. * Enter, optionally, a comment to describe the key.

1. Once the correctness of the information entered, press "o" to generate the key. You will be prompted to enter a passphrase:

You need a Passphrase to protect your secret key.

Ideally, you should choose a short phrase hard to guess. Unlike a password, a passphrase can contain blanks.

1. After entering the passphrase will start the process of creating the key. This will be announced the following message:

We need to generate a lot of random bytes. It's a good idea to run
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this from the generator
random numbers better chance to gain enough entropy.

1. At the end, you will reach a screen similar to the following:

gpg: key marked as ultimately trusted D8FC66D2
public and secret key created and signed.

pub 1024D/D8FC66D2 07/04/2011
      Key fingerprint = 8377 95BD 2644 28B5 2C37 0F6E DD4F 4CA6 66D2 D8FC
uid Mario Rossi <mario@rossi.it>
sub 2048g/389AA63E 07/04/2011

gpg: key marked as ultimately trusted D8FC66D2
public and secret key created and signed.

The key ID in this example is '"D8FC66D2"'.

1. It is a good idea to configure this key as the default key in the file ~ /. Bashrc, so as to specify how to automatically use it with other applications that make use of the GnuPG system.

To do this, just put in the file ~ /. Bashrc the line:

export gpgkey = D8FC66D2

The words '"D8FC66D2»' should be replaced with your own ID.

Certificate revocation

A revocation certificate should be generated to allow the withdrawal of the public key in case the private key has been compromised.

To create a revocation certificate, a terminal type:

# gpg --output revoke.asc --gen-revoke <KEY-ID>

Instead of "KEY-ID" must enter the ID of your key.

Send a key to a server

This section contains the instructions for sending your key to a keyserver so that everyone can download it. Once loaded on to a server, after a short period of time, all other key server will have his or her signature.

# gpg --send-keys --keyserver certserver.pgp.com <KEY-ID>

If the operation is successful, you will receive output similar to this:

gpg: success sending to 'certserver.pgp.com' (status = 200)

There are several key server in use around the world. The major keyservers synchronize themselves, so just choose the closest and use it regularly to send and receive keys.

Encrypt a file

With key

# gpg --encrypt -r <ID> my_file.txt

Keyless

# gpg -c my_file.txt

Enter the passphrase: <your pass>
Repeat passphrare: <your pass>

Decrypt a file

With key

# gpg --output my_file.txt --decrypt my_file.txt.gpg

Keyless

# gpg --output my_file.txt my_file.txt.gpg