Using GPG: A short tutorial

To generate pgp keys

$> gpg –gen-key

gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
“Heinrich Heine (Der Dichter) ”

Real name: Heinrich Heine (Der Dichter)
Comment: Heinrich’s GPG Key Pair
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
Enter passphrase:
Repeat passphrase:
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++++++++++++.+++++++++++++++.++++++++++++++++++++.+++++..+++++++++++++++++++++++++.++++++++++..+++++.++++++++++.+++++++++++++++.++++++++++>.+++++….+++++………………+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++++++++++++++++++++++.+++++++++++++++++++++++++++++++++++…++++++++++..+++++.++++++++++++++++++++.+++++++++++++++.+++++++++++++++++++++++++++++++++++>++++++++++>+++++>.+++++………………..+++++^^^^^^^^^^^
gpg: /swinful/.gnupg/trustdb.gpg: trustdb created
gpg: key E18436AB marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 1024D/E18436AB 2006-12-04
Key fingerprint = BEBA D7F1 A984 1C54 4D76 FDC7 60E6 EF20 E184 36AB
uid Heinrich Heine (Der Dichter) (Heinrich’s GPG Key Pair)
sub 2048g/498B0F5C 2006-12-04

gpg: can’t lock `/swinful/.gnupg/random_seed’: Operation not supported

The random_seed is used to preserve the internal random pool. GnuPG uses this
file to store its internal random pool over invocations. This makes generation
faster; however sometimes write operations are not desired. This option can be
used to achieve that with the cost of slower random generation. (man gpg)

Essentially, the error means locking can not be done on this NFS share. Meaning
invocating gpg multiple times may corrupt files. The solution to this would be
to store the key on a local drive or if you are careful not to invoke gpg
multiple times you can ignore the message.

Also, the Error: Warning: using insecure memory! Means that gpg is not
suid(root). gpg needs root for locking memory pages to prevent the operating
system from writing to disk and keeping the secret keys really seceret. This
operation will drop root privileges as soon as the locked memory is allocated.
WWW: Warning: using insecure memory!

As root set suid by doing:

#> chmod u+x /path/to/gpg

Listing keys

$> gpg –list-keys

Prepare the public key:

$> gpg –armor –export > thekey.public
$> gpg –armor –export > thekey.public

Use public key by importing it.

$> gpg –import thekey.public

Add key to our trusted keys list (Optional):

$> gpg –edit-key

Signing for verification:

For example, if you want to send me something, you’d encrypt it using my public
key. No one else can decrypt it; only my private key will work. On the other
hand, I might be concerned that it really is you sending me a message. In that
case, you’d encrypt your message using your private key (this is called
“signing”). If I can decrypt it with your public key (presumably I somehow
obtained that key and trust that it really is yours), I know that the message
really came from you.

To encrypt our data

$> gpg –out theFile.encrypted –encrypt theFile.unencrypted

Public Key servers

1) subkeys.pgp.net
2) keyserver.kjsl.com

Enjoy!

-swinful

Advertisements
This entry was posted in *Nix, Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s