Difference between revisions of "GnuPG"

From Hack Sphere Labs Wiki
Jump to: navigation, search
(Generate a Key)
(Generate a Key)
Line 75: Line 75:
  
 
{{Note|Forgetting your passphrase will result in your key being useless. Carefully memorize your passphrase.}}
 
{{Note|Forgetting your passphrase will result in your key being useless. Carefully memorize your passphrase.}}
 +
 +
After you are done:
 +
 +
gpg: key D8FC66D2 marked as ultimately trusted
 +
public and secret key created and signed.
 +
 +
pub  1024D/D8FC66D2 2005-09-08
 +
      Key fingerprint = 95BD 8377 2644 DD4F 28B5  2C37 0F6E 4CA6 D8FC 66D2
 +
uid                  Dennis Kaarsemaker (Tutorial key) <dennis@kaarsemaker.net>
 +
sub  2048g/389AA63E 2005-09-08
 +
 +
The key in this example is D8FC66D2. 
 +
 +
For keysigning parties you will need the key fingerprint.  Although PGP keys are generally used with personal computers for Internet-related applications, key signing parties themselves generally do not involve computers, since that would give adversaries increased opportunities for subterfuge. Rather, participants write down a string of letters and numbers, called a public key fingerprint, which represents their key.

Revision as of 10:18, 30 October 2011

Info

PGP encryption of email and files. Since PGP is not free GnuPG comes to the rescue.

Quote:

GnuPG is the GNU project's complete and free implementation of the OpenPGP standard as defined by RFC4880 . GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. Version 2 of GnuPG also provides support for S/MIME.

More information: http://www.gnupg.org/

Installation

Archlinux

Installation and Setup

pacman -Sv gnupg gnupg2 pinentry

You should use gpg-agent to manage the interactions between your software:

gpg-agent is mostly used as daemon to request and cache the password for the keychain. This is useful if GnuPG is used from an external program like a mail client. It can be activated by adding following line in ~/.gnupg/gpg.conf:

use-agent

This tells GnuPG to use the agent whenever it needs the password. However, the agent needs to run already. To autostart it, create the following file and make it executable:

Template error: are you trying to use the = sign? Visit Help:Template#Escape template-breaking characters for workarounds.
Template error: are you trying to use the = sign? Visit Help:Template#Escape template-breaking characters for workarounds.
sudo chmod 0755 /etc/profile.d/gpg-agent.sh

Generate a Key

gpg --gen-key
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)

Select (1) to both sign and encrypt

What keysize do you want? (2048)

I select 4096 because why not? If it had 1 million. You should select it too :p

Key is valid for? (0)

I put forever because I will revoke when I need to. If you want forward secrecy (only physical) then you may want to define a time limit so however many years from now people are not sending you emails or whatever with old keys. It will expire and you will have to create a new one with a better key size. I just like the control. You can figure out the other reasons to make them expire.

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: Dennis Kaarsemaker
Email address: dennis@kaarsemaker.net
Comment: Tutorial key
You selected this USER-ID:
    "Dennis Kaarsemaker (Tutorial key) <dennis@kaarsemaker.net>"
You need a Passphrase to protect your secret key.

You will be asked for your passphrase twice. Usually, a short sentence or phrase that isn't easy to guess can be used. Make it something you can remember and long. The first letter of each word in a sentence, etc. You would be asked to tap on the keyboard or do any of the things you normally do in order for randomization to take place. This is done so that the encryption algorithm has more human-entered elements, which, combined with the passphrase entered above, will result in the user's private key.

Note: Forgetting your passphrase will result in your key being useless. Carefully memorize your passphrase.

After you are done:

gpg: key D8FC66D2 marked as ultimately trusted public and secret key created and signed.

pub 1024D/D8FC66D2 2005-09-08

     Key fingerprint = 95BD 8377 2644 DD4F 28B5  2C37 0F6E 4CA6 D8FC 66D2

uid Dennis Kaarsemaker (Tutorial key) <dennis@kaarsemaker.net> sub 2048g/389AA63E 2005-09-08

The key in this example is D8FC66D2.

For keysigning parties you will need the key fingerprint. Although PGP keys are generally used with personal computers for Internet-related applications, key signing parties themselves generally do not involve computers, since that would give adversaries increased opportunities for subterfuge. Rather, participants write down a string of letters and numbers, called a public key fingerprint, which represents their key.