PGP was first introduced by Phil Zimmermann & Associates and was a proprietary piece of software that allowed users to encrypt their files - although later on one of the original developers began work on OpenPGP (an open-source alternative.)
These days GPG (GnuPG) is also extremely popular and is based open OpenPGP standards and is widely available across most popular operating systems.
For this tutorial I will focus on CentOS 7 - however much of the processes are exactly the same on most Linux distributions.
GPG makes use of PKI - so can be used to encrypt data, but also allows us to sign data so that it can be independently verified.
Let's go ahead and install the relevant packages:
sudo yum install gnupg2
There is also the 'gnupg1' package available that is *internally* quite different from gnupg2 and is typically more suited for server / embedded environments as it requires less dependencies.
gnupg2 keeps your public keys and secret keys in a 'keyring.' A keyring is simply a container that stores certificates, keys etc. securely.
We'll proceed by generating the private / public key pair:
gpg2 --gen-key
For this demonstration we'll choose RSA for the algorithm, a key size of 4096 bits and an expiry of 1 year.
When you first generate your keys you will notice two files are created:
~/.gnupg/pubring.gpg (Stores the public keys)
~/.gnupg/secring.gpg (Stores the 'secret' / private keys)
We can view our public keys with:
gpg2 --list-keys
and our public ones with:
gpg2 --list-secret-keys
In order to delete key pairs we should firstly delete the secret key with:
gpg2 --delete-secret-key <key-id>
and then remove the associated public key:
gpg2 --delete-keys <key-id>
Sending / Receiving files with GPG
In order to receive a file securely from another party we must firstly provide them with it (preferably via offline media such as a USB stick) export our public key with:
gpg2 --armor --export -a <key-id> > public.key
The 'armor' option instructs GPG to encode the output with ASCII ensuring that it can be emailed.
The other party will then encrypt data with your public key - however they must firstly import your public key:
gpg2 --import public.key
and then encrypt the data with:
gpg2 --encrypt --armor --recipient "Joe Blogs" secret.txt
This will generator a file called secret.txt.asc (you might want to rename this to something more meaningful like secret.txt.gpg) - this can then be transmitted to yourself - who can then decrypt the file with the following:
gpg2 --decrypt secret.txt.asc > secret_decrypted.txt
You should then be prompted for the password associated with the private / secret key.
No comments:
Post a Comment