Gpg basics

GPG BASICS
Carlos Perez carlos_perez@darkoperator.com
Friday, September 13, 13

WHAT IS ENCRYPTION?
• Encryption encodes and scrambles data so it is difﬁcult to obtain the
original content unless a known secret is used to decipher it.
• The 2 main schemes of encryption are:
• Symmetric -The same cryptographic key is used for both encryption
and decryption of the data. It is the simplest form of encryption.
• Public Key - Requires two separate keys, a secret key and a public
key.Although different, the two parts of the key pair are
mathematically linked. One key locks or encrypts the data , and the
other unlocks or decrypts the data.

PGP
• PGP Stands for Pretty Good Privacy.
• It was initially created by Phil Zimmerman in 1991
• In 1997 OpenPGP was proposed to the IETF and in 2007 and
accepted. It is currently RFC4880 http://tools.ietf.org/html/
rfc4880 and it is fo

OPENPGP
• The standard covers strong public-key and symmetric cryptography to
provide security services for electronic communications and data storage.
• These services are:
• Conﬁdentiality
• Key management
• Authentication
• Digital signatures

GNUPG
• Stands for GNU Privacy Guard http://www.gnupg.org/
• Is a Free (open-source) implementation of the OpenPGP standard.
• The package is separate from any GUI and refers to the Library and
Binary tools.
• Linux - comes with all distributions
• Windows - http://www.gpg4win.org/ (Do NOT use the outlook plugin)
• OS X - https://gpgtools.org/

PGP WEB OFTRUST

CERTIFICATE AUTHORITY
WEB OFTRUST

WHAT PGP/GPG DOES
PROVIDE
• Veriﬁcation of sender.
• Encryption of data being sent.
• Trust relationship based on reputation of known persons.
• Strong protection of ofﬂine data or data at rest at other
location as long as private key is protected.

WHAT PGP/GPG DOES NOT
PROVIDE
• Anonymity
• Enumeration of Metadata (Subject, Source, Destination,
Possible software version)
• Enumeration of Relations (People that trust the parties)

GENERATING KEYS
• The command to generate the keys is: gpg --gen-key
• Choose key sizes larger than 1024.
• Set an expiration date for the key.
• Set a good passphrase to protect the key.
• To list the key gpg --list-keys "<your name|Email>"

GENERATING KEYS

GENERATING KEYS
• After generating a key pair create a revocation certiﬁcate and
save it in a safe place with gpg --output revoke.asc --
gen-revoke <keyid>
• Revocation certiﬁcate is use to revoke your key from key
servers in the case you lost your passphrase.
• A revoked key can still be used to verify old signatures, or
decrypt data, but it cannot be used to encrypt new messages
to you.

GENERATING KEYS
• To list secret keys gpg --list-secret-keys
• Create a backup of your private key gpg --export-secret-key
-a "[name|email]" > private.key
• placed the backed up public and private keys in a safe place.
• To restore a private key on another machine:
• gpg --import public.key
• gpg --allow-secret-key-import --import private.key

UPLOADYOUR KEYTO A
KEYSERVER
• For ﬁrst time keys use a key server that veriﬁes the email, this
applies to you and anyone you ask to generate a new key to
communicate with.
• To export a key to a server gpg --keyserver
<keyserver> --send-keys <key ID>
• To export an individual Public key for sharing gpg --armor
--export [email|name] > pubkey.asc

UPLOADYOUR KEYTO A KEY
SERVER
• A recommended server is https://keyserver.pgp.com server
will validate the key via the email message in the key and will
ask for periodic conﬁrmation.

IMPORTING ANDVERIFYING A
KEY
• To download a key from a key server gpg --keyserver
<keyserver> --recv-keys <key id>
• To import an exported key gpg --import <key file>
• After we import a key the fingerprint should verified to know
if its the one we expected gpg --fingerprint "[email|
name]"

IMPORTING ANDVERIFYING A
KEY
• Once a key is veriﬁed you can sign it with our key, for this we
have to edit the key
• gpg --edit-key "[email|name]"
• gpg> sign

REMOVING A KEY FROMTHE
KEYRING
• To remove a key a trusted source from the keyring
trustdb.gpg gpg --delete-key “[name|email]”
• To remove a secret key from secring gpg --delete-
secret-key “[name|email]”

ENCRYPTING A FILE
• Encrypt symmetrically a file using a password gpg -c
filename
• Decrypt a file using a gpg -d --output <new
filename> filename
• To encrypt a file with a specific public key gpg --output
document.gpg --encrypt --recipient “[email|
name]” document.doc

ENCRYPTING A FILE

DECRYPTING A FILE

SIGNING ANDVERIFYING A
FILE
• To generate a signature for a file gpg --output file.sig --
sign file
• To verify a signature both the sig file and the original file must
be in the same folder gpg --verify file.sig

SIGNING ANDVERIFYING A
FILE

LEAKINGTO MUCH
INFORMATION

DISABLE COMMENT AND
VERSION INFO
• Add to your gpg.conf ﬁle the following lines:
• Disables version information
• Sets the comment to an empty string
Text

THANKS

Gpg basics

More Related Content

What's hot (20)

Viewers also liked (6)

Similar to Gpg basics (20)

Recently uploaded (20)

Gpg basics