Home » Cryptography, Debian, Featured, Headline, How-to, Linux, Newbie, Recovery, Security, Shell, Tuning, Ubuntu

Using GPG under Ubuntu or Debian

13 May 2009 3 Comments

GnuPG Logo

GnuPG Logo

Gpg is stands for Gnu Privacy Guard and is a free alternative to the PGP cryptographic software. GnuPG (or GPG) follows the RFC 4880 which is the standard specification of OpenPGP. The most important thing GPG is interoperable with PGP. GPG is build as a command line utility but also have several front-ends for KDE, Gnome and other Linux desktops, but also is directly integrated in other software like: Email Clients as Mozilla Thunderbird, Evolution, Kmail, Instant Messaging as PSI, Fire, Browsers as Mozilla Firefox etc.

GnuPG encrypts messages using asymmetric keys. This keys are generated by the users and are exchanged with others through TRUSTED key servers.GPG also knows symmetric key cryptography.

Installing GPG

apt-get install gpg

Generating key pairs
Run “gpg –gen-key” and just follow the steps. An exmample of output is presented on following lines

[rb@randombugs]$ gpg –gen-key
gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 1
Key expires at Thu 14 May 2009 02:47:32 PM EEST
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
“Heinrich Heine (Der Dichter)

Real name: Heinrich Heine (Der Dichter)
Email address: heinrichh@randombugs.com
Comment: comment
You selected this USER-ID:
“Heinrich Heine (Der Dichter) (comment)

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
++++++++++..+++++.+++++.+++++.+++++++++++++++.++++++++++.+++++++++++++++

Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 250 more bytes)
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++++++++++++++++++++++++++++++++.++++++++++.+++++..++++++++++++++++++
gpg: key CD5A5FAC marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2009-05-14
pub 1024D/CD5A5FAC 2009-05-13 [expires: 2009-05-14]
Key fingerprint = 2CE7 0001 8B3F 51DE 7257 9178 4048 7538 CD5A 5FAC
uid Heinrich Heine (Der Dichter) (comment)
sub 2048g/F3451B7B 2009-05-13 [expires: 2009-05-14]

Viewing Keys and Signatures

To see Gpg signatures run:

[rb@randombugs]$ gpg –list-sigs
/home/sacx/.gnupg/pubring.gpg
—————————–
pub 1024R/493B3065 2009-01-21
uid Launchpad PPA for Kubuntu Most Experimental Packages
sig 60C55BA1 2009-01-30 [User ID not found]
sig CA1FF7BB 2009-02-07 [User ID not found]
sig 3 493B3065 2009-01-21 Launchpad PPA for Kubuntu Most Experimental Packages

pub 1024D/CD5A5FAC 2009-05-13 [expires: 2009-05-14]
uid Heinrich Heine (Der Dichter) (comment)
sig 3 CD5A5FAC 2009-05-13 Heinrich Heine (Der Dichter) (comment)
sub 2048g/F3451B7B 2009-05-13 [expires: 2009-05-14]
sig CD5A5FAC 2009-05-13 Heinrich Heine (Der Dichter) (comment)

To see your imported public keys:

[rb@randombugs]$ gpg –list-public-keys
/home/sacx/.gnupg/pubring.gpg
—————————–
pub 1024R/493B3065 2009-01-21
uid Launchpad PPA for Kubuntu Most Experimental Packages

pub 1024D/CD5A5FAC 2009-05-13 [expires: 2009-05-14]
uid Heinrich Heine (Der Dichter) (comment)
sub 2048g/F3451B7B 2009-05-13 [expires: 2009-05-14]

To see your private keys:

[rb@randombugs]$ gpg –list-secret-keys
/home/sacx/.gnupg/secring.gpg
—————————–
sec 1024D/CD5A5FAC 2009-05-13 [expires: 2009-05-14]
uid Heinrich Heine (Der Dichter) (comment)
ssb 2048g/F3451B7B 2009-05-13

Importing Public Keys
If you have the public key as file your can import it in this way:

[rb@randombugs]$ gpg –import /path/to/public/key

Exporting Public Keys
You have 2 posibilities for export: exporting in binary or ascii format.
For binary run:

[rb@randombugs]$ gpg –export ‘Your Name’
[… binary output …]

For ascii key run

[rb@randombugs]$ gpg –export -armor ‘Your Name’
—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v1.4.9 (GNU/Linux)

mQGiBEoKs1QRBADBEoanWpGm+ftuzpLwtBKpyhsdTFPFRJG64ddAVDuYoP+zzPma
MCpFEFMGRBMRvcxlRoNyYc5VAf4hswAIsr48gITtEmlNLxyFDb9g7jeItEAQiDcR
zw699qrZRWFKwcJO4h8bFe8/dwa4MB6p3l2lcPvu+5LC9soYgAtPnZxhNwCg6DGv
nSx58LCD/BAmpyr876pDBD0EALFpm60FbSBlBHD8wLVwuA4Kv55yPYoNF6tJLU1h
ciFw+oZcbiaBPOXewiXQJhLATDaJE8F0Y5OnPmAXuge3+zms6TYewPixaBHb11bs
ASbQiZAp8qp2kYADAQbRrcSf2Fn8s90O2eCBj7YjM8Cjtxsn/WavrpdSgTqzJ624
395YBACY7pDhmWDBsdfAXsU/6jkEBiCO/SyWaRro5pyOD5wZGukRMQexZ0Q3yUuK
qL6IlNWQzQl17AEujuLD6H+/wXL5FNOeCmgxX4Plc+DkBt7xc845ke08S/wQhMEu
yR2eGi7RsRgjJMw69Yt86UoJx2lE1+v4IkJ+qvQJsB5q/i4cF7RBSGVpbnJpY2gg
SGVpbmUgKERlciBEaWNodGVyKSAoY29tbWVudCkgPGhlaW5yaWNoaEByYW5kb21i
dWdzLmNvbT6IZgQTEQIAJgUCSgqzVAIbAwUJAAFRgAYLCQgHAwIEFQIIAwQWAgMB
Ah4BAheAAAoJEEBIdTjNWl+sRVkAoIQfzU4GIvr0AejtcQjYBF3igkjQAJ9XdcHk
wZ7+XENVF9Ilbf8pZnXO+7kCDQRKCrNUEAgAtUFz6VeMD0jxgvBR5JJVNSHB+6SX
ok59L0j5r7fXIBUkdVHSdVZV32vru+ooQ1DayNGl5shcoI2ur9dc3TLTTyV7t+Gq
ToA8RMCxt5XBTAyS1YHegpqGLHAoWyOVqWf40ga5Z3ybSaTmx2AFK7Gp526mo1o6
yub4YGM3a7JM6sMy7Wbxmnkg+/8XzW15WeNCgbwfO4Q3uGcEzjKmUgr3BOakUyON
bAogZuFxl4Xp29vTmCpKXrgOoh6p25sUbqTJtaxxEQ4ytZKByzGlY6GeN3dblKsh
peWTE5oQz1SmFZhcczVKTzn2/LEQ3hiVjqoljR31PapdR7nA2nch14xlPwADBQf/
TeFC/ZHLAL2YwUeQgUivqRcMgTdSRJJ0W+fPqOaGdPSj8mDrsmtI//f2OPCRXviq
AxJbmr9RbZgpxHqS+iHHVs8NtlPI0n7+sL2WdINYK165bjgbk3tcmLfN5s8Qnm3r
pjM5dlmJEY3qQh+FGFRI9vnTqrek52itaDrL0wtTyTwouiGNhT0FukAvgFd6ry7q
0Ug+0YvOiP1udRQCZLeHn4++UdNXNPqTobrz/yOhYUPd9sgXs07Geujzr62cU0Ui
MYlAfdxewwZsKNIAUHTiOjLt0VpbUq5u0tVOW6iQnCEcRtZhY9tT/OOY0UH0GQcd
/7EynKcH77j8Gnb4t5BbfohPBBgRAgAPBQJKCrNUAhsMBQkAAVGAAAoJEEBIdTjN
Wl+snPkAn2OzQm5/CSgR4TAgqNFFxNVOlkkwAKCo3gmHqt79ipI7Q/Hc++OT8p7g
Kw==
=hzCH
—–END PGP PUBLIC KEY BLOCK—–

Publish your public key on a key server

[rb@randombugs]$ gpg –keyserver hkp://wwwkeys.pgp.net –send-keys ‘Your Name’

Encrypting Message with your public key

[rb@randombugs]$ gpg –encrypt –armor –recipient ‘Your Name’ /path/to/file

Encrypting Message with a symmetric alghorithm

[rb@randombugs]$ gpg –symmetric –armor /path/to/file

Decrypting Message

[rb@randombugs]$ gpg encrypted_file.gpg

Signing a Message

[rb@randombugs]$ gpg –sign –armor –recipient ‘Your Name’ /path/to/file

Search and Import keys from a public server

gpg –keyserver hkp://wwwkey.pgp.net –search-keys ’email@domain.com’

For Testing just run:

gpg –keyserver hkp://wwwkeys.pgp.net –search-keys ‘Kubuntu’
gpg: searching for “Kubuntu” from hkp server wwwkeys.pgp.net
(1) Jonathan Thomas
4096 bit RSA key 97870010, created: 2009-05-10
(2) Nathan Handler
Nathan Handler
Nathan Handler
Nathan Handler
Nathan Handler
2048 bit RSA key 3933A7CE, created: 2009-05-10
(3) Launchpad Kubuntu Updates
1024 bit RSA key 8AC93F7A, created: 2009-05-07
(4) christopher miller (kubuntu key)
1024 bit DSA key 2D125321, created: 2009-03-08
(5) Massimiliano Ranzini (Kubuntu)
1024 bit DSA key 8919B4FF, created: 2009-02-26
(6) morristalitha (kubuntu-gebruiker)
1024 bit DSA key 07B0A336, created: 2009-02-25
(7) Oleksandr Khayrullin (Kubuntu)
1024 bit DSA key F54F643B, created: 2009-01-28
(8) Oleksandr Khayrullin (Kubuntu)
1024 bit RSA key 21846482, created: 2009-01-28
(9) Launchpad Private PPA for Kubuntu Ninjas
1024 bit RSA key 0945A8E2, created: 2009-01-22
Keys 1-9 of 120 for “Kubuntu”. Enter number(s), N)ext, or Q)uit >

Now to import a key just press the number of the key.

Conclusion
I hope this small how-to is enough for a quick start.
Good Luck.


3 Comments »

  • Encrypting and Decrypting files under Ubuntu | Random Bugs said:

    […] encrypt a single file (or even multiple files) you can use 3 programs: 1. gpg – OpenPGP part of the GNU Privacy Guard 2. openssl – command line tool for using the various cryptography functions of OpenSSL’s crypto […]

  • JamesD said:

    Thanks for the useful info. It’s so interesting

  • Annuaire Pro e-Fifty said:

    Howdy! I could have sworn I’ve been to this blog before but after browsing through some of the post I realized it’s new to me. Anyhow, I’m definitely glad I found it and I’ll be book-marking and checking back frequently!

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.