| Home Profile Fun |
#93 Linux 03.04.2007
Encrypting and decrypting files with GnuPGThis article is only an introduction. If you need high security you must study additional literature! Recieving encrypted files: You have to create a public key and a private key. You send the public key to the person who will use it to encrypt the file. Then the one sends you back the encrypted file and you decrypt it with your private key. Your private key is secret and must not be given to others. Sending encrypted files: Accordingly if you want to send an encrypted file to somebody, the one has to give you his public key in advance. Let's make an example for the first situation (which also shows the process for the second one) 1) Create the public key and private key gpg --gen-key You will be asked some questions. If you don't know what to select it is ok to use the default values. Enter your name, email address and a comment if you like. Finally you will be asked for a password to protect your private key. The computer starts to create the keys. You will see a lot of '+' symbols. During this period you can enter some letters randomly to help the computer generating the keys. 2) Check if the generation was successful gpg --list-public-keys This will show a list of all public keys available. /root/.gnupg/pubring.gpg ------------------------ pub 1024D/C6E3EEBD 2006-05-20 uid Norbert Klein <norbert@acodedb.com> sub 2048g/E3FE2762 2006-05-20 The third line contains the public key id. In this example it is C6E3EEBD. 3) Export the public key to a file gpg -a -o ~/.gnupg/acodedb.asc --export C6E3EEBD(The last parameter is again the public key id) The file acodedb.asc has been created in ~./.gnupg/ 4) This public key can now be sent to someone who wants to encrypt a file The one who recieved your public key must import it into his key database: gpg --import acodedb.asc To encrypt files she has to pass the public key id. So she will first get it with the command we already know: gpg --list-public-keys It is very important to ensure, that the public key is really from the right person. This can be checked by phone for example. Only after this check she should start to encrypt files: gpg -o document.txt.gpg -r C6E3EEBD -e document.txt This will create an encrypted file called document.txt.gpg from document.txt and can be sent back to you. 5) As soon as you have recieved the encrypted file you can decrypt it with your secret private key gpg -o document.txt -d document.txt.gpgIn case you set a password while the key pair was created you must enter it here. If you want to delete keys you have to delete the private key first: gpg --delete-secret-key C6E3EEBD Delete a public key gpg --delete-key C6E3EEBD Enhance security with digital signatures A digital signature is used to verify the integrity of a file and detect modifications. The person who encrypts the file can digitally sign it. The person who recieves this encrypted file will verify the signature. If the file or the signature were modified after the encryption the verification will fail. Thus it is obvious that the file or signature have been manipulated. To sign a file the sender uses his private key. To verify a signature the reciever needs the signature file, the encrypted file and additionally the public key of the sender. The sender creates the signature file document.txt.gpg.sig from document.txt.gpg gpg -o document.txt.gpg.sig --detach-sig document.txt.gpgIf necessary she must enter the password for the private key As soon as the reciever imported the public key of the sender and recieved the signature and encrypted file he can check the signature gpg --verify document.txt.gpg.sig document.txt.gpg And if everything looks good it's time to decrypt the file gpg -o document.txt -d document.txt.gpg Apache hardening IDS/IPS systems with Snort SELinux Training |