Difference between revisions of "Linux: gpg"
Jump to navigation
Jump to search
Rafahsolis (talk | contribs) |
Rafahsolis (talk | contribs) Tag: visualeditor |
||
| (16 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | == GnuPG == | + | ==GnuPG== |
| − | == Simetric Cipher == | + | ==Simetric Cipher== |
| − | === Encryption === | + | ===Encryption=== |
gpg -c file.txt | gpg -c file.txt | ||
we will be prompt for a password.<br /> | we will be prompt for a password.<br /> | ||
| Line 7: | Line 7: | ||
gpg -ca file.txt | gpg -ca file.txt | ||
If we want an ascii output | If we want an ascii output | ||
| − | === Decryption === | + | ====Encrypt & Sign==== |
| + | gpg --encrypt --sign --recipient 'some user ID value' <file> | ||
| + | |||
| + | ====Encrypt without prompt for key verification==== | ||
| + | gpg --trust-model always --encrypt --recipient rafael@herrerosolis.com secret_file.txt | ||
| + | |||
| + | ===Decryption=== | ||
gpg -d file.txt | gpg -d file.txt | ||
| + | gpg --output <file> --decrypt <encrypted-and-signed-file> | ||
| + | find . -type f -name '*.gpg' -exec sh -c 'for file do gpg "$file"; done' sh {} + | ||
we will be prompt for a password. | we will be prompt for a password. | ||
| − | == Asimetric Cipher == | + | ==Asimetric Cipher== |
| − | === Generate keys === | + | |
| − | + | ===Private Key=== | |
| − | + | ||
| + | ====Generate keys==== | ||
| + | <source lang="text">gpg --full-generate-key | ||
| + | gpg --default-new-key-algo rsa4096 --gen-key | ||
| + | gpg --gen-key</source> | ||
| + | |||
| + | ====Import secret keys==== | ||
| + | gpg --allow-secret-key-import --import tmp.asc | ||
| − | === List private keys === | + | ====List private keys==== |
gpg --list-secret-keys | gpg --list-secret-keys | ||
| − | === Export private key === | + | ====Export private key==== |
gpg --export-secret-key -a "User Name" > private.key | gpg --export-secret-key -a "User Name" > private.key | ||
| − | === Export public key === | + | |
| − | ==== To file ==== | + | ====Change private key passphrase==== |
| + | <syntaxhighlight lang="text"> | ||
| + | user@machine:~$ gpg --list-secret-keys | ||
| + | gpg: checking the trustdb | ||
| + | gpg: marginals needed: 3 completes needed: 1 trust model: pgp | ||
| + | gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u | ||
| + | /home/user/.gnupg/pubring.kbx | ||
| + | ----------------------------- | ||
| + | |||
| + | sec rsa1024 2019-11-19 [SC] | ||
| + | 9D8D8CBC5B2A8A641C8CA0F58167B416B55E2859 | ||
| + | uid [ultimate] RRA Example (No comments) <rra@rra.lan> | ||
| + | ssb rsa1024 2019-11-19 [E] | ||
| + | |||
| + | </syntaxhighlight><syntaxhighlight lang="text"> | ||
| + | user@machine:~$ gpg --edit-key 9D8D8CBC5B2A8A641C8CA0F58167B416B55E2859 | ||
| + | gpg (GnuPG) 2.2.17; Copyright (C) 2019 Free Software Foundation, Inc. | ||
| + | This is free software: you are free to change and redistribute it. | ||
| + | There is NO WARRANTY, to the extent permitted by law. | ||
| + | |||
| + | Secret key is available. | ||
| + | |||
| + | sec rsa1024/8167B416B55E2859 | ||
| + | created: 2019-11-19 expires: never usage: SC | ||
| + | trust: ultimate validity: ultimate | ||
| + | ssb rsa1024/85BB533A53DAA163 | ||
| + | created: 2019-11-19 expires: never usage: E | ||
| + | [ultimate] (1). RRA Example (No comments) <rra@rra.lan> | ||
| + | |||
| + | gpg> passwd | ||
| + | |||
| + | </syntaxhighlight> | ||
| + | |||
| + | ====Delete Private Key==== | ||
| + | <syntaxhighlight lang="bash"> | ||
| + | gpg --delete-secret-key 8167B416B55E2859 | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | ===Public Keys=== | ||
| + | |||
| + | ====Export public key==== | ||
| + | =====To file===== | ||
gpg --output <destination_file.gpg> --export <public_key_ID> | gpg --output <destination_file.gpg> --export <public_key_ID> | ||
| − | ==== To server ==== | + | |
| + | =====Export all public keys===== | ||
| + | <syntaxhighlight lang="bash"> | ||
| + | gpg --list-keys | grep -v "pub\|sub\|uid\|--" | sed '/^$/d' | xargs -t -n 1 -I ARG gpg --export --armor ARG | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | =====To server===== | ||
gpg --send-keys --keyserver pgp.mit.edu 18384645 | gpg --send-keys --keyserver pgp.mit.edu 18384645 | ||
| − | ==== To ascii file ==== | + | =====To ascii file===== |
gpg --armor --export you@example.com > mykey.asc | gpg --armor --export you@example.com > mykey.asc | ||
| − | = | + | ====Import public keys==== |
| − | + | =====From file===== | |
| − | === Import public keys === | ||
| − | ==== From file ==== | ||
gpg --import <publickeyfile.gpg> | gpg --import <publickeyfile.gpg> | ||
| − | ==== From server ==== | + | =====From server===== |
gpg --keyserver pgp.mit.edu --recv-keys 18384645 | gpg --keyserver pgp.mit.edu --recv-keys 18384645 | ||
| − | === Encrypt with a public key === | + | ====Delete Public Key==== |
| − | ==== List public keys ==== | + | <syntaxhighlight lang="bash"> |
| + | gpg --delete-key 8167B416B55E2859 | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | ===Encrypt with a public key=== | ||
| + | ====List public keys==== | ||
gpg --list-keys | gpg --list-keys | ||
| − | ==== Encrypt one recipient ==== | + | ====Encrypt one recipient==== |
gpg --recipient <key ID> --encrypt <file> | gpg --recipient <key ID> --encrypt <file> | ||
| − | == Encrypt with ascii output == | + | ==Encrypt with ascii output== |
gpg --armor --encrypt --output ~/test.crypt --recipient redteam@bbva.com ~/test.txt | gpg --armor --encrypt --output ~/test.crypt --recipient redteam@bbva.com ~/test.txt | ||
| − | ==== Encrypt to multiple recipients ==== | + | ====Encrypt to multiple recipients==== |
<nowiki>gpg --recipient 42FF42FF \ | <nowiki>gpg --recipient 42FF42FF \ | ||
| − | + | --recipient 12345678 \ | |
| − | + | --recipient FEFEFEFE \ | |
| − | + | --encrypt-files backup.tar</nowiki> | |
| − | === Decrypt with private key === | + | ====Encrypt without recipient key verification prompt==== |
| + | <syntaxhighlight lang="bash"> | ||
| + | gpg --trust-model always --encrypt --recipient rafael@herrerosolis.com secret_file.txt | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | ====Encrypt without prompt for key verification==== | ||
| + | gpg --trust-model always --encrypt --recipient rafael@herrerosolis.com secret_file.txt | ||
| + | |||
| + | ===Decrypt with private key=== | ||
comando gpg -d <encrypted_file> | comando gpg -d <encrypted_file> | ||
| − | === Signing === | + | === List keys that can decrypt some file === |
| − | ==== Sign ==== | + | <syntaxhighlight lang="bash"> |
| + | gpg --list-only --no-default-keyring file.gpg | ||
| + | </syntaxhighlight><br /> | ||
| + | ===Signing Keys=== | ||
| + | [https://www.phildev.net/pgp/gpgsigning.html Sign keys] | ||
| + | |||
| + | ===Signing=== | ||
| + | ====Sign==== | ||
gpg -u <private_Key_ID> --output <output_signed_file> --sign <file_to_sign> | gpg -u <private_Key_ID> --output <output_signed_file> --sign <file_to_sign> | ||
gpg --local-user <private_Key_ID> --output <output_signed_file> --sign <file_to_sign> | gpg --local-user <private_Key_ID> --output <output_signed_file> --sign <file_to_sign> | ||
| − | ==== Verify signature ==== | + | ====Verify signature==== |
gpg -d <signed_file> | gpg -d <signed_file> | ||
or | or | ||
gpg --verify <signed_file> | gpg --verify <signed_file> | ||
| − | == CheatSheet == | + | ==CheatSheet== |
[http://wiki.herrerosolis.com/images/1/1e/Gpg_cheat_sheet.tar.gz Gpg_cheat_sheet.tar.gz]<br /> | [http://wiki.herrerosolis.com/images/1/1e/Gpg_cheat_sheet.tar.gz Gpg_cheat_sheet.tar.gz]<br /> | ||
https://www.digitalocean.com/community/tutorials/how-to-use-gpg-to-encrypt-and-sign-messages<br /> | https://www.digitalocean.com/community/tutorials/how-to-use-gpg-to-encrypt-and-sign-messages<br /> | ||
http://www.g-loaded.eu/2010/11/01/change-expiration-date-gpg-key/ | http://www.g-loaded.eu/2010/11/01/change-expiration-date-gpg-key/ | ||
Latest revision as of 15:16, 19 December 2019
GnuPG
Simetric Cipher
Encryption
gpg -c file.txt
we will be prompt for a password.
Or:
gpg -ca file.txt
If we want an ascii output
Encrypt & Sign
gpg --encrypt --sign --recipient 'some user ID value' <file>
Encrypt without prompt for key verification
gpg --trust-model always --encrypt --recipient rafael@herrerosolis.com secret_file.txt
Decryption
gpg -d file.txt
gpg --output <file> --decrypt <encrypted-and-signed-file>
find . -type f -name '*.gpg' -exec sh -c 'for file do gpg "$file"; done' sh {} +
we will be prompt for a password.
Asimetric Cipher
Private Key
Generate keys
gpg --full-generate-key
gpg --default-new-key-algo rsa4096 --gen-key
gpg --gen-key
Import secret keys
gpg --allow-secret-key-import --import tmp.asc
List private keys
gpg --list-secret-keys
Export private key
gpg --export-secret-key -a "User Name" > private.key
Change private key passphrase
user@machine:~$ gpg --list-secret-keys
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
/home/user/.gnupg/pubring.kbx
-----------------------------
sec rsa1024 2019-11-19 [SC]
9D8D8CBC5B2A8A641C8CA0F58167B416B55E2859
uid [ultimate] RRA Example (No comments) <rra@rra.lan>
ssb rsa1024 2019-11-19 [E]
user@machine:~$ gpg --edit-key 9D8D8CBC5B2A8A641C8CA0F58167B416B55E2859
gpg (GnuPG) 2.2.17; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
sec rsa1024/8167B416B55E2859
created: 2019-11-19 expires: never usage: SC
trust: ultimate validity: ultimate
ssb rsa1024/85BB533A53DAA163
created: 2019-11-19 expires: never usage: E
[ultimate] (1). RRA Example (No comments) <rra@rra.lan>
gpg> passwd
Delete Private Key
gpg --delete-secret-key 8167B416B55E2859
Public Keys
Export public key
To file
gpg --output <destination_file.gpg> --export <public_key_ID>
Export all public keys
gpg --list-keys | grep -v "pub\|sub\|uid\|--" | sed '/^$/d' | xargs -t -n 1 -I ARG gpg --export --armor ARG
To server
gpg --send-keys --keyserver pgp.mit.edu 18384645
To ascii file
gpg --armor --export you@example.com > mykey.asc
Import public keys
From file
gpg --import <publickeyfile.gpg>
From server
gpg --keyserver pgp.mit.edu --recv-keys 18384645
Delete Public Key
gpg --delete-key 8167B416B55E2859
Encrypt with a public key
List public keys
gpg --list-keys
Encrypt one recipient
gpg --recipient <key ID> --encrypt <file>
Encrypt with ascii output
gpg --armor --encrypt --output ~/test.crypt --recipient redteam@bbva.com ~/test.txt
Encrypt to multiple recipients
gpg --recipient 42FF42FF \
--recipient 12345678 \
--recipient FEFEFEFE \
--encrypt-files backup.tar
Encrypt without recipient key verification prompt
gpg --trust-model always --encrypt --recipient rafael@herrerosolis.com secret_file.txt
Encrypt without prompt for key verification
gpg --trust-model always --encrypt --recipient rafael@herrerosolis.com secret_file.txt
Decrypt with private key
comando gpg -d <encrypted_file>
List keys that can decrypt some file
gpg --list-only --no-default-keyring file.gpg
Signing Keys
Signing
Sign
gpg -u <private_Key_ID> --output <output_signed_file> --sign <file_to_sign> gpg --local-user <private_Key_ID> --output <output_signed_file> --sign <file_to_sign>
Verify signature
gpg -d <signed_file>
or
gpg --verify <signed_file>
CheatSheet
Gpg_cheat_sheet.tar.gz
https://www.digitalocean.com/community/tutorials/how-to-use-gpg-to-encrypt-and-sign-messages
http://www.g-loaded.eu/2010/11/01/change-expiration-date-gpg-key/