2,306
edits
Changes
Jump to navigation
Jump to search
mLine 1:
Line 1: − + − + − + Line 7:
Line 7: − + + + + + + + + + − + − + − gpg --gen-key+ − + + + + + + + + + + − + − + − + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + − + + + + + + + + + − + − + − + − + − + − + + + + + + + + + + + + + + + + + + + + + + + + + − + − + + + + + + + + − + + + − + − + + +
→Decrypt with private key
== GnuPG ==
==GnuPG==
== Simetric Cipher ==
==Simetric Cipher==
=== Encryption ===
===Encryption===
gpg -c file.txt
gpg -c file.txt
we will be prompt for a password.<br />
we will be prompt for a password.<br />
gpg -ca file.txt
gpg -ca file.txt
If we want an ascii output
If we want an ascii output
=== Decryption ===
====Encrypt & Sign====
gpg --encrypt --sign --recipient 'some user ID value' <file>
====Encrypt without prompt for key verification====
gpg --trust-model always --encrypt --recipient rafael@herrerosolis.com secret_file.txt
===Decryption===
gpg -d file.txt
gpg -d file.txt
gpg --output <file> --decrypt <encrypted-and-signed-file>
find . -type f -name '*.gpg' -exec sh -c 'for file do gpg "$file"; done' sh {} +
we will be prompt for a password.
we will be prompt for a password.
== Asimetric Cipher ==
==Asimetric Cipher==
=== Generate keys ===
===Private Key===
=== List private keys ===
====Generate keys====
<source lang="text">gpg --full-generate-key
gpg --default-new-key-algo rsa4096 --gen-key
gpg --gen-key</source>
====Import secret keys====
gpg --allow-secret-key-import --import tmp.asc
====List private keys====
gpg --list-secret-keys
gpg --list-secret-keys
=== Export private key ===
====Export private key====
gpg --export-secret-key -a "User Name" > private.key
gpg --export-secret-key -a "User Name" > private.key
=== Export public key ===
==== To file ====
====Change private key passphrase====
<syntaxhighlight lang="text">
user@machine:~$ gpg --list-secret-keys
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
/home/user/.gnupg/pubring.kbx
-----------------------------
sec rsa1024 2019-11-19 [SC]
9D8D8CBC5B2A8A641C8CA0F58167B416B55E2859
uid [ultimate] RRA Example (No comments) <rra@rra.lan>
ssb rsa1024 2019-11-19 [E]
</syntaxhighlight><syntaxhighlight lang="text">
user@machine:~$ gpg --edit-key 9D8D8CBC5B2A8A641C8CA0F58167B416B55E2859
gpg (GnuPG) 2.2.17; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
sec rsa1024/8167B416B55E2859
created: 2019-11-19 expires: never usage: SC
trust: ultimate validity: ultimate
ssb rsa1024/85BB533A53DAA163
created: 2019-11-19 expires: never usage: E
[ultimate] (1). RRA Example (No comments) <rra@rra.lan>
gpg> passwd
</syntaxhighlight>
====Delete Private Key====
<syntaxhighlight lang="bash">
gpg --delete-secret-key 8167B416B55E2859
</syntaxhighlight>
===Public Keys===
====Export public key====
=====To file=====
gpg --output <destination_file.gpg> --export <public_key_ID>
gpg --output <destination_file.gpg> --export <public_key_ID>
==== To server ====
=====Export all public keys=====
<syntaxhighlight lang="bash">
gpg --list-keys | grep -v "pub\|sub\|uid\|--" | sed '/^$/d' | xargs -t -n 1 -I ARG gpg --export --armor ARG
</syntaxhighlight>
=====To server=====
gpg --send-keys --keyserver pgp.mit.edu 18384645
gpg --send-keys --keyserver pgp.mit.edu 18384645
=====To ascii file=====
gpg --armor --export you@example.com > mykey.asc
=== Import public keys ===
====Import public keys====
==== From file ====
=====From file=====
gpg --import <publickeyfile.gpg>
gpg --import <publickeyfile.gpg>
==== From server ====
=====From server=====
gpg --keyserver pgp.mit.edu --recv-keys 18384645
gpg --keyserver pgp.mit.edu --recv-keys 18384645
=== Encrypt with a public key ===
====Delete Public Key====
gpg --encrypt --recipient <key ID> <file>
<syntaxhighlight lang="bash">
=== Decrypt with private key ===
gpg --delete-key 8167B416B55E2859
</syntaxhighlight>
===Encrypt with a public key===
====List public keys====
gpg --list-keys
====Encrypt one recipient====
gpg --recipient <key ID> --encrypt <file>
==Encrypt with ascii output==
gpg --armor --encrypt --output ~/test.crypt --recipient redteam@bbva.com ~/test.txt
====Encrypt to multiple recipients====
<nowiki>gpg --recipient 42FF42FF \
--recipient 12345678 \
--recipient FEFEFEFE \
--encrypt-files backup.tar</nowiki>
====Encrypt without recipient key verification prompt====
<syntaxhighlight lang="bash">
gpg --trust-model always --encrypt --recipient rafael@herrerosolis.com secret_file.txt
</syntaxhighlight>
====Encrypt without prompt for key verification====
gpg --trust-model always --encrypt --recipient rafael@herrerosolis.com secret_file.txt
===Decrypt with private key===
comando gpg -d <encrypted_file>
comando gpg -d <encrypted_file>
=== Signing ===
=== List keys that can decrypt some file ===
==== Sign ====
<syntaxhighlight lang="bash">
gpg --list-only --no-default-keyring file.gpg
</syntaxhighlight><br />
===Signing Keys===
[https://www.phildev.net/pgp/gpgsigning.html Sign keys]
===Signing===
====Sign====
gpg -u <private_Key_ID> --output <output_signed_file> --sign <file_to_sign>
gpg -u <private_Key_ID> --output <output_signed_file> --sign <file_to_sign>
==== Verify signature ====
gpg --local-user <private_Key_ID> --output <output_signed_file> --sign <file_to_sign>
====Verify signature====
gpg -d <signed_file>
gpg -d <signed_file>
or
or
gpg --verify <signed_file>
gpg --verify <signed_file>
== CheatSheet ==
==CheatSheet==
[http://wiki.herrerosolis.com/images/1/1e/Gpg_cheat_sheet.tar.gz Gpg_cheat_sheet.tar.gz]
[http://wiki.herrerosolis.com/images/1/1e/Gpg_cheat_sheet.tar.gz Gpg_cheat_sheet.tar.gz]<br />
https://www.digitalocean.com/community/tutorials/how-to-use-gpg-to-encrypt-and-sign-messages<br />
http://www.g-loaded.eu/2010/11/01/change-expiration-date-gpg-key/