-
Notifications
You must be signed in to change notification settings - Fork 1
/
GPG.txt
112 lines (77 loc) · 3.49 KB
/
GPG.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
Content-Type: text/x-zim-wiki
Wiki-Format: zim 0.4
Creation-Date: 2016-11-23T00:21:15+01:00
====== GPG ======
Created onsdag 23 november 2016
**GnuPG is a fork of the Pretty-Good-Privacy standards. **
**GPG generates a pair of keys - one public and one private. The public key can be shared and the private key must be kept safe. When someone encrypts a message using your public key, only your private key+password will be able to decrypt the content. **
**When signing files it's vice versa. You sign with your private key and others can verify with your public key.**
**In below examples a document called **//doc//** will be used as example file to encrypt/decrypt.**
===== Installation and Setup =====
**# Install the **//gnupg//** package**
$ pacman -S gnupg
== Generate key-pair ==
$ gpg --full-gen-key
**# You will be prompted for several questions.**
**# 1: RSA/RSA **
**# 2: **
**# 2: 1y - One year expiration date**
**# 3: Name and E-mail. This information will be public**
**# 4: Say **//no//** to comment since it's not well-defined**
**# 5: Password**
== List Keys ==
**# Public keys**
$ gpg --list-keys
**# Secret keys**
$ gpg --list-secret-keys
== Export public key ==
**# Will output a public key in ASCII**
$ gpg --output public.key --armor --no-emit-version --export <user-id>
**# To register your key with a public key-server**
$ gpg --send-keys <key-id>
== Import public key ==
**# In order to encrypt messages to others, you will need their public key. **
**# To import locally stored keys (downloaded etc)**
$ gpg --import //public.key//
**# To retrieve information about a key on the keyserver**
$ gpg --search-keys <key-id>
**# To import keys from the keyserver**
$ gpg --recv-keys <key-id>
===== Signatures =====
**# Signatures certify and timestamp documents. **
**#** **If the document is modified, the verification will fail.**
== Signing files ==
**# To sign a file without compressing it into binary - used for text I think**
$ gpg --clearsign doc
**# To sign and compress into binary format - used with files I think**
$ gpg --output doc.sig --sign doc
**# To make a detached signature file **
$ gpg --output doc.sig --detach-sig doc
== Verify signature ==
$ gpg --verify doc.sig
**# If verifying a detached signature, make sure the signature file and the .iso is located together**
**# Ex.**
$ gpg --verify archlinux-<version>-dual.iso.sig
===== Usage =====
**# Encrypt / Decrypt **
== To Encrypt a message ==
**# To encrypt a message, in this example a file called **//doc//**, for a user in your keyring. **
$ gpg -R <user-id> --no-emit-version -e doc
**# If you are only encrypting a text message, add **//--armor //**which is suitable for text!**
== To Decrypt a message ==
**# To decrypt a message and output it to a file called **//doc//
$ gpg -o doc -d //file//.pgp
**# To output the content in **//stdout//** leave out the **//-o doc//
===== Tips and Tricks =====
**# Some random Tips and Tricks**
== Edit private key ==
**# You can edit your private key through a sub-menu. Change expiration date etc.**
$ gpg --edit-key <user-id>
== Encrypting own files ==
**# You can use your own **//<user-id>//** to encrypt files - only one at the time though. **
**#** **It is possible to pack various files in a tarball though and then encrypting the entire tarball.**
== Backup (export) and Import private key ==
**# To backup (export) a private key**
$ gpg --export-secret-keys --armor <user-id> > privkey.asc
**# To import the backup key**
$ gpg --allow-secret-key-import --import privkey.asc