-
Notifications
You must be signed in to change notification settings - Fork 1
/
doc.html
executable file
·245 lines (177 loc) · 7.7 KB
/
doc.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- saved from url=(0045)https://irtfweb.ifa.hawaii.edu/~lockhart/gpg/ -->
<html><script type="text/javascript">window["_gaUserPrefs"] = { ioo : function() { return true; } }</script><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>GPG Cheat Sheet</title>
</head>
<body>
<p>
Quick'n easy gpg cheatsheet
</p>
<p>
If you found this page, hopefully it's what you were looking for. It's
just a brief
explanation of some of the command line functionality from gnu privacy
guard (gpg).
Please email me if you find any errors ( <a href="mailto:scout3801@gmail.com">scout3801@gmail.com</a> ).
</p>
<p>
Filenames are italicized (loosely, some aren't, sorry), so if you see
something italicized, think "put my filename there."
</p>
<p>
I've used User Name as being the name associated with the key. Sorry
that isn't very imaginative. I *think* gpg is pretty wide in it's user
assignments, ie. the name for my private key is Charles Lockhart, but I
can reference that by just putting in Lockhart. That doesn't make any
sense, sorry.
</p>
<p>
<strong>to create a key:<br>
gpg --gen-key<br>
</strong>generally you can select the defaults.<br>
</p>
<p>
<strong>to export a public key into file public.key:<br>
gpg --export -a "User Name" > <em>public.key</em></strong><br>
This will create a file called public.key with the ascii representation
of the public key for User Name.
This is a variation on:<br>
gpg --export<br>
which by itself is basically going to print out a bunch of crap to your
screen. I recommend against doing this.<br>
gpg --export -a "User Name"<br>
prints out the public key for User Name to the command line, which is
only semi-useful
</p>
<p>
<strong>to export a private key:<br>
gpg --export-secret-key -a "User Name" > <em>private.key</em></strong><br>
This will create a file called private.key with the ascii
representation of the private key for User Name.<br>
It's pretty much like exporting a public key, but you have to override
some default protections. There's a note (*)
at the bottom explaining why you may want to do this.
</p>
<p>
<strong>to import a public key:<br>
gpg --import <em>public.key</em></strong><br>
This adds the public key in the file "public.key" to your public key
ring.
</p>
<p>
<strong>to import a private key:<br>
<strong>NOTE: I've been informed that the manpage indicates that "this is an obsolete option and is not used anywhere." So this may no longer work.</strong><br>
gpg --allow-secret-key-import --import <em>private.key</em></strong><br>
This adds the private key in the file "private.key" to your private key
ring. There's a note (*)
at the bottom explaining why you may want to do this.
</p>
<p>
<strong>to delete a public key (from your public key ring):<br>
gpg --delete-key "User Name"<br>
</strong>This removes the public key from your public key ring.<br>
NOTE! If there is a private key on your private key ring associated
with this public key, you will get an error! You must delete your
private key for this key pair from your private key ring first.
</p>
<p>
<strong>to delete an private key (a key on your private key ring):<br>
gpg --delete-secret-key "User Name"<br>
</strong>This deletes the secret key from your secret key ring.
</p>
<p>
<strong>To list the keys in your public key ring:<br>
gpg --list-keys<br>
</strong></p>
<p>
<strong>To list the keys in your secret key ring:<br>
gpg --list-secret-keys<br>
</strong></p>
<p>
<strong>To generate a short list of numbers that you can use via
an alternative method to verify a public key, use:<br>
gpg --fingerprint > <em>fingerprint</em><br>
</strong>This creates the file fingerprint with your fingerprint
info.
</p>
<p>
<strong>To encrypt data, use:<br>
gpg -e -u "Sender User Name" -r "Receiver User Name" <em>somefile</em></strong><br>
There are some useful options here, such as -u <userid> to
specify the secret key to be used, and -r <userid> to specify
the public key of the recipient.<br>
As an example:
gpg -e -u "Charles Lockhart" -r "A Friend" mydata.tar<br>
This should create a file called "mydata.tar.gpg" that contains the
encrypted data. I think
you specify the senders username so that the recipient can verify that
the contents are from
that person (using the fingerprint?).<br>
NOTE!: mydata.tar is not removed, you end up with two files, so if you
want to have only the
encrypted file in existance, you probably have to delete mydata.tar
yourself.<br>
An interesting side note, I encrypted
the preemptive kernel patch, a file of 55,247 bytes, and ended up with
an encrypted file of 15,276 bytes.<br>
</userid></userid></p>
<p>
<strong>To decrypt data, use:<br>
gpg -d <em>mydata.tar.gpg</em><br>
</strong>If you have multiple
secret keys, it'll choose the correct one, or output an error if the
correct one doesn't exist. You'll be prompted to enter your passphrase.
Afterwards there will exist the file "mydata.tar", and the encrypted
"original," mydata.tar.gpg.<br>
</p><p>NOTE: when I originally wrote this cheat sheet, that's how it worked on my system, however it looks now like "gpg -d mydata.tar.gpg"
dumps the file contents to standard output. The working alternative (worked on my system, anyway) would be to use "gpg -o outputfile -d encryptedfile.gpg",
or using mydata.tar.gpg as an example, I'd run "gpg -o mydata.tar -d mydata.tar.gpg". Alternatively you could run something like "gpg -d mydata.tar.gpg > mydata.tar"
and just push the output into a file. Seemed to work either way.
</p>
<p> Ok, so what if you're a paranoid bastard and want to encrypt
some of
your own files, so nobody can break into your computer and get them?
Simply encrypt them using yourself as the recipient.<br>
</p>
<p>
I haven't used the commands:<br>
<strong>gpg --edit-key<br>
gpg --gen-revoke</strong><br>
</p><ul>
<li>--gen-revoke creates a revocation certificate, which when distributed to people and keyservers tells them that your key is no longer valid, see http://www.gnupg.org/gph/en/manual/r721.html </li>
<li>--edit-key allows you do do an assortment of key tasks, see http://www.gnupg.org/gph/en/manual/r899.html</li>
</ul>
<br>
<p></p>
<h4>Sharing Secret Keys</h4>
<p>
NOTE!: the following use cases indicate why the secret-key
import/export commands exist, or at least a couple
ideas of what you could do with them. HOWEVER, there's some logistics
required for sharing that secret-key.
How do you get it from one computer to another? I guess encrypting it
and sending it by email would probably be
ok, but I wouldn't send it unencrypted with email, that'd be DANGEROUS.<br>
</p>
<p>
Use Case *.1 : Mentioned above were the commands for exporting and
importing secret keys, and I want to explain
one reason of why maybe you'd want to do this. Basically if you want
one key-pair for all of your computers (assuming
you have multiple computers), then this allows you export that key-pair
from the original computer and import it to your other computers. </p>
<p>Use Case *.2 : Mentioned above were the commands for exporting and
importing secret keys, and I want to explain
one reason of why maybe you'd want to do this. Basically, if you
belonged to a group, and wanted to create a single
key-pair for that group, one person would create the key-pair, then
export the public and private keys, give them to the
other members of the group, and they would all import that key-pair.
Then a member of the group or someone outside could
use the group public key, encrypt the message and/or data, and send it
to members of the group, and all of them would
be able to access the message and/or data. Basically you could create a
simplified system where only one public key was
needed to send encrypted stuffs to muliple recipients.<br>
</p>
</body></html>