.png "Donator (Rank II)")
How to setup and use PGP 08-03-2016, 04:41 AM
#1
PGP is the hot topic when it comes to encryption. Until quantum processors are available to your everyday shady cracker, your standard PGP-encrypted message would take roughly 10^22 years to crack, which is far older than the known universe. If you need to pass volatile and/or sensitive data around, this is the way to do it.
Setup
The first step is to download your client of choice. I personally use GnuPG (gpg for short), which is free and open-source(ish). Head here and download the version for your os to get started. I'm currently running the barebones, gpg-only installation, but install what you like and learn about it separately.
![[Image: 0RpF9iA.png]](http://i.imgur.com/0RpF9iA.png)
Once gpg is installed, it should be added to your system's PATH. If not, add it manually.
To get an idea of what gpg offers, go ahead and run it with the --help option. Afterwards, it's time to create your first key.
Generating Keys
Generating PGP keys sounds like an arduous and menial task, but it's actually very well thought-out and straightforward. Simply run gpg --gen-key and you'll be prompted for your information. Speaking of, some tips on entering information: use a fake email on a fake domain, and obviously use a pseudonym. If not absolutely necessary, avoid including a comment.
After the key generation has finished, it's a good idea to back it up via exporting it immediately. Now would be a good time to mention that gpg is very lenient with it's name searching. For example, my registered name is Ao Nanami, but supplying "Ao" is enough for the program to recognise who I'm referencing.
Without question, stash the sub somewhere secure. Let's move along, shall we?
As a bonus, you can make your public key, well, public, via uploading it to a keyserver. First, you need to get your key id, which is found in the output of the gpg --list-keys command. Then, you supply the key id to the --send-keys command.
Importing Keys
Alas, there's a bit more to learn before we get to encrypt "Hello, World!". We need someone to send the message to, after all. To get that someone, we need to import their key.
Let's say our good friend Richard Stallman sent us his public key. To add this key to our keyring, we import it by doing the following (assuming the file is named richard.key):
Which gives us the clean output:
A quick note: when using an imported key for the first time, you'll get a foreboding warning about identity theft and such. To avoid this, use gpg --edit-key <name> and enter the trust command.
On this note, to send your key, it needs to be exported.
NOW we can encrypt!
Encrypting/Decrypting Messages
Let's say our message, "Hello, World!", naturally, is in a file called hello.txt. To encrypt this for dear old Rich, we use the following command:
The output appears in a file called hello.txt.gpg, which is what we send on to Richard.
Oh, cool, we got a message back! We decrypt it with the --decrypt option, as follows:
In response, we're prompted for our password:
After that's entered, out comes the message, along with some data I didn't include because I'm lazy:
And there you have it: the basics of an encryption system more secure than you'll probably ever need. Enjoy!
Setup
The first step is to download your client of choice. I personally use GnuPG (gpg for short), which is free and open-source(ish). Head here and download the version for your os to get started. I'm currently running the barebones, gpg-only installation, but install what you like and learn about it separately.
Once gpg is installed, it should be added to your system's PATH. If not, add it manually.
Spoiler: howto
To get an idea of what gpg offers, go ahead and run it with the --help option. Afterwards, it's time to create your first key.
Generating Keys
Generating PGP keys sounds like an arduous and menial task, but it's actually very well thought-out and straightforward. Simply run gpg --gen-key and you'll be prompted for your information. Speaking of, some tips on entering information: use a fake email on a fake domain, and obviously use a pseudonym. If not absolutely necessary, avoid including a comment.
After the key generation has finished, it's a good idea to back it up via exporting it immediately. Now would be a good time to mention that gpg is very lenient with it's name searching. For example, my registered name is Ao Nanami, but supplying "Ao" is enough for the program to recognise who I'm referencing.
Code:
$ gpg --export -a "Ao">pub.key # export public key
$ gpg --export-secret-key -a "Ao">sub.key # export private (secret) keyAs a bonus, you can make your public key, well, public, via uploading it to a keyserver. First, you need to get your key id, which is found in the output of the gpg --list-keys command. Then, you supply the key id to the --send-keys command.
Code:
# sub is redacted for obvious reasons
$ gpg --list-keys Ao
# vvvvvvvv
pub 2048R/3E2070C7 2016-08-03
uid Ao Nanami <ao@foo.bar>
...
$ gpg --send-keys 3E2070C7
# you should just get this as a response; it will
# complain if something goes wrong
gpg: sending key 3E2070C7 to hkp server keys.gnupg.netImporting Keys
Alas, there's a bit more to learn before we get to encrypt "Hello, World!". We need someone to send the message to, after all. To get that someone, we need to import their key.
Let's say our good friend Richard Stallman sent us his public key. To add this key to our keyring, we import it by doing the following (assuming the file is named richard.key):
Code:
$ gpg --import richard.keyCode:
gpg: key C77C0652: public key "Richard Stallman <richard@iownyou.org>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)A quick note: when using an imported key for the first time, you'll get a foreboding warning about identity theft and such. To avoid this, use gpg --edit-key <name> and enter the trust command.
On this note, to send your key, it needs to be exported.
Code:
$ gpg --export -a "Ao">mypub.keyNOW we can encrypt!
Encrypting/Decrypting Messages
Let's say our message, "Hello, World!", naturally, is in a file called hello.txt. To encrypt this for dear old Rich, we use the following command:
Code:
$ gpg --encrypt -r "richard" hello.txtOh, cool, we got a message back! We decrypt it with the --decrypt option, as follows:
Code:
$ gpg --decrypt reply.gpgCode:
You need a passphrase to unlock the secret key for
user: "Ao Nanami <ao@foo.bar>"
2048-bit RSA key, ID 415233AB, created 2016-08-03 (main key ID 3E2070C7)Code:
For a GNU dawn! For freedom!
- <3 RichAnd there you have it: the basics of an encryption system more secure than you'll probably ever need. Enjoy!
It's often the outcasts, the iconoclasts ... those who have the least to lose because they
don't have much in the first place, who feel the new currents and ride them the farthest.
don't have much in the first place, who feel the new currents and ride them the farthest.
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
![[Image: YUpAMpx.png]](https://i.imgur.com/YUpAMpx.png)
![[Image: AD83g1A.png]](http://i.imgur.com/AD83g1A.png)
