Gpg
From LocalizationWiki
Contents |
Public Key Encryption
Classic methods for encryption only use one key for encryption. The sender encrypts the message with this key. To be able to decrypt this the receiver needs to have this very same key. This key must have been given to the receiver in a way, that others won't have had the opportunity to obtain this key. If somebody else does have the key, this method of encryption is useless.
The use of so-called Public Keys can solve this problem. Public Keys is a concept where two keys are involved. One key is a Public Key that can be spread through all sorts of media and may be obtained by anyone. The other key is the Private Key. This key is secret and cannot be spread. This key is only available to the owner. When the system is well implemented the secret key cannot be derived from the public key. Now the sender will crypt the message with the public key belonging to the receiver. Then decryption will be done with the secret key of the receiver.
Crucial in this concept is that the secret key remains a secret and should not be given away or become available to anyone else but the owner of this key. YOU CANNOT SEND THIS KEY OVER THE INTERNET. Also it is very unwise to use GnuPG over telnet (you might consider never to use telnet based on the high security risks).
GPG Installation
You can obtain GnuPG as a Debian Package, as a RPM package (Redhat Package Manager) or in source code at http://www.gnupg.org/download/
Installing from source
1. Download source tar ball from gnupg website 2. tar xvzf gnupg-?.?.?.tar.gz 3. cd to the extracted directory 4. ./configure 5. make 6. make install (as root)
Creating a new Keypair
The command line option --gen-key is used to create a keypair
$gpg --gen-key
This command askes the user for some options for generating the keys like the size of the key, the algorith to be used etc. The default options (pressing enter) works fine. Then Input your name, comment and email-id (these things are used for your key user-id). You also have to enter your passphrase to be used with the key. The program takes some time to generate the keys....
Exchanging Keys
To communicate with others you must exchange public keys. To list the keys on your public keyring use the command line option --list-keys
$gpg --list-keys
The output will be something like
/home/tenzin/.gnupg/pubring.gpg ------------------------------- pub 1024D/59E712A8 2006-03-20 uid Tenzin Dendup (Dzongkha Localization) <tenzinn@druknet.bt> sub 2048g/20910946 2006-03-20
To send your public key to a correspondent you must first export it. The command line option --export is used to do this. Either the key id or anypart of the user id may be used to identify the key to export.
$gpg --output tenzin.gpg --export tenzinn@druknet.bt
This produces a file tenzin.gpg in your current working directory, which is the public key exported in a binary format. This can be inconvinent when the key is to be sent through e-mail or published on a web page.
GnuPG therefore sopports a command line option --armor that causes output to be generated in an ASCII-armored format similar to unencoded documents.
$gpg --armor --export tenzinn@druknet.bt
The output will be something like
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux)
mQGiBEQe46kRBADkA98aR7tEvhz/pGfutNnJkyDKBUlcJX5P8flOAJdCfxZk66Pf MsifT/YGBjNLMyLP3HL9EWOgeGNG5idbpqOFTNIsBcROtSyDViK74ENJA1OAtAzt 5hrfaAWGB0Ma0C9gsEgBuejf3w5BhNc7w5T24au1BwV5rUtF3LTu+7RUFwCgrqw/ f3WoZeLakoxcZe/2oCLXlnMD/04kQpYLEKcZRnL3xe+v1x1/MfCTBCJsc0olLfpF BALM7fLSCQ11lPxhYB+29IWA1B4GuDjtsvB1pqYyVW+wIoFkIxvFjyvJtKN7+5p1 5pr+Qc67O0fZPqEG/vV7V3au/LN157RYA/FETdpy20Z5y2anujUBEkvDIPUu5Sp4 nGrFA/9aUlG8bCao+YLWN7wXfghNMtWGf6kAkxD95JxyzYTT26xAhLmg4d9ntMpz 0qTlm+azz1YXaL2I8HjG3Bho8OlcMtxle+khY7mnVC2iEj1ayc3G2AFKlr6Gt/2B vRxwp/reRL2W7Qgs+YbyXFAb21m4eoEvDvCKmfSiLYHU7M7OFbQ6VGVuemluIERl bmR1cCAoRHpvbmdraGEgTG9jYWapemF0aW9uKSA8dGVuemlubkBkcnVrbmV0LmJ0 PohgBBMRAgAgBQJEHuOpAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQRfQZ mlnnEqisMgCdEUCWp1XDr512v1XZpbpvBqqSDSgAn2Cj6mFYESvdvPbiBkmR+2Nr RweBuQINBEQe48wQCACG+yPbjDemGKMfqolAvmMXIUPjz2+S0o62pS0TWnwEGiOd cU2d+GgSt96p5LIp/e7s4j8yagNyHw7U+YSmH4Q/eTQVY93zLtFKBtJmp7CnlUn8 8IgMh+6iXKkbeB9RFic+yJLGn7/OPaq8eqD138CDNmXGkFTtM66313FFURPU7jmR hsNMxoEK6xatpE7OJwpc8918OqxedUgfiodQgSOL/3ucsKvX1lFdCwR7rcNA4b0m uiINvtZEHIh/5nmF7tGK6rzse/Uex0F248V461W+C3Fn5fksSoaSOlqOaYgEG9eA nPpBgQ5vJf/ZVg+DNUjxE1TfNF6TghTiWu0Z8S9LAAMFB/9iHr10ZBJ+vlUWUbkL /h1K0OBV5Voy/xq9I84Aii31tKXaqgZEFHwbvhh9qxOTfvCDk3RrPKPXmUPpnmYZ 3P8OB+f6Siu7kNTAaevp0h+kvnozb9JE7r+ULJ8mQ8wDbY3pBtkCsTkk0X01mHGu cx7ttw1s5AXOstGQHSTchtCt/enVvrUDusKoBxdk0oB1xoVq9Fx5oJLJvBTnoq3Q LMsMDS1rugxZVO3IFOjwS3jp3my45jQxy0M1IpGE00mo3UJ1h1LKkb3P3IxWjvip L0kkIUz+aBunXEZZToH+t71oooh3WDVItnv2Ihh05oKPQphQka31pmV7QqCWNibF jlHBiEkEGBECAAkFAkQe48wCGwwACgkQRfQZmlnnEqgScQCfcZI+O2BQs54ZRp32 VikfPAbuWUkAniuKn97v9k5NHsk09f+jrVC73i3s =qMSu
-----END PGP PUBLIC KEY BLOCK-----
Now you can copy-and-paste (excluding the BEGIN PGP and END PGP block) to publish your public key on a webpage or sent it via e-mail
