INTRODUCTION
What is PGP? It is the most popular program encryption and creation of public and private keys for security applications, so it is considered a hybrid.
And GPG? GNU Privacy Guard is a tool for encryption and digital signatures that somehow comes to replace the PGP but the main difference is free software licensed under the GPL (General Public License). It uses software algorithms restricted by patents such as IDEA encryption algorithm in PGP is present almost from its inception. It has been replaced by other non-patented algorithms as ElGamal, CAST5, Tripe DES, AES and Blowfish. Distribution is that it comes pre-installed on GNU / Linux distributions and versions exist for Windows.
Symmetric encryption with gpg
To see the version installed gpg we can do:
gpg - version
You will also see the algorithms available public key encryption, the functions summary and compression available.
We realize symmetric encryption of a file with the-c option:
gpg-c file_to_encrypt
Then we asked for a password or private key phrase that will be used for both encryption and decryption. This application will generate a file in the same directory where the file originated adding the extension. Gpg. This file is a binary output.
If we want a text file that consists of ASCII characters will add the option-ai get an output format. Asc
gpg -c-a file_to_encrypt
Gpg files only works if we have to encrypt the folder package and / or compress first.
We can add compression to encrypt the file with the-z dem set the compression level 0 (no compression) to 6, for example:
gpg -c-z 6 file_to_encrypt
If we write the output to a different file, or use the option, for example:
gpg-o datosfinancieros.info.txt misdatos.info.gpg
To decrypt:
gpg arxiuadesencriptar.gpg
If we see the decrypted file can add the-d option:
gpg -d file_to_decrypt.gpg
ASYMMETRIC ENCRYPTION WITH GPG
Key generation
We will create or generate a key pair for use in asymmetric encryption. To do this we simply run:
gpg - gen-key
During the build process we will doing a series of questions, such as the type of encryption you want to use, the intensity of encryption, da expiry date of the key and our name and an email address is which shall USERID. Neither is sufficient to accept the default options:
Types of keys: the first option (DSA and ElGamal) that allows us to encrypt and sign.
Size of keys: we can choose between 1024 and 4096 bits. By default recommended 2048. The larger safer but more time encryption and decryption.
Valid for option comes default is 0 which never expires. If set to expire after a certain time we will have to regenerate the keys and resubmit our public key to those who were using.
Key generation: The final step in generating the keys, will ask for a sentence or passphrase, ie a password. It is important to choose a strong password hard to guess but easy to remember for us. If we can not forget to use the gpg key related.
When there is the process of generating keys is a good idea to play an mp3, move the mouse ... so that will generate random numbers and keys are created before.
If this is your first run will create a directory in which to save the configuration file and the files and secring.gpg pubring.gpg. The first stores private keys and the second public.
For public keys that we have available to run:
gpg - list-keys or gpg-k
For private keys that we have available we run:
gpg - secret-keys or gpg-k
Called ring files found in the public and private key. If we delete some key first have to delete the private key and then the public.To delete the private key is used:
gpg - delete-secret-key ClauID
To clear the public keys is done with the command:
gpg - delete-key ClauID
The keys are identified by the so-called footprint ("huella"). The trace is a series of numbers that are used to verify if a key really belongs to the owner. If we get a key you can see what your mark and then ask the owner let us say. If the two agree the key is correct and has not been manipulated. The mark is like md5 which verifies that a file has not been tampered with. To see the imprint:
gpg - fingerprint ClauID
Copy and key distribution
Once we have generated the keys we give our public key people and organizations trust so they can verify the identity of our messages. This can be done in several ways:
Raising it to a key server: These servers are often interconnected, it is said that the key to raising the other server already has knowledge of the existence of our new key. We can use for example the server pgp RedIRIS. The order to upload it would be:
gpg - send-keys - keyserver pgp.rediris.es ClauID
To perform a key public institutions or people you want to communicate privately us a message, or check these:
gpg - keyserver NomDelServidor - recv-keys ClauID
Sending it by courier or giving it personally (on a USB, CD, etc.). Using a. To do this we turned this key in a text file with the command:
gpg - armor - output NameOF_file - export ClauID
It is important to have a copy of our private key so that, in case of disaster or data loss, you can recover it. To export the private key to a file:
gpg - armor - output NameOfFile - export-secret-key ClauID
If we go private key in a file and want to import it into our team could do with it:
gpg - import fitxerdeclaus
How to remove keys from distributed servers?
If we have forgotten the password, or have lost your private key, you can generate a revocation certificate and upload it to a keyserver.
It is recommended to create this certificate when creating the keys to the end of the creation process requires the password (if you hope to make it when we have forgotten your password you can no longer create!). We must keep this certificate in a safe place because if you steal it could revoke our keys and leave them unused.
The command to create this certificate:
revocacion.asc gpg-o - gen-revoke ClauId
If we have to import the key file of the certificate of revocation. Once revoked encryption key can no longer decrypt messages but. The amount to be:
gpg-import revocation.asc
The last step is to communicate that our key server key is no longer valid with the command:
gpg - keyserver NomDelServidor - send-keys ClaveId
Web of trust
Create a ring of confidence is key people have signed the other people who have signed with your signature and ensure that this key really say that it is and has not been altered.
For more information:
http://www.rediris.es/cert/servicios/keyserver/remove.html
http://www.lostscene.com/manuales/gnupg.php
http://www.gnupg.org/gph/es/manual.html
0 comments:
Post a Comment