This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
fuss:gpg [2017/02/22 18:30] – external edit 127.0.0.1 | fuss:gpg [2021/10/07 07:18] – [Fixing Issues Related to Broken Terminals] office | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Sign, Encrypt and Decrypt a File ====== | ||
+ | |||
+ | '' | ||
+ | |||
+ | To sign and encrypt a file called '' | ||
+ | <code bash> | ||
+ | gpg --output archive.zip.sig --sign archive.zip | ||
+ | </ | ||
+ | |||
+ | To decrypt and verify, issue: | ||
+ | <code bash> | ||
+ | gpg --output archive.zip --decrypt archive.zip.sig | ||
+ | </ | ||
+ | |||
+ | ====== Detach-Sign and Verify a File ====== | ||
+ | |||
+ | A detached signature, just creates a text-signature file that can be used to check the validity of the original file. | ||
+ | |||
+ | To use '' | ||
+ | |||
+ | <code bash> | ||
+ | gpg --output MD5SUM.sig --detach-sig MD5SUM | ||
+ | </ | ||
+ | |||
+ | to verify the signature, issue: | ||
+ | <code bash> | ||
+ | gpg --verify MD5SUM.sig MD5SUM | ||
+ | </ | ||
+ | |||
+ | ====== Clear-Sign a Document ====== | ||
+ | |||
+ | Clear-signing a document will modify that document to include the message along with the signature for that message. | ||
+ | |||
+ | <code bash> | ||
+ | gpg --clearsign list.txt | ||
+ | </ | ||
+ | |||
+ | |||
+ | ====== Getting a List of Available Ciphers ====== | ||
+ | |||
+ | Issue on the command-line: | ||
+ | |||
+ | <code bash> | ||
+ | gpg --version | ||
+ | </ | ||
+ | |||
+ | which should state all the available cyphers, for example: | ||
+ | < | ||
+ | Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, | ||
+ | </ | ||
+ | |||
+ | ====== Encrypting and Decrypting a File using Symmetric Encryption ====== | ||
+ | |||
+ | To encrypt a file using symmetric encryption, issue: | ||
+ | |||
+ | <code bash> | ||
+ | gpg --symmetric --cipher-algo CIPHER SOURCE -o DESTINATION | ||
+ | </ | ||
+ | |||
+ | where: | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | To decrypt the resulting file '' | ||
+ | <code bash> | ||
+ | gpg -o DESTINATION -d SOURCE | ||
+ | </ | ||
+ | |||
+ | In order to get printable output, use the '' | ||
+ | <code bash> | ||
+ | gpg --armor --symmetric --cipher-algo CIPHER SOURCE -o DESTINATION | ||
+ | </ | ||
+ | ====== Changing the Default Cipher ====== | ||
+ | |||
+ | The default algorithm used by GPG is '' | ||
+ | < | ||
+ | cipher-algo CIPHER | ||
+ | </ | ||
+ | |||
+ | where '' | ||
+ | < | ||
+ | gpg --version | ||
+ | </ | ||
+ | |||
+ | ====== Preventing Message Modification Attacks ====== | ||
+ | |||
+ | You will notice this problem when GPG issues a warning: | ||
+ | < | ||
+ | gpg: WARNING: message was not integrity protected | ||
+ | </ | ||
+ | |||
+ | For '' | ||
+ | |||
+ | ====== Conceal Message Destination ====== | ||
+ | |||
+ | In order to encrypt a message that cannot be checked to see who it is encrypted to, add the '' | ||
+ | <code bash> | ||
+ | gpg -v -e -a --throw-keyid -r 887245BA message.txt | ||
+ | </ | ||
+ | |||
+ | where: | ||
+ | |||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | and '' | ||
+ | |||
+ | ====== Fixing Issues Related to Broken Terminals ====== | ||
+ | |||
+ | In the event that: | ||
+ | < | ||
+ | gpg: signing failed: Inappropriate ioctl for device | ||
+ | </ | ||
+ | |||
+ | appears when attempting an operation with '' | ||
+ | |||
+ | To resolve the issue, run: | ||
+ | <code bash> | ||
+ | export GPG_TTY=$(tty) | ||
+ | </ | ||
+ | |||
+ | ====== Export and Backup Keys ====== | ||
+ | |||
+ | Issue: | ||
+ | <code bash> | ||
+ | gpg --list-keys | ||
+ | </ | ||
+ | |||
+ | to obtain the fingerprint of the keys to be exported. | ||
+ | |||
+ | For public keys issue: | ||
+ | <code bash> | ||
+ | gpg --armor --export FINGERPRINT | ||
+ | </ | ||
+ | |||
+ | and for secret keys, issue: | ||
+ | |||
+ | <code bash> | ||
+ | gpg --armor --export-secret-key FINGERPRINT | ||
+ | </ | ||
+ | |||
+ | which will create an ASCII armored export for both public and secret keys. | ||
+ | |||
+ | Alternatively to export both at the same time in order to create a backup, issue: | ||
+ | <code bash> | ||
+ | gpg --armor --export-secret-keys --export-options export-backup FINGERPRINT | ||
+ | </ | ||
+ | |||
+ | |||