Differences

This shows you the differences between two versions of the page.

--- fuss:gpg [2017/09/15 00:14]
office [Fixing Terminal]
+++ fuss:gpg [2017/10/04 15:27] (current)
office [Encrypting and Decrypting a File using Symmetric Encryption]
@@ Line 1: / Line 1: @@
+====== Sign, Encrypt and Decrypt a File ======
+''gpg'' can sign and encrypt a file, outputting a text file with the original file compressed, encrypted and the output armoured. This is useful for sending encrypted files.
+To sign and encrypt a file called ''archive.zip'', issue:
+<code bash>
+gpg --output archive.zip.sig --sign archive.zip
+</code>
+To decrypt and verify, issue:
+<code bash>
+gpg --output archive.zip --decrypt archive.zip.sig
+</code>
+====== Detach-Sign and Verify a File ======
+A detached signature, just creates a text-signature file that can be used to check the validity of the original file.
+To use ''gpg'' to detach-sign a file, issue:
+<code bash>
+gpg --output MD5SUM.sig --detach-sig MD5SUM
+</code>
+to verify the signature, issue:
+<code bash>
+gpg --verify MD5SUM.sig MD5SUM
+</code>
+====== Clear-Sign a Document ======
+Clear-signing a document will modify that document to include the message along with the signature for that message.
+<code bash>
+gpg --clearsign list.txt
+</code>
+====== Getting a List of Available Ciphers ======
+Issue on the command-line:
+<code bash>
+gpg --version
+</code>
+which should state all the available cyphers, for example:
+<code>
+Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256
+</code>
+====== Encrypting and Decrypting a File using Symmetric Encryption ======
+To encrypt a file using symmetric encryption, issue:
+<code bash>
+gpg --symmetric --cipher-algo CIPHER SOURCE -o DESTINATION
+</code>
+where:
+  * ''SOURCE'' is a file to encyrpt in the current path and
+  * ''CIPHER'' is a cipher.
+  * ''DESTINATION'' is the destination file.
+To decrypt the resulting file ''DESTINATION'', reverse the process:
+<code bash>
+gpg -o DESTINATION -d SOURCE
+</code>
+In order to get printable output, use the ''armor'' option when encrypting a file:
+<code bash>
+gpg --armor --symmetric --cipher-algo CIPHER SOURCE -o DESTINATION
+</code>
+====== Changing the Default Cipher ======
+The default algorithm used by GPG is ''CAST5'' with a blocksize of ''64'' bits. In order to change the default algorithm, edit ''~/.gnupg/gpg.conf'' and add the line:
+<code>
+cipher-algo CIPHER
+</code>
+where ''CIPHER'' can be obtained by previously issuing:
+<code>
+gpg --version
+</code>
+====== Preventing Message Modification Attacks ======
+You will notice this problem when GPG issues a warning:
+<code>
+gpg: WARNING: message was not integrity protected
+</code>
+For ''64'' bit block-size ciphers such as the default ''CAST5'' and ''3DES'', the ''--force-mdc'' option should be used while encrypting. This is the default for other ciphers with larger block sizes. ''force-mdc'' can also be added to ''~/.gnupg/gpg.conf'' as a default.
+====== Conceal Message Destination ======
+In order to encrypt a message that cannot be checked to see who it is encrypted to, add the ''--throw-keyid'' parameter when encrypting:
+<code bash>
+gpg -v -e -a --throw-keyid -r 887245BA message.txt
+</code>
+where:
+  * ''-v'' means verbose output.
+  * ''-e'' to encrypt.
+  * ''-a'' to created ASCII armoured output.
+  * ''--throw-keyid'' means to not pu the recipient's key IDs into the encrypted messages.
+  * ''-r 887245BA'' means to encrypt to the the recipient ''887245BA''
+and ''message.txt'' is a file that contains the message to encrypt.
+====== Fixing Issues Related to Broken Terminals ======
+In the event that:
+<code>
+gpg: signing failed: Inappropriate ioctl for device
+</code>
+appears when attempting an operation with ''gpg'', the most likely cause is that ''gpg'' is trying to prompt for the password to unlock the keychain but the terminal is not properly set.
+To resolve the issue, run:
+<code bash>
+export GPG_TTY=$(tty)
+</code>