GnuPG Basics

GnuPG
GnuPG is a free software for secure communication. GnuPG itself is a communication tool without any graphical support. GnuPG uses non-patent algorithms such as DSA,RSA, ElGamal and RSA,CAST5, Camellia, Triple DES, AES, Blowfish etc.

Features
Does not use any patented algorithms.
GPLed, written from scratch.
Supports key and signature expiration dates.
Online help system.

Process
GnuPG encrypts data using  key pairs. Each user has a key pair. A message encrypted with a recipient’s public key cannot be decrypted by anyone except the matching private key. Public key can be shared with  other users.

Here you will see how to create keys and how to use it for data encryption and decryption.

Generating a new keypair

Use –gen-key option to create a key pair.

[bash]
gpg –gen-key
[/bash]

You have to selet the type of key

[bash]
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection?
[/bash]

You have to specify the key pair size

[bash]
What keysize do you want?
[/bash]

Then you have to specify expiration date

[bash]
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
[/bash]

You must also provide a USER ID. You need a User-ID to identify your key;

[bash]
from Real Name, Comment and Email Address in this form:
“Heinrich Heine (Der Dichter) <[email protected]>”

Real name:
[/bash]

GnuPG need a Passphrase to protect your private key.

[bash]
Enter passphrase:
[/bash]

Now you have successfully create the keys. To list keys use the commandline option –list-keys

[bash]
gpg –list-keys
/users/user/.gnupg/pubring.gpg
—————————————
pub 1024D/BB7576AC 2010-06-04 Alice (Judge) <[email protected]>
sub 1024g/78E9A8FA 2010-06-04
[/bash]

.
Encrypting and decrypting documents

The –encrypt(-e) option is used to encrypt files.

[bash]
gpg –output doc.gpg –recipient [email protected] –-encrypt mydoc
[/bash]

Note if you are not specify ouput filename default name will be mydoc.asc

The –-recipient(-r) option is also important which specify the public key to which the key should encrypt.

By default there is only one public key but when we encrypt files for someone else we have to import their public key using SOFTWARE DEVELOPMENT SERVICES INDIA

[bash]
gpg –import key_file_to_import
[/bash]

Then to encrypt

[bash]
gpg -r [email protected] -e file_to_encrypt
[/bash]

To decrypt the file you can use the –decrypt option. You need the private key to which the message was encrypted.

[bash]
gpg –output doc –decrypt mydoc.asc
Enter passphrase:
[/bash]

Hope this artticle will help you to getting started  GnuPG.

Leave a Reply

Your email address will not be published. Required fields are marked *