Gpg

From Notes_Wiki
Revision as of 04:19, 13 November 2012 by Saurabh (talk | contribs) (Created page with "=gpg= ==Generating new set of keys== We can use <pre> gpg --gen-key </pre> to generate new GPG keys. Preferred options are all default 'DSA and Elgamal' for key type, 2048 b...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

gpg

Generating new set of keys

We can use

gpg --gen-key

to generate new GPG keys. Preferred options are all default 'DSA and Elgamal' for key type, 2048 bit for key size and key does not expire (0). The keys generated get stored in sub-folders / files inside ~/.gnupg


Encrypting a file

To encrypt file use

gpg -r <name> -e <file_to_encrypt>

Here, <name> should be same as name used above while generating key. Even partial matches of name like just first name also work. If file is encrypted successfully then there is '<file_to_encrypt>.gpg' file in the same folder.


Decrypting encrypted file

To decrypt file use

gpg --output <file_name> -d <encrypted_file>

Then one has to enter correct passphrase as was used during generating keys to decrypt file properly.


Changing passphrase of key

To change passphrase of key use:

gpg --edit-key <name>

where name is same as used while generating key. This command takes to a editing menu which supports help command. 'passwd' option can be used to change passphrase and then 'save' can be used to save and quit.


Encrypt using symmetric key

To encrypt file using symmetric key use:

gpg -c <file_to_encrypt>


Decrypt file encrypted using symmetric key

To decrypt file encrypted using symmetric key use:

gpg --output <file_name> -d <encrypted_file>

Note that decryption command is same as used for decrypting file encrypted using public key algorithms. gpg intelligently detects the algorithm used to encrypt file and prompts for passphrase accordingly.


Sign a file

To create a signature we can use:

gpg -s <file_to_sign>

which generates a .gpg file. We can also use -b command to create a detached signature which has .sig extension.


Verify signature on a file

In case signature is not deatched then we can use

gpg --verify <signed_file>

to verify the signature.

But in case detached signature was generated then we can use

gpg --verify <signature> <file that was signed>


Listing keys

We can use:

gpg --list-keys

to list all keys

To list only public keys use:

gpg --list-public-keys

Similarly to list only secret keys use:

gpg --list-secret-keys

More information on gpg can be read using 'man gpg'. There is also GUI with name 'kgpg' which allows all these operations using nice GUI interface