PGP Keys explained

Discussion in 'Networking and Computer Security' started by RHochstenbach, Apr 21, 2011.

  1. RHochstenbach

    RHochstenbach Administrator

    Likes Received:
    Trophy Points:
    PGP keys explained
    One of the most secure ways to encrypt your data is by using PGP keys. On the other hand, it can also be used to verify the identity of an individual. It has been designed for E-Mail messages, but it can also be used for files.

    This topic has been covered on many websites, but most of them aren't really clear. I'll try to make it as clear as possible, and therefore stick to the basics.

    For this tutorial I'll use the application GPG, which is pre-installed on most Linux distributions (Debian, Ubuntu, CentOS). It can also be installed on other systems, including Mac OS X and Windows.

    Public and Private Keys
    To use PGP, you need to generate a Key-Pair. A Key-Pair contains two keys: a Public Key and a Private Key. When you encrypt a file with one key, you can only decrypt it with the other key. As the name suggests, the Private Key is private. You should not share this key, and keep it only to you. The Public Key on the other hand, can be given to anyone. You can even publish it on your website if necessary.

    So basically, if a file is encrypted with a Public Key then only you can decrypt it. This way people are sure that only you can view the contents of the file. But if a file is encrypted with your Private Key, everyone else who has the Public Key can decrypt it. That does not protect the contents of the file, but does guarantee that you are really the one who sent it, and not an impersonator.

    I will mostly cover encrypting files to protect the contents.

    Installing GPG
    Install GPG for your platform. If you are running a modern Linux distribution, it might already be installed by default.

    - Windows: gpg4win package using the application Kleopatra
    - Mac OS X: GPGTools

    If your Linux distribution does not have GPG installed, then refer to the documentation or package manager of that distribution.

    Generating a Key Pair
    First of all you need to generate a Key Pair. Enter the following command:

    gpg --gen-key
    If you've never used GPG before , it will create a configuration. The output will look similar to this:
    gpg:directory '/home/user/.gnupg' created
    gpg:new configuration file '/home/user/.gnupg/gpg.conf created
    gpg:WARNING:options in '/home/user/.gnupg/gpg.conf are not yet active during this run
    It will return to a prompt, because it needs to start again in order to load the new configuration. So repeat the command:
    gpg --gen-key
    It will now ask what kind of key you want. Select '1' and press ENTER/Return.

    You can now specify the period which the key is valid. Set it to '0' to prevent it from expiring. It will ask if this is correct, so enter 'y'.

    Now it's time to create a Private Key. It will ask for your Real Name, E-mail Address and Comments (optional). Specify those. The following message should appear:
    Change (N)âme, ©moment, (E)mail or (O)kay/(Q)uit?
    To change something, press the corresponding letter. Otherwise press "o" to continue.

    To protect the Private Key, create a Pass Phrase.

    When that has been completed, it will generate the key pair using random data from your RAM. It should ask you to perform random actions during that process, so just launch some applications until it's done.

    Viewing your keys
    To view your keys, enter the following command:
    gpg --list-key
    Each key is identified by a name and e-mail address.

    Exporting Keys
    To export your Public Key (which should be given to anyone who wants to send encrypted files to you), use this command:
    gpg --export -a [email protected] > /home/user1/public.txt
    Of course, replace the e-mail to your address, and the path to the location where you want to save the file.

    To export your Private Key (only for backup purposes, don't share this file!):
    gpg --export-secret-key -a [email protected] > /home/user1/secret.txt
    Importing Keys
    To import a key, use this command:
    gpg --import /home/user1/key.txt
    Where you specify the location of the key. It can be either a Public or Private Key.

    Encrypting files
    Let's say I have a file called mysecret.doc and I want to encrypt it. I'll save it as mysecret_encrypted.doc. Use this command:
    gpg --out secret_encrypted.doc --encrypt secret.doc
    It will now ask for recipients. Enter the E-Mail addresses or names of these people. Remember that you need their Public Keys to do this. When you're done, press ENTER/RETURN.

    You can now send the encrypted file (not the original file) to the receipient(s).

    Decrypting files
    The recipient will now decrypt the file using his Private Key. The file is mysecret_encrypted.doc and I'll save the decrypted file as mysecret.doc.
    gpg --out secret.doc --decrypt secret_encrypted.doc
    Enter the pass phrase of your Private Key to encrypt the file.

    I will update this thread when appropriate :)

Share This Page