A week ago, I learnt how to create a key pair (public key and private key) using gpg. I thought I’d blog about it. This blog post is a tutorial on how to do exactly that. It is extremely simple.
All that you have to do is to open up a terminal and run the command :
savita@Amrita:~$ gpg --gen-key
savita@Amrita:~$ gpg --gen-key gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <email@example.com>" Real name: Real name: Savita TS Email address: firstname.lastname@example.org Comment: Gpg Key-Pair Generation You selected this USER-ID: "Savita TS (Gpg Key-Pair Generation) <email@example.com>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key.
You now get a pop up asking you to enter the pass phrase. Enter a secure pass.
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 118 more bytes) .+++++ .....+++++ We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ..+++++ +++++ gpg: key 3D4F13E9 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 4 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 4u pub 2048R/3D4F13E9 2013-01-17 Key fingerprint = 7DEF 17A4 D20B E290 BF7D 6D33 D7ED 37EF 3D4F 13E9 uid Savita TS (Gpg Key-Pair Generation) <firstname.lastname@example.org> sub 2048R/9646B948 2013-01-17
Bingo! You’ve just created your public key. Now you need to export the key. 😀
Exporting the key :
savita@Amrita:~$ gpg --export savita > public_key.gpg
If you open and see this file, you see gibberish. If you want to see the key in ascii format, then all you have to do is to execute the following command. You have to add one more argument, –armor along with it.
savita@Amrita:~$ gpg --armor --export savita > public_key_ascii.gpg
Importing others’ key
If you want to import other people’s public key, this is what you have to do :
savita@Amrita:~$ gpg --import <filename>
where filename is the name of the file that contains the key.
Now we get to the encryption and decryption part.
Encrypting a file using the public key :
You can now encrypt your files using the public key that you just created. If you want to send a message to xyz you first encrypt message (which is a file containing the message that you want to deliver), this is what you do :
savita@Amrita:~$ gpg --recipient xyz --encrypt message
Decrypting a file using the public key :
Suppose that you receive a message that has been encrypted with the public key of the sender (imagine yourself in the shoes of xyz who has just received the message that you sent earlier) and you want to decrypt it. You do so using your private key. You need to do the following :
savita@Amrita:~$ gpg --decrypt message.asc
The .asc denotes that the contents of the file is in ASCII format. You will now be asked for the passphrase.
savita@Amrita:~$ gpg --decrypt message.asc You need a passphrase to unlock the secret key for user: "savita (Gpg Key-Pair Generation) " 2048-bit ELG-E key, ID 35C5BCDB, created 2010-01-02 (main key ID 90130E51)
This site helped me out a lot. But for this site, I would not have been able to complete this assignment.