All linux commands are in italic text
GnuPG is a complete and free replacement for PGP.
Because it does not use the patented IDEA algorithm, it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application.
GnuPG is Free Software . GnuPG can be freely used, modified and distributed under the terms of the GNU General Public License.
PGP, on which OpenPGP is based, was originally developed by Philip Zimmermann in the early 1990s.
Project Aegypten provides Sphinx-Clients (Mutt, KMail, …) compatible to S/MIME within a GnuPG framework. Within this project a few new tools have been developed, most notably "gpgsm" as the S/MIME counterpart of "gpg".
Here are some key features of "GnuPG":
· Full replacement of PGP.
· Does not use any patented algorithms.
· GPLed, written from scratch.
· Can be used as a filter program.
· Full OpenPGP implementation (see RFC2440 at RFC Editor ).
· Better functionality than PGP and some security enhancements over PGP 2.
· Decrypts and verifies PGP 5, 6 and 7 messages.
· Supports ElGamal, DSA, RSA, AES, 3DES, Blowfish, Twofish, CAST5, MD5, SHA-1, RIPE-MD-160 and TIGER.
· Easy implementation of new algorithms using extension modules.
· The User ID is forced to be in a standard format.
· Supports key and signature expiration dates.
· English, Danish, Dutch, Esperanto, Estonian, French, German, Japanese, Italian, Polish, Portuguese (Brazilian), Portuguese (Portuguese), Russian, Spanish, Swedish and Turkish language support.
· Online help system.
· Optional anonymous message receivers.
· Integrated support for HKP keyservers (wwwkeys.pgp.net).
· Clears signed patch files which can still be processed by patch.
· and many more things….
step 0
first you have to :
- print this pdf :
- verify if gnupg is installed or not on your machine. in the not case you must be root on your machine in this step :
- apt-get install gnupg
step 1
not necessary to be root in this step
- gpg --gen-key
an example
- real name : Etienne Saliez (Virtual Care Team)
- email address : eb.zeilas|enneite#eb.zeilas|enneite
- password : jesuisungrandamidelaffii
1024 bits is a good size for you key
2048 bits is a very good size for your key
please see : http://lists.gnupg.org/pipermail/gnupg-users/2006-August/029156.html
DSA et ElGamal (by default) is a good choice
The keys validity period is a delicate issue (see google); a period of five years is a good choice.
step 2
you have
- to generate a revocation certificate : gpg --output revoke.asc --gen-revoke Etienne
- to save the /.gnupg directory (and all its files) on a usb key or (best) to burn it on a CDrom
- to write (in not clear way) your password on a fixed book of your personnal bookshelf
step 3
your fingerprint can be write on your visiting card :
- gpg --fingerprint
- for example : 5BF7 988C 9367 2E86 DE52 F141 5F5F 34EE A0BB ED3B
your public key can be send to a key server ( pgp.mit.edu for example ) :
- gpg --keyserver pgp.mit.edu --send-key 0xA0BBED3B
- you have note that A0BBED3B are the 8 last bytes of the fingerprint
you can import a public key from a key server ( pgp.mit.edu for example ) :
- gpg --keyserver pgp.mit.edu --recv-key 0x2CC455D9
- gpg --list-keys to verify the importation
step 4
to use gnupg with your MUA you have to follow this path :
- for thunderbird : http://enigmail.mozdev.org
- for Kmail : no info available for now
- for Emacs : http://www.emacswiki.org/cgi-bin/wiki/EasyPG
- for Gnus : http://www.suse.de/~garloff/Writings/mutt_gpg/node18.html
- for Mutt : http://codesorcery.net/old/mutt/mutt-gnupg-howto
step 5
Firegpg is a firefox extension (in other words a pluggin) to use easily gnupg :
- http://firegpg.tuxfamily.org
- after the installation of this pluggin have a look at your gmail interface …
man gpg
gpg --list-public-keys
gpg --refresh-keys
gpg --keyserver pgp.mit.edu --refresh-keys
gpg --keyserver keyring.debian.org --recv-keys 0x44E6CBCD
gpg --keyserver pgp.mit.edu --recv-keys 0x44E6CBCD
gpg --finger alexandre
gpg --sign-key alexandre
gpg --edit-key Alexandre
gpg --keyserver pgp.mit.edu --send-key 0x44E6CBCD
gpg --list-public-keys
gpg --list-sigs 0x44E6CBCD
gpg --export -a 0x44E6CBCD > adulau.key
gpg --import -a adulau.key
cat adulau.key
gpg --gen-revoke 0xB8E98A01
Miscellaneous Links
- http://www.gnupg.org/
- http://en.wikipedia.org/wiki/Werner_Koch
- http://pgp.cs.uu.nl/stats/2CC455D9.html
- http://www.gnupg.org/documentation/mailing-lists.html
- http://pgp.mit.edu/
- http://pgp.cs.uu.nl/
- http://keyring.debian.org/
- http://www.debian.org/events/keysigning.fr.html
- http://doc.fedora-fr.org/wiki/GnuPG_:_Signature_et_Chiffrement
- http://gpglinux.free.fr/
- http://gpglinux.free.fr/gpg.pdf
- http://cryptnet.net/
- http://cryptnet.net/people/vab/blogs/cryptowatch/
- http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html
- http://www.debian.org/events/keysigning.fr.html
- http://www.chaosreigns.com/code/sig2dot/links.html
- http://www.hackdiary.com/2004/01/18/revoking-a-gpg-key/
- http://www.gnupg.org/gph/fr/manual.html
- http://pgp-tools.alioth.debian.org/
- http://www.francoz.net/doc/gpg/
- http://www.lea-linux.org/cached/index/Reseau-secu-gpg-intro.html
- http://dominique.guebey.club.fr/tekno/securite/gnupgcde.htm
- http://www.bashprofile.net/article.php3?id_article=397
- http://laurent.flaum.free.fr/pgpintrofr.htm
- http://blog.uggy.org/post/2006/05/28/95-chiffrer-en-symetrique-avec-gpg
- http://mbourgeois.developpez.com/articles/securite/pgp/initiation_a_pgp.pdf
- http://www.spywarewarrior.com/uiuc/gpg/gpg-com-0.htm
- http://www.gnupg.org/howtos/fr/GPGMiniHowto-6.html
- http://linux.about.com/library/cmd/blcmdl1_gpg.htm
- http://matrix.samizdat.net/crypto/gpg_intro/index.html
- http://www.commentcamarche.net/telecharger/telecharger-130-gpg
- SomePublicKeys
- RamixSchedule
