GnuPG

All linux commands are in italic text

Since october 2017 the 4th Rene Paul Mages (ramix) fingerprint is : 0E53 808A 4AB3 8DF8 2679 2EEB B8CF 35A4 9840 A6F7

gnupg_logo.png

GnuPG is a complete and free replacement for PGP.

Because it does not use the patented IDEA algorithm, it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application.

GnuPG is Free Software . GnuPG can be freely used, modified and distributed under the terms of the GNU General Public License.

PGP, on which OpenPGP is based, was originally developed by Philip Zimmermann in the early 1990s.

Project Aegypten provides Sphinx-Clients (Mutt, KMail, …) compatible to S/MIME within a GnuPG framework. Within this project a few new tools have been developed, most notably "gpgsm" as the S/MIME counterpart of "gpg".

Here are some key features of "GnuPG":

· Full replacement of PGP.
· Does not use any patented algorithms.
· GPLed, written from scratch.
· Can be used as a filter program.
· Full OpenPGP implementation (see RFC2440 at RFC Editor ).
· Better functionality than PGP and some security enhancements over PGP 2.
· Decrypts and verifies PGP 5, 6 and 7 messages.
· Supports ElGamal, DSA, RSA, AES, 3DES, Blowfish, Twofish, CAST5, MD5, SHA-1, RIPE-MD-160 and TIGER.
· Easy implementation of new algorithms using extension modules.
· The User ID is forced to be in a standard format.
· Supports key and signature expiration dates.
· English, Danish, Dutch, Esperanto, Estonian, French, German, Japanese, Italian, Polish, Portuguese (Brazilian), Portuguese (Portuguese), Russian, Spanish, Swedish and Turkish language support.
· Online help system.
· Optional anonymous message receivers.
· Integrated support for HKP keyservers (wwwkeys.pgp.net).
· Clears signed patch files which can still be processed by patch.
· and many more things….

step 0

first you have to :

step 1

not necessary to be root in this step

  • gpg2 --full-gen-key

an example

  • real name : Etienne Dupont
  • email address : gro.ximar|tnopud.enneite#gro.ximar|tnopud.enneite
  • password : jesuisungrandamidelaffiidepuis2003

1024 bits is no more a good size for you key
2048 bits is a very good size for your key
please see : http://lists.gnupg.org/pipermail/gnupg-users/2006-August/029156.html
DSA et ElGamal (by default) is a good choice
The keys validity period is a delicate issue (see google); a period of five years is a good choice.

step 2

you have

  • to generate a revocation certificate : gpg2 --output revoke.asc --gen-revoke Etienne
  • to save the /.gnupg directory (and all its files) on a usb key or (best) to burn it on a CDrom
  • to write (in not clear way) your password on a fixed book of your personnal bookshelf

step 3

your fingerprint can be write on your visiting card :

  • gpg2 --fingerprint
  • for example : 0E53 808A 4AB3 8DF8 2679 2EEB B8CF 35A4 9840 A6F7

your public key can be send to a key server ( pgp.mit.edu for example ) :

  • gpg2 --keyserver pgp.mit.edu --send-keys 0x9840A6F7
  • you have note that A0BBED3B are the 4 last bytes of the fingerprint

you can import a public key from a key server ( pgp.mit.edu for example ) :

  • gpg2 --keyserver pgp.mit.edu --recv-key 0x9840A6F7
  • gpg2 --list-keys to verify the importation

step 4

to use gnupg with your MUA you have to follow this path :

step 5

Practice makes perfect …

{{
man gpg
gpg --delete-keys #2CC455D9 (Cette commande supprime la clef #2CC455D9 du trousseau de clefs)
man gpg2
gpg2 --list-public-keys
gpg2 --keyserver pgp.mit.edu --refresh-keys
gpg2 --keyserver keyring.debian.org --recv-keys 0x9840A6F7
gpg2 --keyserver pgp.mit.edu --recv-keys 0x9840A6F7
gpg2 --finger 0x9840A6F7
gpg2 --sign-key 0x9840A6F7
gpg2 --edit-key 0x9840A6F7
gpg2 --keyserver pgp.mit.edu --send-keys 0x9840A6F7
gpg2 --keyserver pgp.mit.edu --send-keys (absolutely NO effect)
gpg2 --list-public-keys
gpg2 --list-sigs 0x9840A6F7
gpg2 --export -a 0x9840A6F7 > renepaul9840A6F7.key
gpg2 --import -a renepaul9840A6F7.key
gpg2 --import -a --import-options merge-only renepaul9840A6F7.key
cat renepaul9840A6F7.key
gpg2 -er rene test.txt
gpg2 --armor -er rene test.txt
gpg2 --clearsign message.txt > message.txt.asc
gpg2 --gen-revoke renepaul9840A6F7.key
gpg2 --verify message.txt
gpg2 --decrypt message.txt.asc > message.txt
gpg2 --local-user 0x5A17505A --decrypt message.txt.asc >message.txt

}}

Miscellaneous Links


Unless otherwise stated, the content of this page is licensed under GNU Free Documentation License.