GnuPG uses public-key cryptography so that users may communicate securely. In a public-key system, each user has a pair of keys consisting of a private key and a public key. A user's private key is kept secret; it need never be revealed. The public key may be given to. Jul 01, 2019 Once GnuPG is installed, you’ll need to generate your own GPG key pair, consisting of a private and public key. The private key is your master key. It allows you to decrypt/encrypt your files and create signatures which are signed with your private key. Here is a GUI way to generate a new PGP key. Open the Passwords and Keys (Seahorse) application. This screen will appear. Either go to File → New in the global menu or hit Ctrl + N. In the Create New. Window select PGP Key and hit Continue. Enter your full name. Gpg -vv -r [email protected] -e -a unencryptedfile.txt So how useful is this? Well, it makes more sense to use GPG to generate and manage your SSH keys as authentication subkeys rather than trying to do it the other way round. In fact it can be integrated into SSH instead of ssh-agent. Creating your OpenPGP keys with gpg. Step 1: Open a terminal and type: gpg -gen-key Step 2: GPG will now ask you a number of questions about the type of key you want to generate. Follow the steps below to select the default option each time.
- Create Gpg Key
- Ubuntu Add Gpg Key
- Gpg Generate Key
- Ubuntu Gpg Key
- Gpg Generate Public Key
- Where To Paste Ubuntu Generate Gpg Keys 2017
This tutorial series will teach you how to use GPG in Linux terminal. I will not tell you a bunch of theory to overwhelm you. Instead, I show you quick and dirty examples to get you started, and explain the basic theory along the way.
This is part 1 of this series. At the end of this post, you should be able to generate your own public/private keypair and a revocation certificate. This certificate is used to revoke your public/private keypair when your private key is compromised or you forget the passphrase for your private key.
GPG can be used for encryption and for signing. This software is pre-installed on most Linux distributions. Currently the stable version is GPG 2.0. I’m using the modern version GPG 2.2 on Arch Linux.
Check Your GPG Version
First Let’s check out the version of GPG on your system and some interesting tidbits. Run the following command.
As you can see, I’m using GPG 2.2.8, which is the latest version. We also know that the configuration directory is ~/.gnupg, which will hold our public/private key files. The default option file is ~/.gnupg/gpg.conf and ~/.gnupg/dirmngr.conf. It also tells us what algorithms are supported.
If you look closely, you can see that the insecure hash algorithm SHA1 is still supported in version 2.2.8 SHA1 is obsolete and you don’t want to use it to generate signature.
Create Your Public/Private Key Pair and Revocation Certificate
gpg --full-gen-key command to generate your key pair.
It asks you what kind of key you want. Notice there’re four options. The default is to create a RSA public/private key pair and also a RSA signing key. Let’s hit Enter to select the default.
Next it asks you the key length. The default is 2048 bits long. 1024 RSA key is obsolete. The longer 4096 RSA key will not provide more security than 2048 RSA key. So hit Enter to select the default.
Create Gpg Key
After that it asks you how long the key should be valid, 2 years is fine. You can always update the expiration time later on.
Now it asks you if it’s correct. Notice that the default is No. So press
y then Enter to confirm it’s correct.
And now we need to provide some user identification information for the key. This is important because this information will be included in our key. It’s one way of indicating who is owner of this key. The email address is a unique identifier for a person. You can leave Comment blank.
Now it asks you to enter a passphrase to protect your private key. Enter a good and long passphrase and remember it. Because if you forget this passphrase, you won’t be able to unlock you private key.
Once you enter and confirm your passphrase. GPG will generate your keys.
It will take a while for GPG to generate your keys. So you can now do other stuff.
It took about 4 minutes on my system to generate my key pair.
This first line tells us that GPG created a unique identifier for public key. This unique identifier is in hex format. When someone wants to download you public key, they can refer to you public key via your email address or this hex value.
The third line tells us that GPG created a revocation certificate and its directory.Your should never share you private key with anyone.If you private key is compromised, you can use revocateion certificate to revoke your key. That means you tell the rest of the world that the old public key shall not be used any more.I suggest that you open this revocation certificate with your text editor to see what’s inside there.
Let’s look at the last three lines. They tell us the public key is 2048 bits using RSA algorithm. The public key ID 4F0BDACC matchs the last 8 bits of key fingerprint. The key fingerprint is a hash of your public key.
It also lists our user ID information: your name and your email address. And it also indicates the subkey which is 2048 bits using RSA algorithm and the unique identifier of the subkey.
Now you can find that there are two files created under ~/.gnupg/private-keys-v1.d/ directory. These two files are binary files with .key extension.
Export Your Public Key
Others need your public key to send encrypted message to you and only your private key can decrypt it. Use the following command to export your public key.
--armor option means that the output is ASCII armored. The default is to create the binary OpenPGP format.
user-id is your email address.
The exported public key is written to
Export Your Private Key
Issue the following command to export your private key.
The exported key is written to
Protect Your Private Key and Revocation Certificate
Your private key should be kept in a safe place, like an encrypted flash drive. Treat it like your house key. Only you can have it and don’t lose it. And you must remember your passphrase, otherwise you can’t unlock your private key.
You should also protect your revocation certificate. If others have your revocation certificate, they can immediately revoke your public/private keypair and generate a fake public/priavte keypair.
In part 2 we will look at how to encrypt message with your public key and how to decrypt it with your private key. Take care!
Encryption is a process of embedding plain text data in such a way that it cannot be decoded by outsiders. It is necessary to encrypt data to prevent misuse. The GNU Privacy Guard (GPG) application allows you to encrypt and decrypt information. It is based on the use of a pair of keys, one public and one private (or secret). Data encrypted with one key can only be decrypted with the other. To encrypt a message to you, someone would use your public key to create a message that could only be unlocked with your private key. To sign information, you would lock it with your private key, allowing anyone to verify that it came from you by unlocking it with your public key.
Modern Linux distributions have gpg already installed on them. If not present, install it.
Ubuntu Add Gpg Key
1) Create gpg key
When installing gnupg package, we need to understand the concept to use gpg as well.
Generating a new keypair
To encrypt your communication, the first thing to do is to create a new keypair. GPG is able to create several types of keypairs, but a primary key must be capable of making signatures.
uid:Please take a note about the USER-ID mentioned in the result. We will use its value to do some operation.
pub:It represents the public key. The key-id is BAC361F1. Yours will be different
sub:It represents subkeys, goes along with the primary key. Commonly, it is used to encryption.
Your prompt can be handled for a very long time without finishing if you see the message below
'Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 285 more bytes)'
The problem is caused by the lack of entropy (or random system noise). So cancel the process and check the available entropy
You can see it is not enough. We can install a package to solve the lack of entropy with rngd which is a random number generator utility used to check immediately the available entropy
Now can start again with the
gpg --gen-key command and the process will be fine. We have only installed it without anything else. In certain distributions, you need to use rngd before the gpg process.
3) Generating a revocation certificate
After your keypair is created you should immediately generate a revocation certificate to revoke your public key if your private key has been compromised in any way or if you lose it. Create it when you create your key. The process requires your private key, passphrase.
The argument BAC361F1 is the key ID. It must be a key specifier, either the key ID of your primary keypair or any part of a user ID that identifies your keypair like [email protected]. The generated certificate will be saved in
revoke_key.asc file. Store it where others can't access it because anybody having access to it can revoke your key, rendering it useless. If the
--output option is omitted, the result will be placed on standard output.
4) Making an ASCII armored version of your public key
Some keyservers allow you to paste an ASCII armored version of your public key in order to upload it directly. This method is most preferred because the key comes directly from the user who can see that the key has been successfully uploaded.
5) Exchanging keys
In order to communicate with others, you must exchange public keys. To do it, you must be able to list your keys. There is some commands to list your public keyring
gpg --list-keys:List all keys from the public keyrings, or just the keys given on the command line.
gpg --list-secret-keys:List all keys from the secret keyrings or just the ones given on the command line
gpg --list-sigs:Same as --list-keys, but the signatures are listed too.
Export a public key
Now that you have generated a key pair, the next step is to publish your public key on internet ( Keyservers ) so that other person can use it to send you a message. You can use either the key ID or any part of the user ID may be used to identify the key to export. There are two commands but with the first command, the key is exported in a binary format and can be inconvenient when it is sent through email or published on a web page. So, we will use the second command for ASCII armored method.
Gpg Generate Key
The output will be redirected to my_pubkey.gpg file which has the content of the public key to provide for communication.
Submit your public keys to a keyserver
Once you have this ASCII-armored public key, you can manually paste it into a form at a public key server like pgp.mit.edu
Because someone seems to have sent you their public key, there's no reason to trust that it's from that person unless you have validated it.
Import a public key
Ubuntu Gpg Key
As others persons can use your public key to send you a message, you can import public from people you trust in to communicate with them.
Gpg Generate Public Key
Now we have notions on the principles to use and generate a public key. You know how GnuPG is functioning and you can use it for secure communication. GPG encryption is only useful when both parties use good security practices and are vigilant.