GPG-PGP
Jump to navigation
Jump to search
Description
GPG or GnuPG (GNU Privacy Guard) is the GPL licensed alternative to PGP (Pretty Good Privacy). It enables to encrypt and decrypt documents. This suite is included in some mail clients. If your mail client doesn't natively support GPG/PGP, you can attach an encrypted file to your mail.
Usage
Commands
- -s, --sign
- make a signature
- --clearsign
- make a clear text signature
- -b, --detach-sign
- make a detached signature
- -e, --encrypt
- encrypt data
- -c, --symmetric
- symetric encryption only
- -d, --decrypt
- decrypt data
- --verify
- check a signature
- -k, --list-keys
- list keys
- --list-sigs
- list keys and signatures
- --check-sigs
- list and check key signatures
- --fingerprint
- list keys and fingerprints
- -K, --list-secret-keys
- list secret keys
- --gen-key
- generates a new key pair
- --gen-revoke
- generates a revocation certificate
- --delete-keys
- withdraw keys from public keyring
- --delete-secret-keys
- withdraw keys from secret keyring
- --sign-key
- sign a key
- --lsign-key
- sign a key locally
- --edit-key
- sign or edit a key
- --passwd
- change a passphrase
- --export
- export keys
- --send-keys
- exporter keys to a keys server
- --recv-keys
- import keys from a keys server
- --search-keys
- search keys from a keys server
- --refresh-keys
- update keys from a server
- --import
- import/merge keys
- --card-status
- display card status
- --card-edit
- edit card status
- --change-pin
- update card PIN
- --update-trustdb
- Update trust database
- --print-md
- print message digests
- --server
- run in server mode
Options
- -a, --armor
- create an ASCII output with armor
- -r, --recipient <USER-ID>
- encrypt for USER-ID
- -u, --local-user <USER-ID>
- use USER-ID to sign or decrypt
- -z <number>
- set compress level to N (0 disables)
- --textmode
- use canonical text mode
- -o, --output <FILE>
- write output to FILE
- -v, --verbose
- verbose mode
- -n, --dry-run
- do not change anything
- -i, --interactive
- ask confirmation before replacing an existing file
- --openpgp
- use OpenPGP strict behavior
Examples
Generate your own key
$ gpg --gen-key
gpg (GnuPG/MacGPG2) 2.0.17; Copyright (C) 2011 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Sélectionnez le type de clé désiré:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (signature seule)
(4) RSA (signature seule)
Votre choix ? 1
les clés RSA peuvent faire entre 1024 et 4096 bits de longueur.
Quelle taille de clé désirez-vous ? (2048) 1024
La taille demandée est 1024 bits
Spécifiez combien de temps cette clé devrait être valide.
0 = la clé n'expire pas
<n> = la clé expire dans n jours
<n>w = la clé expire dans n semaines
<n>m = la clé expire dans n mois
<n>y = la clé expire dans n années
La clé est valide pour ? (0)
La clé n'expire pas du tout
Est-ce correct ? (o/N) o
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <[email protected]>"
Nom réel: Thomas Sanchez
Adresse e-mail: [email protected]
Commentaire:
Vous avez sélectionné ce nom d'utilisateur:
"Thomas Sanchez <[email protected]>"
Changer le (N)om, le (C)ommentaire, l'(E)-mail ou (O)K/(Q)uitter ? o
Vous avez besoin d'une phrase de passe pour protéger votre clé
secrète.
Un grand nombre d'octets aléatoires doit être généré. Vous devriez faire
autre-chose (taper au clavier, déplacer la souris, utiliser les disques)
pendant la génération de nombres premiers; cela donne au générateur de
nombres aléatoires une meilleure chance d'avoir assez d'entropie.
Un grand nombre d'octets aléatoires doit être généré. Vous devriez faire
autre-chose (taper au clavier, déplacer la souris, utiliser les disques)
pendant la génération de nombres premiers; cela donne au générateur de
nombres aléatoires une meilleure chance d'avoir assez d'entropie.
gpg: clé 30A7E4D8 marquée comme ayant une confiance ultime.
les clés publique et secrète ont été créées et signées.
gpg: vérifier la base de confiance
gpg: 3 marginale(s) nécessaires, 1 complète(s) nécessaires, modèle
de confiance PGP
gpg: profondeur: 0 valide: 2 signé: 0
confiance: 0-. 0g. 0n. 0m. 0f. 2u
pub 1024R/30A7E4D8 2011-11-19
Empreinte de la clé = 5D91 543F EBE2 5BC5 F37F F060 56D3 ADB4 30A7 E4D8
uid Thomas Sanchez <[email protected]>
sub 1024R/A39DAC11 2011-11-19
You will then be prompted for a passphrase:
List your keys
To list your keys, just issue following command:
$ gpg --list-keys
Installed keys will appear as follows:
/Users/myself/.gnupg/pubring.gpg ----------------------------------------- pub 2048D/00D026C4 2010-08-19 [expire: 2015-08-18] uid GPGTools Project Team (Official OpenPGP Key) <[email protected]> uid GPGMail Project Team (Official OpenPGP Key) <[email protected]> sub 2048g/DBCBE671 2010-08-19 [expire: 2015-08-18] pub 2048R/DE8BEF93 2012-02-29 [expire: 2016-02-29] uid Firstname Lastname <[email protected]> sub 2048R/BD6056E3 2012-02-29 [expire: 2016-02-29]
Backup/restore/revoke your keys
It is highly recommended to backup your keys to be able to restore them later.
Backup
To backup your keys, proceed as follows:
$ gpg -ao public.key --export <ID> $ gpg -ao private.key --export-secret-keys <ID>
It's also highly recommended to have a revocation key:
$ gpg -o revoke.key --gen-revoke <ID>
Restore
To restore your keys, proceed as follows:
$ gpg --import public.key $ gpp --import private.key
Revoke
If you are in one of the following cases, it's recommended to revoke your key:
- Your private key has been compromised (someone else is able to decrypt your files)
- You lost your backup keys (but you still have the revocation key)
- You forgot your passphrase (the password required to decrypt the encrypted files)
Notice that you need to have a revocation key to be able to revocate your key (see here).
To revoke a key, proceed as follows.
First import your revocation key:
$ gpg --import revoke.key
Notice that importing the revocation key automatically revokes the associated key:
$ gpg --list-keys pub 2048R/C71CF72C8 2012-02-29 [revoked: 2012-02-29] uid FirstName LastName <[email protected]>
Then inform the servers that the key has been revoked, just by publishing it:
$ gpg ---send-keys <ID>
Publish your key
First list the keys to find the one you wish to publish:
$ gpg --list-keys ~/.gnupg/pubring.gpg ----------------------------------------- pub 1024R/30A7E4D8 2011-11-19 uid Thomas Sanchez <[email protected]> sub 1024R/A39DAC11 2011-11-19
Then publish your key:
$ gpg --send-keys 30A7E4D8 gpg: envoi de la clé 30A7E4D8 au serveur hkp keys.gnupg.net
Wait a few minutes and check that the key has been published:
$ gpg --search-keys "thomas sanchez" gpg: recherche de « thomas sanchez » du serveur hkp keys.gnupg.net (1) Thomas Sanchez <[email protected]> 1024 bit RSA key 30A7E4D8, créé: 2011-11-19
Encrypt a text for someone
Find and import the key
Before encrypting a text for someone, there are a few prerequisites:
- the recipient must have a public key
- the public key has to be published on public servers
- you have to import the public key
First look for the recipient's public key:
$ gpg --search-keys someone gpg: recherche de « someone » du serveur hkp keys.gnupg.net (1) Someone1 (Personal Key) <[email protected]> 2048 bit RSA key 3E440800, créé: 2011-10-13 (2) Someone2 <[email protected]> 2048 bit RSA key 373E1F4C, créé: 2010-11-02 (3) Someone3 (Personal Key) <[email protected]> 1024 bit DSA key 5E2F1C09, créé: 2010-05-24 (4) Someone4 <[email protected]> 1024 bit DSA key 1F1C2B89, créé: 2009-07-09 Keys 1-11 of 89 for "someone". Entrez le(s) nombre(s), S)uivant, ou Q)uitter >
At this stage, here are the possibilities:
- Enter a number to import the selected key
- Go to the next page
- Quit
If you enter a number, it will import the key
List keys
To list the keys you have, use following commands:
$ gpg --list-keys ~/.gnupg/pubring.gpg ----------------------------------------- pub 1024D/D34E4FAF 2011-10-27 uid User1 <[email protected]> sub 1024g/DF3E4D0D 2011-10-27 pub 1024D/1634FD5E 2003-06-23 uid User21 <[email protected]> uid User22 <[email protected]> uid User23 <[email protected]> sub 2048g/2D045823 2003-06-23
Encrypt the text
First create a file (e.g. mytext.txt) with the text in clear:
This is a simple text for testing purposes This will be encrypted
Then encrypt the text for a given recipient:
$ gpg -r D361CFAF --encrypt mytext.txt
Check the difference:
| In clear | Encrypted |
|---|---|
$ cat mytext.txt This is a simple text for testing purposes This will be encrypted |
$ cat mytext.txt.gpg
%;?ʌ??~??S??iO??q_/??}??S??o?_NW??c?`?kAd? ?
g??:?Xź椅p"Ş?W???0x??l?B<?O? ??c??????O?hpY
q?Fc??u?p??{OV?{=?/????4֜`?/\??W?jK??;?|@V
*?q3?tA???v???ba3b#?????.?1M?Ŗ?ܬ>PVL/?b?q
Uo?c$ ?%LJ?a??m?1?R???iUn4?-??{?,|?p"??z?8?*
|
$ file mytext.txt mytext.txt: ASCII text |
$ file mytext.txt.gpg mytext.txt.gpg: data |
Decrypt an encrypted file
To decrypt a file that has been encrypted for you, issue following command:
$ gpg -o mytext.txt --decrypt mytext.txt.gpg Vous avez besoin d'une phrase de passe pour déverrouiller la clé secrète pour l'utilisateur: « Sebastien Damaye <[email protected]> » clé de 1024 bits ELG, ID DF004D0D, créée le 2011-10-27 (ID clé principale D36E4FAF) gpg: chiffré avec une clé de 1024 bits ELG, ID DF004D0D, créée le 2011-10-27 « Sebastien Damaye <[email protected]> »
Then read the message:
$ cat mytext.txt This is a simple text for testing purposes This will be encrypted
GPG/PGP frontends & clients
Frontends:
Clients:
- iPhone / iPGMail
Comments
Keywords: gpg pgp encryption mail