Tuesday, August 6, 2019

Fedora 30 : The gpg tool.

GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. see the official webpage.
Today I test it with Fedora 30 distro and works well.
You can find this tool in many Linux distros.
Let's install it with dnf tool.
[root@desk mythcat]# dnf install gnupg
Last metadata expiration check: 0:18:30 ago on Tue 06 Aug 2019 11:07:20 AM EEST.
Package gnupg2-2.2.17-1.fc30.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@desk mythcat]# exit
exit
This tool can be run with the gpg command and arguments: Let's see some example:
[mythcat@desk ~]$ gpg --list-secret-keys
[mythcat@desk ~]$ gpg --list-keys
[mythcat@desk ~]$ gpg --full-generate-key
gpg (GnuPG) 2.2.17; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Catalin George Festila
Email address: catafest@yahoo.com
Comment: test gpg key 
You selected this USER-ID:
...
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

Enter password for protection

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
... 
This command is normally only used interactive to generate a new key pair.
[mythcat@desk ~]$ gpg --gen-key
gpg (GnuPG) 2.2.17; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Note: Use "gpg --full-generate-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: 
... 
Let's see the list with the keys:
[mythcat@desk ~]$ gpg --list-keys
/home/mythcat/.gnupg/pubring.kbx
--------------------------------
The key can be exported in a binary format with this command:
[mythcat@desk ~]$ gpg --output mythcat --export catafest@yahoo.com
When the key is to be sent through email or published on a web page will can use a command-line option --armor.
[mythcat@desk ~]$ gpg --armor --export catafest@yahoo.com > catafest.key
Let's see this key:
[mythcat@desk ~]$ cat catafest.key 
...
Now If you can see the new key:
[mythcat@desk ~]$ gpg --list-keys
/home/mythcat/.gnupg/pubring.kbx
-------------------------------- 
I can edit this key:
[mythcat@desk ~]$ gpg --edit-key catafest@yahoo.com
gpg (GnuPG) 2.2.17; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.
...
gpg> ?
quit        quit this menu
save        save and quit
help        show this help
fpr         show key fingerprint
grip        show the keygrip
...
enable      enable key
disable     disable key
showphoto   show selected photo IDs
clean       compact unusable user IDs and remove unusable signatures from key
minimize    compact unusable user IDs and remove all signatures from key
...
The key can be import and export it:
[mythcat@desk ~]$ gpg --export -a catafest >  catafest_public.key
[mythcat@desk ~]$ gpg --import -a catafest_public.key 
...
gpg: Total number processed: 1
gpg:              unchanged: 1
Let's see one example with encrypt and decrypt feature:
[mythcat@desk ~]$ echo "test gpg encrypt" >> gpgtest.txt
[mythcat@desk ~]$ gpg -e -r "catafest" gpgtest.txt 
[mythcat@desk ~]$ gpg -d  gpgtest.txt.gpg 
...
test gpg encrypt
Another example is encrypt and decrypt using aditional arguments like --batch and --passphrase-file:
[mythcat@desk ~]$ gpg --export --armor --output catafest.asc catafest@yahoo.com
[mythcat@desk ~]$ gpg --import catafest.asc 
...
gpg: Total number processed: 1
gpg:              unchanged: 1
[mythcat@desk ~]$ echo "this text will be encrypt and decrypt" | gpg --passphrase-file catafest.asc 
--batch --symmetric --cipher-algo AES256 > testgpg_001.txt
[mythcat@desk ~]$ gpg --batch --passphrase-file catafest.asc -d testgpg_001.txt
gpg: AES256 encrypted data
gpg: encrypted with 1 passphrase
this text will be encrypt and decrypt