Small GNU Privacy Guard HOWTO ============================= first created: 14.06.2005 .. contents:: Introduction ------------ At the beginning of this HOWTO, few words of introduction are needed. If you want more information about OpenPGP or GPG, see section 1.1 and 1.2 of this article. I would be grateful for any feedback concerning this document or even bug corrects. What is Open PGP ? ------------------ "OpenPGP is the most widely used email encryption standard in the world. It is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) Proposed Standard RFC 2440. The OpenPGP standard was originally derived from PGP (Pretty Good Privacy), first created by Phil Zimmermann in 1991" -- source www.openpgp.org What is GNU Privacy Guard ? --------------------------- Generally GPG is a free commandline tool for encrypting files and emails. It is fully RFC2440 compliant and is a complete replacement for the PGP program. It has many features, like: * GPL licence (you can use it for free) * supports many encrypting algoithms like (ElGamal, DSA, RSA, AES, 3DES, Blowfish, Twofish, CAST5, MD5, SHA-1, RIPE-MD-160 and TIGER.Unterstützt ElGamal, DSA, RSA, AES, 3DES, Blowfish, Twofish, CAST5, MD5, SHA-1, RIPE-MD-160 und TIGER.) * multilaguage support * online support * and many more, which can be found on www.gnupg.org * works on GNU/Linux,MacOS-X, NetBSD, FreeBSD, OpenBSD, Windows Using GPG --------- Installation ~~~~~~~~~~~~ Almost all distributions provide GPG, but if you want to install the very new version of it from scratch, you have to obtain sources from www.gnupg.org. This is not some "from scratch" howto for linux newbies so i won't write that part. Getting help for gpg ~~~~~~~~~~~~~~~~~~~~ As every tool, gpg has its own manpage, as well as gpg --help option. Of coarse you can exec gpg --help to see all the options, but if read that HOWTO, i assume you are too lazy to do that. Generating your keys ~~~~~~~~~~~~~~~~~~~~ First thing to do is to generate pair of the keys. One is public (the one you give trusted people, so they can identify your emails by signature), and the another is secret (which should be stored and never shown to others), used for decrypting encrypted messages. To generate your own pair of keys, do: .. code-block:: bash gpg --gen-key You will be then asked some questions about the cryptography algorithm (if you do not know what to do - choose defaults), your name, email and password (which should be quite complicated. After issuing this command you will have pair of keys and the fingerprint, which is a hash used for confirming your public key. Exporting your public key ~~~~~~~~~~~~~~~~~~~~~~~~~ Now if you want to export your public key to a file, to for example put it on your webpage or blog or just to have it and stare at it, you have to issue: .. code-block:: bash gpg --export --armor > file.asc This will put your public key for to :file:`file.asc`. You can freely distribute that file among people who would like to confirm your identity. You can also export your public key to key server, which is a good idea : .. code-block:: bash gpg --send-keys (~/.gnupg/gpg.conf stores which server to use) You can analogically receive or search for keys on the server : .. code-block:: bash gpg --recv-keys and gpg --search-keys Signing and decrypting files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You can sign now your emails and files. Many mail clients use gpg automagically, what will be discussed in section 3 of this document. If you prefer to sign some file, issue : .. code-block:: bash gpg --sign file A :file:`file.gpg` will be generated, which is your signature for that file. If you like you can sign files with a clear text signature : .. code-block:: bash gpg --clearsign file Again file.asc will be generated, for file with content: ~ Foo Bar Foo Bar ~ Foo Bar Foo Bar Will look similar to this : -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Foo Bar Foo Bar Foo Bar Foo Bar -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCr09b1Zs59WqqS18RAvzuAJ45RotP1lGo0BGjlE03mVGC2RJHngCgtqUq GA5XqrjgzSpeOUaFN4O+Je4= =fl3F -----END PGP SIGNATURE----- If you have some top-secret data to be sent, you can also encypt the file : .. code-block:: bash gpg --encrypt file or decrypt it : .. code-block:: bash gpg --decrypt file Importing other people's keys ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If you received sombody's public key and would like to identify him by it, first ask him to confirm the fingerprint, to do so you have to import the key. Let's assume we got key from John Foo with johnfoo@bar.com mail. .. code-block:: bash gpg --import john.asc Now check the fingerprint: .. code-block:: bash gpg --fingerprint johnfoo@bar.com and ask john to confirm it is really his fingerprint. Do it by phone, or IM, just be sure John is really John. If John appears to be himself, sign his key: .. code-block:: bash gpg --edit-key johnfoo@bar.com You will be prompted to issue commands: .. code-block:: bash > sign > save There is more commands available by typig help. Next export john's public key signed by you to a file : .. code-block:: bash gpg --armor --export johnfoo@bar.com > johns-pub-new Now John has his own key signed by your key. He can now import it and increase the web-of-trust keyring. Of coarse the same procedure should be done by John with ypur key. Do not forget to update your public key afterwards on your webpage. Common clients configuration ---------------------------- Sylpheed/claws ~~~~~~~~~~~~~~ Sylpheed-claws needs plugin mimepgp accessible from sylpheed-claws.sf.net. It enables signatures and encrypting. There is also a plugin for viewing pgp inline messages called : pgpinline. Kmail ~~~~~ Kmail has built in plugin for communicationg with kgpg, GUI wrapper for gpg in KDE. This way configuring it is pretty easy and not worth writing about it. Psi ~~~ Psi can encrypt messages. All you have to do is to choosse your key in the account setup. Then you can encrypt messages with the recipient's key. Useful links ------------ Check also : GNU Privacy Guard Site - www.gnupg.org OpenPGP Site - www.openpgpg.org Credits ------- Thanks to antoszka from #gentoo-pl for helping me in understanding GPG.