GPG II
Summary:
- Installation
- Testing And Configuration
- Public Key Distribution
- GPG And Mail Programs
GPG II
Installation
- If you are using a Mandrake release older than 7.2, get the gnupg and the pgpgpg packages from one of M's cryptography servers or get the sources from ~GnuPG.org. Releases 7.2 and later come with the ~GnuPG package on the CD.
- Install them. If you've used the RPM packages, run
rpm ––verify gnupg
as a basic security check.
- Now you have to generate your key pair with
gpg ––gen-key
- You will be asked some questions (kind of key, key size, validity). Go with the defaults unless you know better.
- Now you have to supply a user ID: your real name, your email address and a (optional) comment.
- Enter your passphrase (it will not show up). As usual, you will be prompted to enter it again to prevent typos.
- Now your key will be generated. To help the program gather enough random data, move your mouse around and hit the CTRL, ALT or SHIFT keys some times.
- Ready1.1 '~/.gnupg' should now contain these files: 'options' (configuration file), 'pubring.gpg' (your public key) and 'secring.gpg' (your private key).
Testing And Configuration
Before you distribute your key, you should do some testing:
-
gpg ––list-keys
pub {keylenght}/{key ID} {Creation date} [Expiration date] {Real name} {comment} {email address} sub {keylenght}/{key ID} {Creation Date} [Expiration date]
Write down or memorize the key ID number of your public key. You will need it from time to time.
- Encrypt and sign a file with
gpg -es -r {first part of your real name} {file}
- Decrypt this file with
gpg {file}.gpg
-
gpg ––clearsign {file}
- Verify this signature with
gpg ––verify {file}.asc
- Beginning with Mandrake 8.2, Mandrake's public key was automatically imported into the root user's keyring when the gnupg package was installed. All other users: add Mandrake's public key on the CD to your keyring:
gpg ––import /mnt/cdrom/RPM-GPG-KEYS
- Check the GPG RPM:
rpm ––checksig gnupg-{...}mdk.rpm
gnupg-{...}mdk: md5 gpg OK
- Create a revocation certificate. You will need it in case your secret key gets lost or is compromised:
gpg -o revoke.asc ––gen-revoke {key ID}
- Remove the leading hash (#) from
no-greeting
default-recipient-self
- Change the 'keyserver' line to
keyserver search.keyserver.net
- Add
no-secmem-warning
man gpg
Public Key Distribution
To distribute your public key by email or on your website, you have to export your key to a text file first. To prevent GPG from using the binary format, add the
––armor
gpg ––armor ––export {key ID} -o mykey
Now you can send or post 'mykey' and people can add the included key to their key rings with
gpg ––import mykey
A more general approach lies in using a keyserver, e.g. one of the keyserver.net family. This way everyone can get your public key without having you to ask first. He or she can just search the keyserver for your name, email address or key ID, get the key and add it to his or her keyring.
To submit your public key to a keyserver, type:
gpg ––keyserver search.keyserver.net ––send-key {key ID or your email address}
This might take a while. There's a list of alternative keyservers at keyserver.net. Some keyservers also allow you to copy and paste your key into a text entry field. In order to get a key from a keyserver, use
gpg ––keyserver search.keyserver.net ––recv-key {key ID}
(You can leave out the
––keyserver
You might want to make it easier for people by adding the numerical key ID of your public key to your mail signature, maybe along with the address of your favorite keyserver.
To verify keys, exchange encrypted messages containing the key fingerprints (
gpg ––fingerprint {key ID}
GPG And Mail Programs
Here are some mail programs currently supporting GPG:
- Arrow, a nice, lightweight mail client for X.
- Exmh, X front end for the MH mailing system.
- KMail, KDE's standard mail client.
- Mew, a MIME mail reader for (X)Emacs.
- Mutt, a very popular console based mail reader.
- Pine, another popular console based mail reader. You will need an add-on like pgp4pine.
- Postilion, a next-ish mail application for X.
- Spruce, a GTK+ mail client.
- XFMail, a very powerful MUA for X.
pgp_create_traditional ask-yes
If you are using a legacy mail reader like Netscape Mail, you can still write your messages, encrypt them and send them as attachments. Graphical GPG tools like Gpgp, ~TkPGP and Geheimnis will help you. Might be better to get a decent mail client, though ;-).
And if you really want to get into the thick of it, try the PGP Forwarding Server. This server serves as an encryption / decryption relay for users who either do not have GPG/PGP installed or don't want to use it.
Related Resources:
GNU Privacy Handbook
List Of Related Applications
man gpg
Revision / Modified: Mar. 21, 2002
Author: Tom Berger, Todd Lyons
Legal: This page is covered by the GNU Free Documentation License. Standard disclaimers of warranty apply. Copyright LSTB and Mandrakesoft.
Version 1.4 last modified by Flink on 14/01/2006 at 12:26
Document data
- Lost account?
- Join the community, be part of the Club: it's free!
- Get the PWP Download Subscription!