GnuPG Fedora Core 3

[xDamox]

Well I though I would write a little tutorial on GnuPG encryption.

 

GnuPG is a complete and free replacement for PGP. Because it does not use the patented IDEA  algorithm, it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application.

 

The first step to using GnuPG is to generate a private and public key which will be used for

encrypting files/signing documents.

 

First create a .gnupg dir in your home directory as shown below:

 

Code:

mkdir .gnupg

 

This is the directory your public and private key will be stored. The next step is to create the

keys so type the command:

 

Code:

gpg --gen-key

 

Once that command has been enter you will be prompted with:

 

Code:

gpg (GnuPG) 1.2.6; Copyright (C) 2004 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Please select what kind of key you want:
  (1) DSA and ElGamal (default)
  (2) DSA (sign only)
  (4) RSA (sign only)
Your selection?

 

if you will be encrypting file and signing files use DSA and ELGamal or if your just using

it to sign files choose DSA or RSA.

 

Once you have selected your key type you will then be presented with a screen asking

for a keysize as shown below:

 

Code:

DSA keypair will have 1024 bits.
About to generate a new ELG-E keypair.
             minimum keysize is  768 bits
             default keysize is 1024 bits
   highest suggested keysize is 2048 bits
What keysize do you want? (1024)

 

The keysize can be any depending on the file you want to encrypt/sign the keysize I settle for

is 4096 :)

 

if you do enter a keysize over 2048 you will be prompted with a message saying:

 

Code:

Keysizes larger than 2048 are not suggested because
computations take REALLY long!
Are you sure that you want this keysize?

 

just type yes :)the next screen you will be prompted with is asking how long you want the

keys to last.

 

Code:

Please specify how long the key should be valid.
        0 = key does not expire
     <n>  = key expires in n days
     <n>w = key expires in n weeks
     <n>m = key expires in n months
     <n>y = key expires in n years
Key is valid for? (0)

 

Then it will ask three more questions asking for your name etc.

 

Now that the key is created you will be able to encrypt files by issuing the following:

 

Code:

gpg -e file_to_encrypt.txt

 

you can also add -a to armor the encryption. once that is do it will create a file called:

file_to_encrypt.txt.gpg or .asc thats about it you can also have a look at what other arguments

gpg takes by typing:

 

Code:

gpg --help

 

well good luck

[znx]

neat...

 

walked it through.. perfect [img]<___base_url___>/uploads/emoticons/default_laugh.png[/img]

[P38]

Now, what are you going to do with it?

 

 

Don't get me wrong. I like GPG and I have used it and PGP back to the days just after Phillip Zimmerman released it to the world. The problem is, not many people use it and except for the hard-core community, a pgp/gpg signature means little to nothing. I've even had people ask me why my emails were so ugly. (I signed each email that I sent and my key's fingerprint was included in my signature.)

 

Now, I have shifted from gpg/pgp over to a digital certificate in my outlook and I am watching X.509 support in gpg and the open email programs like pine and mutt.

 

Maybe a poll would be in order. "Do you use gpg or pgp to sign or encrypt your email". I bet the percentage of users that reply yes would be shockingly low.

[znx]

i use it for those that i can.. but not for a lot in all honesty

[lerum]

I only use it for Important emails like when I send my coursework to home. Other than that. The answer would be no I don't Use it much.

[xDamox]

I think when you sign emails with GPG with the new KMail it attached the public key instead of adding

the ugly signature at the bottom :)

[P38]

I think when you sign emails with GPG with the new KMail it attached the public key instead of addingthe ugly signature at the bottom :)

<{POST_SNAPBACK}>

 

That is the way that Mutt does it also. According to the docs, that indicates that the signature is taking place late enough in the process that the message plus all the attachments are being signed. Pine, on the other hand, uses a script to encrypt/sign messages and it does not encript/sign the message attachements as part of the message.