Friday, 28 June 2013

GnuPG - GPG Encryption and Signing Tutorial

Posted by Mahesh Doijade
Introduction :
            GnuPG is an open-source implementation of the OpenPGP standard. GnuPG enables one to encrypt, sign and also implement various cryptographic algorithms in order to carry out your data and communication in secure manner, it features an all-round key management system as well as access modules for all kinds of public key directories. GnuPG, also known as GPG, GPG is a command line utility which features easy integration with other applications. Several libraries and frontend applications are available for gpg. GPG also provides support for S/MIME, so one can use gpg to carry out secure email communication.

Using gpg :
                    Suppose we have two users viz., userA and userB. userA wants to send some important file "crucial_file.txt" to userB. Then in order to carry out this communication securely, userA need to encrypt this "crucial_file.txt" using some cryptographic technique in this example we use public key cryptography and then send it to userB. This example demonstrates using gpg command line tool in linux.

 Initially both userA and userB need to generate public and private keys for themselves so both of them execute the following command in their respective terminal.
$ gpg --gen-key

Then follow the procedure as asked during the command execution, and please remember your passphrase. You can select what default public key cryptographic algorithm you want, and as regards symmetric cryptography default algorithm used by gpg is CAST5.

To check whether keys are generated by gpg and what all keys are present in the given users ring, a user can do it by executing.
$ gpg --list-keys

Now in order to encrypt the file userA need public key of userB, so userB need to send its public key to userA, also userA sends his public key to userB.
$ gpg --armor --export userB@example.com > userB_pk

So the public key userB is now in userB_pk, same can be done by userA to export his public key to some text file, they can send their respective public key

To import other users public key
$ gpg --import userB_pk

For encryption using gpg at suppose userA end, he need to execute the following command and give receivers public key, in our case suppose userB's
$ gpg --output plain_file_enc --encrypt plain_file.txt

For decryption at receivers end.
$ gpg --output decrypted_plain_file.txt --decrypt plain_file_enc

For signing file with senders private key..
$ gpg --output plain_file_signed --sign plain_file.txt

For just verifying the sender of signed file
$ gpg --verify plain_file_signed

To do signing and then encryption, that is, implementing digital signatures.
1.) signing : $ gpg --output plain_file_signed --sign plain_file.txt
2.) encryption : $ gpg --output plain_file_enc --encrypt plain_file_signed

Decrypting the above generated encrypted data.
1.) decryption : $ gpg --output plain_file_decrypted --decrypt plain_file_enc
2.) decrypt sign : $ gpg --output plain_file_original.txt --decrypt plain_file_decrypted




2 comments: