CSCI 107 — GNU Privacy Guard

GPG documents and examples

Getting and publishing a key

Whenever you see username, that is your login on the Linux system. If should be the same as the login you use for Linux email. Mine is brock.

Whenever you see yourname, that is your last name. Mine is Brock.

Many of you did these steps last week.

Creating a public and private key for yourself

Use an expiration time of five months. That is long enough for the course.

gpg --gen-key

Exporting a public key

This example assumes you used your last name when your created your key.

gpg --export --armor --output lastname.CSCI107.pub.txt lastname

Publicizing your key

Copy your key to your UNCA CSCI web page.

cp lastname.CSCI107.pub.txt ~/public_html/csci107

Get my CSCI 107 key

You can use your browser to obtain my key for CSCI 107 or you can use the following commmand to download it. wget is a great tool for downloading files.

wget http://www.cs.unca.edu/~brock/csci107/Brock.CSCI107.pub.txt

Import my key into your GPG key chain

gpg --import Brock.CSCI107.pub.txt

List your keys

You should now see mine.

gpg --list-keys

“Trust” my key

To avoid lots of irritating messages from PGP, you should tell it you trust my key.

Retrieve a signed message

You can obtain obtain signed message from me using your browser or with wget. This particular message was send using the --clearsign option of gpg so anyone can read it. However, to verify it really is from you, use the --verify option of gpg.

The commands for doing all of this are given below. Usually, you receive message that are both signed and encrypted, but I can’t send you one of those until I have a copy of your public ket.

wget http://www.cs.unca.edu/~brock/csci107/CSCI107.signed.txt
more CSCI107.signed.txt
gpg --verify CSCI107.signed.txt 

Writing a message

Hopefully, you would be using a using a “user friendly” messaging program with GPG, but we’re working at a primative level here. Use nano to write some meaningless message for me or anyone else who needs some secret communication.

nano yourname.hello.txt

Encrypting a message

Go through the exercise of encrypting a message to yourself. The encrypted message should be stored in the file yourname.hello.txt.asc.

gpg --encrypt --sign --armor -r yourname@unca.edu yourname.hello.txt 

Decrypting a message

Now decrypt your message. This one is easy! It will try to overwrite your original message. Let it.

gpg yourname.hello.txt.asc

Encrypting and signing a message for me

Now put it all together. Encrypt and sign a message to me. You should also include yourself in the list of recepients. Otherwise you won’t be able to read the encrypted message.

gpg --encrypt --sign --armor -r brock@unca.edu -r yourname@unca.edu yourname.hello.txt 

Homework 3

You should have it ready to go.