GPG documents and examples
Getting and publishing a key
Whenever you see username
, that is your
login on the Linux system. If should be the same as the login you
use for Linux email. Mine is brock
.
Whenever you see yourname
, that is your
last name. Mine is Brock
.
Many of you did these steps last week.
Creating a public and private key for yourself
Use an expiration time of five months. That is long enough for the course.
gpg --gen-key
Exporting a public key
This example assumes you used your last name when your created your key.
gpg --export --armor --output lastname.CSCI107.pub.txt lastname
Publicizing your key
Copy your key to your UNCA CSCI web page.
cp lastname.CSCI107.pub.txt ~/public_html/csci107
Get my CSCI 107 key
You can use your browser to obtain my key for CSCI 107 or you can use the following commmand to download it. wget is a great tool for downloading files.
wget http://www.cs.unca.edu/~brock/csci107/Brock.CSCI107.pub.txt
Import my key into your GPG key chain
gpg --import Brock.CSCI107.pub.txt
List your keys
You should now see mine.
gpg --list-keys
“Trust” my key
To avoid lots of irritating messages from PGP, you should tell it you trust my key.
Retrieve a signed message
You can obtain obtain signed message from me using your browser or with wget. This particular message was send using the--clearsign
option
of gpg so anyone can read it.
However, to verify it really is from you, use the
--verify
option
of gpg.
The commands for doing all of this are given below. Usually, you receive message that are both signed and encrypted, but I can’t send you one of those until I have a copy of your public ket.
wget http://www.cs.unca.edu/~brock/csci107/CSCI107.signed.txt more CSCI107.signed.txt gpg --verify CSCI107.signed.txt
Writing a message
Hopefully, you would be using a using a “user friendly” messaging program with GPG, but we’re working at a primative level here. Use nano to write some meaningless message for me or anyone else who needs some secret communication.
nano yourname.hello.txt
Encrypting a message
Go through the exercise of encrypting a message to yourself. The encrypted message should be stored in the file yourname.hello.txt.asc.
gpg --encrypt --sign --armor -r yourname@unca.edu yourname.hello.txt
Decrypting a message
Now decrypt your message. This one is easy! It will try to overwrite your original message. Let it.
gpg yourname.hello.txt.asc
Encrypting and signing a message for me
Now put it all together. Encrypt and sign a message to me. You should also include yourself in the list of recepients. Otherwise you won’t be able to read the encrypted message.
gpg --encrypt --sign --armor -r brock@unca.edu -r yourname@unca.edu yourname.hello.txt
Homework 3
You should have it ready to go.