GPG documents and examples
Getting and publishing a key
Whenever you see
username, that is your
login on the Linux system. If should be the same as the login you
use for Linux email. Mine is
Whenever you see
yourname, that is your
last name. Mine is
Many of you did these steps last week.
Creating a public and private key for yourself
Use an expiration time of five months. That is long enough for the course.
Exporting a public key
This example assumes you used your last name when your created your key.
gpg --export --armor --output lastname.CSCI107.pub.txt lastname
Publicizing your key
Copy your key to your UNCA CSCI web page.
cp lastname.CSCI107.pub.txt ~/public_html/csci107
Get my CSCI 107 key
You can use your browser to obtain my key for CSCI 107 or you can use the following commmand to download it. wget is a great tool for downloading files.
Import my key into your GPG key chain
gpg --import Brock.CSCI107.pub.txt
List your keys
You should now see mine.
“Trust” my key
To avoid lots of irritating messages from PGP, you should tell it you trust my key.
Retrieve a signed messageYou can obtain obtain signed message from me using your browser or with wget. This particular message was send using the
--clearsignoption of gpg so anyone can read it. However, to verify it really is from you, use the
--verifyoption of gpg.
The commands for doing all of this are given below. Usually, you receive message that are both signed and encrypted, but I can’t send you one of those until I have a copy of your public ket.
wget http://www.cs.unca.edu/~brock/csci107/CSCI107.signed.txt more CSCI107.signed.txt gpg --verify CSCI107.signed.txt
Writing a message
Hopefully, you would be using a using a “user friendly” messaging program with GPG, but we’re working at a primative level here. Use nano to write some meaningless message for me or anyone else who needs some secret communication.
Encrypting a message
Go through the exercise of encrypting a message to yourself. The encrypted message should be stored in the file yourname.hello.txt.asc.
gpg --encrypt --sign --armor -r email@example.com yourname.hello.txt
Decrypting a message
Now decrypt your message. This one is easy! It will try to overwrite your original message. Let it.
Encrypting and signing a message for me
Now put it all together. Encrypt and sign a message to me. You should also include yourself in the list of recepients. Otherwise you won’t be able to read the encrypted message.
gpg --encrypt --sign --armor -r firstname.lastname@example.org -r email@example.com yourname.hello.txt
You should have it ready to go.