Changes RSS

====== GPG ====== ===== Generating my key-pair: ===== <code> jonl@P04073:~$ gpg --gen-key gpg (GnuPG) 1.4.6; Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only) Your selection? 1 DSA keypair will have 1024 bits. ELG-E keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 4096 Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 2y Key expires at Wed 23 Feb 2011 04:23:10 PM CET Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>" Real name: Jon Langseth Email address: jon.langseth@hig.no Comment: You selected this USER-ID: "Jon Langseth <jon.langseth@hig.no>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O You need a Passphrase to protect your secret key. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ++++++++++.+++++++++++++++++++++++++.++++++++++++++++++++.++++++++++.++++++++++++++++++++++++++++++++++++++++++++++++++.+++++.+++++++++++++++.......+++++ We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. .++++++++++.+++++..+++++.+++++.+++++.+++++....+++++.....++++++++++..+++++++++++++++....++++++++++.++++++++++++++++++++...++++++++++.++++++++++...++++++++++++++++++++.+++++..+++++++++++++++.+++++.+++++>.+++++.+++++..++++++++++..+++++..+++++..++++++++++++++++++++>..+++++>+++++....................>..+++++................<+++++...............>+++++>...+++++<+++++.....<...+++++..........>.+++++..............>+++++<.+++++...........................+++++^^^ gpg: key 580CA477 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: next trustdb check due at 2011-02-23 pub 1024D/580CA477 2009-02-23 [expires: 2011-02-23] Key fingerprint = 7A73 E894 7DEA 42E4 E860 A12F 6935 2E53 580C A477 uid Jon Langseth <jon.langseth@hig.no> sub 4096g/4853D37B 2009-02-23 [expires: 2011-02-23] </code> ===== Reviewing keys ===== <code> jonl@P04073:~$ gpg --list-keys /home/jonl/.gnupg/pubring.gpg ----------------------------- pub 1024D/580CA477 2009-02-23 [expires: 2011-02-23] uid Jon Langseth <jon.langseth@hig.no> sub 4096g/4853D37B 2009-02-23 [expires: 2011-02-23] </code> <code> jonl@P04073:~$ gpg --list-sigs /home/jonl/.gnupg/pubring.gpg ----------------------------- pub 1024D/580CA477 2009-02-23 [expires: 2011-02-23] uid Jon Langseth <jon.langseth@hig.no> sig 3 580CA477 2009-02-23 Jon Langseth <jon.langseth@hig.no> sub 4096g/4853D37B 2009-02-23 [expires: 2011-02-23] sig 580CA477 2009-02-23 Jon Langseth <jon.langseth@hig.no> </code> ===== Submitting key: ===== <code> jonl@P04073:~$ gpg --keyserver hkp://pgp.surfnet.nl --send-keys 580CA477 gpg: sending key 580CA477 to hkp server pgp.surfnet.nl jonl@P04073:~$ gpg --keyserver hkp://pgp.surfnet.nl --search-keys 'jon.langseth@hig.no' gpg: searching for "jon.langseth@hig.no" from hkp server pgp.surfnet.nl (1) Jon Langseth <jon.langseth@hig.no> 1024 bit DSA key 580CA477, created: 2009-02-23 (2) Jon Langseth <jon.langseth@hig.no> 1024 bit DSA key 9488018A, created: 2008-02-05 (revoked) Keys 1-2 of 2 for "jon.langseth@hig.no". Enter number(s), N)ext, or Q)uit > q </code> ===== Getting pubkeys into keyring: ===== The search-way: <code> jonl@P04073:~$ gpg --keyserver hkp://pgp.surfnet.nl --search-keys 'john.johannessen' gpg: searching for "john.johannessen" from hkp server pgp.surfnet.nl (1) John Johannessen <john@webdeal.no> John Johannessen <john.johannessen@webdealhosting.com> 1024 bit DSA key 6DB33A8B, created: 2007-06-11 (2) John Johannessen <johnj@slaskdot.org> John Johannessen <sakarias@gmail.com> 1024 bit DSA key E547B980, created: 2006-04-03 (3) John Johannessen <spooks@lilug.no> John Johannessen <spooks@defcon.no> John Johannessen <webmaster@lilug.no> John Johannesen <john.johannnessen@lilug.no> 1024 bit DSA key 1DE8F76E, created: 2001-03-10 (4) John Johannessen <spooks@ekstra.cybercity.no> 1024 bit DSA key 1E8D6466, created: 2000-08-25 (5) John Johannessen <johnj@c2i.net> 1024 bit DSA key 60664FE8, created: 1999-10-08 (6) John Johannessen <johnj@c2i.net> 1024 bit DSA key 96DE30B7, created: 1999-10-07 (7) John Johannessen <johnj@c2i.net> 1024 bit DSA key 1748ACC6, created: 1999-03-03 (8) John Johannessen <johnj@c2i.net> 1024 bit DSA key 7F719785, created: 1999-03-03 (9) John Johannessen <spooky@ol.telia.no> 1024 bit DSA key FB13B331, created: 1998-01-11 Keys 1-9 of 9 for "john.johannessen". Enter number(s), N)ext, or Q)uit > 1 gpg: requesting key 6DB33A8B from hkp server pgp.surfnet.nl gpg: key 6DB33A8B: public key "John Johannessen <john.johannessen@webdealhosting.com>" imported gpg: Total number processed: 1 gpg: imported: 1 </code> The 'already searched' way: <code> fishy@filez:~$ gpg --recv-keys E547B980 gpg: requesting key E547B980 from hkp server subkeys.pgp.net gpg: key E547B980: public key "John Johannessen <johnj@slaskdot.org>" imported gpg: Total number processed: 1 gpg: imported: 1 </code> ===== Encrypting/decrypting local file: ===== <code> #!/bin/bash GPGID="jon.langseth@hig.no" FILEPLAIN="list.dat" FILECRYPT="$FILEPLAIN.gpg" GPG="/usr/bin/gpg" RM="/bin/rm" VI="vim" echo $1 if [ -n $1 ]; then if [ "$1" = "view" ]; then umask 0077; $GPG --decrypt $FILECRYPT | less elif [ "$1" = "edit" ]; then umask 0077; $GPG --output $FILEPLAIN --decrypt $FILECRYPT $VI $FILEPLAIN umask 0077; $GPG --encrypt --recipient $GPGID $FILEPLAIN $RM $FILEPLAIN else echo "" echo "usage:" echo "" echo "* view -- to see $FILEPLAIN" echo "* edit -- to edit $FILEPLAIN" echo "" fi fi </code>