Introduction
Just collecting some useful basic encryption-knowledge here.
Checksums
GnuPG supports new and secure algorithms:
$ gpg –print-md sha1 filename
filename: E83A 42B9 BC84 31A6 6450 99BE 50B6 341A 35D3 DCEB
It also will take multiple files:
$ gpg –print-md sha1 *.txt
test.txt: E0D6 3F44 4253 CED5 9205 4047 4AA6 4E0F FD0F 130D
test2.txt: 32AC 34F9 B7AF 1972 C015 E5EE 456E 89BD CC3C 7246
If you still need MD5, that’s available too:
$ gpg –print-md md5 filename
filename: 26 E9 85 5F 8A D6 A5 90 6F EA 12 12 83 C7 29 C4
The more recent GnuPG versions also support much more secure hash algorithms, such as SHA-512:
$ gpg –print-md sha512 filename
filename: FC37410D 9336DD60 22AEB6A2 A42E82F1 2EA3470D 4982E958 B35C14A0
CF381CD2 3C4CBA35 BE5F11CB 05505ED2 DBF1C7A0 397EFF75 007FAEBB
30B43B30 6514990D
By the way, you can validate these –print-md examples by creating a file called filename containing the single line: The Linux Journal.
Your hash values should have exactly the same hexadecimal value as those in this article if the contents of the file is the same.
(From The Linux Journal)
Key Admin
gpg –list-keys
all present keys will be displayed. To see the signatures as well type:
gpg –list-sigs
Export Keys
The command for exporting a key for a user is:
gpg –export [UID]
If no UID has been submitted all present keys will be exported. By default the output is set to stdout. But with the -o option this is sent to a file. It may be advisable using the option -a to write the key to a 7-bit ASCII file instead of a binary file.
By exporting public keys you can broaden your horizon. Others can start contacting you securely. This can be done by publishing it on your homepage, by finger, through a key server like http://www.pca.dfn.de/dfnpca/pgpkserv/ or any other method you can think of.
Import Keys
When you received someone’s public key (or several public keys) you have to add them to your key database in order to be able to use them. To import into the database the command looks like this:
gpg –import [Filename]
Encrypt
The command to encrypt is
gpg -e Recipient [Data]
or
gpg –encrypt Recipient [Data]
Decrypt
The command for decrypting is:
gpg [-d] [Data]
or
gpg [--decrypt] [Data]
Also here stdout is preset, but with the -o option you can redirect the output to a file.
Signing and Checking Signatures
To sign data with your own key, use the command:
gpg -s (or –sign) [Data]
By doing this also compression takes place. This means that the result is not legible. If you want a legible result you can use:
gpg –clearsign [Data]
this will make sure that the results are clearly legible. Furthermore it does the same (signing data).
With
gpg -b (or –detach-sign) [Data]
you can write the signature in a separate file. It is highly recommended to use this option especially when signing binary files (like archives for instance). Also the –armor option can be extremely useful here.
Quite often you find that data is encrypted and signed as well. The full instruction looks like:
gpg [-u Sender] [-r Recipient] [--armor] –sign –encrypt [Data]
The functionality of the options -u (–local-user) and -r (–recipient) are as described before.
When encrypted data has been signed as well, the signature is checked when the data is decrypted. You can check the signature of signed data by using the command:
gpg [--verify] [Data]
This will only work (of course) when you own the public key of the sender.
(From Gnu Privacy Guard (GnuPG) Mini Howto (English), Brenno J.S.A.A.F. de Winter)
