diff options
Diffstat (limited to 'teaching/encryption/05-encryption-101-pgp-on-linux.md')
-rwxr-xr-x | teaching/encryption/05-encryption-101-pgp-on-linux.md | 142 |
1 files changed, 142 insertions, 0 deletions
diff --git a/teaching/encryption/05-encryption-101-pgp-on-linux.md b/teaching/encryption/05-encryption-101-pgp-on-linux.md new file mode 100755 index 0000000..354d921 --- /dev/null +++ b/teaching/encryption/05-encryption-101-pgp-on-linux.md @@ -0,0 +1,142 @@ +Title: 05. Encryption 101: PGP on Linux +Date: 2015-10-27 09:00 +Category: Data Privacy +Tags: Guides +Published: false +Slug: 05-encryption-101-pgp-on-linux +Status: published + +It's only been around a million years since I last wrote about this stuff :) Back when I started this series I was still using OSX and obviously focused very heavily on Mac, iOS and the likes and could barely get myself to write a little tutorial about e-mail encryption for Windows (only because friends nagged me about it). + +But that's all different now. I've been almost exclusively using Linux for the last year (maybe 1 1/2 years) and I thought I'd give the PGP toolchain on Linux also called Gnu Privacy Guard (GPG) some love. So shall we begin? + +### Setting up GPG with Thunderbird + +So most people will be using a mail client - I use Thunderbird because *reasons* - so let's focus on that for now. And to be honest...that's kinda boring. Please have a look at my guide on how to set up Thunderbird with Enigmail on Windows because on Linux (because of Thunderbird) it works pretty much the same way. + +**The jist** + +`sudo $package_manager install thunderbird` + +With + +Fedora 22+ `dnf` +Fedora 21 and earlier `yum` + +Ubuntu `apt-get` +New Debian stuff `apt` + +Arch `pacman` or `yaourt` + +You get the idea... + +Install the Enigmail plugin like described [here](http://spacekookie.de/data-privacy/04-encryption-101-pgp-on-windows/)! + +### Getting to know the CLI + +`gpg2` is a command that is installed on basically any modern Linux Distribution. And it comes with a plethora of options. It can do signing, message encryption with RSA, symmetric ciphers, hashing and compression. + +Let's start with creating a new key. Like you might have read in the other tutorials GPG/ PGP uses asymetric encryption which means that you need a key-pair to use it. One key is public, for everybody to have and use, the other one is private, only for you to decrypt messages. + +`gpg2 --gen-key` drops you into a nice interactive program that helps you generate a keypair and automatically adds it to your personal keychain. For all the other commands in this post to make sense you should have a keypair around to try everything out for yourself. + +After you have a keypair you can go and list your keychain. + +``` + ❤ (idenna) ~> gpg2 --list-keys +/home/spacekookie/.gnupg/pubring.gpg +------------------------------------ +pub rsa4096/0022A74E 2014-08-16 [expires: 2020-08-16] +uid [ultimate] spacekookie (Hack the planet!) <spacekookie@c-base.org> +sub rsa4096/FEAAFEA5 2014-08-16 [expires: 2020-08-16] +sub rsa4096/3B1D08AC 2014-10-30 [expires: 2016-10-29] + +``` + +You can of course also just get the fingerprint off a certain key. For that you either need your e-mail address or your key ID. + +``` + ❤ (idenna) ~> gpg2 --fingerprint 0022A74E +pub rsa4096/0022A74E 2014-08-16 [expires: 2020-08-16] + Key fingerprint = 6B93 6393 9583 E61C 9AD7 16AE 64EF 9E1B 0022 A74E +uid [ultimate] Katharina Sabel (Personal) <katharina.sabel@mailbox.org> +uid [ultimate] spacekookie (Hack the planet!) <spacekookie@c-base.org> +sub rsa4096/FEAAFEA5 2014-08-16 [expires: 2020-08-16] +sub rsa4096/3B1D08AC 2014-10-30 [expires: 2016-10-29] +``` + +I usually end up using my fingerprint ID just because it's shorter to type. And I actually have quite a nice one to remember C: + +### Import & Export + +We can also export keys from our keychain. + +``` +gpg2 --export 0022A74E +\(j�ڀ���sO�έ5'�bQ�6 + �U\�1���~ꢟSSÜu��-���䡘<|�1����Gd{�&K�c<�. + ?��r�&,s�� + :�\����ـo�T'e��kT��g�����g�p. +U���d)�V��?Sk��0w���o��6� �%�i�N�M��$%ڶr_2q��� + o~��'��0��p)���5�k]��F�L�ks���ؙ��z��J�Pt}?�*� + �'6���q�8�f�]�m8m�s:ӕ�pԾz�?�ϴ|��f�B<ѹ�#�m�Gߞ���q5���Y�sAIV<��.^$ޘ���f}�/�?��(��B� +������%0068b��dAK>�� {'���n� + �c���JT�qz���� + �NM���U9��UP�諤wĸ��ds�CW_�)�s���Qc����iË�(���!�lv���� �� +``` + +But you'll notice that's in binary. To get something more human readable you can pad it in ASCII Armour with `-a` for something more managable. + +``` +❤ (idenna) ~> gpg2 -a --export 0022A74E +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mQINBFPvZQMBEADMRx7NgsAUBPHR4V5rNvANXChqs9qA+oqvc0/Izq01J+xiUcEM +31VcGKoxxv3Bfuqin1OPkFPDnHUOxecti5H15KGYPHylMdbD5M4UR2R7uiZLoGM8 +yi4LP8GjcsAmBSxzA4H0DI83OqJc+YX5tNmAb+VUcggPJw4BZaO8a1SYDt5npRWA +DqPL72f2cC4Luhj4XngN5xim5if7myiqK9mY6FJhmJKzBxwD+mPgd+GMp2kCmQc5 +JeKkQRmagN+b2Q1VEpL51WQpoFao4T9Ta5eqMHf7vZtvF4S2Nt4dILklu2n1TqtN +mq0kJdq2cl8yBXEWqp8T1AxvfsYU2CfnnzDh33Ap5BKstRc1imsHXdbFRuZMgmtz +``` + +The same way you can import keys either from a server +``` +gpg2 --keyserver gpg.mit.edu --recv 0022A74E +``` + +or if you received an e-mail with someone elses key (or you nicked it off their website *hint hint*) you can import them as well + +``` +gpg2 --import 0022A74E.asc +``` +and it'll show up in your keychain. + +### Signatures + +You can of course also sign messages with your private key to let people know that it was really you who sent a message. Maybe a public statement or a blackmailing threat. Whatever floats your boat. + +``` +gpg2 --clearsign file.txt + +``` + +It will result in a file like you can find [here](https://spacekookie.de/pgp/spacekookie-on-the-tubes.txt). +You can of course also sign keys or not have clear signed messages but only signatures for specific messages with `--detach-sign` and `sign-key`. + +### Encryption + +Of course the primary idea of GPG is to provide e-mail/ message encryption. It's fairely straight forward with +``` +gpg2 -a --encrypt message.txt + +``` + +You can combine that command with a signature and even remove the ASCII Armour if you want the binary output of the file. +And that's that. You can send that to someone now. Or print it out and hang it on your wall or whatever. + +--- + +I don't think most people will ever care about using GPG as a commandline tool but I think it's important that people understand how to, if they ever end up in a situation where they do. I also hope that this post has been somewhat useful to you. And wish you happy message encrypting :) + +~Kate
\ No newline at end of file |