Tuesday, 18 April 2017

Generate GPG Private&Public key in linux step by step

Generate GPG Private&Public key in linux step by step


Step1 : 

'gpg --gen-key' is the linux command to generate the GPG key

# gpg --gen-key
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 

Select default option and type 'Enter' button.

Your selection? 
RSA keys may be between 1024 and 4096 bits long

Step2 :

Asking for the bit size default option is 2048 , you can give your customized option also.

What keysize do you want? (2048)

Step3: 

Next it's asking for key valid time. Please select 'key does not expire(0)'. you can select other option also based on your requirement.

Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 

Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Step4 :

it's asking for for few details. Please provide your details as per the setup.

Real name: gpgkey
Email address: gpg@linux.com
Comment: gpg
You selected this USER-ID:
    "gpgkey (gpg) <gpg@linux.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?

After above steps type 'o' to commit the changes

Step5 :

After above steps completed asking for Passowrd . in future this password used for gpg encryption and decryption.

                                                       +-----------------------------------------------------+
                                                        | Enter passphrase                                                          |
                                                        |                                                                                      |
                                                        |                                                                                       |
                                                        | Passphrase _________________________________ |
                                                        |                                                                                       |
                                                        |       <OK>                             <Cancel>                         |
                                                        +-----------------------------------------------------+

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

Try to type some words in terminal or any tasks in another terminal for gain enough entropy

Some times it will take lot of time based on cpau and memory usage.

Step6 :

to list the generated gpg keys on linux machine user 'gpg --list-keys' command.

# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------

pub   2048R/4B1114B3 2017-04-18
uid                  gpgkey (gpg) <gpg@linux.com>
sub   2048R/E61A31A1 2017-04-18


Step7 :

Export the public key


Syntax : gpg --export -a "keyname" >  "outputkeyfilename"

#gpg --export -a  gpgkey  >  public.key


Step8 :

Import the public key


To import the public key on client machine Please use below command

Place ' public.key' in any directory and 'cd' to that directory

#gpg --import public.key

To list the imported public use below command
# gpg --list-secret-keys
/root/.gnupg/secring.gpg
------------------------
sec   2048R/4B1114B3 2017-04-18
uid                  gpgkey (gpg) <gpg@linux.com>
ssb   2048R/E61A31A1 2017-04-18


After importing the public key in client machine Please follow below steps to trust the key.


# gpg --edit-key gpgkey
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  2048R/4B1114B3  created: 2017-04-18  expires: never       usage: SC  
                     trust: ultimate      validity: ultimate
sub  2048R/E61A31A1  created: 2017-04-18  expires: never       usage: E   
[ultimate] (1). gpgkey (gpg) <gpg@linux.com>

Command> trust
pub  2048R/4B1114B3  created: 2017-04-18  expires: never       usage: SC  
                     trust: ultimate      validity: ultimate
sub  2048R/E61A31A1  created: 2017-04-18  expires: never       usage: E   
[ultimate] (1). gpgkey (gpg) <gpg@linux.com>

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y

pub  2048R/4B1114B3  created: 2017-04-18  expires: never       usage: SC  
                     trust: ultimate      validity: ultimate
sub  2048R/E61A31A1  created: 2017-04-18  expires: never       usage: E   
[ultimate] (1). gpgkey (gpg) <gpg@linux.com>

Command> quit



Encrypt the file with gpg key :


Syntax : gpg -r keyname --out file.tar.gz.gpg  --encrypt  file.tar.gz  

# gpg -r gpgkey --out file.tar.gz.gpg --encrypt file.tar.gz  

Decrypt the file with gpg key :


Syntax : gpg --out file.tar.gz --decrypt file.tar.gz.gpg 

#gpg --out  file.tar.gz --decrypt file.tar.gz.gpg 


Openpgp file Encryption :


Syntax : gpg --openpgp -r 4B1114B3(or) gpgkey --out fie.pgp --encrypt file.csv

#gpg --openpgp -r 47B5B409  --out fie.pgp --encrypt file.csv

Openpgp file Decryption :


Syntax : gpg --openpgp   --out  file.csv   --decrypt  fie.pgp

#gpg --openpgp   --out  file.csv   --decrypt  fie.pgp

 

No comments:

Post a Comment