If you've been following my PGP\GPG blogs, you should now have PGPGPG
installed on your Linux PC.
You will also have generated a PGP key and exported the Public Key.
If not, please read the previous blogs installing pgpgpg and exporting public key
This blog aims to explain how to import someone else's key, and then send
them an encrypted message.
Before we progress any further, you need to have someones Public Key. This can
be acquired by email, downloading of a website, or passed via any means, but it
is important that you trust the public key you have is from who you think it is
from.
I have acquired a public key from "Your Mate" and have it in my home
folder.
I first check the contents of my Key ring using the "gpg --list-key" command as shown
below.
If you've been following my blogs in order, you should find the only key you
have is the one you've generated.
Import the public key for the person you wish to send the encrypted message
to with the "gpg --import keyname"
command as shown below. As you can see, the key I imported was called
"YourMate.asc"
You can confirm the key is now on your keyring by repeating the "gpg --list-key" command as shown above.
Notice you now have the "Your Mate" key.
You can check that you have imported the correct public key by asking the
owner to confirm the keys finger print.
This can be done using the "gpg --fingerprint" command to see all your
keys
fingerprints, or an individual key using any of the variables shown
below.
Obviously, if someone wishes to confirm your public key's fingerprint, you can
complete the same command on your own key as shown below.
"Your Name" keys fingerprint has been highlighted above.
If you now trust you have the correct public key you can sign the key to show
that you trust the key to belong to "Your Mate". The command to sign a key is
"gpg --sign-key Your.Mate@email.com"
By signing other peoples keys, you can set up a ring of trust. Other people
may choose to trust a key on the basis of your signiture.
So now for the fun part. We have installed gpg, created our own key, exported
our public key to some one, and now we have imported "Your Mate" public key. We
are finally ready to encrypted our first message.
In order to remain in CLI, I have created a short text message using "cat"
as shown below.
When using a "cat >" to create a
text file, you need to press "CTRL+D" to exit the redirect.
You could use a text editor like gedit or Vi if you prefer.
You can also use "cat" to check the contents of your file as shown below.
We now have a text file called message.txt in our home directory.
This file can be encrypted using gpg, but lets first consider what we
need.
1) the text file
2) the public key of the recipient
3) to make the file ASCII we need to include the "--armor" command.
The required command should look something like this;
"gpg --recipient Your.Mate@email.com --armor --encrypt message.txt"
So with this information we can encrypt the file as shown below
Notice we now have a "message.txt.asc" file. This is the encrypted file.
Also notice the orginal "message.txt" file still exists! If this contains
sensitive data, it should be removed.
Check the contents of your encrypted file using the cat command as shown
below.
You can now send this information via email, or any other method safe in
the knowledge that it will only be read by its intended recipient/s
You can encrypt a message to more than one recipient including yourself.
That concludes this blog.
No comments:
Post a Comment