IPG Doc

User Tools

Site Tools

Trace:
gnupg

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
gnupg [2009/09/02 15:45] – created cangianignupg [2022/08/05 11:22] (current) admin
Line 1: Line 1:
 ====== Privacy with GNU Privacy Guard ====== ====== Privacy with GNU Privacy Guard ======
 ===== Use ===== ===== Use =====
 +
 ==== General ==== ==== General ====
 There is a lot of documentation about GnuPG on the [[http://www.gnupg.org/documentation/index.en.html|official web site]]. For the impatient, I suggest to read a very nice and compact tutorial that can be found [[http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto.html|here]]. In particular, you should read the [[http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto-1.html|Concepts]] and the [[http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto-3.html|Using Keys]] chapters. There is a lot of documentation about GnuPG on the [[http://www.gnupg.org/documentation/index.en.html|official web site]]. For the impatient, I suggest to read a very nice and compact tutorial that can be found [[http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto.html|here]]. In particular, you should read the [[http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto-1.html|Concepts]] and the [[http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto-3.html|Using Keys]] chapters.
  
-Just a few obvious rules (that apparently are not that obvious to everybody ;-))+<note> 
 +Just a few obvious rules... that apparently are not that obvious to everybody ;-)
   * to encrypt a message (file) for your personal use, use your own public key   * to encrypt a message (file) for your personal use, use your own public key
   * to encrypt a message for a friend of yours, use his public key   * to encrypt a message for a friend of yours, use his public key
   * to sign a message: use your private key   * to sign a message: use your private key
 +  * you should be sure that you can trust your public keys. The ideal thing is to organize //key exchange parties// with your friends or at least, to ask your friends to confirm that the key you have is valid (e.g. by comparing key fingerprint that you obtain from ''gpg --list-keys --fingerprint'' on the phone  ).
 +</note>
 +
 +Anyway, the very first thing to do is to create your own private/public key pair:\
 +<code>
 +# gpg --gen-key
 +gpg (GnuPG/MacGPG2) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.
 +This is free software: you are free to change and redistribute it.
 +There is NO WARRANTY, to the extent permitted by law.
 +
 +Please select what kind of key you want:
 +   (1) RSA and RSA (default)
 +   (2) DSA and Elgamal
 +   (3) DSA (sign only)
 +   (4) RSA (sign only)
 +Your selection? 2
 +DSA keys may be between 1024 and 3072 bits long.
 +What keysize do you want? (2048) 
 +Requested keysize is 2048 bits   
 +Please specify how long the key should be valid.
 +         0 = key does not expire
 +      <n>  = key expires in n days
 +      <n>w = key expires in n weeks
 +      <n>m = key expires in n months
 +      <n>y = key expires in n years
 +Key is valid for? (0) 3
 +Key expires at Sat Sep  5 16:59:34 2009 CEST
 +Is this correct? (y/N) y
 +                        
 +GnuPG needs to construct a user ID to identify your key.
 +
 +Real name: Flash Gordon
 +Email address: flash.gordon@gmail.com 
 +Comment: this is another test key   
 +You selected this USER-ID:
 +    "Flash Gordon (this is another test key) <flash.gordon@gmail.com>"
 +
 +Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
 +You need a Passphrase to protect your secret key.    
 +
 +We need to generate a lot of random bytes. It is a good idea to perform
 +some other action (type on the keyboard, move the mouse, utilize the
 +disks) during the prime generation; this gives the random number
 +generator a better chance to gain enough entropy.
 +gpg: WARNING: some OpenPGP programs can't handle a DSA key with this digest size
 +We need to generate a lot of random bytes. It is a good idea to perform
 +some other action (type on the keyboard, move the mouse, utilize the
 +disks) during the prime generation; this gives the random number
 +generator a better chance to gain enough entropy.
 +gpg: key 48C7AF6A marked as ultimately trusted
 +public and secret key created and signed.
 +
 +gpg: checking the trustdb
 +gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
 +gpg: depth: 0  valid:    signed:    trust: 0-, 0q, 0n, 0m, 0f, 2u
 +gpg: next trustdb check due at 2009-09-03
 +pub   2048D/48C7AF6A 2009-09-02 [expires: 2009-09-05]
 +      Key fingerprint = 695D 354D E592 8677 50E5  5E62 DF8B 511A 48C7 AF6A
 +uid                  Flash Gordon (this is another test key) <flash.gordon@gmail.ch>
 +sub   2048g/E9BEF1D2 2009-09-02 [expires: 2009-09-05]
 +</code>
  
 An handy way of sharing your public key is to upload it to a public key server like ''keys.gnupg.net''. This allows your friend to easily search and obtain your public key and vice-versa. To upload your public key, first decide which one to upload. Therefore list your keys An handy way of sharing your public key is to upload it to a public key server like ''keys.gnupg.net''. This allows your friend to easily search and obtain your public key and vice-versa. To upload your public key, first decide which one to upload. Therefore list your keys
Line 68: Line 131:
  
  
-==== Mac ==== 
-{{ mail:noprivatekey.png?64|first dialog for GPG Keychain Access}} 
-Setup your private key. Launch GPG Keychain Access. Normally, if you never used GnuPG before, you will probably be asked if you want to create or import your personal private/public key pair. Unless you already have a pair of keys (e.g. you generated it using command line ''gpg --gen-key'', click on //generate//. Follow the process and accept all default values. You will also be asked to set a password for your private key: **do not** use something trivial to guess otherwise all this is useless!  
- 
-{{ mail:pgpmailpreferences.png?64|GnuPG Mail preferences}}Your newly generated key will appear also as default Personal Key in the //Keys// section of the //PGP// tab of Mail preferences. You are now ready for sending encrypted and/or digitally signed messages with //Mail// 
- 
-PGPMail is well documented in its [[http://www.sente.ch/software/GPGMail/French.lproj/GPGMail.html|official website]].  
- 
-==== Linux ==== 
-**TODO** 
- 
- 
-===== Install ===== 
-==== Mac (Leopard) + Apple Mail ==== 
-  - Download and install the latest version of Mac GNU Privacy Guard v2.x from [[http://sourceforge.net/projects/macgpg2/files/|here]]. It is an installer package. Just double click on it and follow the instructions. 
-  -  {{ mail:gnupgprefpane.png|GnuPG preference pane}} Download and install (just click on ''GnuPG.prefPane'') the latest version of GPGPreferences from [[http://sourceforge.net/projects/macgpg/files/|here]]. You will have a new item in System Preferences. Open it and have a look to the configuration. Eventually change the **Key Server** to ''keys.gnupg.net''. 
-  - Download and install GPG Keychain Access also from [[http://sourceforge.net/projects/macgpg/files/|here]]. To install just drag the ''.app'' bundle in your ''/Application'' folder. 
-  - Download and install [[http://sourceforge.net/projects/gpgmail/files/|GPGMail]]. You can install it by running (double clicking) the ''Install GPGMail.app'' script, or by copying the ''GPGMail.mailbundle'' in the ''Mail/Bundles/'' folder in your ''Library'' folder. 
- 
-==== Linux ==== 
-GnuPG is installed by default on most Linux machines. 
-**TODO** 
  
gnupg.1251906312.txt.gz · Last modified: 2009/09/02 15:45 by cangiani