User Tools

Site Tools


gnupg

This is an old revision of the document!


Privacy with GNU Privacy Guard

Use

General

There is a lot of documentation about GnuPG on the official web site. For the impatient, I suggest to read a very nice and compact tutorial that can be found here. In particular, you should read the Concepts and the Using Keys chapters.

Just a few obvious rules… that apparently are not that obvious to everybody ;-)
  • to encrypt a message (file) for your personal use, use your own public key
  • to encrypt a message for a friend of yours, use his public key
  • to sign a message: use your private key

An handy way of sharing your public key is to upload it to a public key server like keys.gnupg.net. This allows your friend to easily search and obtain your public key and vice-versa. To upload your public key, first decide which one to upload. Therefore list your keys

# gpg --list-keys
/Users/cangiani/.gnupg/pubring.gpg
----------------------------------
pub   1024D/2D09619D 2009-09-02 [expires: 2009-09-03]
uid                  Ciccio Pasticcio (this is a test key) <harmattan@gmail.com>
sub   1024g/AF0BF493 2009-09-02 [expires: 2009-09-03]

pub   2048D/48C7AF6A 2009-09-02 [expires: 2009-09-05]
uid                  Flash Gordon (this is another test key) <flash.gordon@gmail.ch>
sub   2048g/E9BEF1D2 2009-09-02 [expires: 2009-09-05]

and copy the key ID for the selected key from the list (e.g. 48C7AF6A for Flash Gordon). Then upload it to one or more servers:

# gpg --keyserver keys.gnupg.net --send-keys 48C7AF6A
gpg: sending key 48C7AF6A to hkp server keys.gnupg.net

In order to search and fetch the public key of a friend of yours using his mail address, do the following (for Damir's address for example):

gpg --keyserver keys.gnupg.net --search-keys damir.laurenzi@epfl.ch
gpg: searching for "damir.laurenzi@epfl.ch" from hkp server keys.gnupg.net
(1)	Damir Laurenzi (gpg key test) <damir.laurenzi@epfl.ch>
	  1024 bit DSA key 86134762, created: 2009-06-09
(2)	damir laurenzi (no password) <damir.laurenzi@epfl.ch>
	  1024 bit DSA key B3AB018C, created: 2007-06-28 (revoked)
Keys 1-2 of 2 for "damir.laurenzi@epfl.ch".  Enter number(s), N)ext, or Q)uit > 1
gpg: requesting key 86134762 from hkp server keys.gnupg.net
gpg: key 86134762: public key "Damir Laurenzi (gpg key test) <damir.laurenzi@epfl.ch>" imported
gpg: Total number processed: 1
gpg:               imported: 1

or just fetch the key if you already know the key ID:

# gpg --keyserver keys.gnupg.net  --recv-keys 86134762
gpg: requesting key 86134762 from hkp server keys.gnupg.net
gpg: key 86134762: public key "Damir Laurenzi (gpg key test) <damir.laurenzi@epfl.ch>" imported
gpg: Total number processed: 1
gpg:               imported: 1

You can check that the newly imported key is in your public keys wallet:

# gpg --list-keys
/Users/cangiani/.gnupg/pubring.gpg
----------------------------------
pub   1024D/2D09619D 2009-09-02 [expires: 2009-09-03]
uid                  Ciccio Pasticcio (this is a test key) <harmattan@gmail.com>
sub   1024g/AF0BF493 2009-09-02 [expires: 2009-09-03]

pub   2048D/48C7AF6A 2009-09-02 [expires: 2009-09-05]
uid                  Flash Gordon (this is another test key) <flash.gordon@gmail.ch>
sub   2048g/E9BEF1D2 2009-09-02 [expires: 2009-09-05]

pub   1024D/86134762 2009-06-09 [expires: 2019-06-07]
uid                  Damir Laurenzi (gpg key test) <damir.laurenzi@epfl.ch>
sub   2048g/45397CF2 2009-06-09 [expires: 2019-06-07]

Mac

first dialog for GPG Keychain Access Setup your private key. Launch GPG Keychain Access. Normally, if you never used GnuPG before, you will probably be asked if you want to create or import your personal private/public key pair. Unless you already have a pair of keys (e.g. you generated it using command line gpg –gen-key, click on generate. Follow the process and accept all default values. You will also be asked to set a password for your private key: do not use something trivial to guess otherwise all this is useless!

GnuPG Mail preferencesYour newly generated key will appear also as default Personal Key in the Keys section of the PGP tab of Mail preferences. You are now ready for sending encrypted and/or digitally signed messages with Mail.

PGPMail is well documented in its official website. The interface is very simple and should be easy to understand.

Linux

TODO

Install

Mac (Leopard) + Apple Mail

  1. Download and install the latest version of Mac GNU Privacy Guard v2.x from here. It is an installer package. Just double click on it and follow the instructions.
  2. GnuPG preference pane Download and install (just click on GnuPG.prefPane) the latest version of GPGPreferences from here. You will have a new item in System Preferences. Open it and have a look to the configuration. Eventually change the Key Server to keys.gnupg.net.
  3. Download and install GPG Keychain Access also from here. To install just drag the .app bundle in your /Application folder.
  4. Download and install GPGMail. You can install it by running (double clicking) the Install GPGMail.app script, or by copying the GPGMail.mailbundle in the Mail/Bundles/ folder in your Library folder.

Linux

GnuPG is installed by default on most Linux machines. TODO

gnupg.1251906442.txt.gz · Last modified: 2009/09/02 15:47 by cangiani