How does gnupg work

This CA is typically a commercial vendor which verifies your identity e. GPG uses a different system which does not distinguish between peers and authorities. In GPG, anyone can sign another persons key. The GPG user determines which peers they choose to trust in their personal keyring.

The easiest way to exchange public keys and key signatures is via a keyserver. These servers mirror each other so most keys are available on either one. For this reason it is also valid to share GPG public keys via e.

It is important to know which version of GPG you are running and where your home dir is. Your home directory contains your configuration and the keyrings. GPG defaults to your system keyring, which is the same as the gpg command line utility and system package manager use.

For this example we store keys in a temporary directory. It is empty to start with:. However this file does not contain any signatures for this key. If we import it from a keyserver we also get the signatures:. The signature only contains the key ID of the signer. You would need to download the corresponding pubkeys to actually verify these signatures. A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document.

If you sign a file using your personal secret key, anyone can verify that this file has not been modified i. GPG signatures are widely used by Linux package managers such as apt to verify the integrity of downloaded files.

Typically the public key is shipped with the OS, and the private key is owned by the repository maintainers. The key will be uploaded to the specified server.

Afterwards, it will likely be distributed to other key servers around the world. You can easily encrypt and decrypt messages after you have shared your keys with the other party. The basic syntax would be:. The filename will be the same as the input filename, but with an.

Adding yourself as a second recipient encrypts the message two separate times, one for each recipient. If instead of a file, you have the message as a raw text stream, you can copy and paste it after typing gpg without any arguments. There are a number of procedures that you may need to use on a regular basis to manage your key database. Your key information can become outdated if you are relying on information pulled from public key servers.

You do not want to be relying on revoked keys, because that would mean you are trusting potentially compromised keys. Using GPG correctly can help you secure your communications with different people. This is extremely helpful, especially when dealing with sensitive information, but also when dealing with regular, everyday messaging. That will make it more difficult for people to know when you are sending important data or just sending a friendly hello.

Where would you like to share this to? Twitter Reddit Hacker News Facebook. Share link Tutorial share link. Sign Up. DigitalOcean home. Community Control Panel. Hacktoberfest Contribute to Open Source. By Justin Ellingwood Published on May 26, How Public Key Encryption Works A problem that many users face is how to communicate securely and validate the identity of the party they are talking to.

If for any reason GPG is not installed, on Ubuntu and Debian , you can update the local repo index and install it by typing: sudo apt-get update sudo apt-get install gnupg On CentOS , you can install GPG by typing: sudo yum install gnupg2 To begin using GPG to encrypt your communications, you need to create a key pair.

You can do this by issuing the following command: gpg --gen-key This will take you through a few questions that will configure your keys: Please select what kind of key you want: 1 RSA and RSA default What keysize do you want?

Is this correct? Create a Revocation Certificate You need to have a way of invalidating your key pair in case there is a security breach or in case you lose your secret key. About the authors. Justin Ellingwood. Still looking for an answer? Ask a question Search for more help. Comments Follow-Up Questions. Before you can do that To complete this action, sign in to your Community account or create a new one.

A new variant of DES was needed. It has also withstood three decades of cryptanalysis and is still going strong. Due to its s-era bit block size, it should not be used to encrypt more than about 4Gb of data. Beyond that, though, it is solid as a rock, and very few GnuPG users will ever notice a problem with it.

It was later approved for Canadian government use. Like 3DES, its bit block size means it should not be used to encrypt files larger than 4Gb in size. With that said, though, CAST is a modern cipher and may be used with confidence. The algorithms have been made publicly available and have been subjected to an astonishing amount of peer review. For many years it was one of the standard algorithms of the field, but is now completely obsolete.

GnuPG will use one of these three algorithms to compress your data before encrypting it, unless GnuPG can see the data is already compressed. A revocation certificate is a certificate that possesses the information necessary to mark another certificate as unusable. We recommended you create a revocation certificate immediately after generating a new GnuPG certificate. Store it somewhere safe. Consult the FAQ instructions on how to do this. A designated revoker is a person, identified by a certificate, that has the authority to revoke another certificate held by a different person.

For instance, if you were using GnuPG in a corporate environment the IT staff might be listed as a designated revoker for your certificate, so that when you left the company the IT staff could revoke your certificate. Although a certificate makes certain assertions about identity, these assertions cannot be blindly trusted.

Consider, for instance, whether you should trust a certificate that claims to belong to obama whitehouse. Validation can be done by fiat or as the result of a process. How much rigor will depend entirely on your own particular needs and the threats you face. The terms are used somewhat interchangeably. She further believes, based on her knowledge of Bob, that he will be as careful as she is about the certificates he validates. Alice declares she has ownertrust in Bob. Now, any certificates that Bob validates will appear to Alice as valid, too.

The very first thing is to join the GnuPG-Users mailing list. GnuPG has sensible defaults right out of the box. The overwhelming majority of users will be well-served by generating bit RSA keys. This is the default behavior for GnuPG. Generate a revocation certificate, and store it in a safe place. Alternately, you may wish to appoint a designated revoker.

A designated revoker is someone whom you trust to revoke your certificates on your behalf. This person may revoke your certificates without needing a revocation certificate. For instance, you may wish to appoint your lawyer as your designated revoker so that, in the event of your untimely death, your lawyer may revoke your certificates.

When prompted, enter the key ID of the person whom you wish to appoint as a revoker. GnuPG looks at a file called gpg. Many people have had excellent luck with pool. On OS X, some people have needed to use ipv4. For instance, encrypt is a command, and armor is an option that tells GnuPG to ensure the output contains only printable characters. Make no changes; this is useful for testing a command line that will modify keys or generate output:. When encrypting a message, you will usually supply at least one recipient ID with the recipient option.

This option can be supplied multiple times to encrypt a message to multiple recipients:. The key to use for the signature can be specified with the local-user setting in your gpg. Recipients are specified with the -r or --recipient options. These commands are the most commonly used. GnuPG has many more commands, largely for managing your keyring containing your private keys and the certificates of others.

Occasionally you might obtain the certificate physically, by meeting the certificate holder face-to-face and exchanging the certificate on some storage medium such as a USB stick, memory card, or portable disk.

Once obtained in one of these ways, you can add the certificate to your collection of public keys by doing:. There is also a network of public keyservers, accessible under the collective hostname pool. GnuPG users can upload their certificates to the keyservers, and other users can then search for and download them.

GnuPG will list matching certificates and prompt you to select which ones you wish to download and add to your keyring. People will obtain new signatures for their certificates from time to time. If you were to receive a letter in the mail that claimed to be from the President of the United States, would you believe it?

The same applies to email. A certificate can claim to be from anyone. You have to make sure that the certificate really belongs to whom it claims it belongs to. Some of these people are well-informed and some of them are just plain unhinged.

In the end, you are responsible for making your own decisions. That said, the following is generally agreed upon as being a reasonable procedure:. Checking to make sure the email address they gave you is also listed on the certificate is one more check to make sure.

Only Alice has her private key. To get around this, add yourself as a recipient --recipient [your certificate ID]. Normally, computers use eight-bit binary code. This often presents trouble for email, which often requires that only printable seven-bit characters may be used. By using the --armor flag, GnuPG will generate output containing only printable characters.

An inline signature wraps a textual header and footer around the text to be signed, leaving the text readable without running GnuPG. On the internet, anyone can be pretend to be anyone. GnuPG will assume the original file is in foo.

Keep a healthy dose of skepticism, and remember that cryptography cannot save us from our own foolishness. You should use the --batch option. The suggested way to create keys for an automated environment is as follows.

First, on a secure machine:. If you want to do automatic signing, create a signing subkey for your key. Use the interactive key editing menu by issuing the command:.

Make sure that you use a passphrase; this is required by the current implementation to let you export the secret key. Use the sub-command passwd to remove the passphrase from the subkeys.

You may also want to remove all unused subkeys by doing key N and then delkey for each subkey. On the target machine, install secring. If that happens, you can revoke all the subkeys installed on that machine and install new subkeys once the machine is secured again. If you received an email claiming to be from a Nigerian oil tycoon, would you believe it? The same principle applies here. GnuPG tries to lock memory so that no other process can see it and so that the memory will not be written to swap.

GnuPG uses special lines to denote the beginning of a message, the beginning of a signature, and so forth. If your text contains a line beginning with a dash, that line will be slightly mangled in order to prevent GnuPG from misinterpreting your data as one of its special lines.

That said, here are some good guidelines:. If someone manages to obtain your secret key, the only thing protecting the key will be your passphrase. A passphrase should be 1 difficult to guess for someone who knows you, and 2 difficult to brute-force by trying every possible combination of characters.

To meet requirement 2 , the passphrase should be long: commercially available hardware can try 2. Battery staple! Good places include safe deposit boxes, kept on file with your lawyer, placed in a fireproof safe, and so forth. It should be treated as an important document that needs to be kept safe.

Although there is no guaranteed way of keeping your system free of malware, you can reduce your risk quite a lot by following some basic rules. Your private key is already encrypted: your passphrase is the key used to decrypt your private key. That said, if you have a more technical question about GnuPG, you may find some of the answers in this section. Although all the ciphers in GnuPG are believed strong, they are not all equally recommended.

With respect to our symmetric cipher recommendations, we have to explain a little bit about cryptanalysis. They work on blocks of data, either eight or sixteen bytes large, depending on the cipher. Put it all together and imagine what would happen if, within the same message, two identical ciphertext blocks were created.

Since the cipher is deterministic always generates the same output for the same inputs , and since the key and the previous block are the same, the output of this block would be the same. This repetition creates a distinctive pattern which a cryptanalyst might be able to potentially exploit. Twofish, AES, and Camellia all operate on sixteen bytes at a time.

The others all operate on eight bytes at a time. At the time the decision was made, bit RSA was thought to provide reasonable security for the next decade or more while still being compatible with the overwhelming majority of the OpenPGP ecosystem. At present, no reputable cryptographer or research group has cast doubt on the safety of RSA That said, many are suggesting shifting to larger keys, and GnuPG will be making such a shift in the near future.

No, although some respected people and groups within the cryptographic community have made such recommendations.

Some even recommend bit keys. Probably not. The future is elliptical-curve cryptography, which will bring a level of safety comparable to RSA Every minute we spend arguing about whether we should change the defaults to RSA or more is one minute the shift to ECC is delayed. By all means, feel free to generate certificates with larger keys. GnuPG supports up to bit keys. RSA is believed to be safe against attack until at least the year , so use it with confidence.

Breaking an RSA key requires you to try each prime number between two and one hundred. There are twenty-five of these, meaning RSA is equivalent to about a 5-bit symmetric cipher. Breaking an RSA key requires you to try each prime number between two and one thousand: there are of them, meaning RSA is equivalent to about an 8-bit cipher.

Each additional bit gives correspondingly less in the way of additional security, and we quickly reach a point of diminishing returns. That point of diminishing returns happens around RSA There is no formal recommendation on where RSA lies, but the general consensus is that it would come in somewhere around bits — 28 bits of improvement over RSA If you need more security than RSA offers, the way to go would be to switch to elliptical curve cryptography — not to continue using RSA.

You gain very little in the way of additional resistance to brute-forcing and cryptanalysis. The laws of physics require that a certain amount of heat be used in computation. This is a consequence of the Second Law of Thermodynamics, and may not be violated under our current understanding of the laws of physics. Further, physics requires that a certain amount of time be used in computation. This is a consequence of the Heisenberg Uncertainty Principle, and may not be violated under our current understanding of the laws of physics.