tait
/
site
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c055e94b85'
${ noResults }
site/2020/04/06/rsa4/index.html

393 lines
15 KiB
Raw Blame History Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>How To Encrypt Your Own Documents Using gpg | tait.tech</title>
<link rel="stylesheet" href="/assets/css/style.css">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="author" content="Tait Hoyem">
<meta name="keywords" content="">
<meta name="description" content="">
</head>
<body>
<div id="wrapper">
<header>
<h1>tait.tech</h1>
<nav>
<a href="/" class="nav-link" >Home</a>
<a href="/blog/" class="nav-link" >Blog</a>
<a href="/ideas/" class="nav-link" >Ideas</a>
<a href="/links/" class="nav-link" >Links</a>
<a href="https://github.com/TTWNO/" class="nav-link" target="_blank" rel="noopener noreferrer" >Github</a>
</nav>
</header>
<main>
<article>
<header>
<h1 class="post-title">How To Encrypt Your Own Documents Using gpg</h1>
<time datetime="20-04-06" class="post-date">Monday, April 06 2020</time>
</header>
<hr>
<p>If you have ever wanted to garuntee the utmost security of your emails and documents, then this is the guide for you!
It should be noted that in some circles the tools used are more common than in others.
These are the everyday tools of many privacy advocates and computer nerds.</p>
<p>If you have never used Linux however, then the method of doing this will be rather unfamiliar.
This tutorial will be done on an <a href="https://archlinux.org/">Arch Linux</a> machine,
but it should be the same on Ubuntu, Fedora, CentOS, Debian,
OpenBSD, FreeBSD, MacOSX, etc.
The only operating system that does not include these tools by default (or easily accessible) is Windows.</p>
<p>This tutorial makes heavy use of the terminal.
You have been warned.</p>
<p><em>Let us…begin!</em></p>
<h2 id="glossary">Glossary</h2>
<ul>
<li><a href="https://en.wikipedia.org/wiki/Binary-to-text_encoding#ASCII_armor"><strong>ASCII armour</strong></a> — A way to encode <strong>OpenPGP</strong> documents so they are readable by humans. These files end in .asc</li>
<li><strong>(Open)PGP</strong> — An open standard for encoding pulbic keys and encrypted documents.</li>
<li><strong>GPG</strong> — GNUPrivacyGaurd is an implementation of <strong>OpenPGP</strong>. It is installed by default on most Linux distrobutions.</li>
</ul>
<h2 id="step-0-setup">Step 0: Setup</h2>
<p>We will be using the utility <code class="language-plaintext highlighter-rouge">gpg</code> for this tutorial.</p>
<p>The other thing to note: The character $ (dollar sign) is usually not typed when shown in a command.
It simply indicates that you do not need administrative privilages to run these commands.</p>
<p>Test to see if you get this output in your terminal.</p>
<pre class="terminal">
$ gpg --version
gpg (GnuPG) 2.2.20
libgcrypt 1.8.5
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later &lt;https://gnu.org/licenses/gpl.html&gt;
...
</pre>
<p>If this is not successful look into how to install these tools on your system.</p>
<h2 id="step-1-getcreate-a-public-key">Step 1: Get/Create A Public Key!</h2>
<h3 id="get-somebody-elses">Get Somebody Elses</h3>
<p>Step one is having somebody to send your encrypted message to. Maybe this is a friend, a journalist, or a whistleblower.</p>
<p>To encrypt a document with somebodys public key, you need to first obtain it.
My public key is available <a href="/public-key.asc">at this link</a>, and you can use it to send me encrypted stuff.</p>
<p>If you are on a linux terminal, you can use the <code class="language-plaintext highlighter-rouge">curl</code> or <code class="language-plaintext highlighter-rouge">wget</code> command to download it.</p>
<p>wget:</p>
<pre class="terminal">
$ wget https://tait.tech/public-key.asc
</pre>
<p>Curl:</p>
<pre class="terminal">
$ curl https://tait.tech/public-key.asc -o public-key.asc
</pre>
<h3 id="make-your-own-optional">Make Your Own (optional)</h3>
<p>The following section is quite long,
so if you dont want to create your own keypair,
then feel free to skip to <a href="#step-2-import-public-key">Step #2</a>.</p>
<p>If you want to encrypt your own documents,
or you want others to be able to send you encrypted messages,
then you can create your own public/private key pair.
You can use these to encrypt your documents,
and you can send our public key to others so that they can securely communicate with yourself.</p>
<p>Run the following command in your terminal, and follow the steps I outline to get you started.</p>
<pre class="terminal">
$ gpg --full-gen-key
</pre>
<p>This will produce the following dialog:</p>
<pre class="terminal">
gpg (GnuPG) 2.2.20; Copyright (C) 2020 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(14) Existing key from card
Your selection?
</pre>
<p>Select the option <code class="language-plaintext highlighter-rouge">1</code>. You want two keys, both RSA.</p>
<p>Next we will select the key size:</p>
<pre class="terminal">
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
</pre>
<p>Type the number 2048.</p>
<p>Next it will ask you how long you want the key to be valid.</p>
<pre class="terminal">
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
&lt;n&gt; = key expires in n days
&lt;n&gt;w = key expires in n weeks
&lt;n&gt;m = key expires in n months
&lt;n&gt;y = key expires in n years
Key is valid for? (0)
</pre>
<p>Type the number 1. This will enable you time to test it,
but it will make the key expire within 24 hours so that if you accidentally
share your private key, or delete your VM and no longer have access to it, you will be fine.</p>
<p>It will ask your if you are sure about the expiry date.</p>
<pre class="terminal">
Key expires at Tue Apr 7 02:24:23 2020 UTC
Is this correct? (y/N)
</pre>
<p>Type <code class="language-plaintext highlighter-rouge">y</code> to confirm your choice.</p>
<p>Now <code class="language-plaintext highlighter-rouge">gpg</code> is going to ask you to create a user id to indetify this key.
Use some test data for now.
User input is in bold, feel free to follow along or to put your own test data in.</p>
<p>Once you are more comfortable with the tools,
then you can create a public/private keypair that you will keep for some time.</p>
<pre class="terminal">
GnuPG needs to construct a user ID to identify your key.
Real name: <b>Mr. Tester</b>
Email address: <b>test@test.org</b>
Comment: <b>for testing only</b>
You selected this USER-ID:
"Mr. Tester (for testing only) &lt;test@test.org&gt;"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? <b>O</b>
</pre>
<p>It will then ask you for a password.
If you are simply using this for test purposes,
then you can feel free to set it to something like “test”.
When create a long-term use pulbic key make sure to make the password <em>very</em> secure.</p>
<p>During the process of creating your key, <code class="language-plaintext highlighter-rouge">gpg</code> may warn you with this message:</p>
<pre class="terminal">
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
</pre>
<p>If this happens, feel free to smash your keyboard (lightly),
watch a YouTube video on the machine,
browse the web with <a href="http://w3m.sourceforge.net/">w3m</a>,
etc. until the key is generated.</p>
<p>You will know it is done when you see this message (or something similar):</p>
<pre class="terminal">
gpg: key EACCC490291EA7CE marked as ultimately trusted
gpg: revocation certificate stored as '/home/tait/.config/gnupg/openpgp-revocs.d/FFA7D7525C6546983F1152D8EACCC490291EA7CE.rev'
public and secret key created and signed.
pub rsa2048 2020-04-06 [SC] [expires: 2020-04-07]
FFA7D7525C6546983F1152D8EACCC490291EA7CE
uid Mr. Tester (for testing only) &lt;test@test.org&gt;
sub rsa2048 2020-04-06 [E] [expires: 2020-04-07]
</pre>
<p>Tada! You have your own public/private keypair!</p>
<p>Sharing a keypair that will expire soon is not a good idea,
however, if you are ready, then you can use this command to generate a public key file to share with others.</p>
<p>Feel free to substitute “Mr. Tester” for any other identifying part of your key.
Remember that to use the email, you must enclose it in &lt; and &gt;.</p>
<pre class="terminal">
$ gpg --export --armour "Mr. Tester" &gt; public-key.asc
</pre>
<p>To use the email as the identifier:</p>
<pre class="terminal">
$ gpg --export --armour "&lt;test@test.org&gt;" &gt; public-key.asc
</pre>
<h2 id="step-2-import-public-key">Step 2: Import Public Key</h2>
<p>This list of keys that <code class="language-plaintext highlighter-rouge">gpg</code> keeps on tap so to speak, is called our “keyring”.
Your will need to import a new public key to encrypt files with <code class="language-plaintext highlighter-rouge">gpg</code>.</p>
<p>If you already created your own public key, then this step is not necessary unless you want to also encrypt something for me :)</p>
<figure>
<img src="/assets/img/keyring.jpg" alt="A keyring holding eight allen keys." />
<figcaption>
A keyring holding eight allen keys.
</figcaption>
</figure>
<p>To import a public key to use for encrypting files, use the <code class="language-plaintext highlighter-rouge">--import</code> option of <code class="language-plaintext highlighter-rouge">gpg</code>. Like so:</p>
<pre class="terminal">
$ gpg --import public-key.asc
gpg: key 64FB4E386953BEAD: public key "Tait Hoyem &lt;tait.hoyem@protonmail.com&gt;" imported
gpg: Total number processed: 1
gpg: imported: 1
</pre>
<p>Now that we have imported a public key, we can make a message to send!</p>
<h2 id="step-3-have-a-message-to-encrypt">Step 3: Have A Message To Encrypt</h2>
<p>You can make a new file which holds some important, secret data.
Feel free to use a graphical editor if you have one, if not, <code class="language-plaintext highlighter-rouge">nano</code> works alright too.</p>
<pre class="terminal">
Rules Of A Good Life:
1. Wash your hands!
2. Work hard!
3. Be firm.
5. Have good friends!
</pre>
<p>Save this file as something like <code class="language-plaintext highlighter-rouge">test-pgp.txt</code>, and well use that name later.</p>
<h2 id="step-4-encrypt-a-message">Step 4: Encrypt A Message</h2>
<p>Now that we have a message to send and person to send to,
all we have to do is encrypt this message and itll be on its merry way!
To do so, we must specify two new options to <code class="language-plaintext highlighter-rouge">gpg</code>.</p>
<p>The first is <code class="language-plaintext highlighter-rouge">--recipient</code>.
This tells <code class="language-plaintext highlighter-rouge">gpg</code> to encrypt using a certin public key that we have in our keyring.
You can use the persons name, email address, or the keys uid.</p>
<p>The second is <code class="language-plaintext highlighter-rouge">--encrypt</code>.</p>
<p>You will also specify the <code class="language-plaintext highlighter-rouge">--armour</code> option to use ASCII armoured files. Put this option after <code class="language-plaintext highlighter-rouge">--encrypt</code>, and put the file name after <code class="language-plaintext highlighter-rouge">--armour</code>. See below.</p>
<p>You can either use your own public key name to encrypt a document (allowng only you to decrypt it),
or you can use my public key that we imported earlier (allowing only me to decrypt it).
Either way works fine.</p>
<p>This is the big one!</p>
<pre class="terminal">
$ gpg --recipient "Tait Hoyem" --encrypt --armour test-gpg.txt
</pre>
<p>“But there is no output!” you might say!
Yes, that is because our new (encrypted) file has already been saved.
Lets look at it with cat.</p>
<pre class="terminal">
$ cat test-gpg.txt.asc
-----BEGIN PGP MESSAGE-----
hQIMA2mJuYb8vkIlAQ/9FDmXJgW2vI7p9sznKvHhQk7uTZvoWC3hCeqHoO3BSElP
XR1BNAkJ+bykB30M+9u+XDyRtTwazjvNPmYfQnIh0Q+BQZigDWbEd1R47jbzm7Tu
0eZKKapgEidfecULtaECX1sR3qPt1m9oZjyUR1rzNd8tezZlCu2pjdNZrkta2Bdm
Hh1xDS43Bw7PMQqraJsHwqr0M1GLDbMzPes2ZU5y4jEmXZ0PZdJ7kgjR8dvhLBfi
MU+4kYnnemQEztXBOjKidhyOntKiLjenvD00tVHrOuQoWuWCHGiqR24qSwVjeb9G
079gqH1VWi3fk2cwFA9f3TLvJqUwatyE0Hcba0U1d2Voz/C9JEQjT6FHuaCqQL6b
p7B7m2DwpywFGJpAn6ksrEYqHaLVWiEGmdMmHYuHxMw8+cqoSwbYymCZTwMBAuJe
Pr1VO9uNo+Vj5r8IX7ACcSsrjf0XkVzfX6ySsPbyOlGXnwzWSOM3Dk2Z9MqDORbj
0/7vJTnDctPuc91Rlp3YnJlZKWMcNfPMKMtvpljd2XuVwub+C4vGWXa9XLbRXmJo
cnEFT6SB11AKjytE2Urt62CCrYjJPBneabxbCztnBs+vQSx7Fj0LK6v4Euik/Xm/
9aKmZZW8306c9Zwgpp9glWjLMCDNxJRGdKRjZsnkt9hOEYsP1irTegystK6u4eHS
mwHX931ENOJsnPfQZCZ9b41Q9doZQ/N/WHstQO8MtA3HIN1sW3wYkGzOLKj4gJfm
bqR/TzQmXyLT1xZa+/yTscaV0P4OlI4vcii/k4DgeSeQVWp9o9DbZFxSCsdYVvPu
jaDMzZnIKoax1GFz/coUAHFQub2rLzaQ5DDbvrkX++UrAjuUtRcSFH0TKhahZmCF
nv117moLfK22Mst/
=bw8T
-----END PGP MESSAGE-----
</pre>
<h2 id="step-5-decryption-optional">Step 5: Decryption (optional)</h2>
<p>If you created your own public/private keypair in step 1,
and you encryped using <code class="language-plaintext highlighter-rouge">--recipient "Your Test Name"</code>,
then you can decrypt your document as well!</p>
<p>You will need to specify <code class="language-plaintext highlighter-rouge">--decrypt</code>, and thats all folks!</p>
<pre class="terminal">
$ gpg --decrypt test-gpg.txt.asc
</pre>
<p>A password dialog will then come up asking for your previously created password.
As long as you remember your password from before and enter it correctly: voila!</p>
<pre class="terminal">
gpg: encrypted with 4096-bit RSA key, ID 6989B986FCBE4225, created 2020-01-02
"Tait Hoyem &lt;tait.hoyem@protonmail.com&gt;"
Rules Of A Good Life:
1. Wash your hands!
2. Work hard!
3. Be firm.
5. Have good friends!
</pre>
<h2 id="step-6-finale">Step 6: Finale!</h2>
<p>Ladies and gentleman, you have done it!
You have encrypted our very own document.
(And maybe even decrypted it yourself too :)</p>
<p>If you encrypted using my public key,
feel free to send it to <a href="mailto:tait@tait.tech">my email</a>.
I am happy to verify if it worked.</p>
<p>For more information on this subject, check out <a href="https://www.gnupg.org/gph/en/manual/c14.html">gnugp.orgs guide</a> on using GPG.
They are the ones that make these tools available,
and the <a href="https://www.gnu.org/">GNU Project</a> has been instrumental in creating the open-source world as it exists today.
Give em some love, eh!</p>
<p>Thank you so much for sticking through this whole thing!
Let me know if there is anything that doesnt make sense.
I am happy to improve this guide as time goes on if that is necessary.</p>
<p>Happy hacking :)</p>
</article>
</main>
<hr>
<footer>
This page will be mirrored on <a href="https://beta.tait.tech/2020/04/06/rsa4/">beta.tait.tech</a>.
</footer>
</div>
</body>
</html>
Reference in new issue View Git Blame Copy Permalink