@ -0,0 +1,315 @@
|
||||
---
|
||||
title: How To Encrypt Your Own Documents Using gpg
|
||||
layout: post
|
||||
author: tait
|
||||
---
|
||||
|
||||
If you have ever wanted to garuntee the utmost security of your emails and documents, then this is the guide for you!
|
||||
It should be noted that in some circles the tools used are more common than in others.
|
||||
These are the everyday tools of many privacy advocates and computer nerds.
|
||||
|
||||
If you have never used Linux however, then the method of doing this will be rather unfamiliar.
|
||||
This tutorial will be done on an [Arch Linux](https://archlinux.org/) machine,
|
||||
but it should be the same on Ubuntu, Fedora, CentOS, Debian,
|
||||
OpenBSD, FreeBSD, MacOSX, etc.
|
||||
The only operating system that does not include these tools by default (or easily accessible) is Windows.
|
||||
|
||||
*Let us...begin!*
|
||||
|
||||
## Glossary
|
||||
|
||||
* [**ASCII armour**](https://en.wikipedia.org/wiki/Binary-to-text_encoding#ASCII_armor) --- A way to encode **OpenPGP** documents so they are readable by humans. These files end in .asc
|
||||
* **(Open)PGP** --- An open standard for encoding pulbic keys and encrypted documents.
|
||||
* **GPG** --- GNUPrivacyGaurd is an implementation of **OpenPGP**. It is installed by default on most Linux distrobutions.
|
||||
|
||||
## Step 0: Setup
|
||||
|
||||
We will be using the utility `gpg` for this tutorial.
|
||||
|
||||
The other thing to note: The character '$' (dollar sign) is usually not typed when shown in a command.
|
||||
It simply indicates that you do not need administrative privilages to run these commands.
|
||||
|
||||
Test to see if you get this output in your terminal.
|
||||
|
||||
<pre class="terminal">
|
||||
$ gpg --version
|
||||
|
||||
gpg (GnuPG) 2.2.20
|
||||
libgcrypt 1.8.5
|
||||
Copyright (C) 2020 Free Software Foundation, Inc.
|
||||
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
|
||||
|
||||
...
|
||||
</pre>
|
||||
|
||||
If this is not successful look into how to install these tools on your system.
|
||||
|
||||
## Step 1: Get/Create A Public Key!
|
||||
|
||||
### Get Somebody Else's
|
||||
Step one is having somebody to send your encrypted message to. Maybe this is a friend, a journalist, or a whistleblower.
|
||||
|
||||
To encrypt a document with somebody's public key, you need to first obtain it.
|
||||
My public key is available [at this link](/public-key.asc), and you can use it to send me encrypted stuff.
|
||||
|
||||
If you are on a linux terminal, you can use the `curl` or `wget` command to download it.
|
||||
|
||||
wget:
|
||||
<pre class="terminal">
|
||||
$ wget https://tait.tech/public-key.asc
|
||||
</pre>
|
||||
|
||||
Curl:
|
||||
<pre class="terminal">
|
||||
$ curl https://tait.tech/public-key.asc -o public-key.asc
|
||||
</pre>
|
||||
|
||||
### Make Your Own (optional)
|
||||
|
||||
The following section is quite long,
|
||||
so if you don't want to create your own keypair,
|
||||
then feel free to skip to [Step #2](#step-2-import-public-key).
|
||||
|
||||
If you want to encrypt your own documents,
|
||||
or you want others to be able to send you encrypted messages,
|
||||
then you can create your own public/private key pair.
|
||||
You can use these to encrypt your documents,
|
||||
and you can send our public key to others so that they can securely communicate with yourself.
|
||||
|
||||
Run the following command in your terminal, and follow the steps I outline to get you started.
|
||||
|
||||
<pre class="terminal">
|
||||
$ gpg --full-gen-key
|
||||
</pre>
|
||||
|
||||
This will produce the following dialog:
|
||||
|
||||
<pre class="terminal">
|
||||
gpg (GnuPG) 2.2.20; Copyright (C) 2020 Free Software Foundation, Inc.
|
||||
This is free software: you are free to change and redistribute it.
|
||||
There is NO WARRANTY, to the extent permitted by law.
|
||||
|
||||
Please select what kind of key you want:
|
||||
(1) RSA and RSA (default)
|
||||
(2) DSA and Elgamal
|
||||
(3) DSA (sign only)
|
||||
(4) RSA (sign only)
|
||||
(14) Existing key from card
|
||||
Your selection?
|
||||
</pre>
|
||||
|
||||
Select the option `1`. You want two keys, both RSA.
|
||||
|
||||
Next we will select the key size:
|
||||
<pre class="terminal">
|
||||
RSA keys may be between 1024 and 4096 bits long.
|
||||
What keysize do you want? (2048)
|
||||
</pre>
|
||||
|
||||
Type the number 2048.
|
||||
|
||||
Next it will ask you how long you want the key to be valid.
|
||||
|
||||
<pre class="terminal">
|
||||
Requested keysize is 2048 bits
|
||||
Please specify how long the key should be valid.
|
||||
0 = key does not expire
|
||||
<n> = key expires in n days
|
||||
<n>w = key expires in n weeks
|
||||
<n>m = key expires in n months
|
||||
<n>y = key expires in n years
|
||||
Key is valid for? (0)
|
||||
</pre>
|
||||
|
||||
Type the number 1. This will enable you time to test it,
|
||||
but it will make the key expire within 24 hours so that if you accidentally
|
||||
share your private key, or delete your VM and no longer have access to it, you will be fine.
|
||||
|
||||
It will ask your if you are sure about the expiry date.
|
||||
|
||||
<pre class="terminal">
|
||||
Key expires at Tue Apr 7 02:24:23 2020 UTC
|
||||
Is this correct? (y/N)
|
||||
</pre>
|
||||
|
||||
Type `y` to confirm your choice.
|
||||
|
||||
Now `gpg` is going to ask you to create a user id to indetify this key.
|
||||
Use some test data for now.
|
||||
User input is in bold, feel free to follow along or to put your own test data in.
|
||||
|
||||
Once you are more comfortable with the tools,
|
||||
then you can create a public/private keypair that you will keep for some time.
|
||||
|
||||
<pre class="terminal">
|
||||
GnuPG needs to construct a user ID to identify your key.
|
||||
|
||||
Real name: <b>Mr. Tester</b>
|
||||
Email address: <b>test@test.org</b>
|
||||
Comment: <b>for testing only</b>
|
||||
You selected this USER-ID:
|
||||
"Mr. Tester (for testing only) <test@test.org>"
|
||||
|
||||
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? <b>O</b>
|
||||
</pre>
|
||||
|
||||
It will then ask you for a password.
|
||||
If you are simply using this for test purposes,
|
||||
then you can feel free to set it to something like "test".
|
||||
When create a long-term use pulbic key make sure to make the password *very* secure.
|
||||
|
||||
During the process of creating your key, `gpg` may warn you with this message:
|
||||
|
||||
<pre class="terminal">
|
||||
We need to generate a lot of random bytes. It is a good idea to perform
|
||||
some other action (type on the keyboard, move the mouse, utilize the
|
||||
disks) during the prime generation; this gives the random number
|
||||
generator a better chance to gain enough entropy.
|
||||
</pre>
|
||||
|
||||
If this happens, feel free to smash your keyboard (lightly),
|
||||
watch a YouTube video on the machine,
|
||||
browse the web with [w3m](http://w3m.sourceforge.net/),
|
||||
etc. until the key is generated.
|
||||
|
||||
You will know it is done when you see this message (or something similar):
|
||||
|
||||
<pre class="terminal">
|
||||
gpg: key EACCC490291EA7CE marked as ultimately trusted
|
||||
gpg: revocation certificate stored as '/home/tait/.config/gnupg/openpgp-revocs.d/FFA7D7525C6546983F1152D8EACCC490291EA7CE.rev'
|
||||
public and secret key created and signed.
|
||||
|
||||
pub rsa2048 2020-04-06 [SC] [expires: 2020-04-07]
|
||||
FFA7D7525C6546983F1152D8EACCC490291EA7CE
|
||||
uid Mr. Tester (for testing only) <test@test.org>
|
||||
sub rsa2048 2020-04-06 [E] [expires: 2020-04-07]
|
||||
</pre>
|
||||
|
||||
Tada! You have your own public/private keypair!
|
||||
|
||||
Sharing a keypair that will expire soon is not a good idea,
|
||||
however, if you are ready, then you can use this command to generate a public key file to share with others.
|
||||
|
||||
Feel free to substitute "Mr. Tester" for any other identifying part of your key.
|
||||
Remember that to use the email, you must enclose it in < and >.
|
||||
|
||||
<pre class="terminal">
|
||||
$ gpg --export --armour "Mr. Tester" > public-key.asc
|
||||
</pre>
|
||||
|
||||
To use the email as the identifier:
|
||||
<pre class="terminal">
|
||||
$ gpg --export --armour "<test@test.org>" > public-key.asc
|
||||
</pre>
|
||||
|
||||
## Step 2: Import Public Key
|
||||
|
||||
This list of keys that `gpg` keeps on tap so to speak, is called our "keyring".
|
||||
Your will need to import a new public key to encrypt files with `gpg`.
|
||||
|
||||
If you already created your own public key, then this step is not necessary unless you want to also encrypt something for me :)
|
||||
|
||||
<figure>
|
||||
<img src="/assets/img/keyring.jpg" alt="A keyring holding eight allen keys.">
|
||||
<figcaption>
|
||||
A keyring holding eight allen keys.
|
||||
</figcaption>
|
||||
</figure>
|
||||
|
||||
To import a public key to use for encrypting files, use the `--import` option of `gpg`. Like so:
|
||||
|
||||
<pre class="terminal">
|
||||
$ gpg --import public-key.asc
|
||||
gpg: key 64FB4E386953BEAD: public key "Tait Hoyem <tait.hoyem@protonmail.com>" imported
|
||||
gpg: Total number processed: 1
|
||||
gpg: imported: 1
|
||||
</pre>
|
||||
|
||||
Now that we have imported a public key, we can make a message to send!
|
||||
|
||||
## Step 3: Have A Message To Encrypt
|
||||
|
||||
We can make a new file which holds some important, secret data.
|
||||
Feel free to use a graphical editor if you have one, if not, `nano` works alright too.
|
||||
Feel free to encrypt this and send it to me to see if it works!
|
||||
|
||||
<pre class="terminal">
|
||||
Rules Of A Good Life:
|
||||
|
||||
1. Wash your hands!
|
||||
2. Work hard!
|
||||
3. Be firm.
|
||||
5. Have good friends!
|
||||
</pre>
|
||||
|
||||
Save this file as something like `test-pgp.txt`, and we'll use that name later :)
|
||||
|
||||
## Step 4: Encrypt A Message
|
||||
|
||||
Now that we have a message to send and person to send to,
|
||||
all we have to do is encrypt this message and it'll be on its merry way!
|
||||
To do so, we must specify two new options to `gpg`.
|
||||
|
||||
The first is `--recipient`.
|
||||
This tells `gpg` to encrypt using a certina public key that we have in our keyring.
|
||||
We can use the person's name, email address, or the key's uid.
|
||||
|
||||
The second is `--encrypt`.
|
||||
Put the file name after this option.
|
||||
|
||||
We will also specify the `--armour` option to use ASCII armoured files.
|
||||
|
||||
### On With It!
|
||||
|
||||
Ok, yes!
|
||||
Let's encrypt our document now.
|
||||
|
||||
We will be using my name to identify the key.
|
||||
In the very strange case you have two keys in your keyring named after me, this will fail...
|
||||
But at that point I have other questions.
|
||||
|
||||
This is the big one!
|
||||
|
||||
<pre class="terminal">
|
||||
$ gpg --recipient "Tait Hoyem" --encrypt --armour test-gpg.txt
|
||||
</pre>
|
||||
|
||||
"But there is no output!" you might say!
|
||||
Yes, that is because our new (encrypted) file has already been saved.
|
||||
Let's look at it with cat.
|
||||
|
||||
<pre class="terminal">
|
||||
$ cat test-gpg.txt.asc
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA2mJuYb8vkIlAQ/9FDmXJgW2vI7p9sznKvHhQk7uTZvoWC3hCeqHoO3BSElP
|
||||
XR1BNAkJ+bykB30M+9u+XDyRtTwazjvNPmYfQnIh0Q+BQZigDWbEd1R47jbzm7Tu
|
||||
0eZKKapgEidfecULtaECX1sR3qPt1m9oZjyUR1rzNd8tezZlCu2pjdNZrkta2Bdm
|
||||
Hh1xDS43Bw7PMQqraJsHwqr0M1GLDbMzPes2ZU5y4jEmXZ0PZdJ7kgjR8dvhLBfi
|
||||
MU+4kYnnemQEztXBOjKidhyOntKiLjenvD00tVHrOuQoWuWCHGiqR24qSwVjeb9G
|
||||
079gqH1VWi3fk2cwFA9f3TLvJqUwatyE0Hcba0U1d2Voz/C9JEQjT6FHuaCqQL6b
|
||||
p7B7m2DwpywFGJpAn6ksrEYqHaLVWiEGmdMmHYuHxMw8+cqoSwbYymCZTwMBAuJe
|
||||
Pr1VO9uNo+Vj5r8IX7ACcSsrjf0XkVzfX6ySsPbyOlGXnwzWSOM3Dk2Z9MqDORbj
|
||||
0/7vJTnDctPuc91Rlp3YnJlZKWMcNfPMKMtvpljd2XuVwub+C4vGWXa9XLbRXmJo
|
||||
cnEFT6SB11AKjytE2Urt62CCrYjJPBneabxbCztnBs+vQSx7Fj0LK6v4Euik/Xm/
|
||||
9aKmZZW8306c9Zwgpp9glWjLMCDNxJRGdKRjZsnkt9hOEYsP1irTegystK6u4eHS
|
||||
mwHX931ENOJsnPfQZCZ9b41Q9doZQ/N/WHstQO8MtA3HIN1sW3wYkGzOLKj4gJfm
|
||||
bqR/TzQmXyLT1xZa+/yTscaV0P4OlI4vcii/k4DgeSeQVWp9o9DbZFxSCsdYVvPu
|
||||
jaDMzZnIKoax1GFz/coUAHFQub2rLzaQ5DDbvrkX++UrAjuUtRcSFH0TKhahZmCF
|
||||
nv117moLfK22Mst/
|
||||
=bw8T
|
||||
-----END PGP MESSAGE-----
|
||||
</pre>
|
||||
|
||||
## Step 5: Finale!
|
||||
|
||||
Ladies and gentleman, we have done it!
|
||||
We have encrypted our very own document.
|
||||
|
||||
Feel free to send it to [my email (tait@tait.tech)](mailto:tait@tait.tech).
|
||||
I am happy to verify if it worked.
|
||||
|
||||
For more information on this subject, check out [gnugp.org's guide](https://www.gnupg.org/gph/en/manual/c14.html) on using GPG.
|
||||
They are the ones that make these tools available,
|
||||
and the [GNU Project](https://www.gnu.org/) has been instrumental in creating the open-source world as it exists today.
|
||||
|
@ -0,0 +1,2 @@
|
||||
<footer>
|
||||
</footer>
|
@ -0,0 +1,146 @@
|
||||
---
|
||||
title: "How Asymetric Encryption Works"
|
||||
layout: post
|
||||
author: tait
|
||||
---
|
||||
In a few previous articles I have explained [why encryption may be important to you](/2020/01/26/rsa1.html) and [how the theory behind encryption works](/2020/02/19/rsa2.html). I did not yet explain the system of asymetric cryptography, however. That is what this article is for.
|
||||
|
||||
Previously, we talked about how *symetric* encryption works. This is by having a shared key that both parties use to simultaniously encrypt, and decrypt the data. (See Ceasar Cipher for example).
|
||||
|
||||
## Public-key, or Asymetric Encryption
|
||||
|
||||
Asymetric encryption is based on the idea of having multiple keys instead of only one shared key.
|
||||
For example: instead of encrypting with one key, and decrypting with that same key (like our ROT ciphers we talked about previously), we can use one key to *encrypt* the information, and a different key to *decrypt* the information.
|
||||
|
||||
<figure>
|
||||
<img src="/assets/img/alice-to-bob.png" alt="Alice sending her message to Bob using Bob's public key. Bob decrypts the message with his private key.">
|
||||
<figcaption>
|
||||
Alice sending her message to Bob using Bob's public key. Bob decrypts the message with his private key.
|
||||
</figcaption>
|
||||
</figure>
|
||||
|
||||
In the picture above, see how Alice uses Bob's public key to encrypt some data,
|
||||
then sends it to Bob for him to decrypt with his private key?
|
||||
That is the essense of public-key encryption.
|
||||
|
||||
The great thing about public-key encryption is that your public key is *public*! There is no need to be afraid of sending this everywhere!
|
||||
You can attach it at the end of all your emails, the end of your forum posts, [a link to it on your low-power webserver](/public-key.asc) (wink).
|
||||
There are even things called [keyservers](http://keys.gnupg.net/) that will save your public key on them for retrival in case somebody wants to verify your public key.
|
||||
|
||||
Anything encrypted with your public key can only be decrypted with your private key.
|
||||
Provided you never, *NEVER* share your private key with anyone ever, we can assume that all messages sent to you encrypted with your public key will never be read by anyone else.
|
||||
|
||||
Asymetric encryption, however, often contains four keys instead of two. Why is this?
|
||||
|
||||
#### Verification of Author
|
||||
|
||||
One interesting thing about keys pairs is that not only can the private key decrypt anything the public key encrypts,
|
||||
but the public key can decrypt anything the private key encrypts.
|
||||
|
||||
Now why would one want to encrypt a message that can be decrypted by anyone?
|
||||
|
||||
<figure>
|
||||
<img src="/assets/img/alice-sign-to-bob.png" alt="Alice sending a message to bob which is 'signed' with her private key. This allows Bob to know only Alice could have sent it!">
|
||||
<figcaption>
|
||||
Alice sending a message to bob which is 'signed' with her private key. This allows Bob to know only Alice could have sent it!
|
||||
<br>
|
||||
<br>
|
||||
Note: Although the picture shows otherwise, the text is not sent in the plain. It is encrypted with Alice's private key.
|
||||
</figcaption>
|
||||
</figure>
|
||||
|
||||
This is how you can verify that the person who says they wrote the message really did indeed write the message!
|
||||
If their private key was never shared with anyone else, then the message must have come from them!
|
||||
|
||||
For maximum security, these methods are often layered.
|
||||
First, signing with the sender's private key,
|
||||
ensuring only they could have sent it---
|
||||
then encrypted with the recipient's pulbic key,
|
||||
making sure only the reciever can read it.
|
||||
|
||||
Note that both sides must first have eachother's public keys to do this.
|
||||
This is easy if they communicate often, but when first contacting somebody,
|
||||
people will generally send their encrypted message along with the their own pulbic key attached in a seperate file.
|
||||
|
||||
### What This Means
|
||||
|
||||
Notice neither Alice nor Bob had to share any comprimsing information over the network?
|
||||
This is why public-key encryption is so powerful!
|
||||
|
||||
Alice and Bob can both safely send their public keys in the open.
|
||||
They can even send them over the insecure HTTP, or FTP protocols.
|
||||
|
||||
Whilst not sending any encryption-breaking messages,
|
||||
Alice and Bob now have a way to communicate securely.
|
||||
If you trust nothing and no one, this is your perfered method of security.
|
||||
|
||||
|
||||
Check out this [Computerphile video](https://www.youtube.com/watch?v=GSIDS_lvRv4) if you want the simplified explaination.
|
||||
|
||||
### The Algorithms
|
||||
|
||||
The two biggest "implementations" of public-key cryptography vary only in the mathamatical equations used to generate the numbers,
|
||||
and how the numbers are ["trapdoored"](https://en.wikipedia.org/wiki/Trapdoor_function) to decrypt if you have the correct key.
|
||||
|
||||
I will discuss the differences in approach here.
|
||||
If you want to skip to the next article where I show you how to encrypt your own documents using RSA, see [this link](/2020/04/06/rsa4.html).
|
||||
|
||||
### RSA
|
||||
|
||||
The mathamatic center of the RSA system was developed over the course of a year or so.
|
||||
Three men were involved. Ron Rivest, Adi Shamir, and Leonard Aldeman.
|
||||
They worked as a kind of "team": Each idea by Rivest and Shamir were critisized by the mathamatician on their team: Mr. Aldeman.
|
||||
|
||||
One night, after consuming
|
||||
["liberal quantities of Manischewitz wine"](https://www.math.uchicago.edu/~may/VIGRE/VIGRE2007/REUPapers/FINALAPP/Calderbank.pdf)
|
||||
Rivest had trouble sleeping.
|
||||
After taking long gazes into the abyss of his math textbook, he came up with an idea which would change cryptography forever.
|
||||
By the next morning, an academic mathamatical paper was nearly finished.
|
||||
He named it after himself and the two others that had been helping him along this whole time. *Rivest, Shamir, Aldeman*.
|
||||
|
||||
Key sizes of RSA range from 1024-bit to 4096-bit.
|
||||
1024-bit keys are considered somewhat insecure.
|
||||
However,
|
||||
it should be noted that every bit doubles the complexity of the key,
|
||||
so 2048 is [2^1024](https://www.wolframalpha.com/input/?i=2%5E1024) times more complex than 1024.
|
||||
|
||||
### Eliptic-Curve (EC)
|
||||
|
||||
Eliptic-Curve (EC) is a family of algorithms that use the [Eliptic curve](https://en.wikipedia.org/wiki/Elliptic_curve) mathamatical structure to generate the numbers for the keys.
|
||||
EC can effectivly provide the security of an RSA key [one order of magnitude larger](https://www.youtube.com/watch?v=NF1pwjL9-DE) than an RSA key.
|
||||
|
||||
<figure>
|
||||
<img src="/assets/img/ec.png" alt="A picture of an eliptic curve." class="small-image">
|
||||
<figcaption>
|
||||
An eliptic curve structure.
|
||||
</figcaption>
|
||||
</figure>
|
||||
|
||||
It's fast; it's secure! Perfect right?
|
||||
|
||||
Of course not!
|
||||
|
||||
One problem is that due to the smaller key size,
|
||||
it can more easily be broken by brute-force.
|
||||
This is why EC is mostly used for temporary communication (like HTTPS), not permenant communication (like having an encrypted email conversation with a journalist).
|
||||
|
||||
The other problem is that a certain EC algrorithm called P-256 is suspected to be introduced with malice to National Institute of Standards and Technology (NIST)
|
||||
[by the NSA](https://www.schneier.com/essays/archives/2007/11/did_nsa_put_a_secret.html).
|
||||
Supposedly, the NSA is able to crack anything encrypted with this algorithm.
|
||||
I will let the experts argure about that.
|
||||
|
||||
Other well-known EC algorithms that are more-or-less trusted as secure do exist though.
|
||||
The premeire one being Curve25519.
|
||||
The reference implementation of [this algrorithm](https://cr.yp.to/ecdh.html) is also [public-domain](https://fairuse.stanford.edu/overview/public-domain/welcome/),
|
||||
so it is easy for devlopers to work into their own applications without worrying about copywrite.
|
||||
|
||||
## Conslusion
|
||||
|
||||
In this article we went over some basic points:
|
||||
|
||||
1. Public-key encryption enables secure communication over insecure networks.
|
||||
2. RSA is considered the standard for extra-seure communication.
|
||||
3. EC is a newer, faster, more transient encryption method.
|
||||
|
||||
To learn how to use RSA keys to encrypt your own communications, check out [this other aritcle I wrote](/2020/04/06/rsa4.html).
|
||||
|
@ -0,0 +1,345 @@
|
||||
---
|
||||
title: How To Encrypt Your Own Documents Using gpg
|
||||
layout: post
|
||||
author: tait
|
||||
---
|
||||
|
||||
If you have ever wanted to garuntee the utmost security of your emails and documents, then this is the guide for you!
|
||||
It should be noted that in some circles the tools used are more common than in others.
|
||||
These are the everyday tools of many privacy advocates and computer nerds.
|
||||
|
||||
If you have never used Linux however, then the method of doing this will be rather unfamiliar.
|
||||
This tutorial will be done on an [Arch Linux](https://archlinux.org/) machine,
|
||||
but it should be the same on Ubuntu, Fedora, CentOS, Debian,
|
||||
OpenBSD, FreeBSD, MacOSX, etc.
|
||||
The only operating system that does not include these tools by default (or easily accessible) is Windows.
|
||||
|
||||
This tutorial makes heavy use of the terminal.
|
||||
You have been warned.
|
||||
|
||||
*Let us...begin!*
|
||||
|
||||
## Glossary
|
||||
|
||||
* [**ASCII armour**](https://en.wikipedia.org/wiki/Binary-to-text_encoding#ASCII_armor) --- A way to encode **OpenPGP** documents so they are readable by humans. These files end in .asc
|
||||
* **(Open)PGP** --- An open standard for encoding pulbic keys and encrypted documents.
|
||||
* **GPG** --- GNUPrivacyGaurd is an implementation of **OpenPGP**. It is installed by default on most Linux distrobutions.
|
||||
|
||||
## Step 0: Setup
|
||||
|
||||
We will be using the utility `gpg` for this tutorial.
|
||||
|
||||
The other thing to note: The character '$' (dollar sign) is usually not typed when shown in a command.
|
||||
It simply indicates that you do not need administrative privilages to run these commands.
|
||||
|
||||
Test to see if you get this output in your terminal.
|
||||
|
||||
<pre class="terminal">
|
||||
$ gpg --version
|
||||
|
||||
gpg (GnuPG) 2.2.20
|
||||
libgcrypt 1.8.5
|
||||
Copyright (C) 2020 Free Software Foundation, Inc.
|
||||
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
|
||||
|
||||
...
|
||||
</pre>
|
||||
|
||||
If this is not successful look into how to install these tools on your system.
|
||||
|
||||
## Step 1: Get/Create A Public Key!
|
||||
|
||||
### Get Somebody Else's
|
||||
Step one is having somebody to send your encrypted message to. Maybe this is a friend, a journalist, or a whistleblower.
|
||||
|
||||
To encrypt a document with somebody's public key, you need to first obtain it.
|
||||
My public key is available [at this link](/public-key.asc), and you can use it to send me encrypted stuff.
|
||||
|
||||
If you are on a linux terminal, you can use the `curl` or `wget` command to download it.
|
||||
|
||||
wget:
|
||||
<pre class="terminal">
|
||||
$ wget https://tait.tech/public-key.asc
|
||||
</pre>
|
||||
|
||||
Curl:
|
||||
<pre class="terminal">
|
||||
$ curl https://tait.tech/public-key.asc -o public-key.asc
|
||||
</pre>
|
||||
|
||||
### Make Your Own (optional)
|
||||
|
||||
The following section is quite long,
|
||||
so if you don't want to create your own keypair,
|
||||
then feel free to skip to [Step #2](#step-2-import-public-key).
|
||||
|
||||
If you want to encrypt your own documents,
|
||||
or you want others to be able to send you encrypted messages,
|
||||
then you can create your own public/private key pair.
|
||||
You can use these to encrypt your documents,
|
||||
and you can send our public key to others so that they can securely communicate with yourself.
|
||||
|
||||
Run the following command in your terminal, and follow the steps I outline to get you started.
|
||||
|
||||
<pre class="terminal">
|
||||
$ gpg --full-gen-key
|
||||
</pre>
|
||||
|
||||
This will produce the following dialog:
|
||||
|
||||
<pre class="terminal">
|
||||
gpg (GnuPG) 2.2.20; Copyright (C) 2020 Free Software Foundation, Inc.
|
||||
This is free software: you are free to change and redistribute it.
|
||||
There is NO WARRANTY, to the extent permitted by law.
|
||||
|
||||
Please select what kind of key you want:
|
||||
(1) RSA and RSA (default)
|
||||
(2) DSA and Elgamal
|
||||
(3) DSA (sign only)
|
||||
(4) RSA (sign only)
|
||||
(14) Existing key from card
|
||||
Your selection?
|
||||
</pre>
|
||||
|
||||
Select the option `1`. You want two keys, both RSA.
|
||||
|
||||
Next we will select the key size:
|
||||
<pre class="terminal">
|
||||
RSA keys may be between 1024 and 4096 bits long.
|
||||
What keysize do you want? (2048)
|
||||
</pre>
|
||||
|
||||
Type the number 2048.
|
||||
|
||||
Next it will ask you how long you want the key to be valid.
|
||||
|
||||
<pre class="terminal">
|
||||
Requested keysize is 2048 bits
|
||||
Please specify how long the key should be valid.
|
||||
0 = key does not expire
|
||||
<n> = key expires in n days
|
||||
<n>w = key expires in n weeks
|
||||
<n>m = key expires in n months
|
||||
<n>y = key expires in n years
|
||||
Key is valid for? (0)
|
||||
</pre>
|
||||
|
||||
Type the number 1. This will enable you time to test it,
|
||||
but it will make the key expire within 24 hours so that if you accidentally
|
||||
share your private key, or delete your VM and no longer have access to it, you will be fine.
|
||||
|
||||
It will ask your if you are sure about the expiry date.
|
||||
|
||||
<pre class="terminal">
|
||||
Key expires at Tue Apr 7 02:24:23 2020 UTC
|
||||
Is this correct? (y/N)
|
||||
</pre>
|
||||
|
||||
Type `y` to confirm your choice.
|
||||
|
||||
Now `gpg` is going to ask you to create a user id to indetify this key.
|
||||
Use some test data for now.
|
||||
User input is in bold, feel free to follow along or to put your own test data in.
|
||||
|
||||
Once you are more comfortable with the tools,
|
||||
then you can create a public/private keypair that you will keep for some time.
|
||||
|
||||
<pre class="terminal">
|
||||
GnuPG needs to construct a user ID to identify your key.
|
||||
|
||||
Real name: <b>Mr. Tester</b>
|
||||
Email address: <b>test@test.org</b>
|
||||
Comment: <b>for testing only</b>
|
||||
You selected this USER-ID:
|
||||
"Mr. Tester (for testing only) <test@test.org>"
|
||||
|
||||
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? <b>O</b>
|
||||
</pre>
|
||||
|
||||
It will then ask you for a password.
|
||||
If you are simply using this for test purposes,
|
||||
then you can feel free to set it to something like "test".
|
||||
When create a long-term use pulbic key make sure to make the password *very* secure.
|
||||
|
||||
During the process of creating your key, `gpg` may warn you with this message:
|
||||
|
||||
<pre class="terminal">
|
||||
We need to generate a lot of random bytes. It is a good idea to perform
|
||||
some other action (type on the keyboard, move the mouse, utilize the
|
||||
disks) during the prime generation; this gives the random number
|
||||
generator a better chance to gain enough entropy.
|
||||
</pre>
|
||||
|
||||
If this happens, feel free to smash your keyboard (lightly),
|
||||
watch a YouTube video on the machine,
|
||||
browse the web with [w3m](http://w3m.sourceforge.net/),
|
||||
etc. until the key is generated.
|
||||
|
||||
You will know it is done when you see this message (or something similar):
|
||||
|
||||
<pre class="terminal">
|
||||
gpg: key EACCC490291EA7CE marked as ultimately trusted
|
||||
gpg: revocation certificate stored as '/home/tait/.config/gnupg/openpgp-revocs.d/FFA7D7525C6546983F1152D8EACCC490291EA7CE.rev'
|
||||
public and secret key created and signed.
|
||||
|
||||
pub rsa2048 2020-04-06 [SC] [expires: 2020-04-07]
|
||||
FFA7D7525C6546983F1152D8EACCC490291EA7CE
|
||||
uid Mr. Tester (for testing only) <test@test.org>
|
||||
sub rsa2048 2020-04-06 [E] [expires: 2020-04-07]
|
||||
</pre>
|
||||
|
||||
Tada! You have your own public/private keypair!
|
||||
|
||||
Sharing a keypair that will expire soon is not a good idea,
|
||||
however, if you are ready, then you can use this command to generate a public key file to share with others.
|
||||
|
||||
Feel free to substitute "Mr. Tester" for any other identifying part of your key.
|
||||
Remember that to use the email, you must enclose it in < and >.
|
||||
|
||||
<pre class="terminal">
|
||||
$ gpg --export --armour "Mr. Tester" > public-key.asc
|
||||
</pre>
|
||||
|
||||
To use the email as the identifier:
|
||||
<pre class="terminal">
|
||||
$ gpg --export --armour "<test@test.org>" > public-key.asc
|
||||
</pre>
|
||||
|
||||
## Step 2: Import Public Key
|
||||
|
||||
This list of keys that `gpg` keeps on tap so to speak, is called our "keyring".
|
||||
Your will need to import a new public key to encrypt files with `gpg`.
|
||||
|
||||
If you already created your own public key, then this step is not necessary unless you want to also encrypt something for me :)
|
||||
|
||||
<figure>
|
||||
<img src="/assets/img/keyring.jpg" alt="A keyring holding eight allen keys.">
|
||||
<figcaption>
|
||||
A keyring holding eight allen keys.
|
||||
</figcaption>
|
||||
</figure>
|
||||
|
||||
To import a public key to use for encrypting files, use the `--import` option of `gpg`. Like so:
|
||||
|
||||
<pre class="terminal">
|
||||
$ gpg --import public-key.asc
|
||||
gpg: key 64FB4E386953BEAD: public key "Tait Hoyem <tait.hoyem@protonmail.com>" imported
|
||||
gpg: Total number processed: 1
|
||||
gpg: imported: 1
|
||||
</pre>
|
||||
|
||||
Now that we have imported a public key, we can make a message to send!
|
||||
|
||||
## Step 3: Have A Message To Encrypt
|
||||
|
||||
You can make a new file which holds some important, secret data.
|
||||
Feel free to use a graphical editor if you have one, if not, `nano` works alright too.
|
||||
|
||||
<pre class="terminal">
|
||||
Rules Of A Good Life:
|
||||
|
||||
1. Wash your hands!
|
||||
2. Work hard!
|
||||
3. Be firm.
|
||||
5. Have good friends!
|
||||
</pre>
|
||||
|
||||
Save this file as something like `test-pgp.txt`, and we'll use that name later.
|
||||
|
||||
## Step 4: Encrypt A Message
|
||||
|
||||
Now that we have a message to send and person to send to,
|
||||
all we have to do is encrypt this message and it'll be on its merry way!
|
||||
To do so, we must specify two new options to `gpg`.
|
||||
|
||||
The first is `--recipient`.
|
||||
This tells `gpg` to encrypt using a certin public key that we have in our keyring.
|
||||
You can use the person's name, email address, or the key's uid.
|
||||
|
||||
The second is `--encrypt`.
|
||||
|
||||
You will also specify the `--armour` option to use ASCII armoured files. Put this option after `--encrypt`, and put the file name after `--armour`. See below.
|
||||
|
||||
You can either use your own public key name to encrypt a document (allowng only you to decrypt it),
|
||||
or you can use my public key that we imported earlier (allowing only me to decrypt it).
|
||||
Either way works fine.
|
||||
|
||||
This is the big one!
|
||||
|
||||
<pre class="terminal">
|
||||
$ gpg --recipient "Tait Hoyem" --encrypt --armour test-gpg.txt
|
||||
</pre>
|
||||
|
||||
"But there is no output!" you might say!
|
||||
Yes, that is because our new (encrypted) file has already been saved.
|
||||
Let's look at it with cat.
|
||||
|
||||
<pre class="terminal">
|
||||
$ cat test-gpg.txt.asc
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA2mJuYb8vkIlAQ/9FDmXJgW2vI7p9sznKvHhQk7uTZvoWC3hCeqHoO3BSElP
|
||||
XR1BNAkJ+bykB30M+9u+XDyRtTwazjvNPmYfQnIh0Q+BQZigDWbEd1R47jbzm7Tu
|
||||
0eZKKapgEidfecULtaECX1sR3qPt1m9oZjyUR1rzNd8tezZlCu2pjdNZrkta2Bdm
|
||||
Hh1xDS43Bw7PMQqraJsHwqr0M1GLDbMzPes2ZU5y4jEmXZ0PZdJ7kgjR8dvhLBfi
|
||||
MU+4kYnnemQEztXBOjKidhyOntKiLjenvD00tVHrOuQoWuWCHGiqR24qSwVjeb9G
|
||||
079gqH1VWi3fk2cwFA9f3TLvJqUwatyE0Hcba0U1d2Voz/C9JEQjT6FHuaCqQL6b
|
||||
p7B7m2DwpywFGJpAn6ksrEYqHaLVWiEGmdMmHYuHxMw8+cqoSwbYymCZTwMBAuJe
|
||||
Pr1VO9uNo+Vj5r8IX7ACcSsrjf0XkVzfX6ySsPbyOlGXnwzWSOM3Dk2Z9MqDORbj
|
||||
0/7vJTnDctPuc91Rlp3YnJlZKWMcNfPMKMtvpljd2XuVwub+C4vGWXa9XLbRXmJo
|
||||
cnEFT6SB11AKjytE2Urt62CCrYjJPBneabxbCztnBs+vQSx7Fj0LK6v4Euik/Xm/
|
||||
9aKmZZW8306c9Zwgpp9glWjLMCDNxJRGdKRjZsnkt9hOEYsP1irTegystK6u4eHS
|
||||
mwHX931ENOJsnPfQZCZ9b41Q9doZQ/N/WHstQO8MtA3HIN1sW3wYkGzOLKj4gJfm
|
||||
bqR/TzQmXyLT1xZa+/yTscaV0P4OlI4vcii/k4DgeSeQVWp9o9DbZFxSCsdYVvPu
|
||||
jaDMzZnIKoax1GFz/coUAHFQub2rLzaQ5DDbvrkX++UrAjuUtRcSFH0TKhahZmCF
|
||||
nv117moLfK22Mst/
|
||||
=bw8T
|
||||
-----END PGP MESSAGE-----
|
||||
</pre>
|
||||
|
||||
## Step 5: Decryption (optional)
|
||||
|
||||
If you created your own public/private keypair in step 1,
|
||||
and you encryped using `--recipient "Your Test Name"`,
|
||||
then you can decrypt your document as well!
|
||||
|
||||
You will need to specify `--decrypt`, and that's all folks!
|
||||
|
||||
<pre class="terminal">
|
||||
$ gpg --decrypt test-gpg.txt.asc
|
||||
</pre>
|
||||
|
||||
A password dialog will then come up asking for your previously created password.
|
||||
As long as you remember your password from before and enter it correctly: voila!
|
||||
|
||||
<pre class="terminal">
|
||||
gpg: encrypted with 4096-bit RSA key, ID 6989B986FCBE4225, created 2020-01-02
|
||||
"Tait Hoyem <tait.hoyem@protonmail.com>"
|
||||
Rules Of A Good Life:
|
||||
|
||||
1. Wash your hands!
|
||||
2. Work hard!
|
||||
3. Be firm.
|
||||
5. Have good friends!
|
||||
</pre>
|
||||
|
||||
## Step 6: Finale!
|
||||
|
||||
Ladies and gentleman, you have done it!
|
||||
You have encrypted our very own document.
|
||||
(And maybe even decrypted it yourself too :)
|
||||
|
||||
If you encrypted using my public key,
|
||||
feel free to send it to [my email](mailto:tait@tait.tech).
|
||||
I am happy to verify if it worked.
|
||||
|
||||
For more information on this subject, check out [gnugp.org's guide](https://www.gnupg.org/gph/en/manual/c14.html) on using GPG.
|
||||
They are the ones that make these tools available,
|
||||
and the [GNU Project](https://www.gnu.org/) has been instrumental in creating the open-source world as it exists today.
|
||||
Give 'em some love, eh!
|
||||
|
||||
Thank you so much for sticking through this whole thing!
|
||||
Let me know if there is anything that doesn't make sense.
|
||||
I am happy to improve this guide as time goes on if that is necessary.
|
||||
|
||||
Happy hacking :)
|
@ -0,0 +1,349 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<title>How To Encrypt Your Own Documents Using gpg</title>
|
||||
<link rel="stylesheet" href="/assets/css/style.css">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
</head>
|
||||
<body>
|
||||
<div id="wrapper">
|
||||
<nav>
|
||||
<input type="checkbox" id="menu">
|
||||
<label for="menu">☰</label>
|
||||
<div class="menu-content">
|
||||
|
||||
<a href="/" class="nav-link" >Home</a>
|
||||
|
||||
<a href="/blog/" class="nav-link" >Blog</a>
|
||||
|
||||
<a href="https://github.com/TTWNO/" class="nav-link" target="_blank" rel="noopener noreferrer" >Code</a>
|
||||
|
||||
<a href="/links/" class="nav-link" >Links</a>
|
||||
|
||||
</div>
|
||||
</nav>
|
||||
|
||||
<h1>How To Encrypt Your Own Documents Using gpg</h1>
|
||||
<h4 class="post-date line-under"></h4>
|
||||
|
||||
<div class="article">
|
||||
If you have ever wanted to garuntee the utmost security of your emails and documents, then this is the guide for you!
|
||||
It should be noted that in some circles the tools used are more common than in others.
|
||||
These are the everyday tools of many privacy advocates and computer nerds.
|
||||
|
||||
If you have never used Linux however, then the method of doing this will be rather unfamiliar.
|
||||
This tutorial will be done on an [Arch Linux](https://archlinux.org/) machine,
|
||||
but it should be the same on Ubuntu, Fedora, CentOS, Debian,
|
||||
OpenBSD, FreeBSD, MacOSX, etc.
|
||||
The only operating system that does not include these tools by default (or easily accessible) is Windows.
|
||||
|
||||
*Let us...begin!*
|
||||
|
||||
## Glossary
|
||||
|
||||
* [**ASCII armour**](https://en.wikipedia.org/wiki/Binary-to-text_encoding#ASCII_armor) --- A way to encode **OpenPGP** documents so they are readable by humans. These files end in .asc
|
||||
* **(Open)PGP** --- An open standard for encoding pulbic keys and encrypted documents.
|
||||
* **GPG** --- GNUPrivacyGaurd is an implementation of **OpenPGP**. It is installed by default on most Linux distrobutions.
|
||||
|
||||
## Step 0: Setup
|
||||
|
||||
We will be using the utility `gpg` for this tutorial.
|
||||
|
||||
The other thing to note: The character '$' (dollar sign) is usually not typed when shown in a command.
|
||||
It simply indicates that you do not need administrative privilages to run these commands.
|
||||
|
||||
Test to see if you get this output in your terminal.
|
||||
|
||||
<pre class="terminal">
|
||||
$ gpg --version
|
||||
|
||||
gpg (GnuPG) 2.2.20
|
||||
libgcrypt 1.8.5
|
||||
Copyright (C) 2020 Free Software Foundation, Inc.
|
||||
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
|
||||
|
||||
...
|
||||
</pre>
|
||||
|
||||
If this is not successful look into how to install these tools on your system.
|
||||
|
||||
## Step 1: Get/Create A Public Key!
|
||||
|
||||
### Get Somebody Else's
|
||||
Step one is having somebody to send your encrypted message to. Maybe this is a friend, a journalist, or a whistleblower.
|
||||
|
||||
To encrypt a document with somebody's public key, you need to first obtain it.
|
||||
My public key is available [at this link](/public-key.asc), and you can use it to send me encrypted stuff.
|
||||
|
||||
If you are on a linux terminal, you can use the `curl` or `wget` command to download it.
|
||||
|
||||
wget:
|
||||
<pre class="terminal">
|
||||
$ wget https://tait.tech/public-key.asc
|
||||
</pre>
|
||||
|
||||
Curl:
|
||||
<pre class="terminal">
|
||||
$ curl https://tait.tech/public-key.asc -o public-key.asc
|
||||
</pre>
|
||||
|
||||
### Make Your Own (optional)
|
||||
|
||||
The following section is quite long,
|
||||
so if you don't want to create your own keypair,
|
||||
then feel free to skip to [Step #2](#step-2-import-public-key).
|
||||
|
||||
If you want to encrypt your own documents,
|
||||
or you want others to be able to send you encrypted messages,
|
||||
then you can create your own public/private key pair.
|
||||
You can use these to encrypt your documents,
|
||||
and you can send our public key to others so that they can securely communicate with yourself.
|
||||
|
||||
Run the following command in your terminal, and follow the steps I outline to get you started.
|
||||
|
||||
<pre class="terminal">
|
||||
$ gpg --full-gen-key
|
||||
</pre>
|
||||
|
||||
This will produce the following dialog:
|
||||
|
||||
<pre class="terminal">
|
||||
gpg (GnuPG) 2.2.20; Copyright (C) 2020 Free Software Foundation, Inc.
|
||||
This is free software: you are free to change and redistribute it.
|
||||
There is NO WARRANTY, to the extent permitted by law.
|
||||
|
||||
Please select what kind of key you want:
|
||||
(1) RSA and RSA (default)
|
||||
(2) DSA and Elgamal
|
||||
(3) DSA (sign only)
|
||||
(4) RSA (sign only)
|
||||
(14) Existing key from card
|
||||
Your selection?
|
||||
</pre>
|
||||
|
||||
Select the option `1`. You want two keys, both RSA.
|
||||
|
||||
Next we will select the key size:
|
||||
<pre class="terminal">
|
||||
RSA keys may be between 1024 and 4096 bits long.
|
||||
What keysize do you want? (2048)
|
||||
</pre>
|
||||
|
||||
Type the number 2048.
|
||||
|
||||
Next it will ask you how long you want the key to be valid.
|
||||
|
||||
<pre class="terminal">
|
||||
Requested keysize is 2048 bits
|
||||
Please specify how long the key should be valid.
|
||||
0 = key does not expire
|
||||
<n> = key expires in n days
|
||||
<n>w = key expires in n weeks
|
||||
<n>m = key expires in n months
|
||||
<n>y = key expires in n years
|
||||
Key is valid for? (0)
|
||||
</pre>
|
||||
|
||||
Type the number 1. This will enable you time to test it,
|
||||
but it will make the key expire within 24 hours so that if you accidentally
|
||||
share your private key, or delete your VM and no longer have access to it, you will be fine.
|
||||
|
||||
It will ask your if you are sure about the expiry date.
|
||||
|
||||
<pre class="terminal">
|
||||
Key expires at Tue Apr 7 02:24:23 2020 UTC
|
||||
Is this correct? (y/N)
|
||||
</pre>
|
||||
|
||||
Type `y` to confirm your choice.
|
||||
|
||||
Now `gpg` is going to ask you to create a user id to indetify this key.
|
||||
Use some test data for now.
|
||||
User input is in bold, feel free to follow along or to put your own test data in.
|
||||
|
||||
Once you are more comfortable with the tools,
|
||||
then you can create a public/private keypair that you will keep for some time.
|
||||
|
||||
<pre class="terminal">
|
||||
GnuPG needs to construct a user ID to identify your key.
|
||||
|
||||
Real name: <b>Mr. Tester</b>
|
||||
Email address: <b>test@test.org</b>
|
||||
Comment: <b>for testing only</b>
|
||||
You selected this USER-ID:
|
||||
"Mr. Tester (for testing only) <test@test.org>"
|
||||
|
||||
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? <b>O</b>
|
||||
</pre>
|
||||
|
||||
It will then ask you for a password.
|
||||
If you are simply using this for test purposes,
|
||||
then you can feel free to set it to something like "test".
|
||||
When create a long-term use pulbic key make sure to make the password *very* secure.
|
||||
|
||||
During the process of creating your key, `gpg` may warn you with this message:
|
||||
|
||||
<pre class="terminal">
|
||||
We need to generate a lot of random bytes. It is a good idea to perform
|
||||
some other action (type on the keyboard, move the mouse, utilize the
|
||||
disks) during the prime generation; this gives the random number
|
||||
generator a better chance to gain enough entropy.
|
||||
</pre>
|
||||
|
||||
If this happens, feel free to smash your keyboard (lightly),
|
||||
watch a YouTube video on the machine,
|
||||
browse the web with [w3m](http://w3m.sourceforge.net/),
|
||||
etc. until the key is generated.
|
||||
|
||||
You will know it is done when you see this message (or something similar):
|
||||
|
||||
<pre class="terminal">
|
||||
gpg: key EACCC490291EA7CE marked as ultimately trusted
|
||||
gpg: revocation certificate stored as '/home/tait/.config/gnupg/openpgp-revocs.d/FFA7D7525C6546983F1152D8EACCC490291EA7CE.rev'
|
||||
public and secret key created and signed.
|
||||
|
||||
pub rsa2048 2020-04-06 [SC] [expires: 2020-04-07]
|
||||
FFA7D7525C6546983F1152D8EACCC490291EA7CE
|
||||
uid Mr. Tester (for testing only) <test@test.org>
|
||||
sub rsa2048 2020-04-06 [E] [expires: 2020-04-07]
|
||||
</pre>
|
||||
|
||||
Tada! You have your own public/private keypair!
|
||||
|
||||
Sharing a keypair that will expire soon is not a good idea,
|
||||
however, if you are ready, then you can use this command to generate a public key file to share with others.
|
||||
|
||||
Feel free to substitute "Mr. Tester" for any other identifying part of your key.
|
||||
Remember that to use the email, you must enclose it in < and >.
|
||||
|
||||
<pre class="terminal">
|
||||
$ gpg --export --armour "Mr. Tester" > public-key.asc
|
||||
</pre>
|
||||
|
||||
To use the email as the identifier:
|
||||
<pre class="terminal">
|
||||
$ gpg --export --armour "<test@test.org>" > public-key.asc
|
||||
</pre>
|
||||
|
||||
## Step 2: Import Public Key
|
||||
|
||||
This list of keys that `gpg` keeps on tap so to speak, is called our "keyring".
|
||||
Your will need to import a new public key to encrypt files with `gpg`.
|
||||
|
||||
If you already created your own public key, then this step is not necessary unless you want to also encrypt something for me :)
|
||||
|
||||
<figure>
|
||||
<img src="/assets/img/keyring.jpg" alt="A keyring holding eight allen keys.">
|
||||
<figcaption>
|
||||
A keyring holding eight allen keys.
|
||||
</figcaption>
|
||||
</figure>
|
||||
|
||||
To import a public key to use for encrypting files, use the `--import` option of `gpg`. Like so:
|
||||
|
||||
<pre class="terminal">
|
||||
$ gpg --import public-key.asc
|
||||
gpg: key 64FB4E386953BEAD: public key "Tait Hoyem <tait.hoyem@protonmail.com>" imported
|
||||
gpg: Total number processed: 1
|
||||
gpg: imported: 1
|
||||
</pre>
|
||||
|
||||
Now that we have imported a public key, we can make a message to send!
|
||||
|
||||
## Step 3: Have A Message To Encrypt
|
||||
|
||||
We can make a new file which holds some important, secret data.
|
||||
Feel free to use a graphical editor if you have one, if not, `nano` works alright too.
|
||||
Feel free to encrypt this and send it to me to see if it works!
|
||||
|
||||
<pre class="terminal">
|
||||
Rules Of A Good Life:
|
||||
|
||||
1. Wash your hands!
|
||||
2. Work hard!
|
||||
3. Be firm.
|
||||
5. Have good friends!
|
||||
</pre>
|
||||
|
||||
Save this file as something like `test-pgp.txt`, and we'll use that name later :)
|
||||
|
||||
## Step 4: Encrypt A Message
|
||||
|
||||
Now that we have a message to send and person to send to,
|
||||
all we have to do is encrypt this message and it'll be on its merry way!
|
||||
To do so, we must specify two new options to `gpg`.
|
||||
|
||||
The first is `--recipient`.
|
||||
This tells `gpg` to encrypt using a certina public key that we have in our keyring.
|
||||
We can use the person's name, email address, or the key's uid.
|
||||
|
||||
The second is `--encrypt`.
|
||||
Put the file name after this option.
|
||||
|
||||
We will also specify the `--armour` option to use ASCII armoured files.
|
||||
|
||||
### On With It!
|
||||
|
||||
Ok, yes!
|
||||
Let's encrypt our document now.
|
||||
|
||||
We will be using my name to identify the key.
|
||||
In the very strange case you have two keys in your keyring named after me, this will fail...
|
||||
But at that point I have other questions.
|
||||
|
||||
This is the big one!
|
||||
|
||||
<pre class="terminal">
|
||||
$ gpg --recipient "Tait Hoyem" --encrypt --armour test-gpg.txt
|
||||
</pre>
|
||||
|
||||
"But there is no output!" you might say!
|
||||
Yes, that is because our new (encrypted) file has already been saved.
|
||||
Let's look at it with cat.
|
||||
|
||||
<pre class="terminal">
|
||||
$ cat test-gpg.txt.asc
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA2mJuYb8vkIlAQ/9FDmXJgW2vI7p9sznKvHhQk7uTZvoWC3hCeqHoO3BSElP
|
||||
XR1BNAkJ+bykB30M+9u+XDyRtTwazjvNPmYfQnIh0Q+BQZigDWbEd1R47jbzm7Tu
|
||||
0eZKKapgEidfecULtaECX1sR3qPt1m9oZjyUR1rzNd8tezZlCu2pjdNZrkta2Bdm
|
||||
Hh1xDS43Bw7PMQqraJsHwqr0M1GLDbMzPes2ZU5y4jEmXZ0PZdJ7kgjR8dvhLBfi
|
||||
MU+4kYnnemQEztXBOjKidhyOntKiLjenvD00tVHrOuQoWuWCHGiqR24qSwVjeb9G
|
||||
079gqH1VWi3fk2cwFA9f3TLvJqUwatyE0Hcba0U1d2Voz/C9JEQjT6FHuaCqQL6b
|
||||
p7B7m2DwpywFGJpAn6ksrEYqHaLVWiEGmdMmHYuHxMw8+cqoSwbYymCZTwMBAuJe
|
||||
Pr1VO9uNo+Vj5r8IX7ACcSsrjf0XkVzfX6ySsPbyOlGXnwzWSOM3Dk2Z9MqDORbj
|
||||
0/7vJTnDctPuc91Rlp3YnJlZKWMcNfPMKMtvpljd2XuVwub+C4vGWXa9XLbRXmJo
|
||||
cnEFT6SB11AKjytE2Urt62CCrYjJPBneabxbCztnBs+vQSx7Fj0LK6v4Euik/Xm/
|
||||
9aKmZZW8306c9Zwgpp9glWjLMCDNxJRGdKRjZsnkt9hOEYsP1irTegystK6u4eHS
|
||||
mwHX931ENOJsnPfQZCZ9b41Q9doZQ/N/WHstQO8MtA3HIN1sW3wYkGzOLKj4gJfm
|
||||
bqR/TzQmXyLT1xZa+/yTscaV0P4OlI4vcii/k4DgeSeQVWp9o9DbZFxSCsdYVvPu
|
||||
jaDMzZnIKoax1GFz/coUAHFQub2rLzaQ5DDbvrkX++UrAjuUtRcSFH0TKhahZmCF
|
||||
nv117moLfK22Mst/
|
||||
=bw8T
|
||||
-----END PGP MESSAGE-----
|
||||
</pre>
|
||||
|
||||
## Step 5: Finale!
|
||||
|
||||
Ladies and gentleman, we have done it!
|
||||
We have encrypted our very own document.
|
||||
|
||||
Feel free to send it to [my email (tait@tait.tech)](mailto:tait@tait.tech).
|
||||
I am happy to verify if it worked.
|
||||
|
||||
For more information on this subject, check out [gnugp.org's guide](https://www.gnupg.org/gph/en/manual/c14.html) on using GPG.
|
||||
They are the ones that make these tools available,
|
||||
and the [GNU Project](https://www.gnu.org/) has been instrumental in creating the open-source world as it exists today.
|
||||
|
||||
|
||||
</div>
|
||||
|
||||
<footer>
|
||||
</footer>
|
||||
|
||||
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
@ -1,2 +1,23 @@
|
||||
# tait.tech
|
||||
The uncompiled version of my website. Compiled files in _site
|
||||
|
||||
### To compile
|
||||
|
||||
To compile the files, simply use the bundle Ruby gem.
|
||||
|
||||
```
|
||||
bundle exec jekyll build
|
||||
```
|
||||
|
||||
to compile once. If you decide you want to actually have changes appear instantly, use the following
|
||||
|
||||
```
|
||||
bundle exec jekyll watch
|
||||
```
|
||||
|
||||
To run a local web server to view the changes on:
|
||||
```
|
||||
bundle exec jekyll server -w
|
||||
```
|
||||
|
||||
This will watch for the latest changes, compile them, and make them available on localhost:4000
|
||||
|
After Width: | Height: | Size: 22 KiB |
After Width: | Height: | Size: 28 KiB |
After Width: | Height: | Size: 31 KiB |
After Width: | Height: | Size: 67 KiB |
After Width: | Height: | Size: 21 KiB |
@ -0,0 +1,12 @@
|
||||
--2020-04-02 20:52:24-- https://www.google.com/url?sa=i
|
||||
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
|
||||
Resolving www.google.com (www.google.com)... 172.217.3.196, 2607:f8b0:400a:809::2004
|
||||
Connecting to www.google.com (www.google.com)|172.217.3.196|:443... connected.
|
||||
HTTP request sent, awaiting response... 200 OK
|
||||
Length: unspecified [text/html]
|
||||
Saving to: 'url?sa=i'
|
||||
|
||||
url?sa=i [<=> ] 0 --.-KB/s
url?sa=i [ <=> ] 1.38K --.-KB/s in 0s
|
||||
|
||||
2020-04-02 20:52:24 (10.1 MB/s) - 'url?sa=i' saved [1414]
|
||||
|
@ -1 +1 @@
|
||||
Sitemap: /sitemap.xml
|
||||
Sitemap: http://localhost:4000/sitemap.xml
|
||||
|
@ -1,30 +1,38 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<urlset xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9 http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd" xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
|
||||
<url>
|
||||
<loc>/2020/01/22/padding-and-margin.html</loc>
|
||||
<loc>http://localhost:4000/2020/01/22/padding-and-margin.html</loc>
|
||||
<lastmod>2020-01-22T00:00:00+00:00</lastmod>
|
||||
</url>
|
||||
<url>
|
||||
<loc>/2020/01/26/rsa1.html</loc>
|
||||
<loc>http://localhost:4000/2020/01/26/rsa1.html</loc>
|
||||
<lastmod>2020-01-26T00:00:00+00:00</lastmod>
|
||||
</url>
|
||||
<url>
|
||||
<loc>/2020/02/19/rsa2.html</loc>
|
||||
<loc>http://localhost:4000/2020/02/19/rsa2.html</loc>
|
||||
<lastmod>2020-02-19T00:00:00+00:00</lastmod>
|
||||
</url>
|
||||
<url>
|
||||
<loc>/2020-01-23-sql-joins.html</loc>
|
||||
<loc>http://localhost:4000/2020/04/02/rsa3.html</loc>
|
||||
<lastmod>2020-04-02T00:00:00+00:00</lastmod>
|
||||
</url>
|
||||
<url>
|
||||
<loc>/podcast/</loc>
|
||||
<loc>http://localhost:4000/2020/04/06/rsa4.html</loc>
|
||||
<lastmod>2020-04-06T00:00:00+00:00</lastmod>
|
||||
</url>
|
||||
<url>
|
||||
<loc>/blog/</loc>
|
||||
<loc>http://localhost:4000/2020-01-23-sql-joins.html</loc>
|
||||
</url>
|
||||
<url>
|
||||
<loc>/links/</loc>
|
||||
<loc>http://localhost:4000/podcast/</loc>
|
||||
</url>
|
||||
<url>
|
||||
<loc>/</loc>
|
||||
<loc>http://localhost:4000/blog/</loc>
|
||||
</url>
|
||||
<url>
|
||||
<loc>http://localhost:4000/links/</loc>
|
||||
</url>
|
||||
<url>
|
||||
<loc>http://localhost:4000/</loc>
|
||||
</url>
|
||||
</urlset>
|
||||
|
After Width: | Height: | Size: 22 KiB |
After Width: | Height: | Size: 28 KiB |
After Width: | Height: | Size: 31 KiB |
After Width: | Height: | Size: 67 KiB |
After Width: | Height: | Size: 21 KiB |
@ -0,0 +1,12 @@
|
||||
--2020-04-02 20:52:24-- https://www.google.com/url?sa=i
|
||||
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
|
||||
Resolving www.google.com (www.google.com)... 172.217.3.196, 2607:f8b0:400a:809::2004
|
||||
Connecting to www.google.com (www.google.com)|172.217.3.196|:443... connected.
|
||||
HTTP request sent, awaiting response... 200 OK
|
||||
Length: unspecified [text/html]
|
||||
Saving to: 'url?sa=i'
|
||||
|
||||
url?sa=i [<=> ] 0 --.-KB/s
url?sa=i [ <=> ] 1.38K --.-KB/s in 0s
|
||||
|
||||
2020-04-02 20:52:24 (10.1 MB/s) - 'url?sa=i' saved [1414]
|
||||
|