User Tools

Site Tools


linux:crypto

Why?

– What do you have to hide? 
– Absolutely everything.
– Why?
– Because I have something to fear.
– Like what?
– Persecution for my beliefs.
– By who?
– By you.
– What do you mean? I wouldn't do that.
– You already are.

Crypto

GnuPG

Prerequisites

Update .gnupg/gpg.conf. Add at the end of the file:

personal-digest-preferences SHA256
cert-digest-algo SHA256
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed

Generate key properly

$ gpg --full-gen-key
...

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 4
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Sat 10 Oct 2015 10:10:10 AEST
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: xxxx xxxxxxx
Email address: xxxxx@xxxx.xxx
Comment: 
You selected this USER-ID:
    "xxxx xxxxxxx <xxxxx@xxxx.xxx>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
gpg> save

Add other UID

$ gpg --edit-key <key-ID>
gpg> adduid

Real name: yyyy yyyyyyy
Email address: yyyyy@yyyyy.yyy
Comment: 
You selected this USER-ID:
    "yyyy yyyyyyy <yyyyy@yyyyy.yyy>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

You need a passphrase to unlock the secret key for
user: "xxxx xxxxxxx <xxxxx@xxxx.xxx>"
4096-bit RSA key, ID <key-ID>, created 2014-10-10


pub  4096R/<key-ID>  created: 2014-10-10  expires: 2015-10-10  usage: SC  
                     trust: ultimate      validity: ultimate
[ultimate] (1)  xxxx xxxxxxx <xxxxx@xxxx.xxx>
[ unknown] (2). yyyy yyyyyyy <yyyyy@yyyyy.yyy>
gpg> save

Change Preferences (optional)

$ gpg --edit-key <key-ID>
gpg> showpref

[ultimate] (1)  xxxx xxxxxxx <xxxxx@xxxx.xxx>
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA512, SHA384, SHA256, SHA224, SHA1
     Compression: ZLIB, BZIP2, ZIP, Uncompressed
     Features: MDC, Keyserver no-modify
[ unknown] (2). yyyy yyyyyyy <yyyyy@yyyyy.yyy>
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA512, SHA384, SHA256, SHA224, SHA1
     Compression: ZLIB, BZIP2, ZIP, Uncompressed
     Features: MDC, Keyserver no-modify

If you get values different to the above, please call:

gpg> setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
Set preference list to:
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA512, SHA384, SHA256, SHA224, SHA1
     Compression: ZLIB, BZIP2, ZIP, Uncompressed
     Features: MDC, Keyserver no-modify
Really update the preferences? (y/N) y

gpg: WARNING: no user ID has been marked as primary.  This command may
              cause a different user ID to become the assumed primary.


pub  4096R/<key-ID>  created: 2014-10-10  expires: 2015-10-10  usage: SC  
                     trust: ultimate      validity: ultimate
[ultimate] (1)  xxxx xxxxxxx <xxxxx@xxxx.xxx>
[ unknown] (2). yyyy yyyyyyy <yyyyy@yyyyy.yyy>
gpg> save

Set primary UID

$ gpg --edit-key <key-ID>
gpg> uid 2

pub  4096R/<key-ID>  created: 2014-10-10  expires: 2015-10-10  usage: SC 
                     trust: ultimate      validity: ultimate
[ultimate] (1)* xxxx xxxxxxx <xxxxx@xxxx.xxx>
[ unknown] (2). yyyy yyyyyyy <yyyyy@yyyyy.yyy>
gpg> primary
pub  4096R/<key-ID>  created: 2014-10-10  expires: 2015-10-10  usage: SC  
                     trust: ultimate      validity: ultimate
[ultimate] (1). xxxx xxxxxxx <xxxxx@xxxx.xxx>
[ unknown] (2)* yyyy yyyyyyy <yyyyy@yyyyy.yyy>
<code>

<code>gpg> save

Add sub-key for signing

$ gpg --edit-key <key-ID>
gpg> addkey

Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
Your selection? 4
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 
Key does not expire at all
Is this correct? (y/N) y
Really create? (y/N) y

...

pub  4096R/<key-ID>  created: 2014-10-10  expires: 2015-10-10  usage: SC 
                     trust: ultimate      validity: ultimate
sub  4096R/<key-ID>  created: 2014-10-10  expires: never       usage: S   

[ultimate] (1). xxxx xxxxxxx <xxxxx@xxxx.xxx>
[ unknown] (2). yyyy yyyyyyy <yyyyy@yyyyy.yyy>
gpg> save

Add sub-key for encryption

$ gpg --edit-key <key-ID>
gpg> addkey

Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
Your selection? 6
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 
Key does not expire at all
Is this correct? (y/N) y
Really create? (y/N) y

...

pub  4096R/<key-ID>  created: 2014-10-10  expires: 2015-10-10  usage: SC 
                     trust: ultimate      validity: ultimate
sub  4096R/<key-ID>  created: 2014-10-10  expires: never       usage: S   
sub  4096R/<key-ID>  created: 2014-10-10  expires: never       usage: E   
[ultimate] (1). xxxx xxxxxxx <xxxxx@xxxx.xxx>
[ unknown] (2). yyyy yyyyyyy <yyyyy@yyyyy.yyy>
gpg> save
linux/crypto.txt · Last modified: 2016/01/26 07:22 by abadonna