GNU Privacy Guard (GPG)


The GNU Privacy Guard (GPG), which can be freely used, modified, and distributed under the GNU General Public License, is a widely used implementation of the OpenPGP standard. GPG is bundled with many Linux distributions and it is supported for use on Mac OS X, Free BSD, Open BSD, and NetBSD. It also compiles and runs on many other UNIX systems, including Solaris, HP-UX, AIX, and Unixware.

People in the United States can download GPG from the GNU Privacy Guard home page at http://www.gnupg.org/. It is not allowed for people outside the United States to download GPG from servers in the United States. Users in other countries can download the GNU Privacy Guard from http://www.pgpi.org. We will give a brief introduction to the use of GPG. For more information about PGP and explanation about how to use its features, see the GNU Privacy Handbook at http://www.gnupg.org/gph/en/manual.html.

Generating a Key Pair

To create a key pair in GPG, you use the command

 $ gpg --gen-key

When you run this command, GPG asks you to choose the cryptographic algorithms used to create your keys. You should choose the default option (DSA and El Gamal) so that you encrypt files as well as sign them. When prompted to select a key size, you should select the default, 1024 bits, unless your computer has performance problems, in which case you might want to select 768 bits. Next, you specify how long you want your keys to remain valid in days, weeks, months, or years. Expect for users with demanding security needs, most users select the option that specifies that keys do not expire. Otherwise, you can specify the length of time for which keys remain valid.

Next, you specify your name, e-mail address, and comments (which may be anything), and a pass phrase. GPG uses this data to create the user ID of the key pair. Note that each key pair includes a public key that can be shared with the outside world and a private key that remains on your system.

Exchanging Keys

You need to exchange public keys with other people to use GPG to communicate with them securely To send your public key to someone else, you need to export it. For instance, to export the key of the user steve@att.com, so that it is encoded as ASCII text, with the resulting file containing the ASCII encoding of the key called steve.key, you use the command

 $ gpg --armour --export steve@att.com -o steve.key

To use the public key of another user, you need to import it, unless it is already on your key ring, which contains all the public keys immediately available for use on your system. For example, the command

 $ gpg -import linda.key

imports the key linda.key to your key ring.

To see all the keys available on your key ring, use the command

 $ gpg --list-keys

Encrypting and Decrypting with GPG

To use GPG to encrypt a document, you use the -encrypt option. Of course, to encrypt a document so that your intended recipient can decrypt it, you must have the public key of your intended recipient. You need to provide the name of the file you wish to encrypt; otherwise, the standard input in encrypted. The encrypted file is sent to file specified using the --output option or is sent to standard output. GPG also compresses the file for additional security, besides encrypting it. For example, to encrypt the file report using the public key steve@att.com, putting the encrypted output in report.grp, use the command

 $ gpg --output report.gpg --encrypt --recipient steve@att.com report

Here, the --recipient option specifies the recipient and the public key used to encrypt the file. The encrypted file can only be decrypted using the private key corresponding to the recipient’s public key.

To decrypt a message, you use the --decrypt option. You must have the private key corresponding to the public key used to encrypt the message. As with GPG encryption, the input is the document to decrypt and output is the original file. For example, steve@att.com decrypts the file report.doc using the command

 $ gpg --output report --decrypt report.gpg

When he enters this command, he is prompted to enter his pass phrase. After he enters his pass phrase, the file is decrypted.

Signing Documents and Verifying Signatures

GPG can be used to digitally sign files. A digital signature can be used to certify that a file was sent by a particular person at a particular time. GPG uses a different key pair for creating and verifying signatures than it does for encryption and decryption.

The command-line option --sign is used for digital signatures, with the file to sign provided as input. The signed document is the output. For example, the command

 $ gpg --output report.sig --sign report

can be used to sign the file report, putting the output, the signed file, in report.sig. When this command is run, the user has to enter the pass phrase to digitally sign the file using the private key of the key pair used for digital signatures. Note that GPG compresses the file before signing it. The output is a binary file.

When you receive a signed document, you can either just check the signature or both check the signature and decrypt the original document. You use the --verify option to check the validity of the signature, you use the --decrypt option to both verify the signature and decrypt the document. For example, the command

 $ gpg --output report --decrypt report.sig

tells us whether this document has a valid signature, and if valid, when it was signed; it will place the decrypted version of the file report.sig in the file report.




UNIX. The Complete Reference
UNIX: The Complete Reference, Second Edition (Complete Reference Series)
ISBN: 0072263369
EAN: 2147483647
Year: 2006
Pages: 316

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net