Key-pair Generation, Secure Messaging & Message Signing

This time i am going to blog about public key generation, sending encrypted messages over the internet and using key-pairs for signing documents.

I used GNU Privacy Guard (GPG)  for this purpose. Normally GPG come pre installed with most Linux distros. So lets generate a strong public-private key-pair and see what all can be done with these keys.

Public Private Key-pair Generation

1. Generating Key-Pair

gpg --gen-key

Once you give the above command, the system will ask you for the following details.

  • What kind of key-pair do you want.
  • Length of key
  • Life span of key
  • Name
  • Mail id
  • Comment
  • Passphrase(private key)

Once you have entered all the above details, the system will be generating your public key in asc format.

2. You can add image to your public key to make it

gpg --edit-key <key-id>
gpg> addphoto

This will ask for a jpeg image.

3. Exporting Public key
You can export your public key to a file using the following command.

gpg --armor --export <mail-id> <filename>.gpg

4. Publish your public key

gpg --send-keys <key-id>  --keyserver <keyserver-name>

5. Sign your key
You can make others to sign your public key to authenticate the credibility of your key. Others can use the following commands to download your key from keyserver and sign it. You may publish your signed public key on key-servers or on the internet for others to send encrypted messages to you

gpg --recv-keys <key-id>
gpg --sign-key <key-id>

The above steps can be used to generate a strong key pair for yourself.

Secure Messaging

Now lets see how we can establish a secure communication between using the key-pairs.

1. Encrypt the message
If someone wants to send you a secure message, they can get your public key from the keyserver using –recv-key command. Then create a message and save it in a file. Use the following command to encrypt your message.

gpg --recipient <recipient-mail-id> --armor --encrypt <message-file>

This will generate a file .asc. This is the encrypted message. They can mail it to you.

2. Decrypt your message
You can use the following command to decrypt the message using your private key.

gpg --output <messagefile> --decrypt <encrypted-message-file>.asc

Message Signing

Finally, lets check out how we can sign a message file using our key-pairs. The following command can be used to sign your file.

gpg --clearsign <filename>

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s