This time i am going to blog about public key generation, sending encrypted messages over the internet and using key-pairs for signing documents.
I used GNU Privacy Guard (GPG) for this purpose. Normally GPG come pre installed with most Linux distros. So lets generate a strong public-private key-pair and see what all can be done with these keys.
Public Private Key-pair Generation
1. Generating Key-Pair
Once you give the above command, the system will ask you for the following details.
- What kind of key-pair do you want.
- Length of key
- Life span of key
- Mail id
- Passphrase(private key)
Once you have entered all the above details, the system will be generating your public key in asc format.
2. You can add image to your public key to make it
gpg --edit-key <key-id> gpg> addphoto
This will ask for a jpeg image.
3. Exporting Public key
You can export your public key to a file using the following command.
gpg --armor --export <mail-id> <filename>.gpg
4. Publish your public key
gpg --send-keys <key-id> --keyserver <keyserver-name>
5. Sign your key
You can make others to sign your public key to authenticate the credibility of your key. Others can use the following commands to download your key from keyserver and sign it. You may publish your signed public key on key-servers or on the internet for others to send encrypted messages to you
gpg --recv-keys <key-id> gpg --sign-key <key-id>
The above steps can be used to generate a strong key pair for yourself.
Now lets see how we can establish a secure communication between using the key-pairs.
1. Encrypt the message
If someone wants to send you a secure message, they can get your public key from the keyserver using –recv-key command. Then create a message and save it in a file. Use the following command to encrypt your message.
gpg --recipient <recipient-mail-id> --armor --encrypt <message-file>
This will generate a file .asc. This is the encrypted message. They can mail it to you.
2. Decrypt your message
You can use the following command to decrypt the message using your private key.
gpg --output <messagefile> --decrypt <encrypted-message-file>.asc
Finally, lets check out how we can sign a message file using our key-pairs. The following command can be used to sign your file.
gpg --clearsign <filename>