LESSON 11

Date: 4/16/2009
Basics of Linux Security
Linux for Engineering and IT applications


GNU Privacy Guard exercises

  • Install GPG: 
    apt-get install gnupg

    In the example below, there is key and message echange between users carol (Carol Wilson) and jack (Jack Black).

    First, you need to create two user accounts, carol and jack. You can use the different user names. Note, in the exercise below, you will need to remember gpg passphrases for each user you will generate. You may store them in a file or, for simplicity, use the same passphrase for all the users.

    Run to initialize gpg 
    gpg --gen-key

    Follow the instructions to generate keys: 
       choose (1) DSA and ElGamal (default); 
   choose 1024 bit encription; set expiration time two months (2m);
   remember the passfrase; keep typing something random while the keys are 
   being generated.
    Make your public key available for exchange 
       gpg --export --armor carol@soemail.rutgers.edu > carol.pub

    File carol.pub contains the public key.

    Recipient of your key, Jack Black, imports it: 
    gpg --import carol.pub

    Verifys it: 
    gpg --fingerprint "Carol Wilson"

    If the recipient accepts it, he should sign it: 
    gpg --edit-key "Carol Wilson"


       Command> sign
    How carefully have you verified the key you are about to sign actually belongs
    to the person named above?  If you don't know what to answer, enter "0".
    Choose one of the following options (usually 2):
     (0) I will not answer. (default)
     (1) I have not checked at all.
     (2) I have done casual checking.
     (3) I have done very careful checking.

   Command> save

    Carol Wilson creates a new file and signs it. For example, for a text file netapp.txt, she creates a signature: 
    gpg -b netapp.txt
    It creates a new file, netapp.txt.sig

    The recepient, who already has imported and signed your public key, verifies it: 
     
gpg --verify netapp.txt.sig netapp.txt

    If the signature is correct, in the output, there should be: gpg: Good signature from "Carol Wilson "

    Sending/Receiving signed encrypted messages.

    Carol needs to import and sign Jack's public key the same way as he did with her's. The sender use the recepient's public keys to encrypt a message. The recepient decrypts the message with the private key. Sender, Carol Wilson, encrypts file netapp.txt with Jack's public key and saves it in a new file, forjack.gpg: 
       cat netapp.txt | gpg -sea -r "Jack Black" > forjack.gpg

    Carol Wilson gives or sends file forjack.gpg to Jack Black. Receiver, Jack Black, reads the file: 
      gpg -d forjack.gpg

    To save the output in a text file, say forjack.txt: 
    gpg -d -o forjack.txt forjack.gpg


    Verify signature for dowloaded software:

    Download the following files: 
       DJM-GPG-KEY.asc
   openssh-4.4p1.tar.gz
   openssh-4.4p1.tar.gz.asc
    Import the public key: 
    gpg --import DJM-GPG-KEY.asc

    Check if the key has been added: 
     gpg --fingerprint

    Signe the key: 
    gpg --edit "Damien Miller (Personal Key) "


       Command> sign
   Command> save
    Verify that the signute for the software is good: 
    gpg --verify openssh-4.4p1.tar.gz.asc openssh-4.4p1.tar.gz

    Delete the key from the keyring: 
    gpg --delete-keys "Damien Miller (Personal Key) "

    Verify that the key has been deleted: 
    gpg --fingerprint


    • Take me to the Course Website