GNU Privacy Guard exercises
Install GPG on smbhost:
apt-get install gnupg
apt-get install haveged
In the example below, there is key and message echange between users
carol (Carol Wilson) and jack (Jack Black).
You need to
create two user accounts, carol and jack on smbhost VM.
Remember the passwords.
Open two terminals on your desktop and SSH to smbhost as user
carol in one terminal window
and user jack in the other terminal window:
As user carol run command gpg to initialize the keys:
Follow the instruction for generating keys below:
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) ENTER
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 2m
Key expires at Sat 08 Jun 2013 06:40:50 PM EDT
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) "
Real name: Carol Wilson
Email address: firstname.lastname@example.org
You selected this USER-ID:
"Carol Wilson "
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
gpg: gpg-agent is not available in this session
Remember the passphrase.
Make carol's public key available for exchange by running the following command as user carol:
File carol.pub contains her public key.
gpg --export --armor email@example.com > carol.pub
User jack performs the similar procedures to generate
the gpg keys and have the public key in a file:
gpg --export --armor firstname.lastname@example.org > jack.pub
User jack gets carol's public key and imports it:
cp ~carol/carol.pub .
gpg --import carol.pub
gpg --fingerprint "Carol Wilson"
jack should accept the key by signing it:
gpg --edit-key "Carol Wilson"
How carefully have you verified the key you are about to sign actually belongs
to the person named above? If you don't know what to answer, enter "0".
Choose one of the following options (usually 2):
(0) I will not answer. (default)
(1) I have not checked at all.
(2) I have done casual checking.
(3) I have done very careful checking.
Carol Wilson creates a new file and signs it.
For example, a text file, netapp.txt,
and a signature:
The second command above creates a new file, netapp.txt.sig
cat /etc/services > netapp.txt
gpg -b netapp.txt
The recepient, jack, who already has imported and signed her public key,
copies netapp.txt with the signature file and verifies the file:
cp ~carol/netapp.txt .
cp ~carol/netapp.txt.sig .
gpg --verify netapp.txt.sig netapp.txt
If the signature is correct, the output should contain:
gpg: Good signature from "Carol Wilson "
Sending/Receiving signed encrypted messages.
carol imports and signs Jack's public key in the same way as
he did with her's.
cp ~jack/jack.pub .
gpg --import jack.pub
gpg --fingerprint "Jack Black"
gpg --edit-key "Jack Black"
The sender, carol, uses the recepient's, jack's, public keys to
encrypt a message located in file netapp.txt and save it in file forjack.gpg:
cat netapp.txt | gpg -sea -r "Jack Black" > forjack.gpg
The recepient, jack, decrypts the message with his private
cp ~carol/forjack.gpg .
gpg -d forjack.gpg
The output can be saved in a text file, forjack.txt:
gpg -d -o forjack.txt forjack.gpg
Verify signature for dowloaded software:
Download the following files:
Import the public key:
gpg --import DJM-GPG-KEY.asc
Check if the key has been added:
Signe the key:
gpg --edit "Damien Miller (Personal Key) "
Verify that the signute for the software is good:
gpg --verify openssh-4.4p1.tar.gz.asc openssh-4.4p1.tar.gz
Delete the key from the keyring:
gpg --delete-keys "Damien Miller (Personal Key) "
Verify that the key has been deleted: