━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ THOUGHTS/TIPS/TRICKS/TUTORIAL ON PGP anya ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Table of Contents ───────────────── Intro What is Pgp? .. The Public Key .. Public Key Fingerprint .. The Private Key .. Revocation Certificate Getting Started .. Installing GnuPG .. Generating a key pair .. Sharing/Exporting your public key .. Importing other people’s public key ..... Verifying public key fingerprint .. Editing public key trust level .. Encrypting Stuff .. Decrypting Stuff .. Signing Files .. Signing Plaintext .. Signing Keys/Web Of Trust (Advanced) Software using PGP .. Claws Mail .. Pass .. Dino Gui clients Resources/References Intro ═════ I will write stuff here soon c: What is Pgp? ════════════ Pgp or Pretty Good Privacy is an encryption program, It is most commonly used for signing, encrypting, decrypting Emails but it can be used to encrypt/decrypt files and sign text also. The Public Key ────────────── The Public key is the key you share with *others* so that *they* can encrypt stuff to you and verify the things you signed, you can even share the public key in an *insecure* way because it is a public key Public Key Fingerprint ────────────────────── The Public key fingerprint is a shorter version of the actual public key, it is used to verify if the public key has not been tampered with. The Private Key ─────────────── The Private key is the key that *you* use to decrypt/sign things. This key *should not* be shared with others under *any* circumstances. You should set a strong password for this key because if someone gets access to your private key they still can’t use it without your password Revocation Certificate ────────────────────── Getting Started ═══════════════ Installing GnuPG ──────────────── GnuPG is the most popular implementation of the OpenPGP standard which is why we will be using it. Here is how to install it Arch: `# pacman -S gnupg' Debian: `# apt-get install gnupg' Void: `# xbps-install gnupg' Fedora: `# dnf install gnupg' FreeBsd: `# pkg install gnupg' These commands require to be run with root permission eg. sudo/doas or running the command as root Generating a key pair ───────────────────── To use PGP you must generate a key pair which contains a public key and a private key. To do that run this command: `$ gpg --full-gen-key' ┌──── │ Please select what kind of key you want: │ (1) RSA and RSA (default) │ (2) DSA and Elgamal │ (3) DSA (sign only) │ (4) RSA (sign only) │ (14) Existing key from card │ Your selection? 1 │ RSA keys may be between 1024 and 4096 bits long. │ What keysize do you want? (3072) 4096 │ Requested keysize is 4096 bits │ Please specify how long the key should be valid. │ 0 = key does not expire │ = key expires in n days │ w = key expires in n weeks │ m = key expires in n months │ y = key expires in n years │ Key is valid for? (0) 0 │ Key does not expire at all │ Is this correct? (y/N) y │ │ GnuPG needs to construct a user ID to identify your key. │ │ Real name: Your-online-username-or-alias │ Email address: yourealemail@random.tld │ Comment: Random comment │ You selected this USER-ID: │ "Your-online-user (Random comment) " │ │ Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O │ We need to generate a lot of random bytes. It is a good idea to perform │ some other action (type on the keyboard, move the mouse, utilize the │ disks) during the prime generation; this gives the random number │ generator a better chance to gain enough entropy. └──── After this enter a strong and secure password to protect your private key. You will prompted to enter this password, when you try to do things such as signing and decrypting stuff. Sharing/Exporting your public key ───────────────────────────────── To export your public key run this command: `$ gpg --armor --export youremail@random.tld > my_email_public_key.asc' You can now share this file with your friends and they can encrypt things to you c: Importing other people’s public key ─────────────────────────────────── To import your friends public key just run this command: `$ gpg --import bob_public_key.asc' Verifying public key fingerprint ╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌ To make sure the public key that your friend(Bob) sent you, has not been tampered with run the following command. `$ gpg --fingerprint bob@random.tld' The output will look something like this: ┌──── │ pub rsa3072 2022-06-04 [SC] │ 53C8 E08C 0D90 2A15 6F70 E60F 3B3A 149C 22E3 F797 # this line is the fingerprint │ uid [ultimate] Bob (comment) │ sub rsa3072 2022-06-05 [E] └──── Now note down the fingerprint and then ask your friend to run the same command and tell you the fingerprint. If the fingerprints match the public key has not been tampered with and you may trust it. Editing public key trust level ────────────────────────────── Coming soon™ Encrypting Stuff ──────────────── Now that you have verified that your friend’s key has not been tampered with, you can encrypt files to them :D To encrypt files run this command: `$ gpg --encrypt --armor -r bob@random.tld top_secret_message.txt' This will turn your file into an .asc file which you will send to Bob. This file can *only* be decrypted by Bob (or the person with Bob’s [private key]). Therfore not even you cannot decrypt the file after encrypting it [private key] See section The Private Key Decrypting Stuff ──────────────── Bob has recieved the encrypted file you sent them, to decrypt it they will just run: `$ gpg --decrypt top_secret_message.txt.asc' Signing Files ───────────── Signing Plaintext ───────────────── Signing Keys/Web Of Trust (Advanced) ──────────────────────────────────── Software using PGP ══════════════════ Claws Mail ────────── Pass ──── Dino ──── Gui clients ═══════════ Resources/References ════════════════════ (rip qorg11)