SlideShare a Scribd company logo

Gpg basics

O
obsidisconsortia

By Carlos Perez Learn how to use GPG and secure your files an communications

Technology
1 of 28
Download to read offline
GPG BASICS Carlos Perez carlos_perez@darkoperator.com Friday, September 13, 13
WHAT IS ENCRYPTION? • Encryption encodes and scrambles data so it is difficult to obtain the original content unless a known secret is used to decipher it. • The 2 main schemes of encryption are: • Symmetric -The same cryptographic key is used for both encryption and decryption of the data. It is the simplest form of encryption. • Public Key - Requires two separate keys, a secret key and a public key.Although different, the two parts of the key pair are mathematically linked. One key locks or encrypts the data , and the other unlocks or decrypts the data. Friday, September 13, 13
Text Friday, September 13, 13
PGP • PGP Stands for Pretty Good Privacy. • It was initially created by Phil Zimmerman in 1991 • In 1997 OpenPGP was proposed to the IETF and in 2007 and accepted. It is currently RFC4880 http://tools.ietf.org/html/ rfc4880 and it is fo Friday, September 13, 13
OPENPGP • The standard covers strong public-key and symmetric cryptography to provide security services for electronic communications and data storage. • These services are: • Confidentiality • Key management • Authentication • Digital signatures Friday, September 13, 13
GNUPG • Stands for GNU Privacy Guard http://www.gnupg.org/ • Is a Free (open-source) implementation of the OpenPGP standard. • The package is separate from any GUI and refers to the Library and Binary tools. • Linux - comes with all distributions • Windows - http://www.gpg4win.org/ (Do NOT use the outlook plugin) • OS X - https://gpgtools.org/ Friday, September 13, 13
PGP WEB OFTRUST Friday, September 13, 13
CERTIFICATE AUTHORITY WEB OFTRUST Friday, September 13, 13
WHAT PGP/GPG DOES PROVIDE • Verification of sender. • Encryption of data being sent. • Trust relationship based on reputation of known persons. • Strong protection of offline data or data at rest at other location as long as private key is protected. Friday, September 13, 13
WHAT PGP/GPG DOES NOT PROVIDE • Anonymity • Enumeration of Metadata (Subject, Source, Destination, Possible software version) • Enumeration of Relations (People that trust the parties) Friday, September 13, 13
GENERATING KEYS • The command to generate the keys is: gpg --gen-key • Choose key sizes larger than 1024. • Set an expiration date for the key. • Set a good passphrase to protect the key. • To list the key gpg --list-keys "<your name|Email>" Friday, September 13, 13
GENERATING KEYS Friday, September 13, 13
GENERATING KEYS • After generating a key pair create a revocation certificate and save it in a safe place with gpg --output revoke.asc -- gen-revoke <keyid> • Revocation certificate is use to revoke your key from key servers in the case you lost your passphrase. • A revoked key can still be used to verify old signatures, or decrypt data, but it cannot be used to encrypt new messages to you. Friday, September 13, 13
GENERATING KEYS • To list secret keys gpg --list-secret-keys • Create a backup of your private key gpg --export-secret-key -a "[name|email]" > private.key • placed the backed up public and private keys in a safe place. • To restore a private key on another machine: • gpg --import public.key • gpg --allow-secret-key-import --import private.key Friday, September 13, 13
UPLOADYOUR KEYTO A KEYSERVER • For first time keys use a key server that verifies the email, this applies to you and anyone you ask to generate a new key to communicate with. • To export a key to a server gpg --keyserver <keyserver> --send-keys <key ID> • To export an individual Public key for sharing gpg --armor --export [email|name] > pubkey.asc Friday, September 13, 13
UPLOADYOUR KEYTO A KEY SERVER • A recommended server is https://keyserver.pgp.com server will validate the key via the email message in the key and will ask for periodic confirmation. Friday, September 13, 13
IMPORTING ANDVERIFYING A KEY • To download a key from a key server gpg --keyserver <keyserver> --recv-keys <key id> • To import an exported key gpg --import <key file> • After we import a key the fingerprint should verified to know if its the one we expected gpg --fingerprint "[email| name]" Friday, September 13, 13
IMPORTING ANDVERIFYING A KEY • To download a key from a key server gpg --keyserver <keyserver> --recv-keys <key id> • To import an exported key gpg --import <key file> • After we import a key the fingerprint should verified to know if its the one we expected gpg --fingerprint "[email| name]" Friday, September 13, 13
IMPORTING ANDVERIFYING A KEY • Once a key is verified you can sign it with our key, for this we have to edit the key • gpg --edit-key "[email|name]" • gpg> sign Friday, September 13, 13
REMOVING A KEY FROMTHE KEYRING • To remove a key a trusted source from the keyring trustdb.gpg gpg --delete-key “[name|email]” • To remove a secret key from secring gpg --delete- secret-key “[name|email]” Friday, September 13, 13
ENCRYPTING A FILE • Encrypt symmetrically a file using a password gpg -c filename • Decrypt a file using a gpg -d --output <new filename> filename • To encrypt a file with a specific public key gpg --output document.gpg --encrypt --recipient “[email| name]” document.doc Friday, September 13, 13
ENCRYPTING A FILE Friday, September 13, 13
DECRYPTING A FILE Friday, September 13, 13
SIGNING ANDVERIFYING A FILE • To generate a signature for a file gpg --output file.sig -- sign file • To verify a signature both the sig file and the original file must be in the same folder gpg --verify file.sig Friday, September 13, 13
SIGNING ANDVERIFYING A FILE Friday, September 13, 13
LEAKINGTO MUCH INFORMATION Friday, September 13, 13
DISABLE COMMENT AND VERSION INFO • Add to your gpg.conf file the following lines: • Disables version information • Sets the comment to an empty string Text Friday, September 13, 13
THANKS Friday, September 13, 13

Recommended

OpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionOpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionTanner Lovelace
 
Message Authentication Requirement-MAC
Message Authentication Requirement-MACMessage Authentication Requirement-MAC
Message Authentication Requirement-MACSou Jana
 
Elliptic curve cryptography
Elliptic curve cryptographyElliptic curve cryptography
Elliptic curve cryptographyCysinfo Cyber Security Community
 
Configure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfConfigure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfBT Digital
 
Public key cryptography and RSA
Public key cryptography and RSAPublic key cryptography and RSA
Public key cryptography and RSAShafaan Khaliq Bhatti
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityJyothishmathi Institute of Technology and Science Karimnagar
 

Recommended

OpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionOpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionTanner Lovelace
 
Message Authentication Requirement-MAC
Message Authentication Requirement-MACMessage Authentication Requirement-MAC
Message Authentication Requirement-MACSou Jana
 
Elliptic curve cryptography
Elliptic curve cryptographyElliptic curve cryptography
Elliptic curve cryptographyCysinfo Cyber Security Community
 
Configure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfConfigure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfBT Digital
 
Public key cryptography and RSA
Public key cryptography and RSAPublic key cryptography and RSA
Public key cryptography and RSAShafaan Khaliq Bhatti
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityJyothishmathi Institute of Technology and Science Karimnagar
 
Ip addressing
Ip addressingIp addressing
Ip addressingOnline
 
Cryptography
Cryptography Cryptography
Cryptography 1326OmkarKamble
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerPina Parmar
 
Design of Secure Hash Algorithm(SHA)
Design of Secure Hash Algorithm(SHA)Design of Secure Hash Algorithm(SHA)
Design of Secure Hash Algorithm(SHA)Saravanan T.M
 
802.1x
802.1x802.1x
802.1xakruthi k
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPushkar Dutt
 
Mathematics of Asymmetric cryptography
Mathematics of Asymmetric cryptographyMathematics of Asymmetric cryptography
Mathematics of Asymmetric cryptographySou Jana
 
NMAP
NMAPNMAP
NMAPPrateekAryan1
 
Dhcp
DhcpDhcp
DhcpChinmoy Jena
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionVipin Tejwani
 
N map presentation
N map presentationN map presentation
N map presentationulirraptor
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Public key cryptography
Public key cryptography Public key cryptography
Public key cryptography rinnocente
 
Encryption algorithms
Encryption algorithmsEncryption algorithms
Encryption algorithmstrilokchandra prakash
 
Network scanning
Network scanningNetwork scanning
Network scanningMD SAQUIB KHAN
 
CNS - Unit - 7 - Digital Signature
CNS - Unit - 7 - Digital SignatureCNS - Unit - 7 - Digital Signature
CNS - Unit - 7 - Digital SignatureGyanmanjari Institute Of Technology
 
TCP/IP 3-way Handshake
TCP/IP 3-way Handshake TCP/IP 3-way Handshake
TCP/IP 3-way Handshake Alok Tripathi
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scannern|u - The Open Security Community
 
IEEE 802.1 x
IEEE 802.1 xIEEE 802.1 x
IEEE 802.1 xAnwesh Dixit
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network) Netwax Lab
 
GPG Signing Git Commits
GPG Signing Git CommitsGPG Signing Git Commits
GPG Signing Git CommitsDinis Cruz
 
PGP for Smarties
PGP for SmartiesPGP for Smarties
PGP for SmartiesJan Schaumann
 

More Related Content

What's hot

Ip addressing
Ip addressingIp addressing
Ip addressingOnline
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerPina Parmar
 
Design of Secure Hash Algorithm(SHA)
Design of Secure Hash Algorithm(SHA)Design of Secure Hash Algorithm(SHA)
Design of Secure Hash Algorithm(SHA)Saravanan T.M
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPushkar Dutt
 
Mathematics of Asymmetric cryptography
Mathematics of Asymmetric cryptographyMathematics of Asymmetric cryptography
Mathematics of Asymmetric cryptographySou Jana
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionVipin Tejwani
 
N map presentation
N map presentationN map presentation
N map presentationulirraptor
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Public key cryptography
Public key cryptography Public key cryptography
Public key cryptography rinnocente
 
TCP/IP 3-way Handshake
TCP/IP 3-way Handshake TCP/IP 3-way Handshake
TCP/IP 3-way Handshake Alok Tripathi
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network) Netwax Lab
 

What's hot (20)

Ip addressing
Ip addressingIp addressing
Ip addressing
 
Cryptography
Cryptography Cryptography
Cryptography
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Design of Secure Hash Algorithm(SHA)
Design of Secure Hash Algorithm(SHA)Design of Secure Hash Algorithm(SHA)
Design of Secure Hash Algorithm(SHA)
 
802.1x
802.1x802.1x
802.1x
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 
Mathematics of Asymmetric cryptography
Mathematics of Asymmetric cryptographyMathematics of Asymmetric cryptography
Mathematics of Asymmetric cryptography
 
NMAP
NMAPNMAP
NMAP
 
Dhcp
DhcpDhcp
Dhcp
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic Encryption
 
N map presentation
N map presentationN map presentation
N map presentation
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Public key cryptography
Public key cryptography Public key cryptography
Public key cryptography
 
Encryption algorithms
Encryption algorithmsEncryption algorithms
Encryption algorithms
 
Network scanning
Network scanningNetwork scanning
Network scanning
 
CNS - Unit - 7 - Digital Signature
CNS - Unit - 7 - Digital SignatureCNS - Unit - 7 - Digital Signature
CNS - Unit - 7 - Digital Signature
 
TCP/IP 3-way Handshake
TCP/IP 3-way Handshake TCP/IP 3-way Handshake
TCP/IP 3-way Handshake
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
 
IEEE 802.1 x
IEEE 802.1 xIEEE 802.1 x
IEEE 802.1 x
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network)
 

Viewers also liked

GPG Signing Git Commits
GPG Signing Git CommitsGPG Signing Git Commits
GPG Signing Git CommitsDinis Cruz
 
Gnu Privacy Guard - Intro
Gnu Privacy Guard - IntroGnu Privacy Guard - Intro
Gnu Privacy Guard - IntroO. R. Kumaran
 
PGP - Pretty Good Privacy
PGP - Pretty Good PrivacyPGP - Pretty Good Privacy
PGP - Pretty Good PrivacyJuliano Flores
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 

Viewers also liked (7)

GPG Signing Git Commits
GPG Signing Git CommitsGPG Signing Git Commits
GPG Signing Git Commits
 
PGP for Smarties
PGP for SmartiesPGP for Smarties
PGP for Smarties
 
Installing Gpg
Installing GpgInstalling Gpg
Installing Gpg
 
Gpg Twitter
Gpg TwitterGpg Twitter
Gpg Twitter
 
Gnu Privacy Guard - Intro
Gnu Privacy Guard - IntroGnu Privacy Guard - Intro
Gnu Privacy Guard - Intro
 
PGP - Pretty Good Privacy
PGP - Pretty Good PrivacyPGP - Pretty Good Privacy
PGP - Pretty Good Privacy
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 

Similar to Gpg basics

Basics of GnuPG (gpg) command in linux
Basics of GnuPG (gpg) command in linuxBasics of GnuPG (gpg) command in linux
Basics of GnuPG (gpg) command in linuxSanjeev Kumar Jaiswal
 
Berlinsides2017
Berlinsides2017Berlinsides2017
Berlinsides2017aestetix
 
Mulesoft Meetup Cryptography Module
Mulesoft Meetup Cryptography ModuleMulesoft Meetup Cryptography Module
Mulesoft Meetup Cryptography ModuleManjuKumara GH
 
Using pgp with mule
Using pgp with muleUsing pgp with mule
Using pgp with muleAnil Kumar V
 
Using pgp with mule
Using pgp with muleUsing pgp with mule
Using pgp with muleAnil Kumar V
 
Puppet Camp NYC 2014: Safely storing secrets and credentials in Git for use b...
Puppet Camp NYC 2014: Safely storing secrets and credentials in Git for use b...Puppet Camp NYC 2014: Safely storing secrets and credentials in Git for use b...
Puppet Camp NYC 2014: Safely storing secrets and credentials in Git for use b...Puppet
 
Mule security - pgp
Mule security - pgpMule security - pgp
Mule security - pgphimajareddys
 
Pgsodium's Features: those not provided by pgcrypto and integration with rem...
Pgsodium's Features: those not provided by pgcrypto and integration with rem... Pgsodium's Features: those not provided by pgcrypto and integration with rem...
Pgsodium's Features: those not provided by pgcrypto and integration with rem...EDB
 
CryptoGraphy Module in Mulesoft
CryptoGraphy Module in MulesoftCryptoGraphy Module in Mulesoft
CryptoGraphy Module in Mulesoftshyamraj55
 
Ahmadabad mule soft_meetup_17april2021_mule4_cryptography
Ahmadabad mule soft_meetup_17april2021_mule4_cryptographyAhmadabad mule soft_meetup_17april2021_mule4_cryptography
Ahmadabad mule soft_meetup_17april2021_mule4_cryptographyShekh Muenuddeen
 
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...Paulo Henrique
 
Email Security with OpenPGP - An Appetizer
Email Security with OpenPGP - An AppetizerEmail Security with OpenPGP - An Appetizer
Email Security with OpenPGP - An AppetizerDavid Ochel
 
Automating Enterprise Wireless Deployments
Automating Enterprise Wireless DeploymentsAutomating Enterprise Wireless Deployments
Automating Enterprise Wireless DeploymentsZack Smith
 

Similar to Gpg basics (20)

email.ppt
email.pptemail.ppt
email.ppt
 
Email2
Email2Email2
Email2
 
Basics of GnuPG (gpg) command in linux
Basics of GnuPG (gpg) command in linuxBasics of GnuPG (gpg) command in linux
Basics of GnuPG (gpg) command in linux
 
Berlinsides2017
Berlinsides2017Berlinsides2017
Berlinsides2017
 
Mulesoft Meetup Cryptography Module
Mulesoft Meetup Cryptography ModuleMulesoft Meetup Cryptography Module
Mulesoft Meetup Cryptography Module
 
Using pgp with mule
Using pgp with muleUsing pgp with mule
Using pgp with mule
 
Using pgp with mule
Using pgp with muleUsing pgp with mule
Using pgp with mule
 
Puppet Camp NYC 2014: Safely storing secrets and credentials in Git for use b...
Puppet Camp NYC 2014: Safely storing secrets and credentials in Git for use b...Puppet Camp NYC 2014: Safely storing secrets and credentials in Git for use b...
Puppet Camp NYC 2014: Safely storing secrets and credentials in Git for use b...
 
Mule security - pgp
Mule security - pgpMule security - pgp
Mule security - pgp
 
Mule security - pgp
Mule security - pgpMule security - pgp
Mule security - pgp
 
Mule security - pgp
Mule security - pgpMule security - pgp
Mule security - pgp
 
Crypto hlug
Crypto hlugCrypto hlug
Crypto hlug
 
Linux securities
Linux securitiesLinux securities
Linux securities
 
Pgsodium's Features: those not provided by pgcrypto and integration with rem...
Pgsodium's Features: those not provided by pgcrypto and integration with rem... Pgsodium's Features: those not provided by pgcrypto and integration with rem...
Pgsodium's Features: those not provided by pgcrypto and integration with rem...
 
CryptoGraphy Module in Mulesoft
CryptoGraphy Module in MulesoftCryptoGraphy Module in Mulesoft
CryptoGraphy Module in Mulesoft
 
Ahmadabad mule soft_meetup_17april2021_mule4_cryptography
Ahmadabad mule soft_meetup_17april2021_mule4_cryptographyAhmadabad mule soft_meetup_17april2021_mule4_cryptography
Ahmadabad mule soft_meetup_17april2021_mule4_cryptography
 
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...
 
Email Security with OpenPGP - An Appetizer
Email Security with OpenPGP - An AppetizerEmail Security with OpenPGP - An Appetizer
Email Security with OpenPGP - An Appetizer
 
Cryptography
CryptographyCryptography
Cryptography
 
Automating Enterprise Wireless Deployments
Automating Enterprise Wireless DeploymentsAutomating Enterprise Wireless Deployments
Automating Enterprise Wireless Deployments
 

Recently uploaded

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

Recently uploaded (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 

Gpg basics

  • 1. GPG BASICS Carlos Perez carlos_perez@darkoperator.com Friday, September 13, 13
  • 2. WHAT IS ENCRYPTION? • Encryption encodes and scrambles data so it is difficult to obtain the original content unless a known secret is used to decipher it. • The 2 main schemes of encryption are: • Symmetric -The same cryptographic key is used for both encryption and decryption of the data. It is the simplest form of encryption. • Public Key - Requires two separate keys, a secret key and a public key.Although different, the two parts of the key pair are mathematically linked. One key locks or encrypts the data , and the other unlocks or decrypts the data. Friday, September 13, 13
  • 4. PGP • PGP Stands for Pretty Good Privacy. • It was initially created by Phil Zimmerman in 1991 • In 1997 OpenPGP was proposed to the IETF and in 2007 and accepted. It is currently RFC4880 http://tools.ietf.org/html/ rfc4880 and it is fo Friday, September 13, 13
  • 5. OPENPGP • The standard covers strong public-key and symmetric cryptography to provide security services for electronic communications and data storage. • These services are: • Confidentiality • Key management • Authentication • Digital signatures Friday, September 13, 13
  • 6. GNUPG • Stands for GNU Privacy Guard http://www.gnupg.org/ • Is a Free (open-source) implementation of the OpenPGP standard. • The package is separate from any GUI and refers to the Library and Binary tools. • Linux - comes with all distributions • Windows - http://www.gpg4win.org/ (Do NOT use the outlook plugin) • OS X - https://gpgtools.org/ Friday, September 13, 13
  • 7. PGP WEB OFTRUST Friday, September 13, 13
  • 9. WHAT PGP/GPG DOES PROVIDE • Verification of sender. • Encryption of data being sent. • Trust relationship based on reputation of known persons. • Strong protection of offline data or data at rest at other location as long as private key is protected. Friday, September 13, 13
  • 10. WHAT PGP/GPG DOES NOT PROVIDE • Anonymity • Enumeration of Metadata (Subject, Source, Destination, Possible software version) • Enumeration of Relations (People that trust the parties) Friday, September 13, 13
  • 11. GENERATING KEYS • The command to generate the keys is: gpg --gen-key • Choose key sizes larger than 1024. • Set an expiration date for the key. • Set a good passphrase to protect the key. • To list the key gpg --list-keys "<your name|Email>" Friday, September 13, 13
  • 13. GENERATING KEYS • After generating a key pair create a revocation certificate and save it in a safe place with gpg --output revoke.asc -- gen-revoke <keyid> • Revocation certificate is use to revoke your key from key servers in the case you lost your passphrase. • A revoked key can still be used to verify old signatures, or decrypt data, but it cannot be used to encrypt new messages to you. Friday, September 13, 13
  • 14. GENERATING KEYS • To list secret keys gpg --list-secret-keys • Create a backup of your private key gpg --export-secret-key -a "[name|email]" > private.key • placed the backed up public and private keys in a safe place. • To restore a private key on another machine: • gpg --import public.key • gpg --allow-secret-key-import --import private.key Friday, September 13, 13
  • 15. UPLOADYOUR KEYTO A KEYSERVER • For first time keys use a key server that verifies the email, this applies to you and anyone you ask to generate a new key to communicate with. • To export a key to a server gpg --keyserver <keyserver> --send-keys <key ID> • To export an individual Public key for sharing gpg --armor --export [email|name] > pubkey.asc Friday, September 13, 13
  • 16. UPLOADYOUR KEYTO A KEY SERVER • A recommended server is https://keyserver.pgp.com server will validate the key via the email message in the key and will ask for periodic confirmation. Friday, September 13, 13
  • 17. IMPORTING ANDVERIFYING A KEY • To download a key from a key server gpg --keyserver <keyserver> --recv-keys <key id> • To import an exported key gpg --import <key file> • After we import a key the fingerprint should verified to know if its the one we expected gpg --fingerprint "[email| name]" Friday, September 13, 13
  • 18. IMPORTING ANDVERIFYING A KEY • To download a key from a key server gpg --keyserver <keyserver> --recv-keys <key id> • To import an exported key gpg --import <key file> • After we import a key the fingerprint should verified to know if its the one we expected gpg --fingerprint "[email| name]" Friday, September 13, 13
  • 19. IMPORTING ANDVERIFYING A KEY • Once a key is verified you can sign it with our key, for this we have to edit the key • gpg --edit-key "[email|name]" • gpg> sign Friday, September 13, 13
  • 20. REMOVING A KEY FROMTHE KEYRING • To remove a key a trusted source from the keyring trustdb.gpg gpg --delete-key “[name|email]” • To remove a secret key from secring gpg --delete- secret-key “[name|email]” Friday, September 13, 13
  • 21. ENCRYPTING A FILE • Encrypt symmetrically a file using a password gpg -c filename • Decrypt a file using a gpg -d --output <new filename> filename • To encrypt a file with a specific public key gpg --output document.gpg --encrypt --recipient “[email| name]” document.doc Friday, September 13, 13
  • 22. ENCRYPTING A FILE Friday, September 13, 13
  • 23. DECRYPTING A FILE Friday, September 13, 13
  • 24. SIGNING ANDVERIFYING A FILE • To generate a signature for a file gpg --output file.sig -- sign file • To verify a signature both the sig file and the original file must be in the same folder gpg --verify file.sig Friday, September 13, 13
  • 27. DISABLE COMMENT AND VERSION INFO • Add to your gpg.conf file the following lines: • Disables version information • Sets the comment to an empty string Text Friday, September 13, 13