GNU Privacy Guard
GNU Privacy Guard (GnuPG or GPG) is a free software replacement for Symantec's PGP cryptographic software suite. GnuPG is compliant with RFC 4880, which is the IETF standards track specification of OpenPGP. (Wikipedia)
Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. It was created by Phil Zimmermann in 1991. (Wikipedia)
Contents
Installation
Arch Linux
pacman -S gnupg
Debian
apt-get install gnupg2
Setup
Create a key
Further information: Ubuntu Users - GnuPG (German)
Create a key by following the instructions
gpg --gen-key
The is now stored in ~/.gnupg/secring.gpg
and in ~/.gnupg/pubring.gpg
.
Create revocation certificate
Further information: PGP Schlüssel generieren (German)
gpg --gen-revoke <user ID>
Save the key as revoke.asc.
Send key to a key server
Common keyservers:
- pool.sks-keyservers.net
- keys.gnupg.net
- pgp.mit.edu
The ID is for example D0FE7AFB.
gpg --keyserver <server url> --send-keys <ID>
Basics
List key
List (1) secret and (2) public keys (short -k
)
gpg --list-secret-keys
gpg --list-keys
Display fingerprint
gpg --fingerprint <ID or name of the key>
Download a key from a keyserver
gpg --receive-keys <ID or name of the key>
Delete a key
gpg --delete-keys <ID or name of the key>
Export and import keys
Export a secret key and a public key
gpg --export-secret-keys -a <key-id> > my-private-key.asc
gpg --export -a <key-id> > my-public-key.asc
gpg --import <file>
Trust a key
To trust a key, edit it and enter trust
. Next choose a trust level, for instance 3 for marginally trust.
gpg --edit-key <key-id>
> trust
> sign
> save
Search a key
a) Search a key and b) search it on the specified key server
gpg --search-keys <key>
gpg --keyserver keyserver.ubuntu.com --search-keys <key>
Tips
Move GPG key to another computer
The first option is to copy the ~/.gnupg to the other computer. On that computer set the permissions correct
chmod 600 ~/.gnupg/*
chmod 700 ~/.gnupg
The second options it to use export the private and the public key into a file and import it from these files.
Create a PGP key without interaction
cat > key.txt <<EOF
%echo Generating a basic PGP key
Key-Type: RSA
Key-Length: 4096
Subkey-Type: RSA
Subkey-Length: 4096
Name-Real: Petra Müller
Name-Email: petra@example.org
Expire-Date: 0
Passphrase: mysuperpassword
# Do a commit here, so that print "done" is possible later
%commit
%echo done
EOF
gpg --batch --gen-key key.txt
Plugins
Thunderbird (Mail)
Problems and errors
Not enough random bytes available.
- Message
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 186 more bytes)
- Solution
apt-get install haveged
Unsafe enclosing directory permissions on configuration file
- Message
gpg: WARNING: unsafe enclosing directory permissions on configuration file `/home/<user>/.gnupg/gpg.conf'
- Solution
chmod 600 ~/.gnupg/*
chmod 700 ~/.gnupg
keyserver receive failed: No dirmngr
- Error message
$ gpg --recv-keys <key>
gpg: connecting dirmngr at '/run/user/1000/gnupg/S.dirmngr' failed: IPC connect call failed
gpg: keyserver receive failed: No dirmngr
- Solution
Run it again, but with verbose output and check if it tries to start dirmngr
gpg --verbose --recv-keys <key>
Run dirmngr (with the path from the output of the command before)
$ /usr/bin/dirmngr
[...]
dirmngr[2829.0]: failed to open cache dir file '/home/<user>/.gnupg/crls.d/DIR.txt': Permission denied
dirmngr[2829.0]: error creating new cache dir file '/home/<user>/.gnupg/crls.d/DIR.txt': Permission denied
Move the broken dirtory
mv ~/.gnupg/crls.d ~/.gnupg/crls.d.broken
Run dirmngr and checkout the output
$ /usr/bin/dirmngr
[...]
dirmngr[3626.0]: failed to open cache dir file '/home/<user>/.gnupg/crls.d/DIR.txt': No such file or directory
dirmngr[3626.0]: creating directory '/home/<user>/.gnupg/crls.d'
dirmngr[3626.0]: new cache dir file '/home/<user>/.gnupg/crls.d/DIR.txt' created
# Home: /home/<user>/.gnupg
# Config: [none]
OK Dirmngr 2.2.12 at your service
See also
External links
Keyserver