GNU Privacy Guard

From XennisWiki
Jump to: navigation, search

GNU Privacy Guard (GnuPG or GPG) is a free software replacement for Symantec's PGP cryptographic software suite. GnuPG is compliant with RFC 4880, which is the IETF standards track specification of OpenPGP. (Wikipedia)

Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. It was created by Phil Zimmermann in 1991. (Wikipedia)

Installation

Arch Linux

pacman -S gnupg

Debian

apt-get install gnupg2

Setup

Create a key

Further information: Ubuntu Users - GnuPG (German)

Create a key by following the instructions

gpg --gen-key

The is now stored in ~/.gnupg/secring.gpg and in ~/.gnupg/pubring.gpg.

Create revocation certificate

Further information: PGP Schlüssel generieren (German)

gpg --gen-revoke <user ID>

Save the key as revoke.asc.

Send key to a key server

Common keyservers:

  • pool.sks-keyservers.net
  • keys.gnupg.net
  • pgp.mit.edu

The ID is for example D0FE7AFB.

gpg --keyserver <server url> --send-keys <ID>

Basics

List key

List (1) secret and (2) public keys (short -k)

gpg --list-secret-keys
gpg --list-keys

Display fingerprint

gpg --fingerprint <ID or name of the key>

Download a key from a keyserver

gpg --receive-keys <ID or name of the key>

Delete a key

gpg --delete-keys <ID or name of the key>

Export and import keys

Export a secret key and a public key

gpg --export-secret-keys -a <key-id> > my-private-key.asc
gpg --export -a <key-id> > my-public-key.asc
gpg --import <file>

Trust a key

To trust a key, edit it and enter trust. Next choose a trust level, for instance 3 for marginally trust.

gpg --edit-key <key-id>
> trust
> sign
> save

Search a key

a) Search a key and b) search it on the specified key server

gpg --search-keys <key>
gpg --keyserver keyserver.ubuntu.com --search-keys <key>

Tips

Move GPG key to another computer

The first option is to copy the ~/.gnupg to the other computer. On that computer set the permissions correct

chmod 600 ~/.gnupg/*
chmod 700 ~/.gnupg

The second options it to use export the private and the public key into a file and import it from these files.

Create a PGP key without interaction

cat > key.txt <<EOF
     %echo Generating a basic PGP key
     Key-Type: RSA
     Key-Length: 4096
     Subkey-Type: RSA
     Subkey-Length: 4096
     Name-Real: Petra Müller
     Name-Email: petra@example.org
     Expire-Date: 0
     Passphrase: mysuperpassword
     # Do a commit here, so that print "done" is possible later
     %commit
     %echo done
EOF
gpg --batch --gen-key key.txt

Plugins

Thunderbird (Mail)

Enigmail

Problems and errors

Not enough random bytes available.

Message
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 186 more bytes)
Solution
apt-get install haveged

Unsafe enclosing directory permissions on configuration file

Message
gpg: WARNING: unsafe enclosing directory permissions on configuration file `/home/<user>/.gnupg/gpg.conf'
Solution
chmod 600 ~/.gnupg/*
chmod 700 ~/.gnupg

keyserver receive failed: No dirmngr

Error message
$ gpg --recv-keys <key> 
gpg: connecting dirmngr at '/run/user/1000/gnupg/S.dirmngr' failed: IPC connect call failed
gpg: keyserver receive failed: No dirmngr
Solution

Run it again, but with verbose output and check if it tries to start dirmngr

gpg --verbose --recv-keys <key>

Run dirmngr (with the path from the output of the command before)

$ /usr/bin/dirmngr
[...]
dirmngr[2829.0]: failed to open cache dir file '/home/<user>/.gnupg/crls.d/DIR.txt': Permission denied
dirmngr[2829.0]: error creating new cache dir file '/home/<user>/.gnupg/crls.d/DIR.txt': Permission denied

Move the broken dirtory

mv ~/.gnupg/crls.d ~/.gnupg/crls.d.broken

Run dirmngr and checkout the output

$ /usr/bin/dirmngr
[...]
dirmngr[3626.0]: failed to open cache dir file '/home/<user>/.gnupg/crls.d/DIR.txt': No such file or directory
dirmngr[3626.0]: creating directory '/home/<user>/.gnupg/crls.d'
dirmngr[3626.0]: new cache dir file '/home/<user>/.gnupg/crls.d/DIR.txt' created
# Home: /home/<user>/.gnupg
# Config: [none]
OK Dirmngr 2.2.12 at your service

See also

External links

Keyserver