finish post abput gpg public key
This commit is contained in:
parent
b455eaa882
commit
c30b26808b
GPG Key ID:
020C42B7A9ABA3E2
@ -2,24 +2,88 @@
|
|||||||
title = "Using GPG Public Key"
|
title = "Using GPG Public Key"
|
||||||
+++
|
+++
|
||||||
|
|
||||||
GNU Privacy Guart (GPG) is an pupular two factor encrytpion system often used for signing or encrypting emails, files or even git commits.
|
GNU Privacy Guard (GPG) is an popular two factor encryption system often used for signing or encrypting emails, files or even git commits.
|
||||||
This post foruces on using provided public key to check signature validity for files signed using complementary public key.
|
This post focuses on using provided public key to check signature validity for files signed using complementary public key.
|
||||||
|
|
||||||
|
## Install GPG
|
||||||
|
On Linux it's found in nearly all distributions with package name of either gpg or gpg2. If both are present and gpg is not an
|
||||||
|
alias to gpg2 please use gpg2.
|
||||||
|
On Windows besides using WSL there is native GPG distribution named gpg4win.
|
||||||
|
|
||||||
## Importing Key
|
## Importing Key
|
||||||
One way to keep prublic keys is by using a keyserver such as _hkps://keyserver.ubuntu.com_.
|
One way to keep public keys is by using a keyserver such as _hkps://keyserver.ubuntu.com_ or _hkp://pgp.mit.edu_.
|
||||||
To import key with ID **3BDD542C9B0BE180D5802DFF020C42B7A9ABA3E2** from _hkps://keyserver.ubuntu.com_ keyserver
|
To import key with ID _3BDD542C9B0BE180D5802DFF020C42B7A9ABA3E2_ from **hkps://keyserver.ubuntu.com** keyserver
|
||||||
issue command:
|
issue command:
|
||||||
```bash
|
```bash
|
||||||
$ gpg2 --keyserver hkps://keyserver.ubuntu.com --recv-key 3BDD542C9B0BE180D5802DFF020C42B7A9ABA3E2
|
$ gpg2 --keyserver hkps://keyserver.ubuntu.com --recv-key 3BDD542C9B0BE180D5802DFF020C42B7A9ABA3E2
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Output of the command above will look like:
|
||||||
|
|
||||||
|
```
|
||||||
|
gpg: /home/akill/.gnupg/trustdb.gpg: trustdb created
|
||||||
|
gpg: key 020C42B7A9ABA3E2: public key "Asmir A (new key 300523) <asmir.abdulahovic@gmail.com>" imported
|
||||||
|
gpg: Total number processed: 1
|
||||||
|
gpg: imported: 1
|
||||||
|
```
|
||||||
|
|
||||||
It's also possible to use "short" ID by using only the last 8 digits of hexadecimal
|
It's also possible to use "short" ID by using only the last 8 digits of hexadecimal
|
||||||
ID representation, in our case **A9ABA3E2** - but it's discourages because of possible ID collisions.
|
ID representation, in our case _A9ABA3E2_ - but it's discouraged because of possible ID collisions.
|
||||||
|
|
||||||
To search and import a key using email, example _asmir.abdulahovic@gmail.com_ issue command:
|
To search and import a key using email, example _asmir.abdulahovic@gmail.com_ issue command:
|
||||||
```bash
|
```bash
|
||||||
$ gpg2 --keyserver hkps://keyserver.ubuntu.com \
|
$ gpg2 --keyserver hkps://keyserver.ubuntu.com --search-keys "asmir.abdulahovic@gmail.com"
|
||||||
--search-keys "asmir.abdulahovic@gmail.com"
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Note **hkps** protocol selection acts simmilary as **https** for **http**,
|
Note _hkps_ protocol selection acts similarly as _https_ for _http_,
|
||||||
prefferably use it to avoid **MITM** and other attacks.
|
preferably use it to avoid _MITM_ and other attacks.
|
||||||
|
|
||||||
|
## Verify Signature
|
||||||
|
After successfully importing the public key it's possible to verify signature of a
|
||||||
|
given file by issuing following command:
|
||||||
|
```bash
|
||||||
|
$ gpg2 --verify my_file.png.asc
|
||||||
|
```
|
||||||
|
Please notice .asc extension in the command above.
|
||||||
|
It's a result of using gpg to attach the signature at the end of the file while both file and signature are
|
||||||
|
represented in ASCII format.
|
||||||
|
It's, however, possible to compress the file and add signature in binary format.
|
||||||
|
In that case it's conventional practise is to use .gpg extension.
|
||||||
|
So in previous case file would be named _my_file.png.gpg_.
|
||||||
|
Verifying it would be identical to .asc file.
|
||||||
|
|
||||||
|
After verifying we still need original file. To extract it use:
|
||||||
|
```bash
|
||||||
|
$ gpg2 --out my_file.png --decrypt my_file.png.asc
|
||||||
|
```
|
||||||
|
|
||||||
|
Interestingly for files like .pdf which ignore data appended to the end of the file it's possible to attach
|
||||||
|
a signature and use resulting file as normal .pdf while being able to check the same signature.
|
||||||
|
More on that in other post.
|
||||||
|
|
||||||
|
## Export Key
|
||||||
|
|
||||||
|
Simply issue:
|
||||||
|
```
|
||||||
|
$ gpg2 --export --armor <KEY_ID>
|
||||||
|
```
|
||||||
|
|
||||||
|
Lastly I'll attach my public key, output of the command above, here which
|
||||||
|
can also be found in about/ section of this site.
|
||||||
|
|
||||||
|
```
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mDMEZHZDwBYJKwYBBAHaRw8BAQdAPTwI6nfqQ+DtOgyGnwh2Z/rHmeIaw48Cj1ac
|
||||||
|
r7siWg60NkFzbWlyIEEgKG5ldyBrZXkgMzAwNTIzKSA8YXNtaXIuYWJkdWxhaG92
|
||||||
|
aWNAZ21haWwuY29tPoiTBBMWCgA7FiEEO91ULJsL4YDVgC3/AgxCt6mro+IFAmR2
|
||||||
|
Q8ACGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQAgxCt6mro+LMfgD/
|
||||||
|
a1FeF7N7CxwCne8jD/4wPTCgNvo8JDLYIugd+b3w4fEA/Az6BIxa/s1Nf2fZmI9C
|
||||||
|
mvuMi9GztilFtCT+gHTtkAIPuDgEZHZDwBIKKwYBBAGXVQEFAQEHQE2Jm31r9Nv4
|
||||||
|
1H5HFOeIHwrUE09XuL/CzQE3WcXviq0hAwEIB4h4BBgWCgAgFiEEO91ULJsL4YDV
|
||||||
|
gC3/AgxCt6mro+IFAmR2Q8ACGwwACgkQAgxCt6mro+KfqgD9HrUJdZ2Y6cvcYyt/
|
||||||
|
yMoxPvGKDCYo4Pys9Qi3M1oKKUMBAMJ4Dt6xjWyZIrNDjXmJhm4Qap9CAo0+SPM1
|
||||||
|
BudaRLwI
|
||||||
|
=nRnt
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
|
```
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user