finish post abput gpg public key
This commit is contained in:
parent
b455eaa882
commit
c30b26808b
GPG Key ID:
020C42B7A9ABA3E2
@ -2,24 +2,88 @@
|
||||
title = "Using GPG Public Key"
|
||||
+++
|
||||
|
||||
GNU Privacy Guart (GPG) is an pupular two factor encrytpion system often used for signing or encrypting emails, files or even git commits.
|
||||
This post foruces on using provided public key to check signature validity for files signed using complementary public key.
|
||||
GNU Privacy Guard (GPG) is an popular two factor encryption system often used for signing or encrypting emails, files or even git commits.
|
||||
This post focuses on using provided public key to check signature validity for files signed using complementary public key.
|
||||
|
||||
## Install GPG
|
||||
On Linux it's found in nearly all distributions with package name of either gpg or gpg2. If both are present and gpg is not an
|
||||
alias to gpg2 please use gpg2.
|
||||
On Windows besides using WSL there is native GPG distribution named gpg4win.
|
||||
|
||||
## Importing Key
|
||||
One way to keep prublic keys is by using a keyserver such as _hkps://keyserver.ubuntu.com_.
|
||||
To import key with ID **3BDD542C9B0BE180D5802DFF020C42B7A9ABA3E2** from _hkps://keyserver.ubuntu.com_ keyserver
|
||||
One way to keep public keys is by using a keyserver such as _hkps://keyserver.ubuntu.com_ or _hkp://pgp.mit.edu_.
|
||||
To import key with ID _3BDD542C9B0BE180D5802DFF020C42B7A9ABA3E2_ from **hkps://keyserver.ubuntu.com** keyserver
|
||||
issue command:
|
||||
```bash
|
||||
$ gpg2 --keyserver hkps://keyserver.ubuntu.com --recv-key 3BDD542C9B0BE180D5802DFF020C42B7A9ABA3E2
|
||||
```
|
||||
|
||||
Output of the command above will look like:
|
||||
|
||||
```
|
||||
gpg: /home/akill/.gnupg/trustdb.gpg: trustdb created
|
||||
gpg: key 020C42B7A9ABA3E2: public key "Asmir A (new key 300523) <asmir.abdulahovic@gmail.com>" imported
|
||||
gpg: Total number processed: 1
|
||||
gpg: imported: 1
|
||||
```
|
||||
|
||||
It's also possible to use "short" ID by using only the last 8 digits of hexadecimal
|
||||
ID representation, in our case **A9ABA3E2** - but it's discourages because of possible ID collisions.
|
||||
ID representation, in our case _A9ABA3E2_ - but it's discouraged because of possible ID collisions.
|
||||
|
||||
To search and import a key using email, example _asmir.abdulahovic@gmail.com_ issue command:
|
||||
```bash
|
||||
$ gpg2 --keyserver hkps://keyserver.ubuntu.com \
|
||||
--search-keys "asmir.abdulahovic@gmail.com"
|
||||
$ gpg2 --keyserver hkps://keyserver.ubuntu.com --search-keys "asmir.abdulahovic@gmail.com"
|
||||
```
|
||||
|
||||
Note **hkps** protocol selection acts simmilary as **https** for **http**,
|
||||
prefferably use it to avoid **MITM** and other attacks.
|
||||
Note _hkps_ protocol selection acts similarly as _https_ for _http_,
|
||||
preferably use it to avoid _MITM_ and other attacks.
|
||||
|
||||
## Verify Signature
|
||||
After successfully importing the public key it's possible to verify signature of a
|
||||
given file by issuing following command:
|
||||
```bash
|
||||
$ gpg2 --verify my_file.png.asc
|
||||
```
|
||||
Please notice .asc extension in the command above.
|
||||
It's a result of using gpg to attach the signature at the end of the file while both file and signature are
|
||||
represented in ASCII format.
|
||||
It's, however, possible to compress the file and add signature in binary format.
|
||||
In that case it's conventional practise is to use .gpg extension.
|
||||
So in previous case file would be named _my_file.png.gpg_.
|
||||
Verifying it would be identical to .asc file.
|
||||
|
||||
After verifying we still need original file. To extract it use:
|
||||
```bash
|
||||
$ gpg2 --out my_file.png --decrypt my_file.png.asc
|
||||
```
|
||||
|
||||
Interestingly for files like .pdf which ignore data appended to the end of the file it's possible to attach
|
||||
a signature and use resulting file as normal .pdf while being able to check the same signature.
|
||||
More on that in other post.
|
||||
|
||||
## Export Key
|
||||
|
||||
Simply issue:
|
||||
```
|
||||
$ gpg2 --export --armor <KEY_ID>
|
||||
```
|
||||
|
||||
Lastly I'll attach my public key, output of the command above, here which
|
||||
can also be found in about/ section of this site.
|
||||
|
||||
```
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mDMEZHZDwBYJKwYBBAHaRw8BAQdAPTwI6nfqQ+DtOgyGnwh2Z/rHmeIaw48Cj1ac
|
||||
r7siWg60NkFzbWlyIEEgKG5ldyBrZXkgMzAwNTIzKSA8YXNtaXIuYWJkdWxhaG92
|
||||
aWNAZ21haWwuY29tPoiTBBMWCgA7FiEEO91ULJsL4YDVgC3/AgxCt6mro+IFAmR2
|
||||
Q8ACGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQAgxCt6mro+LMfgD/
|
||||
a1FeF7N7CxwCne8jD/4wPTCgNvo8JDLYIugd+b3w4fEA/Az6BIxa/s1Nf2fZmI9C
|
||||
mvuMi9GztilFtCT+gHTtkAIPuDgEZHZDwBIKKwYBBAGXVQEFAQEHQE2Jm31r9Nv4
|
||||
1H5HFOeIHwrUE09XuL/CzQE3WcXviq0hAwEIB4h4BBgWCgAgFiEEO91ULJsL4YDV
|
||||
gC3/AgxCt6mro+IFAmR2Q8ACGwwACgkQAgxCt6mro+KfqgD9HrUJdZ2Y6cvcYyt/
|
||||
yMoxPvGKDCYo4Pys9Qi3M1oKKUMBAMJ4Dt6xjWyZIrNDjXmJhm4Qap9CAo0+SPM1
|
||||
BudaRLwI
|
||||
=nRnt
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
```
|
||||
|
||||
Loading…
Reference in New Issue
Block a user