531 lines
26 KiB
HTML
531 lines
26 KiB
HTML
<!--startcut ==============================================-->
|
|
<!-- *** BEGIN HTML header *** -->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<HTML><HEAD>
|
|
<title>Secure Communication with GnuPG on Linux LG #60</title>
|
|
</HEAD>
|
|
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#0000AF"
|
|
ALINK="#FF0000">
|
|
<!-- *** END HTML header *** -->
|
|
|
|
<CENTER>
|
|
<A HREF="http://www.linuxgazette.com/">
|
|
<H1><IMG ALT="LINUX GAZETTE" SRC="../gx/lglogo.jpg"
|
|
WIDTH="600" HEIGHT="124" border="0"></H1></A>
|
|
|
|
<!-- *** BEGIN navbar *** -->
|
|
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="kasten.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue60/sharma.html"><IMG ALT="[ Talkback ]" SRC="../gx/navbar/talkback.jpg" WIDTH="121" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../faq/index.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="sipos.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
|
|
<!-- *** END navbar *** -->
|
|
<P>
|
|
</CENTER>
|
|
|
|
<!--endcut ============================================================-->
|
|
|
|
<H4 ALIGN="center">
|
|
"Linux Gazette...<I>making Linux just a little more fun!</I>"
|
|
</H4>
|
|
|
|
<P> <HR> <P>
|
|
<!--===================================================================-->
|
|
|
|
<center>
|
|
<H1><font color="maroon">Secure Communication with GnuPG on Linux</font></H1>
|
|
<H4>By <a href="mailto:kapil@linux4biz.net">Kapil Sharma</a></H4>
|
|
</center>
|
|
<P> <HR> <P>
|
|
|
|
<!-- END header -->
|
|
|
|
|
|
|
|
|
|
<p><b><font size=+2>Overview</font></b>
|
|
<p>GnuPG is a tool for secure communication and data storage. It can be
|
|
used to encrypt data and to create digital signatures. GnuPG is a complete
|
|
and free replacement for PGP. Because it does not use the patented IDEA
|
|
algorithm, it can be used without any restrictions. GnuPG uses public-key
|
|
cryptography so that users may communicate securely. In a public-key system,
|
|
each user has a pair of keys consisting of a private key and a public key.
|
|
A user's private key is kept secret; it need never be revealed. The public
|
|
key may be given to anyone with whom the user wants to communicate.
|
|
<p><b><font size=+2>Features</font></b>
|
|
<ul>
|
|
<li>
|
|
Full replacement of PGP.</li>
|
|
|
|
<li>
|
|
Does not use any patented algorithms.</li>
|
|
|
|
<li>
|
|
GPLed, written from scratch.</li>
|
|
|
|
<li>
|
|
Can be used as a filter program.</li>
|
|
|
|
<li>
|
|
Full OpenPGP implementation.</li>
|
|
|
|
<li>
|
|
Better functionality than PGP and some security
|
|
enhancements over PGP 2.</li>
|
|
|
|
<li>
|
|
Decrypts and verifies PGP 5.x messages.</li>
|
|
|
|
<li>
|
|
Supports ElGamal (signature and encryption), DSA,
|
|
3DES, Blowfish, Twofish, CAST5, MD5, SHA-1, RIPE-MD-160 and TIGER.</li>
|
|
|
|
<li>
|
|
Easy implementation of new algorithms using extension
|
|
modules.</li>
|
|
|
|
<li>
|
|
User ID is forced to be in a standard format.</li>
|
|
|
|
<li>
|
|
Supports key and signature expiration dates.</li>
|
|
|
|
<li>
|
|
English, Danish, Dutch, Esperanto, French, German,
|
|
Japanese, Italian, Polish, Portuguese (Brazilian), Portuguese (Portuguese),
|
|
Russian, Spanish and Swedish language support.</li>
|
|
|
|
<li>
|
|
Online help system.</li>
|
|
|
|
<li>
|
|
Optional anonymous message receivers.</li>
|
|
|
|
<li>
|
|
Integrated support for HKP keyservers (wwwkeys.pgp.net).</li>
|
|
|
|
<li>
|
|
Has lots of GUI frontend</li>
|
|
</ul>
|
|
|
|
<p><br>You can find all the software related to GnuPG at <a href="http://www.gnupg.org/download.html">http://www.gnupg.org/download.html</a>
|
|
<p><b><font size=+2>Installation</font></b>
|
|
<p>Copy the gnupg source file to ./usr/local/ directory or wherever you
|
|
want to install it and then cd to that directory.
|
|
<br>[root@dragon local] tar xvzf gnupg-1.0.4.tar.gz
|
|
<br>[root@dragon local]# cd gnupg-1.0.4
|
|
<br>[root@dragon gnupg-1.0.4]# ./configure
|
|
<br>[root@dragon gnupg-1.0.4]# make
|
|
<br>This will compile all source files into executable binaries.
|
|
<br>[root@dragon gnupg-1.0.4]# make check
|
|
<br>It will run any self-tests that come with the package.
|
|
<br>[root@dragon gnupg-1.0.4]# make install
|
|
<br>It will install the binaries and any supporting files into appropriate
|
|
locations.
|
|
<br>[root@dragon gnupg-1.0.4]# strip /usr/bin/gpg
|
|
<br>The "strip" command will reduce the size of the "gpg" binary for better
|
|
performance.
|
|
<br>
|
|
<p><b><font size=+2>Common Commands</font></b>
|
|
<p><b>1: Generating a new keypair</b>
|
|
<br>We must create a new key-pair (public and private) for the first time.
|
|
The command line option --gen-key is used to create a new primary keypair.
|
|
<p>Step 1
|
|
<br>[root@dragon /]# gpg --gen-key
|
|
<br>gpg (GnuPG) 1.0.2; Copyright (C) 2000 Free Software Foundation, Inc.
|
|
<br>This program comes with ABSOLUTELY NO WARRANTY.
|
|
<br>This is free software, and you are welcome to redistribute it
|
|
<br>under certain conditions. See the file COPYING for details.
|
|
<p>gpg: /root/.gnupg: directory created
|
|
<br>gpg: /root/.gnupg/options: new options file created
|
|
<br>gpg: you have to start GnuPG again, so it can read the new options
|
|
file
|
|
<p>Step 2
|
|
<br>Start GnuPG again with the following command:
|
|
<br>[root@dragon /]# gpg --gen-key
|
|
<br>gpg (GnuPG) 1.0.2; Copyright (C) 2000 Free Software Foundation, Inc.
|
|
<br>This program comes with ABSOLUTELY NO WARRANTY.
|
|
<br>This is free software, and you are welcome to redistribute it
|
|
<br>under certain conditions. See the file COPYING for details.
|
|
<p>gpg:/root/.gnupg/secring.gpg: keyring created
|
|
<br>gpg: /root/.gnupg/pubring.gpg: keyring created
|
|
<br>Please select what kind of key you want:
|
|
<br> (1) DSA and ElGamal (default)
|
|
<br> (2) DSA (sign only)
|
|
<br> (4) ElGamal (sign and encrypt)
|
|
<br>Your selection? 1
|
|
<br>DSA keypair will have 1024 bits.
|
|
<br>About to generate a new ELG-E keypair.
|
|
<br>
|
|
minimum keysize is 768 bits
|
|
<br>
|
|
default keysize is 1024 bits
|
|
<br> highest suggested keysize is 2048 bits
|
|
<br>What keysize do you want? (1024) 2048
|
|
<br>Do you really need such a large keysize? y
|
|
<br>Requested keysize is 2048 bits
|
|
<br>Please specify how long the key should be valid.
|
|
<br> 0 = key does not expire
|
|
<br> <n> = key expires in n days
|
|
<br> <n> w = key expires in n weeks
|
|
<br> <n> m = key expires in n months
|
|
<br> <n> y = key expires in n years
|
|
<br>Key is valid for? (0) 0
|
|
<br>Key does not expire at all
|
|
<br>Is this correct (y/n)? y
|
|
<p>You need a User-ID to identify your key; the software constructs the
|
|
user id
|
|
<br>from Real Name, Comment and Email Address in this form:
|
|
<br> "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
|
|
<p>Real name: Kapil sharma
|
|
<br>Email address: kapil@linux4biz.net
|
|
<br>Comment: Unix/Linux consultant
|
|
<br>You selected this USER-ID:
|
|
<br> "Kapil Sharma (Unix/Linux consultant) <kapil@linux4biz.net> "
|
|
<p>Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
|
|
<br>You need a Passphrase to protect your secret key.
|
|
<p>Enter passphrase: [enter a passphrase]
|
|
<p>We need to generate a lot of random bytes. It is a good idea to perform
|
|
<br>some other action (type on the keyboard, move the mouse, utilize the
|
|
<br>disks) during the prime generation; this gives the random number
|
|
<br>generator a better chance to gain enough entropy.
|
|
<br> .++++++++++..+++++++++++++++..+++++....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.+++++.+++++.++++++++++..+++++.++++++++++....++++++++++..+++++>++++++++++.+++++^^^
|
|
<br>public and secret key created and signed.
|
|
<p>Now I will explain about the various inputs asked during the generation
|
|
of the keypairs.
|
|
<ul>
|
|
<li>
|
|
Please select what kind of key you want:</li>
|
|
|
|
<br>(1) DSA and ElGamal (default)
|
|
<br>(2) DSA (sign only)
|
|
<br>(4) ElGamal (sign and encrypt)
|
|
<br>Your selection?</ul>
|
|
GnuPG is capable of creating different kind of keypairs. There are
|
|
three options.
|
|
<br> A DSA keypair is the primary keypair usable only for making signatures.
|
|
An ElGamal subordinate keypair is also created for encryption. Option 2
|
|
is similar but creates only a DSA keypair. Option
|
|
<br> 4[1] creates a single ElGamal keypair usable for both making
|
|
signatures and performing encryption. <b><i>For most users the default
|
|
option is fine.</i></b>
|
|
<br>
|
|
<ul>
|
|
<li>
|
|
You must also choose a key size. The size of a DSA key must be between
|
|
512 and 1024 bits, and an ElGamal key may be of any size.</li>
|
|
</ul>
|
|
|
|
About to generate a new ELG-E keypair.
|
|
<br>
|
|
minimum keysize is 768 bits
|
|
<br>
|
|
default keysize is 1024 bits
|
|
<br>
|
|
highest suggested keysize is 2048 bits
|
|
<br>
|
|
What keysize do you want? (1024)
|
|
<p> There are advantages and disadvantages of choosing a longer key.
|
|
The advantages are: 1) The longer the key the more secure it is against
|
|
brute-force attacks
|
|
<br> The disadvantages are: 1) encryption and decryption will be slower
|
|
as the key size is increased 2) a larger keysize may affect signature length
|
|
<p> <b>The default keysize is adequate for almost all purpose and
|
|
the keysize can never be changed after selection.</b>
|
|
<br>
|
|
<ul>
|
|
<li>
|
|
Finally, you must choose an expiration date. If Option 1 was chosen, the
|
|
expiration date will be used for both the ElGamal and DSA keypairs</li>
|
|
|
|
<br> Please specify how long the key should be valid
|
|
<br> 0 = key does not expire
|
|
<br> <n> = key expires in n days
|
|
<br><n> w = key expires in n weeks
|
|
<br><n> m = key expires in n months
|
|
<br><n> y = key expires in n years
|
|
<br>Key is valid for? (0)</ul>
|
|
For most users a key that does not expire is adequate. The expiration time
|
|
should be chosen with care, however, since although it is possible to change
|
|
the expiration date after the key is created,
|
|
<br>it may be difficult to communicate a change to users who have your
|
|
public key.
|
|
<br>
|
|
<ul>
|
|
<li>
|
|
You must provide a user ID in addition to the key parameters. The user
|
|
ID is used to associate the key being created with a real person.</li>
|
|
</ul>
|
|
|
|
You need a User-ID to identify your key; the software constructs the user
|
|
id
|
|
<br>
|
|
from Real Name, Comment and Email Address in this form:
|
|
<br>
|
|
"Kapil Sharma (Linux consultant) <kapil@linux4biz.net> "
|
|
<p>
|
|
Real name: <i>Enter you name here</i>
|
|
<br>
|
|
Email address: <i>Enter you email address</i>
|
|
<br><i> </i>Comment:
|
|
<i>Enter
|
|
any comment here</i>
|
|
<br>
|
|
<br>
|
|
<ul>
|
|
<li>
|
|
GnuPG needs a passphrase to protect the primary and subordinate private
|
|
keys that you keep in your possession.</li>
|
|
|
|
<br>You need a Passphrase to protect your secret key.</ul>
|
|
|
|
Enter passphrase:
|
|
<p>There is no limit on the length of a passphrase, and it should be carefully
|
|
chosen. From the perspective of security, the passphrase to unlock the
|
|
private key is one of the weakest points in GnuPG
|
|
<br>(and other public-key encryption systems as well) since it is the only
|
|
protection you have if another individual gets your private key. Ideally,
|
|
the passphrase should not use words from a
|
|
<br>dictionary and should mix the case of alphabetic characters as well
|
|
as use non-alphabetic characters. A good passphrase is crucial to the secure
|
|
use of GnuPG.
|
|
<br>
|
|
<p><b>2: Generating a revocation certificate</b>
|
|
<p>After your keypair is created you should immediately generate a revocation
|
|
certificate for the primary public key using the option --gen-revoke. If
|
|
you forget your passphrase or if your private
|
|
<br>key is compromised or lost, this revocation certificate may be published
|
|
to notify others that the public key should no longer be used.
|
|
<p> [root@dragon /]# gpg --output revoke.asc --gen-revoke mykey
|
|
<p>Here mykey must be a key specifier, either the key ID of your primary
|
|
keypair or any part of a user ID that identifies your keypair. The generated
|
|
certificate will be left in the file
|
|
<br>revoke.asc. The certificate should not be stored where others can access
|
|
it since anybody can publish the revocation certificate and render the
|
|
corresponding public key
|
|
<br>useless.
|
|
<br>
|
|
<br>
|
|
<p><b>3: Listing Keys</b>
|
|
<p> To list the keys on your public keyring use the command-line option
|
|
--list-keys.
|
|
<p>[root@dragon /]# gpg --list-keys
|
|
<br>/root/.gnupg/pubring.gpg
|
|
<br>------------------------
|
|
<br>pub 1024D/020C9884 2000-11-09 Kapil Sharma (Unix/Linux consultant)
|
|
<kapil@linux4biz.net>
|
|
<br>sub 2048g/555286CA 2000-11-09
|
|
<p><b>4: Exporting a public key</b>
|
|
<p>You can export your public key to use it on your homepage or on a available
|
|
key server on the Internet or any other method. To send your public key
|
|
to a correspondent you must first export it. The command-line option --export
|
|
is used to do this. It takes an additional argument identifying the public
|
|
key to export.
|
|
<br>
|
|
<ul>
|
|
<li>
|
|
To export your public key in binary format, use the following command:</li>
|
|
|
|
<br> [root@dragon /]# gpg --output kapil.gpg --export kapil@linux4biz.net
|
|
<li>
|
|
To export your public key in ASCII armored output, use the following command:</li>
|
|
|
|
<br> [root@dragon /]# gpg --export-armor> kapil-key.asc
|
|
<br>Here "--export" is for extracting your Public-key from your pubring
|
|
encrypted file , "-armor" is to create ASCII armored output that you can
|
|
mail, publish it on a web page and "> kapil-key.asc" is to put the result
|
|
in a file.
|
|
<li>
|
|
To export your public key in ASCII armored output and to view it , use
|
|
the following command:</li>
|
|
|
|
<br> [root@dragon /]# gpg --export-armor
|
|
<br>-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
<br>Version: GnuPG v1.0.2 (GNU/Linux)
|
|
<br>Comment: For info see http://www.gnupg.org
|
|
<p>[...]
|
|
<br>-----END PGP PUBLIC KEY BLOCK-----
|
|
<br> </ul>
|
|
<b>5: Importing a public key</b>
|
|
<br>Once your own keypair is created, you can put it into your public keyring
|
|
database of all keys from trusted third party in order to be able to use
|
|
the keys for future encryption and authentication communication. A public
|
|
key may be added to your public keyring with the --import option.
|
|
<p> [root@dragon /]# gpg --import <filename>
|
|
<br>Here "filename" is the name of the exported public key.
|
|
<br>For example:
|
|
<br>[root@dragon /]# gpg --import mandrake.asc
|
|
<br>gpg: key :9B4A4024: public key imported
|
|
<br>gpg: /root/.gnupg/trustdb.gpg: trustdb created
|
|
<br>gpg: Total number processed: 1
|
|
<br>gpg:
|
|
imported: 1
|
|
<p>In the above example we imported the Public key file "mandrake.asc"
|
|
from the company Mandrake Linux, downloadable from Mandrake Internet site,
|
|
into our keyring.
|
|
<p><b>6: Validating the key</b>
|
|
<br>Once a key is imported it should be validated. A key is validated
|
|
by verifying the key's fingerprint and then signing the key to certify
|
|
it as a valid key. A key's fingerprint can be quickly viewed with the --fingerprint
|
|
command-line option.
|
|
<br>[root@dragon /]# gpg --fingerprint <UID>
|
|
<br>As a example:
|
|
<br>[root@dragon /]# gpg --fingerprint mandrake
|
|
<br>pub 1024D/9B4A4024 2000-01-06 MandrakeSoft (MandrakeSoft official
|
|
keys) <mandrake@mandrakesoft.com>
|
|
<br> Key fingerprint = 63A2 8CBD A7A8 387E 1A53
|
|
2C1E 59E7 0DEE 9B4A 4024
|
|
<br>sub 1024g/686FF394 2000-01-06
|
|
<p>In the above example we verified the fingerprint of mandrake. A key's
|
|
fingerprint is verified with the key's owner. This may be done in person
|
|
or over the phone or through any other means as long as you can guarantee
|
|
that you are communicating with the key's true owner. If the fingerprint
|
|
you get is the same as the fingerprint the key's owner gets, then you can
|
|
be sure that you have a correct copy of the key.
|
|
<p><b>7: Key Signing</b>
|
|
<br>After importing and verifying the keys that you have imported into
|
|
your public database, you can start signing them. Signing a key certifies
|
|
that you know the owner of the keys. You should only sign the keys when
|
|
you are 100% sure of the authentication of the key.
|
|
<br>
|
|
<ul>
|
|
<li>
|
|
To sign a key for the company Mandrake that we have added on our keyring
|
|
above, use the following command:</li>
|
|
|
|
<br>[root@dragon /]# gpg --sign-key <UID>
|
|
<br>As an example:
|
|
<br>[root@dragon /]# gpg --sign-key <UID>
|
|
<br>pub 1024D/9B4A4024 created: 2000-01-06 expires: never
|
|
trust: -/q
|
|
<br>sub 1024g/686FF394 created: 2000-01-06 expires: never
|
|
<br>(1) MandrakeSoft (MandrakeSoft official keys) <mandrake@mandrakesoft.com>
|
|
<br>
|
|
<p>pub 1024D/9B4A4024 created: 2000-01-06 expires: never
|
|
trust: -/q
|
|
<br>
|
|
Fingerprint: 63A2 8CBD A7A8 387E 1A53 2C1E 59E7 0DEE 9B4A 4024
|
|
<p> MandrakeSoft (MandrakeSoft official keys) <mandrake@mandrakesoft.com>
|
|
<p>Are you really sure that you want to sign this key
|
|
<br>with your key: "Kapil Sharma (Unix/Linux consultant) <kapil@linux4biz.net> "
|
|
<p>Really sign? y
|
|
<p>You need a passphrase to unlock the secret key for
|
|
<br>user: "Kapil Sharma (Unix/Linux consultant) <kapil@linux4biz.net> "
|
|
<br>1024-bit DSA key, ID 020C9884, created 2000-11-09
|
|
<p>Enter passphrase:
|
|
<br> </ul>
|
|
<b>8: Checking Signatures</b>
|
|
<br>Once signed you can check the key to list the signatures on it and
|
|
see the signature that you have added. Every user ID on the key will have
|
|
one or more self-signatures as well as a signature for
|
|
<br>each user that has validated the key. We can check the signatures of
|
|
the keys by the gpg option "--check-sigs:
|
|
<br>As an example:
|
|
<br>[root@dragon /]# gpg --check-sigs mandrake
|
|
<br>pub 1024D/9B4A4024 2000-01-06 MandrakeSoft (MandrakeSoft official
|
|
keys) <mandrake@mandrakesoft.com>
|
|
<br>sig! 9B4A4024 2000-01-06
|
|
MandrakeSoft (MandrakeSoft official keys) <mandrake@mandrakesoft.com>
|
|
<br>sig! 020C9884 2000-11-09
|
|
Kapil Sharma (Unix/Linux consultant) <kapil@linux4biz.net>
|
|
<br>sub 1024g/686FF394 2000-01-06
|
|
<br>sig! 9B4A4024 2000-01-06
|
|
MandrakeSoft (MandrakeSoft official keys) <mandrake@mandrakesoft.com>
|
|
<p><b>9: Encrypting and decrypting</b>
|
|
<br>The procedure for encrypting and decrypting documents is very simple.
|
|
If you want to encrypt a message to mandrake, you encrypt it using mandrake
|
|
public key, and then only mandrake can
|
|
<br>decrypt that file with his private key. If Mandrake wants to
|
|
send you a message, it encrypts it using your public key, and you
|
|
decrypt it with your private key.
|
|
<p>To encrypt and sign data for the user Mandrake that we have added on
|
|
our keyring use the following command (You must have a public key of the
|
|
recipient):
|
|
<br>[root@dragon /]# gpg -sear <UID of the public key> <file>
|
|
<p>As an example:
|
|
<br>[root@dragon /]# gpg -sear Mandrake document.txt
|
|
<br>You need a passphrase to unlock the secret key for
|
|
<br>user: "Kapil Sharma (Unix/Linux consultant) <kapil@linux4biz.net> "
|
|
<br>1024-bit DSA key, ID 020C9884, created 2000-11-09
|
|
<p>Enter passphrase:
|
|
<p>Here "s" is for signing , "e" for encrypting, "a" to create ASCII armored
|
|
output (".asc" is ready for sending by mail), "r" to encrypt the user id
|
|
name and <file> is the data you want to encrypt
|
|
<p> To decrypt data ,use the following command:
|
|
<br>[root@dragon /]# gpg -d <file>
|
|
<p>As an example:
|
|
<br>[root@dragon /]# gpg -d documentforkapil.asc
|
|
<br>You need a passphrase to unlock the secret key for
|
|
<br>user: "Kapil Sharma (Unix/Linux consultant) <kapil@linux4biz.net> "
|
|
<br>1024-bit DSA key, ID 020C9884, created 2000-11-09
|
|
<br>Enter passphrase:
|
|
<p>Here the parameter "d" is for decrypting the data and <file> is a
|
|
data you want to decrypt.
|
|
<br>[Note: you must have the public key of the sender of the message/data
|
|
that you want to decrypt in your public keyring database.]
|
|
<p><b>10: Checking the signature</b>
|
|
<br>Once you have extracted your public key and exported it then by using
|
|
the --verify option of GnuPG anybody can check whether encrypted data from
|
|
you is also signed by you.
|
|
<ul>
|
|
<li>
|
|
To check the signature of encrypted data, use the following command:</li>
|
|
|
|
<br>[root@dragon /]# gpg --verify <Data>
|
|
<br>Here "--verify" option is to check the signature and "<Data> " is
|
|
the encrypted data/file you want to verify.</ul>
|
|
|
|
<p><br><b><font size=+2>Some uses of GnuPG software</font></b>
|
|
<p>1: Send encrypted mail messages.
|
|
<br>2: Encrypt files and documents
|
|
<br>3: Transmit encrypted files and important documents through network
|
|
<br>
|
|
<p><b><font size=+2>Here is a list of some of the Frontend and software
|
|
for GnuPG</font></b>
|
|
<p><b>
|
|
<a href="http://www.gnupg.org/gpa.html">GPA</a> aims to be the standard
|
|
GnuPG graphical frontend. This has a very nice GUI interface.</b>
|
|
<br><b>
|
|
<a href="http://www.geocities.com/SiliconValley/Chip/3708/gpgp/gpgp-intro.html#this">GnomePGP</a>
|
|
is a GNOME desktop tool to control GnuPG.</b>
|
|
<br><b>
|
|
<a href="http://geheimnis.sourceforge.net/">Geheimniss</a> is a KDE frontend
|
|
for GnuPG.</b>
|
|
<br><b>
|
|
<a href="http://pgp4pine.flatline.de/">pgp4pine</a> is a Pine filter to
|
|
handle PGP messages.</b>
|
|
<br><b>
|
|
<a href="http://www.physto.se/~p99jlu/MagicPGP.html">MagicPGP</a> is yet
|
|
another set of scripts to use GnuPG with Pine.</b>
|
|
<br><b>
|
|
<a href="http://www.megaloman.com/~hany/software/pinepgp/">PinePGP</a>
|
|
is also a Pine filter for GnuPG.</b>
|
|
<br>
|
|
<p><b><font size=+2>More Information</font></b>
|
|
<p><a href="http://www.gnupg.org/docs.html">http://www.gnupg.org/docs.html</a>
|
|
<p><b><font size=+2>Conclusion</font></b>
|
|
<p>Anybody who is cautious about security must use GnuPG. It is one of
|
|
the best open-source programs which has all the functions for encryption
|
|
and decryption for all your secure data and can be used without any restrictions
|
|
since it is under GNU General Public License. It can be used to send encrypted
|
|
mail messages, files and documents for security. It can also be used
|
|
to transmit files and important documents through network securely.
|
|
|
|
|
|
|
|
|
|
<!-- *** BEGIN copyright *** -->
|
|
<P> <hr> <!-- P -->
|
|
<H5 ALIGN=center>
|
|
|
|
Copyright © 2000, Kapil Sharma.<BR>
|
|
Copying license <A HREF="../copying.html">http://www.linuxgazette.com/copying.html</A><BR>
|
|
Published in Issue 60 of <i>Linux Gazette</i>, December 2000</H5>
|
|
<!-- *** END copyright *** -->
|
|
|
|
<!--startcut ==========================================================-->
|
|
<HR><P>
|
|
<CENTER>
|
|
<!-- *** BEGIN navbar *** -->
|
|
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="kasten.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue60/sharma.html"><IMG ALT="[ Talkback ]" SRC="../gx/navbar/talkback.jpg" WIDTH="121" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../faq/index.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="sipos.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
|
|
<!-- *** END navbar *** -->
|
|
</CENTER>
|
|
</BODY></HTML>
|
|
<!--endcut ============================================================-->
|