Saturday, October 1, 2016

how to use gpg2 to send/recieve encrypt messaage or document

*** scenario
-user1, create, a private key and a public key derive from private key
-user2, do the same thing

- user1 and user2 exchange the public keys
- both users use other public key to encrypt the message, so other user also have the private key to decrypt the message


1- install gnupg2 on ubuntu and haveged to speed up the generate key process
$ sudo apt-get install gnupg2 haveged

2-  generate keys using the following command and answer that the command asks
$ gpg2 --gen-key

3- list all keys that we have with  the following command
$ gpg2 --list-keys
/home/tan/.gnupg/pubring.kbx
----------------------------
pub   rsa2048/17BA99AB 2016-10-01 [SC]
uid         [ultimate] user1 <user1@domain1.test>
sub   rsa2048/B90DD255 2016-10-01 [E]




4- now we can export public key from our private key for other to encrypt the message for us
$ gpg2 --export -a "user1@domain1.test" > public.key

5- we do the same step as above for user2

6- after user2 done the steps above and export public key, name public-user2.key and send to user1

7- now we import the public of user2 before we can encrypt document with it
$ gpg2 --import public-user2.key

-list keys again we see user2 public key
$ gpg2 --list-keys
/home/tan/.gnupg/pubring.kbx
----------------------------
pub   rsa2048/17BA99AB 2016-10-01 [SC]
uid         [ultimate] user1 <user1@domain1.test>
sub   rsa2048/B90DD255 2016-10-01 [E]

pub   rsa2048/63AD9426 2016-10-01 [SC]
uid         [ unknown] user2 <user2@domain1.test>
sub   rsa2048/7A079B0C 2016-10-01 [E]


8- now encrypt it with the user2 public key
$ gpg2 --encrypt --recipient user2@domain1.test --encrypt topsec.doc

- after the command complete it will generate a new encrypted document call
topsec.doc.gpg, so send it to user2, and only user2 could open it because he has the key,

9- on user2 run the following command to decrypt it, and it will ask for password that it is the password we asked during key generation
$ gpg2 topsec.doc.gpg

- after that it will generate an decrypt version of the document
$ ls
public-user2.key  topsec.doc  topsec.doc.gpg







***tips
if we just want to use the public keys one time, we can change the home directory when import the public key and use the directory to encrypt the message
$  mkdir gpg2user2
$  gpg2 --homedir gpg2user2 --import public-user2.key
$ gpg2 --homedir gpg2user2/ --list-keys
gpg: WARNING: unsafe permissions on homedir 'gpg2user2/'
gpg2user2//pubring.kbx
----------------------
pub   rsa2048/63AD9426 2016-10-01 [SC]
uid         [ unknown] user2 <user2@domain1.test>
sub   rsa2048/7A079B0C 2016-10-01 [E]

$ gpg2 --homedir gpg2user2 --encrypt --recipient user2@domain1.test --encrypt topsec.doc




No comments:

Post a Comment