Ubuntu Open PGP IMPLEMENTATION Dr. ENİS KARAARSLAN 2014
Enter your personal information, select your key encryption type, key strength, and when you want your key to expire. Your name and email address can be anything you want, not necessarily your real name or email address. If you want to use your OpenPGP key for encrypting email, put the email address you want to use with encryption in the Email Addresss box. Either RSA or DSA Elgamal will be fine for the encryption type RSA is newer, though it may take longer to generate keys initially. For key strength, use the strongest available 4096 bits, at the time of writing.
Enter a strong password that you can remember. If you forget this password, it cannot be recovered and any encrypted data you have using it, including emails, will be permanently inaccessible.
The computer will now generate the key, which may take a long time. After this, you will have a OpenPGP key pair that is ready to be used. You can manage the key options, export the public key, change the password, delete and/or revoke the key, and perform other key adjustments through the interface
Some other plugins are needed to be installed Import Key Decrypt file
You can import mine or your other friends key by using the menu: Remote Find remote keys
Type some key words (a name or alias) to search the key servers. The best way to find someone is to search for their email address, as it s uniquely tied to them. Select and review the keys that are returned to determine whether the key(s) returned belong to the person you re looking for. You can review additional information about the key by pressing the Properties button.
Once you ve determined and selected the key(s) you want to import into your local keyring, press Import.
Encryption Gnu privacy assistant gpa Kleopatra
GPA Run from command line ( disable unsupported x509 certificates.): gpa disable-x509 (You can also find the shortcut (Applications -> Accessories -> gpa), click Properties, and add your argument to the command.)
List your public keys: gpg list-keys enisk@atilgan:~/documents$ gpg --fingerprint /home/enisk/.gnupg/pubring.gpg ------------------------------ pub 4096R/6D122D94 2014-05-21 Key fingerprint = 233E A1F2 6F67 346B 4042 823D 12C5 051F 6D12 2D94 uid Enis Karaarslan <enis.karaarslan@gmail.com> sub 4096R/6675C055 2014-05-21
Set your key as the default key by entering this line in your ~/.bashrc. export GPGKEY=6D122D94 Please note that will be sourced only during your next session, unless you source it manually. Now restart the gpg-agent and source your.bashrc again: killall -q gpg-agent eval $(gpg-agent --daemon) source ~/.bashrc
If you created an "RSA (sign only)" earlier, you will probably want to add encryption capabilities. Assuming you edited ~/.bashrc as above, open a terminal again and enter: gpg --cert-digest-algo=sha256 --edit-key $GPGKEY
enisk@atilgan:~$ gpg --cert-digest-algo=sha256 --edit-key $GPGKEY gpg (GnuPG) 1.4.14; Copyright (C) 2013 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. pub 4096R/6D122D94 created: 2014-05-21 expires: never usage: SC trust: ultimate validity: ultimate sub 4096R/6675C055 created: 2014-05-21 expires: never usage: E [ultimate] (1). Enis Karaarslan <enis.karaarslan@gmail.com>
Encrypt gpg --output cevap.gpg --encrypt --recipient enis.karaarslan@gmail.com Documents/sinavsoru
Decrypt enisk@atilgan:~$ gpg --output cevapdesifre.txt --decrypt cevap.gpg You need a passphrase to unlock the secret key for user: "Enis Karaarslan <enis.karaarslan@gmail.com>" 4096-bit RSA key, ID 6675C055, created 2014-05-21 (main key ID 6D122D94) gpg: problem with the agent - disabling agent use gpg: encrypted with 4096-bit RSA key, ID 6675C055, created 2014-05-21 "Enis Karaarslan <enis.karaarslan@gmail.com>"
Test Test with your public and private keys to see if it is working...
gpg --cert-digest-algo=sha256 --edit-key $GPGKEY
Create a signature file This is done for AUTHENTICATION A signed document has limited usefulness. Other users must recover the original document from the signed version, and even with clearsigned documents, the signed document must be edited to recover the original. Therefore, there is a third method for signing a document that creates a detached signature, which is a separate file. A detached signature is created using the --detach-sig option. enisk@atilgan:~$ gpg --output cevap.sig --detach-sig cevap.gpg You need a passphrase to unlock the secret key for user: "Enis Karaarslan <enis.karaarslan@gmail.com>" 4096-bit RSA key, ID 6D122D94, created 2014-05-21 gpg: problem with the agent - disabling agent use
Verify Signature Both the document and detached signature are needed to verify the signature. The --verify option can be to check the signature. enisk@atilgan:~/deneme$ gpg --verify cevap.sig cevap.gpg gpg: Signature made Fri 23 May 2014 03:26:26 PM EEST using RSA key ID 96EB149C gpg: Good signature from "Deneme Ogrenci <denemeogrenci@mu.edu.tr>"
Sign with other's pub key enisk@atilgan:~$ gpg --output cevap.gpg --encrypt --recipient murat.soysal@tubitak.gov.tr Documents/sinavsoru gpg: AFB0F3FC: There is no assurance this key belongs to the named user pub 2048R/AFB0F3FC 2012-07-02 Murat Soysal (e-mail address changed) <murat.soysal@tubitak.gov.tr> Primary key fingerprint: CE23 B155 6560 707E F01A F7D1 D2E9 EBF2 283D 85CE Subkey fingerprint: B9C9 F77C 9417 9285 9289 7109 188F CB89 AFB0 F3FC It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes. Use this key anyway? (y/n) y
Test A key with denemeogrenci@mu.edu.tr is generated on another machine All these are tested on 2 different machines, one simulation student and other simulating the teacher. System works as expected.
EXPECTED Inform me of your public key so that I can import it To encrypt with the teachers public key ( enis.karaarslan@gmail.com - KEYID=6D122D94) cevap.gpg To create a signaturefile with your private key cevap.sig Tar these documents in the format yoursurname_name_answer.tar Send it to enis.karaarslan@gmail.com
References [1] https://www.riseup.net/en/howto-gpg-keys [2] https://www.gnupg.org/gph/en/manual.html#a EN111