Standards based open source encryption tools are a fundemental part of any secure IT stance. Here are examples, tips, and resources for working effectively with the gpg encryption toolset.
Simple non-signed use.
$ gpg -c --force-mdc -a test [ open password prompt, encrypts test -> test.asc ] $ gpg -a -d test.asc [ the -d means just output to stdout, otherwise will create an unencrypted file ]
There is a pgp-agent process that magically shadows use of gpg and will cache passwords typically for 10 minutes by default. Configuration files in user home directory allow changing cache ttl and other settings.
$ cat ~/.gnupg/gpg.conf # no effect? no-use-agent $ cat ~/.gnupg/gpg-agent.conf # Cache settings, expire after 5 seconds default-cache-ttl 5
Sometimes gpg-agent needs to be restarted.
$ gpg -a -d keys.asc gpg: CAST5 encrypted data gpg: problem with the agent: No pinentry gpg: encrypted with 1 passphrase gpg: decryption failed: No secret key $ ps ax | grep gpg 1060 ?? Ss 0:19.93 gpg-agent --daemon --use-standard-socket $ kill 1060
Signing and expert uses.
... basic notes only for now
$ gpg --list-secret-keys $ gpg --list-keys $ gpg --delete-keys DBCBE671 $ gpg --list-key $ gpg --gen-key $ gpg --list-keys /Users/rickatech/.gnupg/pubring.gpg ----------------------------------- pub 2048R/F3E78F92 2013-06-09 uid Cool Dude (pithy phrase 1)sub 2048R/F186443E 2013-06-09 $ gpg --clearsign test You need a passphrase to unlock the secret key ? $ cat test.asc ... $ gpg --verify text.asc gpg: Signature made Sat Jun 8 18:38:55 2013 PDT using RSA key ID xxxxxxxx gpg: Good signature from ? $ gpg --encrypt -a test $ gpg test.asc [ this will ask for your secret key passphrase ] $ gpg --gen-revoke 9DC0387E [ this generates a cert letting the world know a certain key is no longer valid ]