Data encryption and signing with The GNU Privacy Guard (GPG)

Posted in Friday, October 30, 2009 ¬ 16:24h.webmasterNo Comments »

Privacy is being threatened.

The answer to this is to use software, that can

  • confirm, that messages is in fact from the expected sender,
  • confirm, that messages are authentic, and,
  • encrypt and decrypt messages, documents and files.

In terms of software, this is referred to as signed and encrypted messages. In order to do this, a pair of keys are used by both senders and receivers. A key pair is a private key and a public key.

The GNU Privacy Guard (GPG) is the GNU project’s complete and free implementation of the OpenPGP standard as defined by RFC 4880.

The signing works as follows.

  1. The sender creates a message.
  2. The sending software generates a hash code of the message.
  3. The sending software generates a signature from the hash code using the private key of the sender.
  4. The signature is attached to the message.
  5. The receiving software keeps a copy of the received signature, that was attached to the message.
  6. The receiving software generates a new hash code for the received message and verifies it using the kept signature, that was attached to the message. If the verification is succesful, the message is accepted as beeing authentic.

The encryption works as follows.

  1. The sender creates a message.
  2. The sending software generates a random number. This is used as a session key for this message only.
  3. The session key is encrypted using the public key of each recipient. These encrypted session keys start the message.
  4. The sending software encrypts the message.
  5. The receiving software decrypts the session key using the private key of the recipient.
  6. The receiving software decrypts the message using the session key.

GPG allows you to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kind of public key directories. GPG is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available.

Version 2 of GPG also provides support for S/MIME.

On a FreeBSD operating system, GPG can be installed from the ports collection.

cd /usr/ports/security/gnupg
make
make install

You are now ready to create, export, import and sign keys. The homepage of GPG has good documentation.

The quick and dirty guide to key administration and usage by a senior member of the FreeBSD forums is also recommended.

Print
Content Management, Procedure, System Management

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>