After installing, importing, signing and configuring everything in the way that we want, we can start on encrypting and decrypting our work.
To encrypt and sign data for the user RedHat that we have added on our keyring above, use the following command:
[root@deep] /# gpg -sear RedHat <file>
|
Example 19-3. Encrypting
[root@deep] /# gpg -sear RedHat message-to-RedHat.txt
|
You need a passphrase to unlock the secret key for
user: "Gerhard Mourani (Open Network Architecture) <[email protected]>"
1024-bit DSA key, ID BBB4BA9B, created 1999-10-26
Enter passphrase:
|
Of the arguments passed,
To avoid the risk that somebody else claims to be you, it is very useful to sign everything you encrypt,
e for encrypting,
a to create ASCII armored output .asc ready for sending by mail,
r to encrypt the user id name
<file> is the message you want to encrypt.
To decrypt data, use the following command:
[root@deep] /# gpg -d <file>
|
Example 19-4. Decrypting
[root@deep] /# gpg -d message-to-Gerhard.asc
|
You need a passphrase to unlock the secret key for
user: "Gerhard Mourani (Open Network Architecture) <[email protected]>"
2048-bit ELG-E key, ID 71D4CC44, created 1999-10-26 (main key ID BBB4BA9B)
Enter passphrase:
|
Where
It is important that the public key of the sender of the message we want to decrypt be in our public keyring
database. or of course nothing will work.
You can spread your wings by exporting and distributing your public key to the world. This can be done by publishing it on your homepage, through an available key server on the Internet, or any other available
method. GnuPG has some useful options to help you publish your public keys.
To extract your public key in ASCII armored output, use the following command:
[root@deep] /# gpg --export --armor > Public-key.asc
|
where
--export is for extracting your Public-key from your pubring encrypted file,
--armor is to create ASCII armored output that you can mail, publish or put it on a web page
> Public-key.asc is to put the result in a file that you've named Public-key.asc.
You need to Check the signature, once you have extracted your public key and exported it, everyone who knows or gets your public key should be able to check whether encrypted data from you is also really signed by you.
To check the signature of encrypted data, use the following command:
[root@deep] /# gpg --verify <Data>
|
The --verify option will check the signature where <Data> is the encrypted data/file you want to verify.
Some possible uses of GnuPG software
Send encrypted mail massage.
Encrypt backup files before transmission over the network.
Encrypt individual sensitive files i.e. a file that handle all your passwords.