Markus Rechberger / gpg
 
StartSeite | MarkusRechberger/ | Neues | TestSeite | ForumSeite | Teilnehmer | Kategorien | Index | Hilfe | Einstellungen | Ändern

gnupg

Notes for using GPG to encrypt and decrypt backup files

GPG allows you to use public-private key encryption to encrypt
and decrypt files on Windows and Linux.  The benefit of public-private
key encryption is that you can keep your public key out in
the open, and use it from anywhere to encrypt files.  Once
encrypted with the public key, those files can only be decrypted
with the private key.  The idea is to keep the private key 
someplace safe, like on a CDROM in a bank vault, and then you can
keep the encrypted backup files and public key just about anywhere.
Better yet, you can send the encrypted backup files over easy-to-use,
unencrypted network protocols, like FTP and HTTP.

In a simple, scheduled Perl script, I can create a backup of my websites, 
encrypt them, and then transfer them by anonymous FTP to my home computer.
Similarly, I can encrypt important files on my home computer and store
them safely on third-party servers.  The notes below outline the commands
that are needed to perform the necessary operations.

GPG requires a home directory to store its keys.
In Linux, it uses HOME/.gnupg
In Windows, it uses what you specify in the registry keys,
	which by default is c:\GnuPG

Keys are stored in files called "key rings".
	The secring.gpg file is the key ring that stores secret keys.
	The pubring.gpg file is the key ring that stores public keys.

Keys in the key rings are referred to by the name, or partial name.
	e.g. to refer to the key of "Shailesh N. Humbad", 
		you can use "Shailesh" as the name.

To create a new public/private key pair, run:
	gpg --gen-key
and follow the prompts.

To list public keys, run:
	gpg --list-keys

To list private or secret keys, run:
	gpg --list-secret-keys

To export a public key to an ascii text file, run:
	gpg -a --export NAME > yourpublickey.gpg

To export a private (or secret) key to an ascii text file, run:
	gpg -a --export-secret-keys NAME > yourprivatekey.gpg

To delete a public key from the local key ring:
	gpg --delete-keys NAME

To delete a secret key from the local key ring:
	gpg --delete-secret-key NAME

To encrypt a file, use:
	gpg -r NAME --output OUTFILE.gpg --encrypt INFILE

To decrypt a file, use:
	gpg -r NAME --output OUTFILE --decrypt INFILE.gpg

If you leave out the "-r" option, it will prompt you for the
	 name of the user whose key should be used.
Decrypting a file requires that you have the secret key in the local
 key ring, and it will prompt you for the passphrase to access the secret key.

To make a backup of a key, copy the key to an ASCII file as shown above.
These can be imported into another key ring on another computer, but
they can't be directly used during a gpg command.

You may want to keep your secret key ONLY on external media (recommended), 
but be able to decrypt files using that key with a single command.

In this case, you need to create a key ring file containing your secret
key.  To do this, first make sure the desired key exists in the local key
ring file by using the list commands.  Then copy the ring.gpg file
to the external media.  To use the external key ring store, use the
--secret-keyring option in the command line.

(You can make sure only selected keys exist in the key ring file by 
making a backup copy of the original, importing the selected keys, 
copying the new key ring, and then restoring the original.)

To decrypt a file with an external key ring, run:
	gpg --secret-keyring KEYRING -o OUTFILE --decrypt INFILE

To import a key, run:
	gpg --import KEYFILE


StartSeite | MarkusRechberger/ | Neues | TestSeite | ForumSeite | Teilnehmer | Kategorien | Index | Hilfe | Einstellungen | Ändern
Text dieser Seite ändern (zuletzt geändert: 2. Februar 2005 11:45 (diff))
Suchbegriff: gesucht wird
im Titel
im Text