been asked to use pgp to encrypt files before upload them unto remote SFTP server.
So I worte this as a quick reference and notes.
here are some basic pgp commands to get you start to encrypt your files, emails and disk drive.
You can go GPG4Win and download GPG program
1. generate keys
gpg –gen-key
as you can see from the following content, I generate a key “pgptester”
the program will also ask you to provide passphrase password key
C:\Users\chako>gpg --gen-key
gpg (GnuPG) 2.0.30; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: pgptester
Email address: pgptester@gmail.com
Comment:
You selected this USER-ID:
"pgptester <pgptester@gmail.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 5AE84DCA marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: public key of ultimately trusted key 0B40244A not found
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 3 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 3u
pub 2048R/5AE84DCA 2017-11-21
Key fingerprint = 18C3 8B89 E9B8 7E08 F588 38A1 D86D C5CD 5AE8 4DCA
uid [ultimate] pgptester <pgptester@gmail.com>
sub 2048R/B0EC6DC0 2017-11-21
C:\Users\chako>
2. List keys
gpg –list-keys
our new keys are list in the table “pgptester”
and “5AE84DCA” is our new public key. We can use the public key to encrypt files and
use private key to decrypt files.
C:\Users\chako>gpg --list-keys C:/Users/chako/AppData/Roaming/gnupg/pubring.gpg ------------------------------------------------ pub 2048R/27D8D2AE 2017-11-15 uid [ultimate] xttest <xttest@gmail.com> sub 2048R/D5CD2620 2017-11-15 pub 2048R/6EC98110 2017-11-15 uid [ unknown] pgptest@gmail.com pub 2048R/5AE84DCA 2017-11-21 uid [ultimate] pgptester <pgptester@gmail.com> sub 2048R/B0EC6DC0 2017-11-21 C:\Users\chako>
3. encrypt files
# the long version
gpg –encrypt –recipient ‘Your Name’ foo.txt
# using terse options
gpg -e -r Name file.txt
gpg –batch –yes -e -r “public key” –always-trust “file path”
you can see after we encrypt “test_pic.jpg”, the program will create a encrypted file called “test_pic.jpg.gpg”
D:\>dir
Volume in drive D has no label.
Volume Serial Number is E0FD-4810
Directory of D:\
11/19/2017 09:49 PM 108,611 test_pic.jpg
1 File(s) 108,611 bytes
0 Dir(s) 90,058,752 bytes free
D:\>gpg --batch --yes -e -r 5AE84DCA --always-trust test_pic.jpg
D:\>dir
Volume in drive D has no label.
Volume Serial Number is E0FD-4810
Directory of D:\
11/19/2017 09:49 PM 108,611 test_pic.jpg
11/20/2017 10:52 PM 108,515 test_pic.jpg.gpg
2 File(s) 217,126 bytes
0 Dir(s) 89,948,160 bytes free
D:\>
4. decrypt files
gpg –output decrypted_pic.jpg –decrypt test_pic.jpg.gpg
We have to use private key top decrypt the files and after the decryption we get our test_pic.jpg back. 🙂
D:\>dir
Volume in drive D has no label.
Volume Serial Number is E0FD-4810
Directory of D:\
11/20/2017 10:52 PM 108,515 test_pic.jpg.gpg
1 File(s) 108,515 bytes
0 Dir(s) 90,058,752 bytes free
D:\>gpg --output decrypted_pic.jpg --decrypt test_pic.jpg.gpg
You need a passphrase to unlock the secret key for
user: "pgptester <pgptester@gmail.com>"
2048-bit RSA key, ID B0EC6DC0, created 2017-11-21 (main key ID 5AE84DCA)
gpg: encrypted with 2048-bit RSA key, ID B0EC6DC0, created 2017-11-21
"pgptester <pgptester@gmail.com>"
D:\>dir
Volume in drive D has no label.
Volume Serial Number is E0FD-4810
Directory of D:\
11/20/2017 10:55 PM 108,611 decrypted_pic.jpg
11/20/2017 10:52 PM 108,515 test_pic.jpg.gpg
2 File(s) 217,126 bytes
0 Dir(s) 89,948,160 bytes free
D:\>
5. other management
list key
gpg –list-keys
delete key
gpg –delete-key ‘myfriend@his.isp.com’
D:\>gpg --delete-key pgptest@gmail.com gpg (GnuPG) 2.0.30; Copyright (C) 2015 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. pub 2048R/6EC98110 2017-11-15 pgptest@gmail.com Delete this key from the keyring? (y/N) y D:\>
import key
gpg –import key.asc
D:\>gpg --import testkey.asc gpg: key 6EC98110: public key "pgptest@gmail.com" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) D:\>
export keys
gpg –export-secret-keys -a keyid > my_private_key.asc
gpg –export -a keyid > my_public_key.asc
gpg –export -a 5AE84DCA > pub.asc
GnuPG Data Location
C:\Users\{Your User Name}\AppData\Roaming\GnuPG