Basic PGP encryption/decryption and keys management

been asked to use pgp to encrypt files before upload them unto remote SFTP server.
So I worte this as a quick reference and notes.
here are some basic pgp commands to get you start to encrypt your files, emails and disk drive.

You can go GPG4Win and download GPG program

1. generate keys

gpg –gen-key

as you can see from the following content, I generate a key “pgptester”
the program will also ask you to provide passphrase password key

C:\Users\chako>gpg --gen-key
gpg (GnuPG) 2.0.30; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: pgptester
Email address: pgptester@gmail.com
Comment:
You selected this USER-ID:
    "pgptester <pgptester@gmail.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 5AE84DCA marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: public key of ultimately trusted key 0B40244A not found
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   3  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 3u
pub   2048R/5AE84DCA 2017-11-21
      Key fingerprint = 18C3 8B89 E9B8 7E08 F588  38A1 D86D C5CD 5AE8 4DCA
uid       [ultimate] pgptester <pgptester@gmail.com>
sub   2048R/B0EC6DC0 2017-11-21


C:\Users\chako>

2. List keys

gpg –list-keys

our new keys are list in the table “pgptester”
and “5AE84DCA” is our new public key. We can use the public key to encrypt files and
use private key to decrypt files.

C:\Users\chako>gpg --list-keys
C:/Users/chako/AppData/Roaming/gnupg/pubring.gpg
------------------------------------------------
pub   2048R/27D8D2AE 2017-11-15
uid       [ultimate] xttest <xttest@gmail.com>
sub   2048R/D5CD2620 2017-11-15

pub   2048R/6EC98110 2017-11-15
uid       [ unknown] pgptest@gmail.com

pub   2048R/5AE84DCA 2017-11-21
uid       [ultimate] pgptester <pgptester@gmail.com>
sub   2048R/B0EC6DC0 2017-11-21


C:\Users\chako>

3. encrypt files

# the long version
gpg –encrypt –recipient ‘Your Name’ foo.txt

# using terse options
gpg -e -r Name file.txt

gpg –batch –yes -e -r “public key” –always-trust “file path”

you can see after we encrypt “test_pic.jpg”, the program will create a encrypted file called “test_pic.jpg.gpg”

D:\>dir
 Volume in drive D has no label.
 Volume Serial Number is E0FD-4810

 Directory of D:\

11/19/2017  09:49 PM           108,611 test_pic.jpg
               1 File(s)        108,611 bytes
               0 Dir(s)      90,058,752 bytes free

D:\>gpg --batch --yes -e -r 5AE84DCA --always-trust test_pic.jpg

D:\>dir
 Volume in drive D has no label.
 Volume Serial Number is E0FD-4810

 Directory of D:\

11/19/2017  09:49 PM           108,611 test_pic.jpg
11/20/2017  10:52 PM           108,515 test_pic.jpg.gpg
               2 File(s)        217,126 bytes
               0 Dir(s)      89,948,160 bytes free

D:\>

4. decrypt files

gpg –output decrypted_pic.jpg –decrypt test_pic.jpg.gpg

We have to use private key top decrypt the files and after the decryption we get our test_pic.jpg back. 🙂

D:\>dir
 Volume in drive D has no label.
 Volume Serial Number is E0FD-4810

 Directory of D:\

11/20/2017  10:52 PM           108,515 test_pic.jpg.gpg
               1 File(s)        108,515 bytes
               0 Dir(s)      90,058,752 bytes free

D:\>gpg --output decrypted_pic.jpg --decrypt test_pic.jpg.gpg

You need a passphrase to unlock the secret key for
user: "pgptester <pgptester@gmail.com>"
2048-bit RSA key, ID B0EC6DC0, created 2017-11-21 (main key ID 5AE84DCA)

gpg: encrypted with 2048-bit RSA key, ID B0EC6DC0, created 2017-11-21
      "pgptester <pgptester@gmail.com>"

D:\>dir
 Volume in drive D has no label.
 Volume Serial Number is E0FD-4810

 Directory of D:\

11/20/2017  10:55 PM           108,611 decrypted_pic.jpg
11/20/2017  10:52 PM           108,515 test_pic.jpg.gpg
               2 File(s)        217,126 bytes
               0 Dir(s)      89,948,160 bytes free

D:\>

5. other management

list key

gpg –list-keys

delete key

gpg –delete-key ‘myfriend@his.isp.com’

D:\>gpg --delete-key pgptest@gmail.com
gpg (GnuPG) 2.0.30; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


pub  2048R/6EC98110 2017-11-15 pgptest@gmail.com

Delete this key from the keyring? (y/N) y

D:\>

import key

gpg –import key.asc

D:\>gpg --import testkey.asc
gpg: key 6EC98110: public key "pgptest@gmail.com" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

D:\>

export keys

gpg –export-secret-keys -a keyid > my_private_key.asc
gpg –export -a keyid > my_public_key.asc

gpg –export -a 5AE84DCA > pub.asc

GnuPG Data Location
C:\Users\{Your User Name}\AppData\Roaming\GnuPG

Leave a Reply

Your email address will not be published. Required fields are marked *