Brainscape GPG Flashcards
encrypt a file with symmetric encryption
gpg –symmetric file.txt gpg -c file.txt
decrypt a file
gpg –decrypt file.txt.gpg OR gpg -d file.txt.gpg
specify name of output file
gpg –output file.txt OR gpg -o file.txt
ASCII-armored output
gpg –armor gpg -a
digitally sign and symmetrically encrypt a file
gpg –sign –symmetric file.txt gpg -s -c file.txt
assymetrically sign and encrypt a message
gpg –recipient “John Maughan” –sign –encrypt “file.txt” OR gpg -s -e -r “John Maughan” file.txt (specify both “–sign” and “–encrypt” options)
assymetrically encrypt a message for multiple recipients
gpg –recipient “My Friend” –recipient “John Maughan” –encrypt “file.txt”
two ways can you identify a recipient
key-id or name
what are the two purposes of signing, and how does this work
you can prove that the message was sent from you, and prove that its content was not altered the signature uses a hash of your message as well as your private key
three methods of signing
clearsign (ASCII digital signature, appended to the message itself) sign (binary digital signature) detached (signature will be in a separate file)
clearsign a file (like the end of an email)
gpg –clearsign file.txt
sign a file (normal, not ASCII)
-s –sign (e.g. “gpg –sign file.txt”)
verify a signature
“gpg –verify file.txt.asc” (if signature is detached, you can just specify the signature; and gpg will look for the “file.txt” without the “.asc”) OR “gpg –verify sigfile signed-files”
sign a file with a detached signature
gpg –detach-sign file.txt
verify a file with a detached signature, also, verify if file is in a separate folder
gpg –verify file.txt.sig (assumes file.txt is also in the same folder) gpg –verify file.txt.sig /path/to/file.txt (if in separate folder)
sign and encrypt a file to a recipient
gpg –sign –encrypt file.txt –recipient “John Maughan” gpg -s -e -r “John Maughan” file.txt
decrypt and verify in one step
-d –decrypt (e.g. “gpg -d file.txt.gpg”) (–decrypt will automatically try to verify a digital signature, if one is present)
what are the convention for ASCII-armored contents, binary contents, and signatures
.asc .gpg .sig
create a keypair
gpg –gen-key
export to get your public key to someone else
gpg –armor –output public_key.key –export “John Maughan”
import a key
gpg –import “friend-key.asc”
what files/folders need to be backed up for keys, how to best backup trust settings
pubring.gpg private-keys-v1.d gpg –export-ownertrust (preferred because it can help even if trustdb.gpg is corrupted somehow)
export a secret key
gpg –export-secret-keys KEY-ID > private_key
import a private key
gpg –import private_key (same as importing a public key)
list public keys, list public keys for a specific person
gpg –list-keys OR gpg –list-public-keys “John Maughan” (user name or key-id)
list secret keys, list secret keys for a specific person
gpg –list-secret-keys gpg –list-secret-keys “John Maughan” (or key-id, just as for public keys)
what are a few key ways to go about verifying keys
get in touch over phone, read fingerprints back and forth, send an encrypted and signed email to each other with three random words, and read those back to each other
how to set trust level for an imported key
gpg –edit-key “My Friend” trust (set trust level)
check that a key is signed
gpg –edit-key “My Friend” check
view fingerprint for key
gpg –fingerprint “John Maughan” or gpg –edit-key “My Friend” fpr (fingerprint for the key)
sign a key
gpg –edit-key “My Friend” sign (sign the key)
publish a key to a keyserver
gpg –keyserver KEYSERVER –send-keys KEY-ID
generate a revocation certificate
gpg –gen-revoke KEY-ID (revocation certs are always armored)
file where gpg preferences are kept
gpg.conf
how to actually revoke a key
simply import the revocation key or upload it to the keyserver
