Brainscape GPG

Question 1

encrypt a file with symmetric encryption

Answer 1

gpg –symmetric file.txt gpg -c file.txt

Question 2

decrypt a file

Answer 2

gpg –decrypt file.txt.gpg OR gpg -d file.txt.gpg

Question 3

specify name of output file

Answer 3

gpg –output file.txt OR gpg -o file.txt

Question 4

ASCII-armored output

Answer 4

gpg –armor gpg -a

Question 5

digitally sign and symmetrically encrypt a file

Answer 5

gpg –sign –symmetric file.txt gpg -s -c file.txt

Question 6

assymetrically sign and encrypt a message

Answer 6

gpg –recipient “John Maughan” –sign –encrypt “file.txt” OR gpg -s -e -r “John Maughan” file.txt (specify both “–sign” and “–encrypt” options)

Question 7

assymetrically encrypt a message for multiple recipients

Answer 7

gpg –recipient “My Friend” –recipient “John Maughan” –encrypt “file.txt”

Question 8

two ways can you identify a recipient

Answer 8

key-id or name

Question 9

what are the two purposes of signing, and how does this work

Answer 9

you can prove that the message was sent from you, and prove that its content was not altered the signature uses a hash of your message as well as your private key

Question 10

three methods of signing

Answer 10

clearsign (ASCII digital signature, appended to the message itself) sign (binary digital signature) detached (signature will be in a separate file)

Question 11

clearsign a file (like the end of an email)

Answer 11

gpg –clearsign file.txt

Question 12

sign a file (normal, not ASCII)

Answer 12

-s –sign (e.g. “gpg –sign file.txt”)

Question 13

verify a signature

Answer 13

“gpg –verify file.txt.asc” (if signature is detached, you can just specify the signature; and gpg will look for the “file.txt” without the “.asc”) OR “gpg –verify sigfile signed-files”

Question 14

sign a file with a detached signature

Answer 14

gpg –detach-sign file.txt

Question 15

verify a file with a detached signature, also, verify if file is in a separate folder

Answer 15

gpg –verify file.txt.sig (assumes file.txt is also in the same folder) gpg –verify file.txt.sig /path/to/file.txt (if in separate folder)

Question 16

sign and encrypt a file to a recipient

Answer 16

gpg –sign –encrypt file.txt –recipient “John Maughan” gpg -s -e -r “John Maughan” file.txt

Question 17

decrypt and verify in one step

Answer 17

-d –decrypt (e.g. “gpg -d file.txt.gpg”) (–decrypt will automatically try to verify a digital signature, if one is present)

Question 18

what are the convention for ASCII-armored contents, binary contents, and signatures

Answer 18

.asc .gpg .sig

Question 19

create a keypair

Answer 19

gpg –gen-key

Question 20

export to get your public key to someone else

Answer 20

gpg –armor –output public_key.key –export “John Maughan”

Question 21

import a key

Answer 21

gpg –import “friend-key.asc”

Question 22

what files/folders need to be backed up for keys, how to best backup trust settings

Answer 22

pubring.gpg private-keys-v1.d gpg –export-ownertrust (preferred because it can help even if trustdb.gpg is corrupted somehow)

Question 23

export a secret key

Answer 23

gpg –export-secret-keys KEY-ID > private_key

Question 24

import a private key

Answer 24

gpg –import private_key (same as importing a public key)

Question 25

list public keys, list public keys for a specific person

Answer 25

gpg --list-keys OR gpg --list-public-keys "John Maughan" (user name or key-id)

Question 26

list secret keys, list secret keys for a specific person

Answer 26

gpg --list-secret-keys gpg --list-secret-keys "John Maughan" (or key-id, just as for public keys)

Question 27

what are a few key ways to go about verifying keys

Answer 27

get in touch over phone, read fingerprints back and forth, send an encrypted and signed email to each other with three random words, and read those back to each other

Question 28

how to set trust level for an imported key

Answer 28

gpg --edit-key "My Friend" trust (set trust level)

Question 29

check that a key is signed

Answer 29

gpg --edit-key "My Friend" check

Question 30

view fingerprint for key

Answer 30

gpg --fingerprint "John Maughan" or gpg --edit-key "My Friend" fpr (fingerprint for the key)

Question 31

sign a key

Answer 31

gpg --edit-key "My Friend" sign (sign the key)

Question 32

publish a key to a keyserver

Answer 32

gpg --keyserver KEYSERVER --send-keys KEY-ID

Question 33

generate a revocation certificate

Answer 33

gpg --gen-revoke KEY-ID (revocation certs are always armored)

Question 34

file where gpg preferences are kept

Answer 34

gpg.conf

Question 35

how to actually revoke a key

Answer 35

simply import the revocation key or upload it to the keyserver