Secure Encryption Flashcards
~/.gnupg
Hidden directory in each home with key ring and configuration files.
gpg
Generate, list, import, export, revoke.
: decrypt file if public key available.
gpg — Switches.
—import: import public key into key ring.
—list-keys: list keys on key ring.
—gen-revoke : Starts revocation process. Requires cause, comment, passphrase for your key to create revocation certificate.
—export: export public key by ID.
—gen-key: starts process for creating public key. Requests kind, size, expiration time, real name, email, comment, passphrase.
—keyserver: used with —send-keys to send keys to key server.
—send-keys:
gpg - switches
- o: output name (file)
- r: specify recipient.
- e: encrypt given file with preceding recipient info with your default public key. combined as -r “” -e
- a:
sshd_config
In /etc/ssh. Contains configuration information.
HostKey: each line starting describe file location for each encrypted connection possible.
PermitRootLogin: enables SSH login for root if yes.
X11Forwarding: Dictates if X11 windows can be sent.
~/.ssh
Individual user configuration for ssh. Such as known_hosts, containing IPaddr/hostname, encryption algorithm, and fingerprint.
When creating new key, id_rsa remains on system, id_rsa.pub is sent to system trying to connect. If either differ, no connection.
-ssh-keygen
Generates ssh keys. Can provide passphrase for key for multi-factor.
- b: indicate bit length. Default 2048.
- t: type of encryption.
ssh-copy-id
Will copy public ssh key to another system, set up proper permissions for the authorized_keys file on remote host.
ssh-agent
Acts as a wrapper around an environment so that it can handle authentication for key files that use passphrases.
Ex: ssh-agent bash sets wrapper around bash.
Use with ssh-add.
ssh-add
Adds a passphrase to the ssh-agent.
authorized_keys
Within .ssh, stores keys set up by ssh-copy-id, indicates which systems for each fingerprint.
ssh
-Y: improved security for X11.
