{"revision": {"id": "f3ef6d0e-2f95-11f1-b3a5-e86a64d24d78", "node_id": "f3ede171-2f95-11f1-81cb-e86a64d24d78", "user_id": "edc3f576-2f95-11f1-900f-e86a64d24d78", "author": "foxhop", "data": "Linux GPG\r\n###########\r\n\r\nShort how to document on setting up a PGP (GPG) keypair and a short lesson on how to encrypt a message as well as configuring \"pass\" password client for using the keypair to protect passwords.\r\n\r\nThis document does not use a GUI and only uses the command line.\r\n\r\n.. contents::\r\n\r\n\r\n\r\nCreate GPG Keypair\r\n==================\r\n\r\nUse the following shell command:\r\n\r\n.. code-block:: bash\r\n\r\n gpg --gen-key\r\n\r\nAnswer the prompts, I typically accept all defaults which is 2048 bits and RSA.\r\nAlso memorize your long passphrase and never tell anyone it, ever.\r\n\r\nDocument your new 'KeyID'.\r\n\r\nList all keys\r\n=============================\r\n\r\nThis is a great way to determine a 'KeyID'\r\n\r\n.. code-block:: bash\r\n\r\n gpg --list-keys\r\n\r\nEncrypt a test message\r\n=========================================================\r\n\r\nThis process may also be used to Validate a private key passphrase.\r\n\r\n.. code-block:: bash\r\n\r\n gpg --local-user <KEYID> -as\r\n\r\nIt will prompt for a passphrase three times unless a valid one is submitted, then it will allow you to write an encrypted message.  press ctrl-d to end the message.\r\n\r\nAlternatively you may encrypt any file (text or binary) using a command like this:\r\n\r\n.. code-block:: bash\r\n\r\n gpg --local-user <KEYID> -as <file>\r\n\r\nThis will prompt for your passphrase and on success generate an 'asc' file.\r\n\r\nFor example, lets encrypt the fake test file 'secret-raw-payload.txt' using the following command:\r\n\r\n.. code-block:: bash\r\n\r\n gpg --local-user MYKEYID1 -as secret-raw-payload.txt\r\n\r\n\r\nDecrypt a test message\r\n==============================\r\n\r\n.. code-block:: bash\r\n\r\n gpg -d <encrypted asc message file>\r\n\r\nThen paste the encrypted message into the terminal.\r\n\r\nor optionally omit the 'encrypted message file' and paste the payload directly into the cmd prompt. \r\n\r\nExport a public key\r\n========================\r\n\r\nTo export a public key for transportation or sharing, run this:\r\n\r\n.. code-block:: \r\n\r\n gpg --export -a <KeyID>\r\n\r\nThis will output the public key for a given KeyID as ascii, which may be shared and distributed to anyone.\r\n\r\nExport a private key\r\n========================\r\n\r\nTo export a private key for transportation or backup, run this:\r\n\r\n.. code-block:: \r\n\r\n gpg --export-secret-key -a <KeyID>\r\n\r\nThis will output the private key for a given KeyID as ascii, which must be safely gaurded.\r\n\r\nImport a public key\r\n========================\r\n\r\nTo import a public key file:\r\n\r\n.. code-block::\r\n\r\n gpg --import <public key file>\r\n\r\nThis adds the public key in the file to your public key ring.  Alternatively you may omit the file and paste the public key directly to the command prompt.\r\n\r\n\r\nImport a public key\r\n========================\r\n\r\n.. code-block::\r\n\r\n gpg --allow-secret-key-import --import <public key file>\r\n\r\nThis adds the private key in the file to your private key ring. Alternatively you may omit the file and paste the private key directly to the command prompt.", "source_format": "rst", "revision_number": 14, "created": 1403526165000}}