January 15, 2013

Installing and Using PGP with GNU Privacy Guard (GnuPG) on RHEL 6.3

Introduction

In this blog I will show you how to use PGP client GNU Privacy Guard (GnuPG) on RHEL 6.3. PGP can be used to encrypt files which can be stored somewhere on remote disc or by sending as attached files.

Installation

Installation was quite smooth, except founding the missing dependency package pinentry-gtk, which should be installed automatically.

$ yum install gnupg2 pinentry-gtk

Test your installation

A simple test to see that GnuPG is installed properly is to ask for each version.

$ gpg --version
gpg (GnuPG) 2.0.14
libgcrypt 1.4.5
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, 
        CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Setup

Creating Private Key Pair

The first thing to do, after installation was successful, is to generate the necessary keys used for encrypting and decrypting files. To generate you private key pair, do the following.

$ gpg --gen-key 
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 2y
Key expires at Thu 15 Jan 2015 08:39:54 PM CET
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: YOUR NAME
Email address: your.name@domain.com
Comment: 
You selected this USER-ID:
    "YOUR NAME <your.name@domain.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

etc.

Exporting Public Key

To be able to receive encrypted files, you need to export your public key. The text files generated below can be emailed as attachment or more preferable distributed in a more secure way, such as manually handed over via USB memory.

$ gpg --armor --output "key.txt" --export "YOUR NAME"

Usage

Now you are ready to use GnuPG. A good tutorial guide for the most common usage can be found here http://www.glump.net/howto/gpg_intro.

Troubleshooting

No comments: