Top

A Linux User Reference

Search tips
  • search ignores words that are less than 4 characters in length
  • searches are case insensitve
  • if a search does not return anything try it in Boolean mode then Query expansion mode by checking the appropriate radio button e.g. searching for 'cron' in just the Administration category returns nothing - presumably because the 50% threshold is reached. Boolean mode ignores this threshold so a search for 'cron' returns several hits
  • in Boolean mode preceding a word with a '+' means the result must include that word, a '-' means it must not
  • in Boolean mode '+crontab -anacron' means match articles about crontab that DO NOT mention anacron
  • to match a phrase e.g. 'manage system' check the Boolean mode radio button and enclose the phrase in quotes "some phrase ..."
  • in Query expansion mode the search context is expanded beyond the keywords you entered - relevancy of hits may well be degraded

SECURITY

Gnu Privacy Guard

  • GPG
    dual key encryption
    Single key encryption - a private key

    Classic methods use just the one key for encryption. The sender encrypts the message with this key, the receiver needs to have the same key to decrypt.

    Apart from the issues of secuely passing the key to the receiver, once an unauthorised person has hold of the key that method of encryption is compromised.

    Dual keys encryption - a public and a private key

    The Public Key can be distributed openly in any manner, the Private Key is secret and c only available to the owner.

    When the system is well implemented the secret key cannot be derived from the public key.

    The sender encrypts the message with the public key belonging to the receiver. The receiver decrypts the message with their own secret key.

    Digital signatures

    Digitally signing a message is a means of proving that the message was really sent by the alleged sender.

    A digital signature is made through a combination of the secret key and the text. The senders public key is used to verify the message (and it's content).

    • A weak point of the Public key algorithms is the distribution of the public keys.
    • A user could bring a public key with false user ID into circulation.

    This is where GPG comes in. 'gpg' is the OpenPGP part of the GNU Privacy Guard (GnuPG). It is a tool to provide digital encryption and signing services using the OpenPGP standard.

    Web of trust

    • A public key can be signed by other people.
    • This signature acknowledges that the key used by the UID (User Identification) actually belongs to the person it claims to be.
    • It is then up to the user of GnuPG how far the trust in the signature goes.
    • A key can be considered as trustworthy when

      • you trust the sender of the key and
      • you know for sure that the key really belongs to that person.
    • Only when you can trust the key of the signer can you trust the signature.

    • To be absolutely positive that the key is correct you have to compare the finger print over reliable channels before giving absolute trust.
    • Crucial in this concept is that the secret key remains a secret and should not be given away or become available to anyone else but the owner of this key.
  • Configuration, options file
    gpg.conf
    • Unless specified otherwise (via the command line option "--options filename") GnuPG uses the file ˜/.gnupg/gpg.conf by default.
    • An options file can contain any valid command-line long option minus their leading "--"
  • Two-way encryption example
    Scenario

    Two users mark and mary (both local to this system) wish to set up public key encryption so they can read each others encrypted 'secrets'. Neither user has any keys at present.

    Each user creates a private and public key pair

    mark@ub-desktop:~$ gpg --gen-key
    gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
    .....
    gpg: key DC6DFDE3 marked as ultimately trusted
    public and secret key created and signed.
    
    gpg: checking the trustdb
    .....
    uid                  marke (mark's temporary key) <mark@home.com>
    sub   1024g/C776022A 2010-09-09 [expires: 2010-09-10]
    

    You are asked a few questions during this process. The keys are automatically signed and added to the users key ring.

    mary@ub-desktop:~$ gpg --gen-key
    .....
    uid                  marye (mary's temporary key) <mary@home.com>
    .....
    

    Mary creates her own key pair in her home directory.

    Each user exports their public key

    mark@ub-desktop:~$ gpg --output markskey --export "marke (mark's temporary key) <mark@home.com>"
    
    mark@ub-desktop:~$ file markskey
    markskey: GPG key public ring
    

    '--export' exports all keys in the key ring or just the named (uid) key.

    mary@ub-desktop:~$ gpg --output maryskey --export "marye (mary's temporary key) <mary@home.com>"
    

    Distribute their public keys

    mark@ub-desktop:~$ sudo cp markskey /home/mary; sudo chown mary:mary /home/mary/markskey
    mark@ub-desktop:~$ sudo cp /home/mary/maryskey . ;sudo chown mark:mark maryskey
    

    Import each other's public keys

    mark@ub-desktop:~$ gpg --import maryskey
    gpg: key F5C764F2: public key "marye (mary's temporary key) <mary@home.com>" imported
    gpg: Total number processed: 1
    gpg:               imported: 1
    
    mary@ub-desktop:~$ gpg --import markskey
    gpg: key DC6DFDE3: public key "marke (mark's temporary key) <mark@home.com>" imported
    gpg: Total number processed: 1
    gpg:               imported: 1
    

    If no filename the data will be read from stdin.

    As mentioned in the previous article, the Achille's heel in the system is the authenticity of public keys. To overcome such risks there is a possibility of signing keys.

    Key signing

    mark@ub-desktop:~$ gpg --edit-key "marye (mary's temporary key) <mary@home.com>"
    .....
    pub  1024D/F5C764F2  created: 2010-09-09  expires: 2010-09-10  usage: SC  
                         trust: ultimate      validity: ultimate
    sub  1024g/DE6E6BCB  created: 2010-09-09  expires: 2010-09-10  usage: E   
    [ultimate] (1). marye (mary's temporary key) <mary@home.com>
    
    Command> sign
    .....
    Really sign? (y/N) y
    
    You need a passphrase to unlock the secret key for
    user: "marke (mark's temporary key) <mark@home.com>"
    1024-bit DSA key, ID DC6DFDE3, created 2010-09-09
    
    Command> save
    

    You should only sign a key as being authentic when you are ABSOLUTELY SURE that the key is really authentic.

    mary@ub-desktop:~$ gpg --edit-key "marke (mark's temporary key) <mark@home.com>"
    .....
    

    Trust each other's public keys

    Web of trust.

    mark@ub-desktop:~$ gpg --edit-key "marye (mary's temporary key) <mary@home.com>"
    .....
    Command> trust
    pub  1024D/F5C764F2  created: 2010-09-09  expires: 2010-09-10  usage: SC  
                         trust: unknown       validity: unknown
    sub  1024g/DE6E6BCB  created: 2010-09-09  expires: 2010-09-10  usage: E   
    [ unknown] (1). marye (mary's temporary key) <mary@home.com>
    
    Please decide how far you trust this user to correctly verify other users' keys
    (by looking at passports, checking fingerprints from different sources, etc.)
    
      1 = I don't know or won't say
      2 = I do NOT trust
      3 = I trust marginally
      4 = I trust fully
      5 = I trust ultimately
      m = back to the main menu
    
    Your decision? 5
    Do you really want to set this key to ultimate trust? (y/N) y
    .....
    Command> quit
    

    If the user does not trust a signature they can say so and disregard the signature. Trust information is not stored in the same file as the keys.

    mary@ub-desktop:~$ gpg --edit-key "marke (mark's temporary key) <mark@home.com>"
    .....
    

    Create a message each, encrypt and sign

    mary@ub-desktop:~$ cat > secret.txt <<EOF
    > this is
    > our little secret
    > that hopefully no one else
    > can read
    > EOF
    
    mary@ub-desktop:~$ gpg -r "marke (mark's temporary key) <mark@home.com>" -s -e secret.txt
    .....
    

    '-r' encrypt for recipient, '-s -e' sign and encrypt. Mary uses Mark's public key to encrypt her message to Mark.

    mark@ub-desktop:~$ cat > markssecret.txt <<eof
    .....
    > eof
    
    mark@ub-desktop:~$ gpg -u "marke (mark's temporary key) <mark@home.com>" \
    -r "marye (mary's temporary key) <mary@home.com>" --armor --sign --encrypt markssecret.txt
    .....
    

    '-u' use Mark's key to sign with, '--armor' create ASCII armored output. The default is to create the binary OpenPGP format.

    The resulting encrypted files have an extension of '.gpg' appended to them unless '--armor' is used in which case a '.asc' extension is used. ASCII-armored output can be inserted into e-mail, a web page, etc. for easier distribution.

    Exchange messages

    mark@ub-desktop:~$ sudo cp /home/mary/secret.txt.gpg .;sudo chown mark:mark secret.txt.gpg
    
    mark@ub-desktop:~$ sudo cp markssecret.txt.asc /home/mary ;sudo chown mary:mary /home/mary/markssecret.txt.asc
    

    Decrypt and read messages

    mary@ub-desktop:~$ gpg -o markssecret.txt -d markssecret.txt.asc
    .....
          "marye (mary's temporary key) <mary@home.com>"
    gpg: Signature made Fri 10 Sep 2010 13:14:04 BST using DSA key ID DC6DFDE3
    gpg: Good signature from "marke (mark's temporary key) <mark@home.com>"
    
    mary@ub-desktop:~$ cat markssecret.txt
    this is another secret
    which I also hope is a secret
    

    '-d' decrypt, '-o' output file

    mark@ub-desktop:~$ gpg --output maryssecret.txt --decrypt secret.txt.gpg
    .....
          "marke (mark's temporary key) <mark@home.com>"
    gpg: Signature made Fri 10 Sep 2010 13:20:26 BST using DSA key ID F5C764F2
    gpg: Good signature from "marye (mary's temporary key) <mary@home.com>"
    
    mark@ub-desktop:~$ cat maryssecret.txt
    this is
    our little secret
    that hopefully no one else
    can read
    

    Same options as above but in 'long hand'.

  • Sign a message and verify the signature

    Create a message

    mary@ub-desktop:~$ cat > signed_data.txt << eof
    > this data is
    > signed but not encrypted
    > however it is compressed.
    > eof
    

    Sign it and 'send' to Mark

    mary@ub-desktop:~$ gpg -s signed_data.txt
    .....
    
    mark@ub-desktop:~$ sudo cp /home/mary/signed_data.txt.gpg .
    mark@ub-desktop:~$ sudo chown mark:mark signed_data.txt.gpg
    

    Mark verifies signature and reads

    mark@ub-desktop:~$ gpg --verify signed_data.txt.gpg
    gpg: Signature made Fri 10 Sep 2010 13:32:05 BST using DSA key ID F5C764F2
    gpg: Good signature from "marye (mary's temporary key) <mary@home.com>"
    
    mark@ub-desktop:~$ gpg -d signed_data.txt.gpg
    this data is
    signed but no encrypted
    however it is compressed.
    gpg: Signature made Fri 10 Sep 2010 13:32:05 BST using DSA key ID F5C764F2
    gpg: Good signature from "marye (mary's temporary key) <mary@home.com>"
    

    When data is just signed (compressed and NOOT encrypted) you still require the '-d | --decrypt' option to read it.

  • Create a revocation certificate

    List existing keys in key ring

    mark@ub-desktop:~$ gpg --list-keys
    gpg: checking the trustdb
    gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
    gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
    gpg: next trustdb check due at 2010-09-10
    /home/mark/.gnupg/pubring.gpg
    -----------------------------
    pub   1024D/DC6DFDE3 2010-09-09 [expires: 2010-09-10]
    uid                  marke (mark's temporary key) <mark@home.com>
    sub   1024g/C776022A 2010-09-09 [expires: 2010-09-10]
    
    pub   1024D/F5C764F2 2010-09-09 [expires: 2010-09-10]
    uid                  marye (mary's temporary key) <mary@home.com>
    sub   1024g/DE6E6BCB 2010-09-09 [expires: 2010-09-10]
    

    Create a revocation certificate for Mark's key

    mark@ub-desktop:~$ gpg -o marksrevoke --gen-revoke "marke (mark's temporary key) <mark@home.com>" 
    .....
    Create a revocation certificate for this key? (y/N) y
    Please select the reason for the revocation:
      0 = No reason specified
      1 = Key has been compromised
      2 = Key is superseded
      3 = Key is no longer used
      Q = Cancel
    (Probably you want to select 1 here)
    Your decision? 0
    Enter an optional description; end it with an empty line:
    > 
    Reason for revocation: No reason specified
    (No description given)
    Is this okay? (y/N) y
    .....
    
    mark@ub-desktop:~$ more marksrevoke
    -----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: GnuPG v1.4.9 (GNU/Linux)
    Comment: A revocation certificate should follow
    
    iEkEIBECAAkFAkyJJDUCHQAACgkQdFRiEtxt/eMW7wCgu39lXdIcQq5PL6V1aPwV
    8m1oSHEAn1MRRb37XPX914a5XCnmxsQARwVP
    =gbDH
    -----END PGP PUBLIC KEY BLOCK-----
    

    It is advised that each user does this as there may come a time when they wish to revoke a key owing to e.g.

    • the secret key has been stolen or become public
    • the UID has been changed
    • the key is not large enough any more, etc...

    To create a revocation certificate you need a secret key. If this was not the case anyone could revoke your certificate - this has one 'big' disadvantage:

    If I do not know (have forgotten) the passphrase the key becomes useless yet without the passphrase I cannot revoke the key.

    To overcome this problem it is wise to create a revoke certificate when you create a key pair. If you do so, keep it safe!

  • Display and delete keys

    GnuPG system comes with a file that acts as some kind of database. It contains all the keys' data.

    Display current keys

    mark@ub-desktop:~$ gpg --list-keys
    /home/mark/.gnupg/pubring.gpg
    -----------------------------
    pub   1024D/DC6DFDE3 2010-09-09 [expires: 2010-09-10]
    uid                  marke (mark's temporary key) <mark@home.com>
    sub   1024g/C776022A 2010-09-09 [expires: 2010-09-10]
    
    pub   1024D/F5C764F2 2010-09-09 [expires: 2010-09-10]
    uid                  marye (mary's temporary key) <mary@home.com>
    sub   1024g/DE6E6BCB 2010-09-09 [expires: 2010-09-10]
    

    Display signatures

    mark@ub-desktop:~$ gpg --list-sigs
    /home/mark/.gnupg/pubring.gpg
    -----------------------------
    pub   1024D/DC6DFDE3 2010-09-09 [expires: 2010-09-10]
    uid                  marke (mark's temporary key) <mark@home.com>
    sig 3        DC6DFDE3 2010-09-09  marke (mark's temporary key) <mark@home.com>
    sub   1024g/C776022A 2010-09-09 [expires: 2010-09-10]
    sig          DC6DFDE3 2010-09-09  marke (mark's temporary key) <mark@home.com>
    
    pub   1024D/F5C764F2 2010-09-09 [expires: 2010-09-10]
    uid                  marye (mary's temporary key) <mary@home.com>
    sig 3        F5C764F2 2010-09-09  marye (mary's temporary key) <mary@home.com>
    sig          DC6DFDE3 2010-09-09  marke (mark's temporary key) <mark@home.com>
    sub   1024g/DE6E6BCB 2010-09-09 [expires: 2010-09-10]
    sig          F5C764F2 2010-09-09  marye (mary's temporary key) <mary@home.com>
    

    List fingerprints

    mark@ub-desktop:~$ gpg --fingerprint
    /home/mark/.gnupg/pubring.gpg
    -----------------------------
    pub   1024D/DC6DFDE3 2010-09-09 [expires: 2010-09-10]
          Key fingerprint = EB86 FF8A F8CF A51C CC73  5E90 7454 6212 DC6D FDE3
    uid                  marke (mark's temporary key) <mark@home.com>
    sub   1024g/C776022A 2010-09-09 [expires: 2010-09-10]
    
    pub   1024D/F5C764F2 2010-09-09 [expires: 2010-09-10]
          Key fingerprint = 9ABE 040D 926D 26E5 FCEF  734E CE6E 8B80 F5C7 64F2
    uid                  marye (mary's temporary key) <mary@home.com>
    sub   1024g/DE6E6BCB 2010-09-09 [expires: 2010-09-10]
    

    Display secret keys

    mark@ub-desktop:~$ gpg --list-secret-keys
    /home/mark/.gnupg/secring.gpg
    -----------------------------
    sec   1024D/DC6DFDE3 2010-09-09 [expires: 2010-09-10]
    uid                  marke (mark's temporary key) <mark@home.com>
    ssb   1024g/C776022A 2010-09-09
    

    Delete keys

    mary@ub-desktop:~$ gpg --delete-key "marke (mark's temporary key) <mark@home.com>"
    .....
    Delete this key from the keyring? (y/N) y
    
    mary@ub-desktop:~$ gpg --delete-key "marye (mary's temporary key) <mary@home.com>"
    .....
    gpg: there is a secret key for public key "marye (mary's temporary key) <mary@home.com>"!
    gpg: use option "--delete-secret-keys" to delete it first.
    
    mary@ub-desktop:~$ gpg --delete-secret-keys "marye (mary's temporary key) <mary@home.com>"
    .....
    Delete this key from the keyring? (y/N) y
    This is a secret key! - really delete? (y/N) y
    
    mary@ub-desktop:~$ gpg --delete-key "marye (mary's temporary key) <mary@home.com>"
    .....
    Delete this key from the keyring? (y/N) y
    
    mary@ub-desktop:~$ gpg --list-keys
    gpg: checking the trustdb
    gpg: no ultimately trusted keys found
    

    If a secret key exists it needs to be deleted before it's public key can be deleted.

  • Manage a key
    • The '--edit-key' option enables most of the key management related tasks via a menu.
    • It expects the specification of a key on the command line.

    Edit Mark's key

    mark@ub-desktop:~$ gpg --edit-key "marke (mark's temporary key) <mark@home.com>"
    gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
    .....
    Secret key is available.
    
    pub  1024D/DC6DFDE3  created: 2010-09-09  expires: 2010-09-10  usage: SC  
                         trust: ultimate      validity: ultimate
    sub  1024g/C776022A  created: 2010-09-09  expires: 2010-09-10  usage: E   
    [ultimate] (1). marke (mark's temporary key) <mark@home.com>
    
    Command> ?
    quit        quit this menu
    save        save and quit
    help        show this help
    .....
    clean       compact unusable user IDs and remove unusable signatures from key
    minimize    compact unusable user IDs and remove all signatures from key
    
    * The `sign' command may be prefixed with an `l' for local signatures (lsign),
      a `t' for trust signatures (tsign), an `nr' for non-revocable signatures
      (nrsign), or any combination thereof (ltsign, tnrsign, etc.).
    
    Command> expire
    Changing expiration time for the primary key.
    Please specify how long the key should be valid.
             0 = key does not expire
          <n>  = key expires in n days
          <n>w = key expires in n weeks
          <n>m = key expires in n months
          <n>y = key expires in n years
    Key is valid for? (0) 2
    Key expires at Sun 12 Sep 2010 14:18:33 BST
    Is this correct? (y/N) y
    
    You need a passphrase to unlock the secret key for
    user: "marke (mark's temporary key) <mark@home.com>"
    1024-bit DSA key, ID DC6DFDE3, created 2010-09-09
    
    pub  1024D/DC6DFDE3  created: 2010-09-09  expires: 2010-09-12  usage: SC  
                         trust: ultimate      validity: ultimate
    sub  1024g/C776022A  created: 2010-09-09  expires: 2010-09-10  usage: E   
    [ultimate] (1). marke (mark's temporary key) <mark@home.com>
    
    Command>
    

    See man pages for further details.