{"id":218,"date":"2020-11-04T21:41:30","date_gmt":"2020-11-04T21:41:30","guid":{"rendered":"https:\/\/maboc.nl\/?p=218"},"modified":"2020-11-04T21:41:30","modified_gmt":"2020-11-04T21:41:30","slug":"gpg-creating-a-private-public-keypair","status":"publish","type":"post","link":"https:\/\/maboc.nl\/?p=218","title":{"rendered":"GPG : Creating a Private\/Public Keypair"},"content":{"rendered":"

GPG index<\/a><\/p>\n

GPG operates with a pair of keys : a public key and a private (or secret) key.<\/p>\n

The public key can\/will\/must be distributed to your corespondents (or whatever you will call them). The private\/secret key is kept to you and only you. If you would like to make a comparison with the “real” world: a public key compares (in some way) to a padlock. The private key compares to the (hardware) key to open up the padlock. You can distribute as many padlocks as you wish to your friends\/familiy\/coworkers. They can put something in a box, and they can lock with the padlock. Notice, that they do not need to know or have anything else but the padlock you ditributed.<\/p>\n

On the other hand, if such a package (locked with padlock) arrives at you door, there’s one (and only one) person who can unlock the padlock with the right (hardware) key.<\/p>\n

In our digital world…Let’s say Bob and Alice like to send each other some secret pictures (I don’t know what pictures). If the pictures (or messages) are so secret they want to make sure that if Bob sends a picture only Alice can see it. Ant the other way around…if Alice sends a picture only Bob can see it.<\/p>\n

GPG can make this scenario work. Bob and Alice both create a Public\/Private keypair. Bob sends his public key to Alice, and Alice sends her public key to Bob. What will happen (a possible scenario):<\/p>\n

    \n
  1. Bob finds a very nice picture he want to show Alice<\/li>\n
  2. Bob encrypts the file (a picture is in a file right?) with the public key he received from Alice<\/li>\n
  3. Bob sends the encrypted file to Alice<\/li>\n
  4. Alice receives the encrypted file from Bob<\/li>\n
  5. Alice does have the private key which matches the public key Bob encrypted the file with. Sol Alice will decrypt the file with here private key. (The private key is proteced with a password\/passphrase)<\/li>\n
  6. Alice enjoys the picture.<\/li>\n<\/ol>\n

    The other way around is (ofcourse) similar<\/p>\n

      \n
    1. Alice encrypts a file with the public key provided by Bob<\/li>\n
    2. Alice send the encrypted file over to Bob<\/li>\n
    3. Bob can decrypt the file with the private key corresponding to the publoic key<\/li>\n<\/ol>\n

      What will actually happen when a encrypted file is send to John? If John is a friend of Bob and Alice he may also have there public keys. But…You can not decrypt a file with a public key. Only the owner of the private key can decrypt a file. So if Bob decides that JOhn can also view the picture he has to have the public key of John to decrypt the file. Send the encrypted file over to John, who then can decrypt the file. Notice that this last file can not be decrypted by Alice…she doesn’t have the private key corresponding to the public key the file was encrypted with.<\/p>\n

      Take-away points:<\/p>\n

        \n
      • Keep you private key private!!!!!\n
          \n
        • (And don’t loose it, it can’t be re-generated. If it’s gone ….it’s gone)<\/li>\n<\/ul>\n<\/li>\n
        • You can distribute he public key to anyone.<\/li>\n
        • Public key is for encrypting<\/li>\n
        • Private key is for decrypting<\/li>\n<\/ul>\n

           <\/p>\n

          Let’s generate a public\/private keypair:<\/p>\n

          [martijn@radijs ~]$ gpg --gen-key\r\ngpg (GnuPG) 2.2.20; Copyright (C) 2020 Free Software Foundation, Inc.\r\nThis is free software: you are free to change and redistribute it.\r\nThere is NO WARRANTY, to the extent permitted by law.\r\n\r\nNote: Use \"gpg --full-generate-key\" for a full featured key generation dialog.\r\n\r\nGnuPG needs to construct a user ID to identify your key.\r\n\r\nReal name: Alice\r\nEmail address: alice@maboc.nl\r\nYou selected this USER-ID:\r\n    \"Alice <alice@maboc.nl>\"\r\n\r\nChange (N)ame, (E)mail, or (O)kay\/(Q)uit? O\r\nWe need to generate a lot of random bytes. It is a good idea to perform\r\nsome other action (type on the keyboard, move the mouse, utilize the\r\ndisks) during the prime generation; this gives the random number\r\ngenerator a better chance to gain enough entropy.\r\nWe need to generate a lot of random bytes. It is a good idea to perform\r\nsome other action (type on the keyboard, move the mouse, utilize the\r\ndisks) during the prime generation; this gives the random number\r\ngenerator a better chance to gain enough entropy.\r\ngpg: key 04DCFBE4CBC60470 marked as ultimately trusted\r\ngpg: revocation certificate stored as '\/home\/martijn\/.gnupg\/openpgp-revocs.d\/BDE968AD7D64C2EDCF86E32204DCFBE4CBC60470.rev'\r\npublic and secret key created and signed.\r\n\r\npub   rsa2048 2020-11-04 [SC] [expires: 2022-11-04]\r\n      BDE968AD7D64C2EDCF86E32204DCFBE4CBC60470\r\nuid                      Alice <alice@maboc.nl>\r\nsub   rsa2048 2020-11-04 [E] [expires: 2022-11-04]\r\n\r\n[martijn@radijs ~]$\r\n<\/pre>\n
          The gpg-command given : gpg –key-gen
          \ngpg will ask you few things, and creates the keypair, which it will immediately embed in the gpg-keyring,
          \n so you do not end up with a 2 files.<\/p>\n
          Let’s have a look at the public keys in my keyring:<\/p>\n
          \r\n[martijn@radijs ~]$ gpg --list-keys\r\n\/home\/martijn\/.gnupg\/pubring.gpg\r\n--------------------------------\r\npub   rsa2048 2013-11-06 [SC]\r\n      C231212EA5A7F7899B7D6CB01A72A9C77464C96F\r\nuid           [ultimate] Martijn Bos (Pipesmoking Idiot) \r\nsub   rsa2048 2013-11-06 [E]\r\n\r\npub   rsa2048 2014-05-02 [SCA]\r\n      B373F3BC8699ED78BF34DF143B13088E5679E916\r\nuid           [ultimate] Martijn Bos \r\nsub   rsa2048 2014-05-02 [E]\r\n\r\npub   rsa2048 2020-11-04 [SC] [expires: 2022-11-04]\r\n      BDE968AD7D64C2EDCF86E32204DCFBE4CBC60470\r\nuid           [ultimate] Alice \r\nsub   rsa2048 2020-11-04 [E] [expires: 2022-11-04]\r\n\r\n[martijn@radijs ~]$\r\n<\/pre>\n
          And let’s look at the private keys in my keyring:<\/p>\n
          \r\n[martijn@radijs ~]$ gpg --list-secret-keys\r\n\/home\/martijn\/.gnupg\/pubring.gpg\r\n--------------------------------\r\nsec   rsa2048 2013-11-06 [SC]\r\n      C231212EA5A7F7899B7D6CB01A72A9C77464C96F\r\nuid           [ultimate] Martijn Bos (Pipesmoking Idiot) \r\nssb   rsa2048 2013-11-06 [E]\r\n\r\nsec   rsa2048 2014-05-02 [SCA]\r\n      B373F3BC8699ED78BF34DF143B13088E5679E916\r\nuid           [ultimate] Martijn Bos \r\nssb   rsa2048 2014-05-02 [E]\r\n\r\nsec   rsa2048 2020-11-04 [SC] [expires: 2022-11-04]\r\n      BDE968AD7D64C2EDCF86E32204DCFBE4CBC60470\r\nuid           [ultimate] Alice \r\nssb   rsa2048 2020-11-04 [E] [expires: 2022-11-04]\r\n\r\n[martijn@radijs ~]$\r\n<\/pre>\n
          That will be enough for one day….<\/p>\n","protected":false},"excerpt":{"rendered":"
          GPG index GPG operates with a pair of keys : a public key and a private (or secret) key. The public key can\/will\/must be distributed to your corespondents (or whatever you will call them). The private\/secret key is kept to you and only you. If you would like to make a comparison with the “real” […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[36],"tags":[37,38],"class_list":["post-218","post","type-post","status-publish","format-standard","hentry","category-privacy","tag-gpg","tag-privacy"],"_links":{"self":[{"href":"https:\/\/maboc.nl\/index.php?rest_route=\/wp\/v2\/posts\/218","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/maboc.nl\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/maboc.nl\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/maboc.nl\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/maboc.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=218"}],"version-history":[{"count":5,"href":"https:\/\/maboc.nl\/index.php?rest_route=\/wp\/v2\/posts\/218\/revisions"}],"predecessor-version":[{"id":223,"href":"https:\/\/maboc.nl\/index.php?rest_route=\/wp\/v2\/posts\/218\/revisions\/223"}],"wp:attachment":[{"href":"https:\/\/maboc.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/maboc.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/maboc.nl\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}