Now let us start talking about GnuPG. First of all we will install GnuPG. Fedora users can use yum to install the GnuPG:
yum install gnupg
while Ubuntu users can fire the following command:
sudo apt-get install gnupg
Now we have a working instance of GnuPG, lets create a key. On command prompt type:
This will prompt you to choose the algorithm you want. Let us begin with RSA. It is an asymmetric cryptographic algorithm. It has two different key, namely a public key and a private key. Anything encrypted with a public key can only be decrypted by the private key and vice versa. The idea is to share the public key with entire world and keep private key secret. So if anyone wants to send you some data he/she will encrypt it with your public key and send it. Only your private key will be able to decrypt it.
Next you have to decide the key size. While longer key give more security, it also adds to the computational cost. For now we will go with the default key size, that 2048 bits. So, write the key size and press enter.
Now you have to decide the validity period of the key. Usually people choose the option "key does not expire" but at times it is advisable to set a time period for expiration, specially in the scenarios where you have a contract with someone for a definite period of time. Let us choose "key does not expire" and hit enter. You will be asked to confirm the same.
Now you will be asked to enter a user ID. The required credentials are your Real Name, Comment and Email Address. Enter these details one by one.
Next you are required to create a passphrase. Passphrase is just a fancy name for password. So enter a secure password.
Now the key will be generated. You are required to do a lot of random stuff. Open some file, do some random clicks or type in a few characters. After all this pain you have created a key finally.
Now let us create a revoke certificate. A revocation certificate come handy when you loose your key or it gets stolen. To create the certificate fire the following command.
gpg --output revoke.asc --gen-revoke key-name
Here key name is any specifier of the key. It can be your name, comment or the email id.
Now let us try to encrypt a file named aditya.txt. For this you need to fire the following command.
gpg --output enaditya.txt --encrypt aditya.txt
Now you will be asked to pick a key for the encryption. Specify the key by using a key-name/specifier.
To decrypt the data use:
gpg --output deaditya.txt --decrypt enaditya.txt
and enter your passphrase.
DES key generation, encryption and decryption follows the same process. I will talk about key exchange and importing the keys in a later post.