GnuPG is a complete and free implementation of the OpenPGP
standard as defined by RFC4880
(also known as PGP). GnuPG allows to encrypt and sign your data and
communication, features a versatile key management system as well as access
modules for all kinds of public key directories. GnuPG, also known as GPG,
is a command line tool with features for easy integration with other
applications.
Command to lista keys
gpg --list-keys
Output
|
gnupg]$ gpg --list-keys
/data01/home/applval/.gnupg/pubring.gpg
---------------------------------------
pub 2048R/4BAA00B5 2011-02-07
uid XYZ <accounts@XYZ.com>
sub 2048R/F42A6267 2011-02-07
|
Command to generate key
gpg --gen-key
|
[appldev@oracle-app01 ~]$ gpg --gen-key
gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
gpg: directory `/home/appldev/.gnupg' created
gpg: new configuration file `/home/appldev/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/appldev/.gnupg/gpg.conf' are not yet
active during this run
gpg: keyring `/home/appldev/.gnupg/secring.gpg' created
gpg: keyring `/home/appldev/.gnupg/pubring.gpg' created
Please select what kind of key you want:
(1) DSA and Elgamal
(default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not
expire
<n> = key expires in n days
<n>w = key expires
in n weeks
<n>m = key expires
in n months
<n>y = key expires
in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the
user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der
Dichter) <heinrichh@duesseldorf.de>"
Real name: Venkat
You selected this USER-ID:
"Venkat (V) <venkat@xyz.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
You don't want a passphrase - this is probably a *bad* idea!
I will do it anyway. You can
change your passphrase at any time,
using this program with the option "--edit-key".
We need to generate a lot of random bytes. It is a good idea to
perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.+++++.++++++++++.+++++++++++++++.+++++++++++++++++++++++++++++++++++.++++++++++.++++++++++++++++++++++++++++++..+++++++++++++++.++++++++++>++++++++++..............>+++++.....................................+++++
Not enough random bytes available.
Please do some other work to give
the OS a chance to collect more entropy! (Need 284 more bytes)
We need to generate a lot of random bytes. It is a good idea to
perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
++++++++++.++++++++++....++++++++++++++++++++++++++++++++++++++++.++++++++++..++++++++++.+++++.+++++.+++++.++++++++++++++++++++...+++++++++++++++.+++++.+++++.++++++++++>+++++.......>+++++<+++++......................................+++++^^^^^^^^^^^
gpg: /home/appldev/.gnupg/trustdb.gpg: trustdb created
gpg: key EB4CC5EF marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1
signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 1024D/EB4CC5EF 2015-05-21
Key fingerprint = F591
367B 159C 1F14 81BB B4A0 FC81 E135
EB4C C5EF
uid Venkat (V) <venkat@xyz.com>
sub 2048g/39A1302A 2015-05-21
|
These files will be generated
|
[appldev@oracle-app01 ~]$ cd .gnupg
[appldev@oracle-app01 .gnupg]$ ls -la
total 44
drwx------ 2 appldev dba 4096
May 21 12:01 .
drwx------ 14 appldev dba 4096 May 21 11:54 ..
-rw------- 1 appldev dba 9207
May 21 11:54 gpg.conf
-rw------- 1 appldev dba 1165
May 21 12:01 pubring.gpg
-rw------- 1 appldev dba 1165
May 21 12:01 pubring.gpg~
-rw------- 1 appldev dba 600 May 21 12:01 random_seed
-rw------- 1 appldev dba 1238
May 21 12:01 secring.gpg
-rw------- 1 appldev dba 1280
May 21 12:01 trustdb.gpg
|
List Keys
|
[appldev@oracle-app01 .gnupg]$ gpg --list-keys
/home/appldev/.gnupg/pubring.gpg
--------------------------------
pub 1024D/EB4CC5EF 2015-05-21
uid Venkat (V) <venkat@xyz.com>
sub 2048g/39A1302A 2015-05-21
|
Here is the description of “pub
1024D/EB4CC5EF 2015-05-21”
|
pub
|
Public key
|
|
1024D
|
The number of bits in the key
|
|
EB4CC5EF
|
The key ID
|
|
2015-05-21
|
The date of key creation
|
Command to list the secret keys
gpg --list-secret-keys
|
[appldev@oracle-app01 .gnupg]$ gpg --list-secret-keys
/home/appldev/.gnupg/secring.gpg
--------------------------------
sec 1024D/EB4CC5EF 2015-05-21
uid Venkat (V)
<venkat@xyz.com>
ssb 2048g/39A1302A 2015-05-21
|
Command to exports public key to a file
gpg --export -u useranme -a -o gpg.public
|
[appldev@oracle-app01 .gnupg]$ pwd
/home/appldev/.gnupg
[appldev@oracle-app01 .gnupg]$ gpg --export -u appldev -a -o
gpg.public
[appldev@oracle-app01 .gnupg]$ ls -ltr
total 36
-rw------- 1 appldev dba 9207 May 21 11:54 gpg.conf
-rw------- 1 appldev dba 1280 May 21 12:01 trustdb.gpg
-rw------- 1 appldev dba 1238 May 21 12:01 secring.gpg
-rw------- 1 appldev dba 600
May 21 12:01 random_seed
-rw------- 1 appldev dba 1165 May 21 12:01 pubring.gpg~
-rw------- 1 appldev dba 1165 May 21 12:01 pubring.gpg
-rw-r--r-- 1 appldev dba 1682 May 21 12:24 gpg.public
|
Public key entry will display as below
|
[appldev@oracle-app01 .gnupg]$ cat gpg.public
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)
mQGiBFVeK28RBACgbdfw0XMk+yHQERSjQkFNAX6nHYffKQrt/X0xLA/Ob0pUCoYm
+sMtVD8upOpFxfZMRFroyI87dO9Bv5fR2Q2MwVsOBPDrUmg60Dd011+F7mD+WDwi
kI8eOak82noyOMVtugAJc/5MxD8JVj2zDkMLThOlFPMXuGScwPky1OUKhwCgp3mZ
XDgPtR9wcwniei2cYw1VozUD/A8dCzuunXIxptcQdfFCrwjX8BNnYzhHbUIIncdR
/VVVcCcZGTfPNIENtx7OAHFg6WntXj0v27LMy1WCqJrr2dCXwnIPBUoWeJpt3rdH
lUYmoAIjUHRCuxb5HK7qXfhKS9LCgStr019nP0htEMG0XIX5RCLtxmF2jeg6g1AV
LalCA/44vGVi5sPpbclBUVEhOj/ZqdFtPALyZVqbG9jzo97cF5YuwVp1yybTiK6L
XWheqEuWOTDZRqv0Ldmu76Nw2wLr+G/hkjF7GQh0PZO368Fq9u8AnQFJO0+07HoF
9r4vinRbl1FrQsmzGjnNoHmq4kwuC96m+2NMcBV8hc1rOZSuzrQhVmVua2F0IChW
KSA8dnNpcmljaWxsYUBvc2l1cy5jb20+iGAEExECACAFAlVeK28CGwMGCwkIBwMC
BBUCCAMEFgIDAQIeAQIXgAAKCRD8geE160zF7/RxAJ4yNUFN0NxGCk7+nKvuIpsN
rNHvtACgm/P7/x8WkOOcTknIxaG2nhzGbPS5Ag0EVV4rdhAIAIl82OjeXof86yTR
pxnRaTY9TrauAxyPVulyoHAely+aDho1guYYoY/mZ+WW2Dg5WcrCTxDxf0Uge7qA
mzeKY+EWd5dEdEmYMXiG2oqwdyr2rnS6gaTPdOFxqNpB2wLI7dxvvXEkQOveQtAF
U63sjlZPCSH1ikv2vd04X5XUp8vSbeABZ80etJEVvo+/aubLrnYaNHNvi+X1h8P4
+8reSr+92y7GjH5riaIS0CLCNF6yDRKZF9FgbHsxTJlyFP/VcWhHw+JLSvrwvFAz
A3DlgIUoKcCyV7DZeMJgo/B1hqrdjRDYBIevnK79BllaoHWt6wdSnP4pSFdjNZK4
xkGA8ccABA0H/172EURK9xqd7zCxTYaRBIiWIdjJJQ/037T0aEzCcgb4Yd14cjYv
LdsON55KHC587BYuPP6kv8M5Aj7EUAz/bmvk1bkdU0s0JtRCnI5lDnzTXnnd7MmZ
4bmFDrLk4VU/n2csOh7Abn5ZpjrKS1zOeTtdqBAnEgSXwRp/7eSHM1nrczQmrcv0
h/moWUadgrfnLDlujYZnw6jFfJxhah5QTanE4F+jh7AEqJCOExkMveh9KZAd2wfe
A5te4+zOj0HVu57pQ2G8ikIIqoZ7RJ6xggwVcfVtX0Q80mJOqkf4tfeSqFEINluX
5UJxfgokDAPwW/A1sSA4zX0yH6O//72/EVuISQQYEQIACQUCVV4rdgIbDAAKCRD8
geE160zF78BFAJ9TgcwY3FhQjaD/A88hKSz0cB3VjwCfav7SOtT+lIFxCThUagin
K4lIapc=
=oTJ7
-----END PGP PUBLIC KEY BLOCK-----
|
Command to exports private key to a file
gpg --export-secret-keys -u appldev -a -o gpg.priv
|
[appldev@oracle-app01 .gnupg]$ gpg --export-secret-keys -u appldev -a
-o gpg.priv
[appldev@oracle-app01 .gnupg]$ ls -ltr
total 40
-rw------- 1 appldev dba 9207 May 21 11:54 gpg.conf
-rw------- 1 appldev dba 1280 May 21 12:01 trustdb.gpg
-rw------- 1 appldev dba 1238 May 21 12:01 secring.gpg
-rw------- 1 appldev dba 600
May 21 12:01 random_seed
-rw------- 1 appldev dba 1165 May 21 12:01 pubring.gpg~
-rw------- 1 appldev dba 1165 May 21 12:01 pubring.gpg
-rw-r--r-- 1 appldev dba 1682 May 21 12:24 gpg.public
-rw-r--r-- 1 appldev dba 1781 May 21 12:24 gpg.priv
|
Private Key block
|
[appldev@oracle-app01 .gnupg]$ cat gpg.priv
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)
lQG7BFVeK28RBACgbdfw0XMk+yHQERSjQkFNAX6nHYffKQrt/X0xLA/Ob0pUCoYm
+sMtVD8upOpFxfZMRFroyI87dO9Bv5fR2Q2MwVsOBPDrUmg60Dd011+F7mD+WDwi
kI8eOak82noyOMVtugAJc/5MxD8JVj2zDkMLThOlFPMXuGScwPky1OUKhwCgp3mZ
XDgPtR9wcwniei2cYw1VozUD/A8dCzuunXIxptcQdfFCrwjX8BNnYzhHbUIIncdR
/VVVcCcZGTfPNIENtx7OAHFg6WntXj0v27LMy1WCqJrr2dCXwnIPBUoWeJpt3rdH
lUYmoAIjUHRCuxb5HK7qXfhKS9LCgStr019nP0htEMG0XIX5RCLtxmF2jeg6g1AV
LalCA/44vGVi5sPpbclBUVEhOj/ZqdFtPALyZVqbG9jzo97cF5YuwVp1yybTiK6L
XWheqEuWOTDZRqv0Ldmu76Nw2wLr+G/hkjF7GQh0PZO368Fq9u8AnQFJO0+07HoF
9r4vinRbl1FrQsmzGjnNoHmq4kwuC96m+2NMcBV8hc1rOZSuzgAAoIMEn0suA7Hf
MsFOViq4YUj0SWrGCWG0IVZlbmthdCAoVikgPHZzaXJpY2lsbGFAb3NpdXMuY29t
PohgBBMRAgAgBQJVXitvAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQ/IHh
NetMxe/0cQCeMjVBTdDcRgpO/pyr7iKbDazR77QAoJvz+/8fFpDjnE5JyMWhtp4c
xmz0nQI9BFVeK3YQCACJfNjo3l6H/Osk0acZ0Wk2PU62rgMcj1bpcqBwHpcvmg4a
NYLmGKGP5mflltg4OVnKwk8Q8X9FIHu6gJs3imPhFneXRHRJmDF4htqKsHcq9q50
uoGkz3ThcajaQdsCyO3cb71xJEDr3kLQBVOt7I5WTwkh9YpL9r3dOF+V1KfL0m3g
AWfNHrSRFb6Pv2rmy652GjRzb4vl9YfD+PvK3kq/vdsuxox+a4miEtAiwjResg0S
mRfRYGx7MUyZchT/1XFoR8PiS0r68LxQMwNw5YCFKCnAslew2XjCYKPwdYaq3Y0Q
2ASHr5yu/QZZWqB1resHUpz+KUhXYzWSuMZBgPHHAAQNB/9e9hFESvcane8wsU2G
kQSIliHYySUP9N+09GhMwnIG+GHdeHI2Ly3bDjeeShwufOwWLjz+pL/DOQI+xFAM
/25r5NW5HVNLNCbUQpyOZQ5801553ezJmeG5hQ6y5OFVP59nLDoewG5+WaY6yktc
znk7XagQJxIEl8Eaf+3khzNZ63M0Jq3L9If5qFlGnYK35yw5bo2GZ8OoxXycYWoe
UE2pxOBfo4ewBKiQjhMZDL3ofSmQHdsH3gObXuPszo9B1bue6UNhvIpCCKqGe0Se
sYIMFXH1bV9EPNJiTqpH+LX3kqhRCDZbl+VCcX4KJAwD8FvwNbEgOM19Mh+jv/+9
vxFbAAFUCH8ZSpd4MCNlSFNSw4GRm7VlubzcSBDcqdQY2JlhLbRGB0ABjVlyj+E/
5xPGiEkEGBECAAkFAlVeK3YCGwwACgkQ/IHhNetMxe/ARQCgj//H7ywOPVMHzREV
oMzGvdw9se0An3gXMOrUiw4ES7MVMG223oNUrwFY
=wGjB
-----END PGP PRIVATE KEY BLOCK-----
|
Command to import Keys to existed Key
gpg –import filename
|
[appldev@oracle-app01 .gnupg]$ gpg --import /tmp/gpg.public
gpg: key B4F13C76: public key " ABC23 <info@abc23.com>"
imported
gpg: Total number processed: 1
gpg: imported: 1
|
List keys
|
[appldev@oracle-app01 .gnupg]$
gpg --list-keys
/home/appldev/.gnupg/pubring.gpg
--------------------------------
pub 1024D/45727953 2015-05-21
uid Venkat (V)
<Venkat@xyz>
sub 2048g/60F984DF 2015-05-21
pub 1024D/B4F13C76 2003-07-14
[expires: 2018-05-13]
uid ABC23
<info@abc23>
sub 2048g/00A0C61E 2003-07-14
[expires: 2018-05-13]
|
Commands HELP
|
[appldev@oracle-app01 .gnupg]$ gpg --help
gpg (GnuPG) 1.4.5
Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
Syntax: gpg [options] [files]
sign, check, encrypt or decrypt
default operation depends on the input data
Commands:
-s, --sign [file] make a signature
--clearsign [file] make a clear text signature
-b, --detach-sign make a detached signature
-e, --encrypt encrypt data
-c, --symmetric encryption only with symmetric
cipher
-d, --decrypt decrypt data (default)
--verify verify a signature
--list-keys list keys
--list-sigs list keys and signatures
--check-sigs list and check key signatures
--fingerprint list keys and fingerprints
-K, --list-secret-keys list secret keys
--gen-key generate a new key pair
--delete-keys remove keys from the public
keyring
--delete-secret-keys remove keys from the secret keyring
--sign-key sign a key
--lsign-key sign a key locally
--edit-key sign or edit a key
--gen-revoke generate a revocation
certificate
--export export keys
--send-keys export keys to a key server
--recv-keys import keys from a key server
--search-keys search for keys on a key server
--refresh-keys update all keys from a keyserver
--import import/merge keys
--card-status print the card status
--card-edit change data on a card
--change-pin change a card's PIN
--update-trustdb update the trust database
--print-md algo
[files] print message digests
Options:
-a, --armor create ascii armored
output
-r, --recipient NAME encrypt for NAME
-u, --local-user use this user-id to sign or
decrypt
-z N set compress level
N (0 disables)
--textmode use canonical text mode
-o, --output use as output file
-v, --verbose verbose
-n, --dry-run do not make any changes
-i, --interactive prompt before overwriting
--openpgp use strict OpenPGP behavior
--pgp2 generate PGP 2.x
compatible messages
(See the man page for a complete listing of all commands and options)
Examples:
-se -r Bob [file] sign and encrypt for user Bob
--clearsign [file] make a clear text signature
--detach-sign [file] make a detached signature
--list-keys [names] show keys
--fingerprint [names] show fingerprints
Please report bugs to <gnupg-bugs@gnu.org>.
|
References:
http://docs.oracle.com/cd/E39820_01/doc.11121/gateway_docs/content/general_certificates.html
