|Securing and Optimizing Linux: RedHat Edition -A Hands on Guide|
|Prev||Chapter 19. Software -Securities/Management & Limitation||Next|
After installing, importing, signing and configuring everything in the way that we want, we can start on encrypting and decrypting our work. To encrypt and sign data for the user RedHat that we have added on our keyring above, use the following command:
[root@deep] /# gpg -sear RedHat <file>
Example 19-3. Encrypting
[root@deep] /# gpg -sear RedHat message-to-RedHat.txt
You need a passphrase to unlock the secret key for user: "Gerhard Mourani (Open Network Architecture) <email@example.com>" 1024-bit DSA key, ID BBB4BA9B, created 1999-10-26 Enter passphrase:
|The s is for signing|
e for encrypting,
a to create ASCII armored output .asc ready for sending by mail,
r to encrypt the user id name
<file> is the message you want to encrypt.
To decrypt data, use the following command:
[root@deep] /# gpg -d <file>
Example 19-4. Decrypting
[root@deep] /# gpg -d message-to-Gerhard.asc
You need a passphrase to unlock the secret key for user: "Gerhard Mourani (Open Network Architecture) <firstname.lastname@example.org>" 2048-bit ELG-E key, ID 71D4CC44, created 1999-10-26 (main key ID BBB4BA9B) Enter passphrase:
-d is for decrypting
<file> is the message you want to decrypt.
You can spread your wings by exporting and distributing your public key to the world. This can be done by publishing it on your homepage, through an available key server on the Internet, or any other available method. GnuPG has some useful options to help you publish your public keys. To extract your public key in ASCII armored output, use the following command:
[root@deep] /# gpg --export --armor > Public-key.asc
--export is for extracting your Public-key from your pubring encrypted file,
--armor is to create ASCII armored output that you can mail, publish or put it on a web page
> Public-key.asc is to put the result in a file that you've named Public-key.asc.
You need to Check the signature, once you have extracted your public key and exported it, everyone who knows or gets your public key should be able to check whether encrypted data from you is also really signed by you. To check the signature of encrypted data, use the following command:
[root@deep] /# gpg --verify <Data>
Some possible uses of GnuPG software
Send encrypted mail massage.
Encrypt backup files before transmission over the network.
Encrypt individual sensitive files i.e. a file that handle all your passwords.