.org
heightpilled since 03/2020
- Joined
- Sep 8, 2023
- Posts
- 189
- Reputation
- 217
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This guide is to help you understand PGP, why you should use it, and obviously how to use it. As always, this message will be signed so you can verify it yourself (try to verify this message to start using PGP, and send me an encrypted message).
What is PGP Encryption?
PGP, or Pretty Good Privacy, uses asymmetric encryption with two keys: a public key for message encryption and a private key for decryption. Only the possessor of the private key can decrypt messages.
Installation
For Debian based systems:
For rpm based systems:
For MacOS systems install homebrew (https://brew.sh)
For Windows OS systems:
https://gpg4win.org/download.html
How to Make PGP Private and Public Key
type gpg -a --export and it should show a block of text in your terminal, that starts with "-----BEGIN PGP PUBLIC KEY BLOCK-----"; You want to copy this with the ending block. do not just copy the gibberish text you see, copy the "BEGIN PGP" line too.
How to Sign and Verify Messages
Cat is a command in Unix terminals that helps you view the contents of the file. doing cat on your .asc file will give you a block of gibberish text that you can paste into your message body.
Here is an example of how it would look like:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
my message goes here
-----BEGIN PGP SIGNATURE-----
kJJSKJF92jfJ239RFJDKSJFAF293djkf.....
-----END PGP SIGNATURE-----
That is how you sign messages. If you want to sign files, you do the same except you give the person the .asc file so they can do gpg --verify yourfile.extention.asc yourfile.extention
So if it's a python file called "main.py" they must download main.py and main.py.asc, then type gpg --verify main.py.asc main.py
Encryption
In order to encrypt a message, YOU MUST have the person's public key or else it will not be decrypt-able. You cannot encrypt your message with your private key, and encrypting with your public key means only you can decrypt it. So, start by doing the following
Decryption
Decryption is only one way, which means if someone encrypts a message using your public key, even they cannot decrypt it. Once you received the encrypted file or message, you can run gpg --decrypt filename.extention.asc and if it was encrypted correctly then it will show you the plaintext output
for gpg4win, search up tutorials on youtube
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE9t563r6mAKZ+bSbhZ0Osig03HIQFAmVRf+8ACgkQZ0Osig03
HIRazA/+MadPJ0YpgsrAVdx2lxElNCY9cL6CKklL2cPk+4BtIA0vvIH5VjWY3Tlt
GA5eRUifXp/mnJAcgg7KDCMq52ehl1AOLZkre/7qmpRIgBNIvKin/gFYICSTfyEv
UUuXKAmUQvfaHU7DQYbYy7xTmTnVkvMDGXUlNWTwcOTb+Fojwsr4HXyqlEs+cy4j
Hcnlr6jPchPGKvF95cF8hRoMr51lCMlTJ8sDCAof7PfOwnXoSD9EFLzQqKagegVC
IVJhZhNWYn/zWKTaugHJtyEki0oXASrXcGEQISPtng2ddK4DAbNu1xUueEMcpsmA
BemDXlGpy+1i//cCeK2A1vSfok2PwT2+aRg0LQjfBHPMQ7n8SNSJedbD7n+BrY3b
tXMt/Yppl/JiX7Lmyc8brsRZeQ2KZMydZxXSsNHW9AS4VF7t4kpRkK5qlScvRXze
jbOex9WWvrQxgM5U5v4M89LkG2UFOBLY3BEYc4MNjd4RprIoO3O4Ue0E206ynLhF
3nPkG4bFM7qSsdyu5N+3Q9xrMdzAITZ3pXfuJqSwrpzXJMD9cgaZXXU0lqzTGcmY
aIC88fd7NvoL/LHrGyHxeIcKnAop3dkio3+8tnBhTD/5Ui+Bc7txdqoJ9UW8MSD
TtZ/OyYC69s3TqSY1rdiOUAwx7IKxp/rmtIlbM8koKO6HEI/5Mk=
=FYwc
-----END PGP SIGNATURE-----
Hash: SHA256
This guide is to help you understand PGP, why you should use it, and obviously how to use it. As always, this message will be signed so you can verify it yourself (try to verify this message to start using PGP, and send me an encrypted message).
What is PGP Encryption?
PGP, or Pretty Good Privacy, uses asymmetric encryption with two keys: a public key for message encryption and a private key for decryption. Only the possessor of the private key can decrypt messages.
Installation
For Debian based systems:
Bash:
sudo apt-get install gnupg2 -yFor rpm based systems:
Bash:
sudo dnf install gnupg2 -yFor MacOS systems install homebrew (https://brew.sh)
Bash:
brew install gpg2For Windows OS systems:
https://gpg4win.org/download.html
How to Make PGP Private and Public Key
- launch terminal and type gpg --full-generate
- For selection, choose (1) RSA and RSA
- Type 4096 for your bit length (the longer the better, but longer PGP keys are annoying to export)
- Choose expiration date (set to never if you'll always use this machine, though bad OPSEC)
- Type name and email (it can be a fake name and email but make sure this is the identity you go by online, and make sure you can access your temp-email; I suggest just make a random proton.me email using a fake name you like to go by, like Alex Clarke for example)
- add comment (hit enter if you don't want to write any comments, usually I don't but it's up to you)
type gpg -a --export and it should show a block of text in your terminal, that starts with "-----BEGIN PGP PUBLIC KEY BLOCK-----"; You want to copy this with the ending block. do not just copy the gibberish text you see, copy the "BEGIN PGP" line too.
How to Sign and Verify Messages
- Open a text editor and copy paste the message you want to sign
- Change directory (cd) into the path that contains the file, so if it's desktop do cd desktop
- type gpg -a --detach-sign yourfilename.txt
- a file will be created called yourfilename.txt.asc
- There are two things you can do; either attach the .asc file with the message you are sending, or you paste the actual signed ASCII in the text body. I prefer the second option since most people do not like downloading files, so do step 6
- First, verify that it's a good signature by typing gpg --verify yourfilename.txt.asc yourfilename.txt
- If it returns bad signature, do steps 1 to 6 thoroughly; if its a good signature then type cat yourfilename.txt.asc
Cat is a command in Unix terminals that helps you view the contents of the file. doing cat on your .asc file will give you a block of gibberish text that you can paste into your message body.
Here is an example of how it would look like:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
my message goes here
-----BEGIN PGP SIGNATURE-----
kJJSKJF92jfJ239RFJDKSJFAF293djkf.....
-----END PGP SIGNATURE-----
That is how you sign messages. If you want to sign files, you do the same except you give the person the .asc file so they can do gpg --verify yourfile.extention.asc yourfile.extention
So if it's a python file called "main.py" they must download main.py and main.py.asc, then type gpg --verify main.py.asc main.py
Encryption
In order to encrypt a message, YOU MUST have the person's public key or else it will not be decrypt-able. You cannot encrypt your message with your private key, and encrypting with your public key means only you can decrypt it. So, start by doing the following
- Ask them for a .asc of their public key, if they do not have it but have the PGP block, then copy and paste the entire thing and label it theirname.asc.
- cd into the path that contains their public key and import using gpg --import theirname.asc
- type gpg --list-keys and find their key. Once found, it should have a fingerprint that is extremely long, copy it, then type gpg --encrypt -r THEIR-FINGERPRINT-HERE -a message-to-encrypt.txt
- a new file will be created and you can send the encrypted message, or do cat on the file to display it in ascii format to copy and paste
Decryption
Decryption is only one way, which means if someone encrypts a message using your public key, even they cannot decrypt it. Once you received the encrypted file or message, you can run gpg --decrypt filename.extention.asc and if it was encrypted correctly then it will show you the plaintext output
for gpg4win, search up tutorials on youtube
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE9t563r6mAKZ+bSbhZ0Osig03HIQFAmVRf+8ACgkQZ0Osig03
HIRazA/+MadPJ0YpgsrAVdx2lxElNCY9cL6CKklL2cPk+4BtIA0vvIH5VjWY3Tlt
GA5eRUifXp/mnJAcgg7KDCMq52ehl1AOLZkre/7qmpRIgBNIvKin/gFYICSTfyEv
UUuXKAmUQvfaHU7DQYbYy7xTmTnVkvMDGXUlNWTwcOTb+Fojwsr4HXyqlEs+cy4j
Hcnlr6jPchPGKvF95cF8hRoMr51lCMlTJ8sDCAof7PfOwnXoSD9EFLzQqKagegVC
IVJhZhNWYn/zWKTaugHJtyEki0oXASrXcGEQISPtng2ddK4DAbNu1xUueEMcpsmA
BemDXlGpy+1i//cCeK2A1vSfok2PwT2+aRg0LQjfBHPMQ7n8SNSJedbD7n+BrY3b
tXMt/Yppl/JiX7Lmyc8brsRZeQ2KZMydZxXSsNHW9AS4VF7t4kpRkK5qlScvRXze
jbOex9WWvrQxgM5U5v4M89LkG2UFOBLY3BEYc4MNjd4RprIoO3O4Ue0E206ynLhF
3nPkG4bFM7qSsdyu5N+3Q9xrMdzAITZ3pXfuJqSwrpzXJMD9cgaZXXU0lqzTGcmY
aIC88fd7NvoL/LHrGyHxeIcKnAop3dkio3+8tnBhTD/5Ui+Bc7txdqoJ9UW8MSD
TtZ/OyYC69s3TqSY1rdiOUAwx7IKxp/rmtIlbM8koKO6HEI/5Mk=
=FYwc
-----END PGP SIGNATURE-----
