Beginners Guide to GnuPG

[kevdog]

So you want to see the contents of the public and private keys for example.

The keys are actually in binary format, but you can export the keys in equivalent ascii format to see the difference.

Remember, every key on a keyring there is at least one signing and one encryption key. The signing key is the primary key, the encryption key is the subkey.

The private keys are kept on the secret keyring and the public keys are kept on the public key ring.

So lets see if any of the keys differ. Here is what you gave me:

Public KeyRing
pub 1024D/069C39A4 2008-01-28
uid John Smith <johnsmith@hismail.com>
sub 2048g/045D39H5 2008-01-28

Private Keyring
sec 1024D/069C39A4 2008-01-28
uid John Smith <johnsmith@hismail.com>
ssb 2048g/045D39H5 2008-01-28

The public signing key is designated by pub 1024D/069C39A4. The corresponding private signing key is sec 1024D/06C39A4.

The public encryption key is designated by sub 2048g/045D39H5. The corresponding private encryption key is ssb 2048g/045D39H5.

So lets just see if any of these keys differ. Im going to compare the signing keys (you could do the same for the encryption keys if you want)

gpg --armor --export 069C39A4 > public_signing_key
gpg --armor --export-secret-keys 069C39A4 > private_signing_key

You can compare the two files by doing the following
diff -q public_signing_key private_signing_key
diff -y public_signing_key private_signing_key | more

The first gives you a global summary, the second command will list the files line by line - side by side - so you can compare them yourselves. You can see the differ. So that is proof. You can confirm this with your encryption key sets also, or even compare the public encryption key with the public signing key to prove to yourself the keys differ.

Convinced yet?

[Arhuma]

Convinced yet?

Well, all I can say is I've saved this page and keep it in a safe place so that I won't lose it!

Excellent explanation. Thanks!

Arhuma

[Dr Small]

I must say, beautiful explanation!
(Sorry I can't say more, but I'm learning Dvorak and typing is still slow.)

[kevdog]

Off-topic
What's Dvorak?

[Dr Small]

Off-topic
What's Dvorak?

http://en.wikipedia.org/wiki/Dvorak_Simplified_Keyboard

[kevdog]

Thanks for the link. I think learning DVORAK would be really hard. Its would be extremely hard for me to retrain my brain to think like that. I probably dont type more than 60-70 wpm, however I do so without even thinking about letter placement. Give me a new letter placement, Im not sure if I could overcome. Im not very good with learning languages either, so perhaps it uses the same skill set. Tell me if the experiment works.

[gnumd]

Looks like a nice guide.

Problems I am encountering:
1) There is a difference when running seahorse or GPA from sudo (root) and as listed in this tutorial (not as root).
2) When running per this tutorial seahorse is broken and so is GPA
3) When running from root ie. sudo seahorse it appears to work but doesn't.

What I am able to do is copy over my keys from another machine (using a USB stick) into the sudo seahorse... however running gedit or sudo gedit does not permit encrypting of the text contents.

I get the following error:

Couldn't connect to seahorse-daemon

Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.

I appreciate all help.

-Steve

[housam]

impressive

[miloske85]

Thanks for the tutorial, it's very nice.

I have one question, what happens with your keys if someone who has physicall access to your pc, resets your password and accesses your user account? I know that XP will destroy your keys in such situation, and attacker won't be able to decrypt your files (EFS), but i'm new to linux, what happens here? And, what would happen with, say, email client (Evolution), would attacker be able to read encrypted emails, and maybe even use the key to encrypt/sign messages that he sends?

[Dr Small]

Thanks for the tutorial, it's very nice.

I have one question, what happens with your keys if someone who has physicall access to your pc, resets your password and accesses your user account? I know that XP will destroy your keys in such situation, and attacker won't be able to decrypt your files (EFS), but i'm new to linux, what happens here? And, what would happen with, say, email client (Evolution), would attacker be able to read encrypted emails, and maybe even use the key to encrypt/sign messages that he sends?

To decrypt, clearsign or change the password on the key, the person who has physical access to the system with your private key would have to enter the password of your private key to unlock it.

Therefore, he would not be able to decrypt, clearsign or reset your password. All should be safe. Of course, unless you have a weak passphrase on your private key.

Dr Small