GPG - GNU Privacy Guard | Borisu Wiki Home

Intro

GNU Privacy Guard, is a public key cryptography implementation.

Install

Alpine

$ doas apk add gpg gpg-agent

Ubuntu/Debian

$ sudo apt-get install gnupg

Setup

gpg 키생성: default로 진행: Real name과 Email 입력: 비밀번호 입력
암호화방식: 최신의 ECC(ed25519) 방식 사용

$ gpg --full-gen-key

Create a Revocation Certificate

무효화 인증키 생성 (보안키분실시 사용, 따로 잘 보관)
파일모드가 600인지 확인

$ gpg --output ~/revocation.crt --gen-revoke your_email@address.com

How To Import Other Users’ Public Keys

$ gpg --import name_of_pub_key_file

How To Verify and Sign Keys

$ gpg --fingerprint your_email@address.com 
$ gpg --list-keys       # 키리스트 확인
$ gpg --armor --export  # public key 확인

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEZPwe2hYJwKYBBAHaRw8BAQdATXg1HK+wZW/sZlDXfs7KEJeEyX6YRKx9a60c
P5pj4mwtAPwP2wq1ACEdj+V6VOH/1ZE5KlH7L8UkYlJ8lK+ZdZBK+wEAlknNS5O7
...
-----END PGP PUBLIC KEY BLOCK-----

Encrypt and Decrypt Messages with GPG

Encrypt Messages

$ gpg --encrypt --sing --armor -r <your_email@address.com> <name_of_file>
$ ls
$ <name_of_file>.asc

Decrypt Messages

$ gpg <name_of_file>.asc

Key Maintenance

$ gpg --list-keys    # list available GPG keys
$ gpg --refresh-keys # update the key information
$ gpg --keyserver <key_server> --refresh-keys  # pull information from a specific key server

Bakcup & Restore

backup (사용중인 PC)

# tree로 ~/.gnupg 확인
tree ~/.gnupg

# 현재 사용중인 키 확인
gpg --list-secret-keys --keyid-format LONG

# 백업
mkdir ~/gpg-backup
gpg --export --export-options backup --output ~/gpg-backup/public-key.gpg
gpg --export-secret-keys --export-options backup --output ~/gpg-backup/private-key.gpg
gpg --export-ownertrust > ~/gpg-backup/trust_key.gpg
tar cvf <USB-mount-path>/gpg-backup.tar gpg-backup

restore (다른 PC)

# USB mount
tar xvf <USB-mount-path>/gpg-backup.tar
cd gpg-backup/

# 키 복원
gpg --import public-key.gpg
gpg --import private-key.gpg
gpg --import-ownertrust trust-key.gpg

# 키 확인
gpg --list-secret-keys --keyid-format LONG

PASS(The Standard Unix Password Manager) with gpg

pass는 유닉스에서 개인의 패스워드를 관리하는 표준 툴이다.
GPG와 연동하여 동작한다.
설치 및 사용 전에 gpg --full-generate-key로 먼저 자신의 GPG KEY가 준비되어 있어야 한다.
Usage:

# package install (Alpine)
apk add pass

# Init: ~/.password-store (Check Key ID & Init)
gpg --list-secret-keys --keyid-format LONG
pass init CD177C430FA96E23

# Create New Password (single, multiline insert)
pass insert www/example
pass insert --multiline www/example2

# Password list
pass [list]

# Password Show
pass www/example

Github Backup Restore

# backup
pass git init
pass git remote add origin git@github.com:<user-name>/pass-store.git
pass git push -u --all

# update
pass insert www/example3
pass git push -u --all

# restore (OS 재설치 또는 다른 컴퓨터)
pass git init
pass git remote add origin git@github.com:<user-name>/pass-store.git
pass git pull

Github에 GPG key 등록 후 사용하기

REFERENCE

How to use gpg : https://www.digitalocean.com/community/tutorials/how-to-use-gpg-to-encrypt-and-sign-messages

Intro#

Install#

Setup#

Create a Revocation Certificate#

How To Import Other Users’ Public Keys#

How To Verify and Sign Keys#

Encrypt and Decrypt Messages with GPG#

Key Maintenance#

Bakcup & Restore#

PASS(The Standard Unix Password Manager) with gpg#

Github에 GPG key 등록 후 사용하기#

REFERENCE#

Intro

Install

Setup

Create a Revocation Certificate

How To Import Other Users’ Public Keys

How To Verify and Sign Keys

Encrypt and Decrypt Messages with GPG

Key Maintenance

Bakcup & Restore

PASS(The Standard Unix Password Manager) with gpg

Github에 GPG key 등록 후 사용하기

REFERENCE