GPG

performed by: jb-williams

GPG(GnuPrivacyGuard) is an Open Source implementation of PGP(PrettyGoodPrivacy). It allows you to encrypt/decrypt and sign data communications.

A quick walkthrough of GPG.

Works on most all OS’s, this will be a Linux, and quick Windows walkthrough.

Public/Private Keys:

  • You make a Public Key and a Private Key(always keep Private Key safe and do not share with anyone).
  • You give you Public Key out to anyone.
  • They use your Public Key to encrypt the message they want to send to you and you decrypt it with your Private Key.
  • You use their Public Key to encrypt a message you want to send to them and they decrypt it with their Private Key Calculating Key Counts based off of # of People Employees.
  • Symmetric Key count:
    • (N*(N-1))/2 = count of symmetric keys - N = num of individuals
  • Asymmetric Key Count:
    • N*2 \

Linux

Step 1 Create a Key Pair

  The first step in using asymmetric encryption is to generate a key pair. We will be using Charles and Jack as example people.

  • To create a Public/Private Key, Charles will enter the following command:
gpg --full-gen-key
  • Next, Charles will be asked to enter the following info:

    • Real Name: What the user will name their key. We will use Charles.

    • Email Address: Email associated with the key. We will use charles@email.com.

    • Change (N)ame, (E)mail, or (O)kay/(Q)uit?: Enter O to confirm your information.

    • Passphrase: A password for the encryption key. Anytime Private Key is used, passphrase will be verified:

      • Select any passphrase, just make sure to remember it for later use.
  • Example Output:

gpg: key D81710193A5FC56A marked as ultimately trusted
gpg: directory '/home/charles/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/charles/.gnupg/openpgp-revocs.d/C4A3CFC-
51a
B1318FFD4D2C291D81710193A5FC56A.rev'
public and secret key created and signed
  • To verify the keys were created you can use this command:(returns all keys in Charles’ keyring.
gpg --list-keys
  • Example Output:
/home/charles/.gnupg/pubring.kbx
-----------------------------------
pub   rsa3072 2019-12-11 [SC] [expires: 2021-12-10]
C4A3CFC51B1318FFD4D2C291D81710193A5FC56A
uid           [ultimate] charles <charles@email.com>
sub   rsa3072 2019-12-11 [E] [expires: 2021-12-10]

Step 2: Exporting and Importing Keys

  The person sending a message needs the receiver’s Public Key to encrypt the message for them. Charles will need to export his Public Key to make it Public, so others like Jack can use it.

  • Exporting puts the Public Key in a format that can be shared and used to encrypt.

  • Charles would use the following command to export his Public Key:

gpg --armor --output charles.gpg --export charles@email.com
  • gpg: The command to run GPG.

  • --armor: Puts the key in an ASCII format.

  • --output charles.gpg: Creates the Public Key in an accessible format. In this case, we named the key charles.gpg.

  • --export charles@email.com: References which key to use from the key ring. It is referenced by the email.

  • To view the exported key, in the folder you exported it:

cat charles.gpg

Example Output(shortened):

-----BEGIN PGP PUBLIC KEY BLOCK-----

oCN2AghQUDgu5yBVAmPAx7hatvcMBR1X6NqJN4wStLB21OvHdgT2VbiHUtwkGvbJ
Hsui9eTR7bBY1YgP8PcGFjeMZ5+C7E94uYeksbwMzFWGE79M3kqEi1tgkDZTN/T8
8O31qQUgDCCbUnuvpW5pYJ2BconeNBHAZNKSKg+9U3DfCazRpky89be6W7WtjDGs
iFo5PEjBTvCJJXHvDgn2W7I7U0MWO220gyCT/Ja/eKad5GKTeMjOC4ERTwvha0ON 
-----END PGP PUBLIC KEY BLOCK-----
  • Now, Charles can either put this Public Key on his website, and/or share it directly with someone. ie:Jack

  Here are the steps that Jack needs to take.

  • After Jack saves the key he will need to import it into the keyring.
gpg --import charles.gpg
  • Confirm it was imported by listing the keys.
gpg --list-keys
  • This should show Jack’s addition of Charles’ key (Jack has not created any keys yet).
pub   rsa3072 2019-12-03 [SC] [expires: 2021-12-02]
39B2BD6C93E1E63E8C004183FE91AF7A7B4EC267
uid   [ultimate] Charles <charles@email.com>
sub   rsa3072 2019-12-03 [E] [expires: 2021-12-02]

Step 3: Encryption

  Jake now has Charles’ Public Key in his key ring, so he is ready to create a message and encrypt it.

  • Jake will want to create a file that will contain a message, so we’ll use the following echo command to create a file called Jacks_plainmessage.txt.
echo "Hi Charles, my bank account number is 2783492" > Jacks_plainmessage.txt
  • The next step is to use Charles’ Public Key to encrypt Jacks_plainmessage.txt.

  • We will use the following command:

gpg --armor --output Jacks_encryptedmessage.txt.enc --encrypt --recipient charles@email.com Jacks_plainmessage.txt
  • gpg: The command to run GPG.

  • --armor: Puts the encrypted message in an ASCII format.

  • --output Jacks_encryptedmessage.txt.enc: Command for the output file, which creates the name of the encrypted file.

  • --encrypt: Tells GPG to encrypt.

  • --recipient charles@email.com: Tells GPG which Public Key to use, based on the email address of the key.

  • Jacks_plainmessage.txt: Specifies for GPG which plaintext file to encrypt.

  • Run the command to created a file that has ciphertext called Jacks_encryptedmessage.txt.

  • Run a preview command to illustrate the file has now been encrypted:

cat Jacks_encryptedmessage.txt
  • The encrypted message should look like the following:
-----BEGIN PGP MESSAGE-----

hQGMA1p4Le4c2oCaAQv+MT2ghzg9RYymSIxnbwe41LpOPx76mA9f6mQYZO77c/Ij
u14kEgfaVM9PxxBw8KpEkg5NvmBVPAfxFbFrcLoKB8lVW8MTpp3mQ8r0257PNORK
bQOC+HHktQN3AJrsgN/Oj4OduM+hMtnPUdWa0X7uOOKRFW9r5CbuYga134EzoHG3

-----END PGP MESSAGE-----

Step 4: Decryption

  The last step is for Jack to send his encrypted message over to Charles, so she can decrypt it with her Private Key.

  • Once Charles receives Jack’s encrypted message, she will save it in a directory and then run decryption commands against the file.

  • The command that Charles will use to decrypt Jack’s encrypted message is:

gpg --output Jacks_decrypted_message --decrypt Jacks_encryptedmessage.txt.enc
  • gpg: The command to run gpg.

  • --output Jacks_decrypted_message: This creates an output file, which is the decrypted message.

  • --decrypt Jacks_encryptedmessage.txt.enc: This is indicating to decrypt and what file to decrypt.

  • Run the command. It just decrypted Jack’s message and placed the results into a file called Jacks_decrypted_message.

  • Preview the decrypted file by running:

cat Jacks_decrypted_message
  • This shows that now Charles can see Jack’s plaintext message:
"Hi Charles, my bank account number is 2783492."

Signing

  Signing with GPG gives the ability to verify that a file came from you or a specific person.
You can verify signature before extracting the data.

Signing:

gpg --sign text.txt

Verifying:

gpg --verify text.txt.gpg

You can also have a detached signature file.

gpg --detach-sign text.txt

  Then, you need to have both text.txt and text.txt.sig in the same directory and verify the signature with gpg --verify text.txt.sig.
This part was just a quick overview of the signing.

Windows

Step 1: Setup

  Download and Install GPG4Win, then run Kleopatra after the Install Wizard is done. You will come to this screen.

Hello Friend

Step 2: Generating Key Pairs

  • Then, in Kleopatra, Navigate to:
    • File -> New Key Pair
    • (this walkthrough) We will be working with the OpenPGP key pairs.
Hello Friend

  • Now it will ask you to enter your Name and Email, your Identifiers. I would also suggest protecting the generated key with a passphrase. Enter the desired information.
  • Click Advanced Settings, this is where you select your encryption type as well as desired usage like Signing, Authentication, and Expiration Date
  • We will use RSA for this quick tutorial.
  • The 2048 bits is the default encryption strength, I suggest using the max number of bits offered. For me 4096 bits. Click Ok.
  • When everything is set right click Create.
Hello Friend
  • Then enter your desired passphrase for your new key pair.
  • Then it will generate the key pair, and depending on your computer the completion time may vary. After it Generates you should see this window.
Hello Friend
  • Then clicking Finish, you should be able to see your key now listed in Kleopatra.
Hello Friend

Step 3: Exporting Public Keys

Public Key

  • For this to function properly, you will need to Export your Public Key so others can get it and encrypt files/messages for you.
  • To do this we will Right Click on your key you just created and click Export:
    • Then you may rename it as you wish, I tend to use my Name Identifier and public like johnSmith_public.
    • The save window will already have it set to the .gpg file extension.
    • Then save it somewhere you can easily access(Desktop, Documents).

Step 4: Importing Public Keys

  • Find the Recipients Public Key, and you can copy the contents to a new text file.
  • Open Kleopatra, and on the top action bar there is an Import button. Click it then navigate to that text file you just created and Open it.
  • NOTE You may have to set the dropdown right above the Open button to Any files.
  • There should now be an Imported Certificates tab next to the All Certificates tab.
Hello Friend

Step 5: Encrypting Data

  • To Encrypt data, one way is:
    • Open the text you are wanting to encrypt.
    • Select it all and then Copy it to the clipboard(Ctrl+c, or right-click and select Copy).
    • Then go over to your icon tray area. It is likely on the bottom of the screen, I’ve set mine to the top of the screen.
    • Right Click on the Kleopatra Icon in the tray.
    • Got to the Clipboard selection then select Encrypt:
Hello Friend
  • Once it is encrypted, it gets sent back to your clipboard.
  • Paste your newly encrypted text into a document, save and send to the recipient.
Hello Friend

Step 6: Decrypting Data

  • Open the encrypted file sent to you into a document:
    • Select all of the text and Copy it into your clipboard.
    • Go back to the icon tray, right click on the Kleopatra Icon, navigate to Clipboard and select Decrypt/Verify.
Hello Friend
  • Decrypted text will be in your clipboard.
  • Open a document and Paste the Decrypted text into that document.

My Simple Programs

Some simple encrypt/decrypt/signing programs I made.

Github

Common GUI Apps

gpa - Linux

Kleopatra - Linux

GPG GUI for Windows

gpg4win - Windows(gpg4win comes with Kleopatra)

Good GUI Video Tutorial

HackerSploit - YouTube