Gérer des cles
Créer une clé
gpg2 --full-gen-key
gpg: /home/raf/.gnupg/trustdb.gpg: trustdb created
gpg: key 9DABDA1D marked as ultimately trusted
gpg: directory '/home/raf/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/raf/.gnupg/openpgp-revocs.d/1AE62FB3B79C169000A8BB4D44AEA6C89DABDA1D.rev'
public and secret key created and signed.
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: PGP
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub rsa1024/9DABDA1D 2020-03-30 [S]
Key fingerprint = 1AE6 2FB3 B79C 1690 00A8 BB4D 44AE A6C8 9DAB DA1D
uid [ultimate] raf
sub rsa1024/E083F167 2020-03-30 []Lister les clés
gpg2 --list-keys
/home/raf/.gnupg/pubring.kbx
---------------------------------
pub rsa1024/9DABDA1D 2020-03-30 [SC]
uid [ultimate] raf
sub rsa1024/E083F167 2020-03-30 [E]
exporter une cle publique
gpg2 --output gpgraf.pub --armor --export rafi.piccolo@gmail.com
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2
mI0EXoJQEQEEAPRzX7DRBqUDDzECb+TXzS8/lgF3tVKpZBl+oeCrnOI7LmatY/Pt
OXtzSzYcSmyeGhROQs75QnemHZgINtQ4OAKadpmu3dlgXPdGsfg7pDA7EO69xFcx
2gdf3gUTFJlfVIZpvsA1Pm0cZyOMX3/cZQ4430bequpJK383HNVNF9LJABEBAAG0
HXNtc3Byb2QgPHNtc3Byb2RAaWRlYXoud29ybGQ+iLcEEwEIACEFAl6CUBECGwMF
CwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQRK6myJ2r2h0BPQP/ecVwj+RMOYfe
NUno666cShZ3XZhuq9NmTN1P4pxUpw+0MYNTcrzgyu/HEQ+scWuXktvhJDBMePr1
nqCtfJoM5fRzu4fwCrE0z4s4BDYNGCjGF22OafcQHuSauP2dvLn87xfX3veeDsUM
eD3jom4+WFJY3CfN+rPuFJII0Wx6e824jQReglARAQQArBwDOQI2WVauS/jOXL+S
Ssd/+Kmj3oMRhdxiE8yCphqtyhCdEWVGr85PWOuNHqqtvt/vovq303SsPp09czyu
l9BShDpfEupI7Pv18nktOOimTaSITo6lQwzH2fLAJSaqo9+LUb+2mQwMy56nX7Y8
upNvKvXXWR9UO5HyoaxD+tsAEQEAAYifBBgBCAAJBQJeglARAhsMAAoJEESupsid
q9odwtgEANwLhIJW3l8i0dH2DKJQkQ42WeKKc/3DIxx1OTMIiHNb8U4lT8eX3HHL
DJLkMfZcaPSP/VnKnxfaP9NS8rvL7RVRo4LqEX06pBZcX57ES5QmxmBex+h9XMgZ
PzGMYm5B4NWVd8Stu6x8SDMMezAkRHlHAJp5KLFXydLBXSccRTy6
=5iXx
-----END PGP PUBLIC KEY BLOCK-----
exporter une cle privée
ps: la passphrase est obligatoire avant la version 2.1.13 ou 2.1.18
gpg2 --output gpgraf.key --armor --export-secret-keys rafi.piccolo@gmail.com
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v2
lgAAAgYEXoJQEQEEAPRzX7DRBqUDDzECb+TXzS8/lgF3tVKpZBl+oeCrnOI7Lmat
Y/PtOXtzSzYcSmyeGhROQs75QnemHZgINtQ4OAKadpmu3dlgXPdGsfg7pDA7EO69
xFcx2gdf3gUTFJlfVIZpvsA1Pm0cZyOMX3/cZQ4430bequpJK383HNVNF9LJABEB
AAH+BwMCuxodJN8wNsnmMHM6Ec+XPglWav+V+ZuJGu5JYVkBE2S8T9Nv/+DXCw5c
h5Te8dGJw442p6AhZ+vqbMHV5G2BI17EHAfHmUmnRiLj7CZVok9IcoVVA2cEpN2k
N1qEqn4Dw6OhOosdR3RjbKBLGckrpdw/NxheuMPNDXy0IGs9hiMkTLdDUMGb6X/7
CRxfy9TqDA0hzLmYSw/rHZy5k039JV4uE3VmRDN4QfmzhrlMXuz1YQm4McAobquq
AyAQ5ELwrMXq7mdVzSVFBPmiwMZesOpU5TaXoxxo6+fKQz6aEhLudOi0tgRUKZXV
FrdHjgXjd7kQmKr6I07VNVDQiEsQxuFQltNYShTKuiH1nF1mN0tga4JT1OYbOX43
0nuxjwwETVCtnFj62guCbs1jKCZaqR29NqTs/GdnmtxUE+AMHNhz+ST6WpiFoNWf
3YMHJpWsqaYYZ0VDEUlWDMlUcGWNaJHOK+53I73uQ4uW2C4xMTrmAAyzp7Qdc21z
cHJvZCA8c21zcHJvZEBpZGVhei53b3JsZD6ItwQTAQgAIQUCXoJQEQIbAwULCQgH
AgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBErqbInavaHQE9A/95xXCP5Ew5h941Sejr
rpxKFnddmG6r02ZM3U/inFSnD7Qxg1NyvODK78cRD6xxa5eS2+EkMEx4+vWeoK18
mgzl9HO7h/AKsTTPizgENg0YKMYXbY5p9xAe5Jq4/Z28ufzvF9fe954OxQx4PeOi
bj5YUljcJ836s+4UkgjRbHp7zZ4AAAIGBF6CUBEBBACsHAM5AjZZVq5L+M5cv5JK
x3/4qaPegxGF3GITzIKmGq3KEJ0RZUavzk9Y640eqq2+3++i+rfTdKw+nT1zPK6X
0FKEOl8S6kjs+/XyeS046KZNpIhOjqVDDMfZ8sAlJqqj34tRv7aZDAzLnqdftjy6
k28q9ddZH1Q7kfKhrEP62wARAQAB/gcDAp/ZYk2/PZFx5mCop1WozKEj5A3hBwwR
erVywdStDhWn5onRysx3gEXQHHWWgCFauEh2oDqeNlfqsungRO63kLqDSQ0Qoyhu
Z62SMnDHLK0Mf9TKSZbdyU2Xi+42gFFCCCc8bpnjFx+YdBKVzD9Mhx6F+rOIWfi8
An2AgbF6V4h4PtYheOULw1hLKvUp0iFbGEd5OZdLxipHAE99KNghF8VqHkpWrfp1
c5RiKaVxd4LwaXzT4BkBYLyVWOAaRF7aVSzxwN9nrGVveptc7ICQP+x8rKY6xEKc
MTkTQUMd7tFnmIxC2/Eg7DrP7fDwngCQDaCfE1qjyOyOqBAnas6aWWmqH+O9gA3O
x1YyMsW0pH/iGPzXiEjY9O2K+w5jRCXKekJEGfYi1L/p7Lgv3MERDl9X39JfjGF4
OiQGqBr6Cs3JunRMe++4n2/KC/HpHKPkmhRq4nUMP0l0n56tScgOels8Zn7jgn7R
vMnTC1c9gnPIqih9zH2InwQYAQgACQUCXoJQEQIbDAAKCRBErqbInavaHcLYBADc
C4SCVt5fItHR9gyiUJEONlniinP9wyMcdTkzCIhzW/FOJU/Hl9xxywyS5DH2XGj0
j/1Zyp8X2j/TUvK7y+0VUaOC6hF9OqQWXF+exEuUJsZgXsfofVzIGT8xjGJuQeDV
lXfErbusfEgzDHswJER5RwCaeSixV8nSwV0nHEU8ug==
=5oQU
-----END PGP PRIVATE KEY BLOCK-----
export des ownertrust
gpg --export-ownertrust > gpgraf.ownertrust.txt
# List of assigned trustvalues, created Tue 31 Mar 2020 11:08:25 AM CEST
# (Use "gpg --import-ownertrust" to restore them)
9B1AE33AFFFA13AA8F3F1B5BDF315332ECB7049E:6:
import des ownertrust
gpg --import-ownertrust gpgraf.ownertrust.txt
importer une cle privée (importe finalement la clé privée + publique + subkey)
gpg2 --import gpgraf.key
importer une cle publique
gpg2 --import gpgraf.pub
Pour transporter les cles privées sur un autre serveur
commencer par export ownertrust
puis export private key
puis sur l'autre serveur :
importer owertrust
puis importer private key.
comme ça tout est a l'identique sur le deuxieme serveur, (ca reste ultimate et pas de warnings)
MANIPULER DES FICHIERS
créer un fichier de test
echo salut > file.txt
SIGNER
Signer un fichier (générer un txt)
gpg2 --clearsign file.txt
ça crée ça : file.txt.asc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
salut
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iJwEAQEIAAYFAl6CUoAACgkQRK6myJ2r2h3SAgP9ELtg+QGfv7BktkG00OPnVEi4
JZO4QSYq5Nc8l42qKTmZ7US2AFmOWX88fujw8XV6FbhRg7JrvhSqKECnlF11tK29
Z//TNj2gloOJX5K7zWxlkRJ1Xh+ba3DggylweQUKFRp+UJtqAeIIiIC/a3RVF+aX
DlX7z1OSW4yK57+eykk=
=fmxh
-----END PGP SIGNATURE-----
Signer un fichier (générer un binaire)
gpg2 --sign file.txt
ça crée ça : file.txt.gpg
CRYPTER
Crypter un fichier (genere un binaire file.txt.gpg)
gpg2 --encrypt file.txt
Crypter un fichier (genere un ascii file.txt.asc)
gpg2 --armor --encrypt file.txt
Crypter et signer un fichier
gpg2 --sign --encrypt file.txt
DECRYPTER
Décrypter un fichier (lisible ou non)
gpg2 --decrypt file.txt.asc
ou
gpg2 --decrypt file.txt.gpg
VERIFIER
Verifier une signature
gpg2 --verify file.txt.gpg
delete
faire dans l'ordre
gpg2 --delete-secret-keys rafi.piccolo@gmail.com
gpg2 --delete-keys rafi.piccolo@gmail.com
révoker une clé
générer un certificat de révocation
gpg --output gpgraf.revoke.asc --gen-revoke $GPGKEYID
importer ce certificat pour revoker la clé
gpg --import gpgraf.revoke.asc
envoyer la clé sur un serveur de clé
gpg --send-keys --keyserver keyserver.ubuntu.com $GPGKEYID
Change passphrase
gpg --edit-key $GPGKEYID
At the gpg prompt enter:
passwd
Enter the current passphrase when prompted.
Enter the new passphrase twice when prompted.