gpg

31/03/2020

Gérer des cles

Créer une clé

gpg2 --full-gen-key

gpg: /home/raf/.gnupg/trustdb.gpg: trustdb created
gpg: key 9DABDA1D marked as ultimately trusted
gpg: directory '/home/raf/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/raf/.gnupg/openpgp-revocs.d/1AE62FB3B79C169000A8BB4D44AEA6C89DABDA1D.rev'
public and secret key created and signed.

gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: PGP
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   rsa1024/9DABDA1D 2020-03-30 [S]
      Key fingerprint = 1AE6 2FB3 B79C 1690 00A8  BB4D 44AE A6C8 9DAB DA1D
uid         [ultimate] raf 
sub   rsa1024/E083F167 2020-03-30 []

Lister les clés

gpg2 --list-keys

/home/raf/.gnupg/pubring.kbx
---------------------------------
pub   rsa1024/9DABDA1D 2020-03-30 [SC]
uid         [ultimate] raf 
sub   rsa1024/E083F167 2020-03-30 [E]

exporter une cle publique

gpg2 --output gpgraf.pub --armor --export rafi.piccolo@gmail.com

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2

mI0EXoJQEQEEAPRzX7DRBqUDDzECb+TXzS8/lgF3tVKpZBl+oeCrnOI7LmatY/Pt
OXtzSzYcSmyeGhROQs75QnemHZgINtQ4OAKadpmu3dlgXPdGsfg7pDA7EO69xFcx
2gdf3gUTFJlfVIZpvsA1Pm0cZyOMX3/cZQ4430bequpJK383HNVNF9LJABEBAAG0
HXNtc3Byb2QgPHNtc3Byb2RAaWRlYXoud29ybGQ+iLcEEwEIACEFAl6CUBECGwMF
CwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQRK6myJ2r2h0BPQP/ecVwj+RMOYfe
NUno666cShZ3XZhuq9NmTN1P4pxUpw+0MYNTcrzgyu/HEQ+scWuXktvhJDBMePr1
nqCtfJoM5fRzu4fwCrE0z4s4BDYNGCjGF22OafcQHuSauP2dvLn87xfX3veeDsUM
eD3jom4+WFJY3CfN+rPuFJII0Wx6e824jQReglARAQQArBwDOQI2WVauS/jOXL+S
Ssd/+Kmj3oMRhdxiE8yCphqtyhCdEWVGr85PWOuNHqqtvt/vovq303SsPp09czyu
l9BShDpfEupI7Pv18nktOOimTaSITo6lQwzH2fLAJSaqo9+LUb+2mQwMy56nX7Y8
upNvKvXXWR9UO5HyoaxD+tsAEQEAAYifBBgBCAAJBQJeglARAhsMAAoJEESupsid
q9odwtgEANwLhIJW3l8i0dH2DKJQkQ42WeKKc/3DIxx1OTMIiHNb8U4lT8eX3HHL
DJLkMfZcaPSP/VnKnxfaP9NS8rvL7RVRo4LqEX06pBZcX57ES5QmxmBex+h9XMgZ
PzGMYm5B4NWVd8Stu6x8SDMMezAkRHlHAJp5KLFXydLBXSccRTy6
=5iXx
-----END PGP PUBLIC KEY BLOCK-----

exporter une cle privée

ps: la passphrase est obligatoire avant la version 2.1.13 ou 2.1.18

gpg2 --output gpgraf.key --armor --export-secret-keys rafi.piccolo@gmail.com

-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v2

lgAAAgYEXoJQEQEEAPRzX7DRBqUDDzECb+TXzS8/lgF3tVKpZBl+oeCrnOI7Lmat
Y/PtOXtzSzYcSmyeGhROQs75QnemHZgINtQ4OAKadpmu3dlgXPdGsfg7pDA7EO69
xFcx2gdf3gUTFJlfVIZpvsA1Pm0cZyOMX3/cZQ4430bequpJK383HNVNF9LJABEB
AAH+BwMCuxodJN8wNsnmMHM6Ec+XPglWav+V+ZuJGu5JYVkBE2S8T9Nv/+DXCw5c
h5Te8dGJw442p6AhZ+vqbMHV5G2BI17EHAfHmUmnRiLj7CZVok9IcoVVA2cEpN2k
N1qEqn4Dw6OhOosdR3RjbKBLGckrpdw/NxheuMPNDXy0IGs9hiMkTLdDUMGb6X/7
CRxfy9TqDA0hzLmYSw/rHZy5k039JV4uE3VmRDN4QfmzhrlMXuz1YQm4McAobquq
AyAQ5ELwrMXq7mdVzSVFBPmiwMZesOpU5TaXoxxo6+fKQz6aEhLudOi0tgRUKZXV
FrdHjgXjd7kQmKr6I07VNVDQiEsQxuFQltNYShTKuiH1nF1mN0tga4JT1OYbOX43
0nuxjwwETVCtnFj62guCbs1jKCZaqR29NqTs/GdnmtxUE+AMHNhz+ST6WpiFoNWf
3YMHJpWsqaYYZ0VDEUlWDMlUcGWNaJHOK+53I73uQ4uW2C4xMTrmAAyzp7Qdc21z
cHJvZCA8c21zcHJvZEBpZGVhei53b3JsZD6ItwQTAQgAIQUCXoJQEQIbAwULCQgH
AgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBErqbInavaHQE9A/95xXCP5Ew5h941Sejr
rpxKFnddmG6r02ZM3U/inFSnD7Qxg1NyvODK78cRD6xxa5eS2+EkMEx4+vWeoK18
mgzl9HO7h/AKsTTPizgENg0YKMYXbY5p9xAe5Jq4/Z28ufzvF9fe954OxQx4PeOi
bj5YUljcJ836s+4UkgjRbHp7zZ4AAAIGBF6CUBEBBACsHAM5AjZZVq5L+M5cv5JK
x3/4qaPegxGF3GITzIKmGq3KEJ0RZUavzk9Y640eqq2+3++i+rfTdKw+nT1zPK6X
0FKEOl8S6kjs+/XyeS046KZNpIhOjqVDDMfZ8sAlJqqj34tRv7aZDAzLnqdftjy6
k28q9ddZH1Q7kfKhrEP62wARAQAB/gcDAp/ZYk2/PZFx5mCop1WozKEj5A3hBwwR
erVywdStDhWn5onRysx3gEXQHHWWgCFauEh2oDqeNlfqsungRO63kLqDSQ0Qoyhu
Z62SMnDHLK0Mf9TKSZbdyU2Xi+42gFFCCCc8bpnjFx+YdBKVzD9Mhx6F+rOIWfi8
An2AgbF6V4h4PtYheOULw1hLKvUp0iFbGEd5OZdLxipHAE99KNghF8VqHkpWrfp1
c5RiKaVxd4LwaXzT4BkBYLyVWOAaRF7aVSzxwN9nrGVveptc7ICQP+x8rKY6xEKc
MTkTQUMd7tFnmIxC2/Eg7DrP7fDwngCQDaCfE1qjyOyOqBAnas6aWWmqH+O9gA3O
x1YyMsW0pH/iGPzXiEjY9O2K+w5jRCXKekJEGfYi1L/p7Lgv3MERDl9X39JfjGF4
OiQGqBr6Cs3JunRMe++4n2/KC/HpHKPkmhRq4nUMP0l0n56tScgOels8Zn7jgn7R
vMnTC1c9gnPIqih9zH2InwQYAQgACQUCXoJQEQIbDAAKCRBErqbInavaHcLYBADc
C4SCVt5fItHR9gyiUJEONlniinP9wyMcdTkzCIhzW/FOJU/Hl9xxywyS5DH2XGj0
j/1Zyp8X2j/TUvK7y+0VUaOC6hF9OqQWXF+exEuUJsZgXsfofVzIGT8xjGJuQeDV
lXfErbusfEgzDHswJER5RwCaeSixV8nSwV0nHEU8ug==
=5oQU
-----END PGP PRIVATE KEY BLOCK-----

export des ownertrust

gpg --export-ownertrust > gpgraf.ownertrust.txt

# List of assigned trustvalues, created Tue 31 Mar 2020 11:08:25 AM CEST
# (Use "gpg --import-ownertrust" to restore them)
9B1AE33AFFFA13AA8F3F1B5BDF315332ECB7049E:6:

import des ownertrust

gpg --import-ownertrust gpgraf.ownertrust.txt

importer une cle privée (importe finalement la clé privée + publique + subkey)

gpg2 --import gpgraf.key

importer une cle publique

gpg2 --import gpgraf.pub

Pour transporter les cles privées sur un autre serveur

commencer par export ownertrust
puis export private key

puis sur l'autre serveur :
importer owertrust
puis importer private key.

comme ça tout est a l'identique sur le deuxieme serveur, (ca reste ultimate et pas de warnings)

MANIPULER DES FICHIERS

créer un fichier de test

echo salut > file.txt

SIGNER

Signer un fichier (générer un txt)

gpg2 --clearsign file.txt

ça crée ça : file.txt.asc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

salut
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iJwEAQEIAAYFAl6CUoAACgkQRK6myJ2r2h3SAgP9ELtg+QGfv7BktkG00OPnVEi4
JZO4QSYq5Nc8l42qKTmZ7US2AFmOWX88fujw8XV6FbhRg7JrvhSqKECnlF11tK29
Z//TNj2gloOJX5K7zWxlkRJ1Xh+ba3DggylweQUKFRp+UJtqAeIIiIC/a3RVF+aX
DlX7z1OSW4yK57+eykk=
=fmxh
-----END PGP SIGNATURE-----

Signer un fichier (générer un binaire)

gpg2 --sign file.txt

ça crée ça : file.txt.gpg

CRYPTER

Crypter un fichier (genere un binaire file.txt.gpg)

gpg2 --encrypt file.txt

Crypter un fichier (genere un ascii file.txt.asc)

gpg2 --armor --encrypt file.txt

Crypter et signer un fichier

gpg2 --sign --encrypt file.txt

DECRYPTER

Décrypter un fichier (lisible ou non)

gpg2 --decrypt file.txt.asc

ou

gpg2 --decrypt file.txt.gpg

VERIFIER

Verifier une signature

gpg2 --verify file.txt.gpg

delete

faire dans l'ordre

gpg2 --delete-secret-keys rafi.piccolo@gmail.com
gpg2 --delete-keys rafi.piccolo@gmail.com

révoker une clé

générer un certificat de révocation

gpg --output gpgraf.revoke.asc --gen-revoke $GPGKEYID

importer ce certificat pour revoker la clé

gpg --import gpgraf.revoke.asc

envoyer la clé sur un serveur de clé

gpg --send-keys --keyserver keyserver.ubuntu.com $GPGKEYID

Change passphrase

gpg --edit-key $GPGKEYID

At the gpg prompt enter:

passwd

Enter the current passphrase when prompted.
Enter the new passphrase twice when prompted.