GnuPG – The GNU Privacy Guard (modern version)
Description
GnuPG is a complete and free replacement for PGP. This is the “modern” version.
GnuPG allows encrypting and signing your data and communication, and features a versatile key management system as well as access modules for many public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications.
WWW: https://www.gnupg.org/.
Preparation for Installation
Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.
In this example Terminal on a Mac is used.
Open a remote SSH session to the server with:
Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$
Enable superuser privileges with:
[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#
N.B.: Enter user password, not the root password!
Installation
Install GnuPG with;
[root@server /usr/home/user]# pkg install gnupg [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 8 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
gnupg: 2.1.16
libgpg-error: 1.26
libassuan: 2.4.3
npth: 1.3
libgcrypt: 1.7.6
pinentry: 1.0.0
pinentry-tty: 1.0.0
libksba: 1.3.5
Number of packages to be installed: 8
The process will require 14 MiB more space.
3 MiB to be downloaded.
Proceed with this action? [y/N]: y [enter]
Fetching gnupg-2.1.16.txz: 100% 2 MiB 1.8MB/s 00:01
Fetching libgpg-error-1.26.txz: 100% 172 KiB 176.1kB/s 00:01
Fetching libassuan-2.4.3.txz: 100% 76 KiB 77.4kB/s 00:01
Fetching npth-1.3.txz: 100% 20 KiB 20.6kB/s 00:01
Fetching libgcrypt-1.7.6.txz: 100% 683 KiB 699.7kB/s 00:01
Fetching pinentry-1.0.0.txz: 100% 16 KiB 16.6kB/s 00:01
Fetching pinentry-tty-1.0.0.txz: 100% 27 KiB 27.7kB/s 00:01
Fetching libksba-1.3.5.txz: 100% 156 KiB 159.9kB/s 00:01
Checking integrity... done (0 conflicting)
[1/8] Installing libgpg-error-1.26...
[1/8] Extracting libgpg-error-1.26: 100%
[2/8] Installing libassuan-2.4.3...
[2/8] Extracting libassuan-2.4.3: 100%
[3/8] Installing pinentry-tty-1.0.0...
[3/8] Extracting pinentry-tty-1.0.0: 100%
[4/8] Installing npth-1.3...
[4/8] Extracting npth-1.3: 100%
[5/8] Installing libgcrypt-1.7.6...
[5/8] Extracting libgcrypt-1.7.6: 100%
[6/8] Installing pinentry-1.0.0...
[6/8] Extracting pinentry-1.0.0: 100%
[7/8] Installing libksba-1.3.5...
[7/8] Extracting libksba-1.3.5: 100%
[8/8] Installing gnupg-2.1.16...
[8/8] Extracting gnupg-2.1.16: 100%
Message from gnupg-2.1.16:
###############################################################################
A T T E N T I O N
In order to use gpg-agent, you need to install a pinentry dialog.
The following ports of pinentry dialogs are available:
security/pinentry-curses (ncurses based dialog)
security/pinentry-gtk2 (GTK 2.x based dialog)
security/pinentry-qt4 (QT4 based dialog)
security/pinentry-tty (console based dialog)
###############################################################################
[root@server /usr/home/user]#
Configuration
Create required directories with:
[root@server /usr/home/user]# gpg --verify dummy.asc [enter]
gpg: Warning: using insecure memory!
gpg: directory '/root/.gnupg' created
gpg: new configuration file '/root/.gnupg/dirmngr.conf' created
gpg: new configuration file '/root/.gnupg/gpg.conf' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: can't open 'dummy.asc': No such file or directory
gpg: verify signatures failed: No such file or directory
[root@server /usr/home/user]#
How to Use
[root@server /usr/home/user]# gpg --help [enter]
gpg: directory '/root/.gnupg' created
gpg: new configuration file '/root/.gnupg/dirmngr.conf' created
gpg: new configuration file '/root/.gnupg/gpg.conf' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg (GnuPG) 2.1.16
libgcrypt 1.7.6
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /root/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
Syntax: gpg [options] [files]
Sign, check, encrypt or decrypt
Default operation depends on the input data
Commands:
-s, --sign make a signature
--clearsign make a clear text signature
-b, --detach-sign make a detached signature
-e, --encrypt encrypt data
-c, --symmetric encryption only with symmetric cipher
-d, --decrypt decrypt data (default)
--verify verify a signature
-k, --list-keys list keys
--list-sigs list keys and signatures
--check-sigs list and check key signatures
--fingerprint list keys and fingerprints
-K, --list-secret-keys list secret keys
--gen-key generate a new key pair
--quick-gen-key quickly generate a new key pair
--quick-adduid quickly add a new user-id
--quick-revuid quickly revoke a user-id
--full-gen-key full featured key pair generation
--gen-revoke generate a revocation certificate
--delete-keys remove keys from the public keyring
--delete-secret-keys remove keys from the secret keyring
--quick-sign-key quickly sign a key
--quick-lsign-key quickly sign a key locally
--sign-key sign a key
--lsign-key sign a key locally
--edit-key sign or edit a key
--passwd change a passphrase
--export export keys
--send-keys export keys to a keyserver
--recv-keys import keys from a keyserver
--search-keys search for keys on a keyserver
--refresh-keys update all keys from a keyserver
--import import/merge keys
--card-status print the card status
--card-edit change data on a card
--change-pin change a card's PIN
--update-trustdb update the trust database
--print-md print message digests
--server run in server mode
--tofu-policy VALUE set the TOFU policy for a key
Options:
-a, --armor create ascii armored output
-r, --recipient USER-ID encrypt for USER-ID
-u, --local-user USER-ID use USER-ID to sign or decrypt
-z N set compress level to N (0 disables)
--textmode use canonical text mode
-o, --output FILE write output to FILE
-v, --verbose verbose
-n, --dry-run do not make any changes
-i, --interactive prompt before overwriting
--openpgp use strict OpenPGP behavior
(See the man page for a complete listing of all commands and options)
Examples:
-se -r Bob [file] sign and encrypt for user Bob
--clearsign [file] make a clear text signature
--detach-sign [file] make a detached signature
--list-keys [names] show keys
--fingerprint [names] show fingerprints
Please report bugs to <https://bugs.gnupg.org>.
[root@server /usr/home/user]#
You should always verify that the signature matches the archive you have downloaded. This way you can be sure that you are using the same code that was released.
For more information see: nixCraft: UNIX / Linux: PGP TarBall File Signature Keys Verification for more information.