soft.encryption - jgrey4296/jgrey4296.github.io GitHub Wiki

GPG/Encryptions

GPG

GPG Conf

gpgconf to modify and update gpg-agent settings, restart the service etc

gpgconf --help

gpgconf --kill gpg-agent

GPG Notes (v 2.2.11)

Short IDs: Last 8 digits of fingerprint

List keys

gpg -k
gpg --list-sigs

Importing a key:

# Works for secret and public keys
gpg --import [filename]

Generating a key

gpg --gen-key
gpg --gen-revoke --armor --output=RevocationCertificate.asc [email]

Deleting a key:

gpg --delete-secret-keys
gpg --delete-keys

Get a fingerprint

# Fingerprints give a shorter to verify hash of public keys
gpg --fingerprint [email]

Sign a key

gpg --sign-key [email]
gpg --interactive --edit-key [email]

Export keys

gpg --armor --export[-secret-keys] [-o file] [-a ID | email]

Encrypt

# *Don't forget to add yourself to the recipients*
gpg [-o output] --sign --armor [-r recipient] [-e file]

Decrypt

gpg  -o output -d file

Sign a plaintext message

gpg --clearsign file

Verify a signature

gpg --verify file

Using Stronger Encryption

gpg --interactive --edit-key [email]
# Then 'showpref' will show algorithm preferences
# from most - least.
modify using 'setpref [algorithms..]'
# then 'save'

OpenSSL

https://www.sslshopper.com/article-most-common-openssl-commands.html

/etc/ssl/certs - linux /usr/local/etc/openssl/cert.pem -mac

Emacs

https://emacs.stackexchange.com/questions/32881

use epg package, set epg-pinentry-mode to ‘loopback

add “allow-emacs-pinentry” to “~/.gnupg/gpg-agent.conf”, and set pinentry-program to pinentry-mac’s path in gpg-agent.conf

reload the configuration with “gpgconf –reload gpg-agent”, and

[∅] Pubkey algorithms

ed25519

ecdsa

rsa

dsa / dss

elg

ecdh

eddsa

[∅] Cypher algorithms

IDEA

3DES

CAST5

BLOWFISH

AES

AES192

AES256

TWOFISH

CAMELLIA128

CAMELLIA192

CAMELLIA256

[∅] Hash algorithms

SHA1

RIPEMD160

SHA256

SHA384

SHA512

SHA224

Protocol

GPG Protocol

Create Key Create Revocation Cert Create Fingerprint Export Public and Secret Keys Backup [Public, Secret, Revocation]

Import other persons public key Verify it against their fingerprint Sign the Key (optional, give the signed key back by exporting it)

Then decrypt messages sent to you, encrypt messages to them using their public key, or verify they sent a plaintext signature.

SSH

ssh-keygen

# Generates {ssh-key-name} (private) and {ssh-key-name}.pub (public)
ssh-keygen -t ed25519 -b 4096 -C "{[email protected]}" -f {ssh-key-name}

ssh-agent

ssh-add {ssh-key-name}

ssh-config

Host bitbucket.org
AddKeysToAgent yes
IdentityFile ~/.ssh/{ssh-key-name}

verify

ssh -T [email protected]

Links

GPG General Howto https://support.atlassian.com/bitbucket-cloud/docs/set-up-personal-ssh-keys-on-linux/#Create-an-SSH-key-pair https://docs.github.com/en/authentication/connecting-to-github-with-ssh/about-ssh ssh-config-bad-configuration-option-usekeychain-on-mac-os-sierra-10-12-6 ssh-key-still-asking-for-password-and-passphrase

⚠️ **GitHub.com Fallback** ⚠️