Nono.MA

JANUARY 13, 2021

Create A Private Key

openssl genrsa -out private.pem 4096

Create A Public Key

openssl rsa -in private.pem -out public.pem -outform PEM -pubout

Encrypt Files

openssl rsautl -encrypt -inkey public.pem -pubin -in file.txt -out file.ssl

Decrypt Files

openssl rsautl -decrypt -inkey private.pem -in file.ssl -out decrypted.txt

Notes

LAST UPDATED DECEMBER 12, 2023

Create a GPG Key

gpg --full-generate-key
  • Please select what kind of key you want: (1) RSA and RSA
  • What keysize do you want? (3072): 4096 (at least 4096 to stay safe)
  • Key is valid for? (0) 0 (key does not expire)
  • Key does not expire at all. Is this correct? (y/N): y
  • Real name: Your Name Here
  • Email address: your@email.com
  • Comment: Optionally a comment
  • You selected this USER-ID: Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O (to confirm)

For reference, Here's more info from GitHub.

List Keys

gpg --list-keys
gpg --list-secret-keys --keyid-format LONG

Delete a Key

# First, remove the private key
gpg --delete-secret-key key-id

# Then, remove the public key
gpg --delete-key key-id

Encrypt a File

gpg --output file.gpg --encrypt --recipient mundowarezweb@gmail.com file.txt

Decrypt a File

gpg --output file.txt --decrypt file.gpg

Exporting a Public Key

From https://www.gnupg.org/gph/en/manual/x56.html.

In binary format (inconvenient to be public on the web or sent via email).

gpg --output nono.gpg --export mundowarezweb@gmail.com

In plain-text format.

gpg --armor --export mundowarezweb@gmail.com

In plain-text format, saved to a file.

gpg --armor --output nonos-key.gpg --export --recipient mundowarezweb@gmail.com
gpg --armor --export --recipient mundowarezweb@gmail.com > nonos-key.gpg

Exporting a Private Key

You may want to transfer the private key you use to decrypt your files to another machine. Let's see how.

First, you must ensure the key is installed on your machine.

List the keys you have to get the name of the key you want to export.

gpg --list-secret-keys

From the output above, the name is ``.

gpg --export-secret-key NAME > ~/Desktop/my-secret-key.asc

Copy that key to another machine.

Then import it.

gpg --import my-secret-key.asc

Encrypt a file

gpg -o file.txt.gpg -e -r your@email.com file.txt

Note that the email provided needs to match that in your public GPG key.

Decrypt a file

gpg -o "file.txt" -d "file.txt.gpg"

Note that the email provided needs to match that in your private GPG key.

If you don't have the secret key required to decrypt a file, you'll get the following message.

gpg: public key decryption failed: No secret key
gpg: decryption failed: No secret key

Change passphrase

You can change the password you use to unlock your GPG private key.

gpg --edit-key KEY-ID
  • At the gpg prompt enter: passwd
  • Enter the current passphrase when prompted
  • Enter the new passphrase twice when prompted
  • Enter: save

Source.

Want to see older publications? Visit the archive.

Listen to Getting Simple .