Author: Benjamin D. Thomas
released for glibc, tomcat4, sane, XFree86, sendmail, and openssl. The distributors
include Conectiva, Debian, Mandrake, and NetBSD.Last week, I gave a brief
introduction of cryptography and the differences between symmetric and asymmetric
and encryption. Also, I made several comments on how the strength of cryptography
is measured. This week, I am going to show the basics of using the GNU Privacy
Guard (GNUPG). GNUPG is a text-based command line tool that is very straightforward
to use and based on a public & private (asymmetric) key system.
To begin using encryption
on your Linux machine, you must first download the GNUPG packages. It can be
downloaded from: http://www.gnupg.org After
the application is installed, several steps must be taken before you can begin.
First, a key-pair must
be generated. To generate your keys, go to the command line and issue the following:
[prompt]$ gpg –gen-key
If gpg has been installed
correctly, you will be prompted to enter the type of key, keysize, duration
it is valid, your name, email address, and a comment. At this point, it will
be possible for you to begin using most of gpg’s other functions. Probably the
most daunting part of gpg is key management. After generating your key, the
next thing you would want to do is export your public key.
[prompt]$ gpg –export
-a youremail@domain.com > public.key
At this point, you can
share your public key with others. If other people want to send you confidential
data, they can encrypt it with your public key and you’ll be the only one who
can decrypt it. If you want to send someone else an encrypted message, you’ll
need their public key. To import another person’s public key, use the following
command:
[prompt]$ gpg –import
filename.key
To sign and encrypt data
(filename.txt), the following command can be used:
[prompt]$ gpg -ea
-r TargetUserName filename.txt
For TargetUserName to decrypt
that file, the following command should be used:
[prompt]$ gpg -d
filename.txt.asc > output.txt
Another useful feature
of gpg is its ability to use symmetric encryption. This can be used when you
only wish to encrypt a file for personal use. It uses the same key for both
encryption and decryption. To encrypt a file symmetrically, use the following:
[prompt]$ gpg -c
filename.txt
GNUPG can also be easily
interfaced with email. Several years ago, a feature for LinuxSecurity.com was
written that describes how to interface it with pine. Virtually all modern email
clients will support it. There is a wealth of information available on Google
that can help you learn how to take advantage of GPG’s features. Have fun!
Using GnuPG with Pine for
Secure E-Mail:
http://www.linuxsecurity.com/feature_stories/feature_story-83.html
Until next time, cheers!
Benjamin D. Thomas
LinuxSecurity Feature
Extras:
EnGarde
GDSN Subscription Price Reduction
– Guardian Digital, the world’s premier open source security company, announced
today that they will be reducing the annual subscription cost of the Guardian
Digital Secure Network for EnGarde Community users from $229 to $60 for a
limited time.R00ting
The Hacker
– Dan Verton, the author of The Hacker Diaries: Confessions of
Teenage Hackers is a former intelligence officer in the U.S. Marine Corps
who currently writes for Computerworld and CNN.com, covering national cyber-security
issues and critical infrastructure
protection.[ Linux
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
Distribution: | Conectiva | ||
10/14/2003 | glibc | ||
Buffer overflow vulnerability This glibc update includes the fix for a local vulnerability and new timezone |
|||
Distribution: | Debian | ||
10/13/2003 | openssl095 | ||
ASN.1 Remote vulnerability teve Henson of the OpenSSL core team identified and prepared fixes for a |
|||
10/15/2003 | tomcat4 | ||
denial of service vulnerability Aldrin Martoq has discovered a denial of service (DoS) vulnerability in |
|||
Distribution: | Mandrake | ||
10/10/2003 | sane | ||
multiple vulnerabilities Several vulnerabilities were discovered in the saned daemon, a part of the |
|||
Distribution: | NetBSD | ||
10/10/2003 | XFree86 | ||
font buffer overflow vulnerabilities There is an integer overflow in the XFree86 font libraries, which could |
|||
10/10/2003 | sendmail | ||
buffer overflow vulnerabilities Fix a buffer overflow in address parsing. However, a remote exploit of the |
|||
10/10/2003 | openssl | ||
multiple vulnerabilities OpenSSL had multiple vulnerabilities, they were found by tests performed |
|||
Category:
- Security