Recently I’m playing a little with GnuPG and I wanted to document some things, mostly for myself…
GnuPG on Macs
It seems that GnuPG version 2 available in Homebrew is broken. Instead use MacGPG2. If you do not want to compile this by yourself, there is also a handy installer available, which comes with a plugin for Apple Mail and a graphical tool for key management.
Command Line Voodoo
Creating a signature of a file (= create hash value of file + encrypting hash value with own private key):
> gpg -a -u Bilbo --output test.txt.sig --detach-sig test.txt
- -a: use ascii
- -u: select the private key of sender
- –output: [name of output file]
Verifying a signature (= check if above signature and file match):
> gpg --verify test.txt.sig test.txt
gpg: Signatur vom Do 12 Feb 10:53:20 2015 CET mittels RSA-Schlüssel ID CEB679AA
gpg: Korrekte Signatur von "Bilbo Beutlin <bilbo@shire.com>" [uneingeschränkt]
After modifying test.txt:
> gpg --verify test.txt.sig test.txt
gpg: Signatur vom Do 12 Feb 10:53:20 2015 CET mittels RSA-Schlüssel ID CEB679AA
gpg: FALSCHE Signatur von "Bilbo Beutlin <bilbo@shire.com>" [uneingeschränkt]
Encrypting a file (with the public key of a receiver):
> gpg -a --output test.txt.enc -r Gandalf --encrypt test.txt
- -a: use ascii
- -r: select the public key of the receiver
- –output: [name of output file]
Decrypting a file:
(No secret key needs to be specified)
> gpg --output test.txt --decrypt test.txt.enc
gpg: verschlüsselt mit 4096-Bit RSA Schlüssel, ID DEBB8A6A, erzeugt 2015-02-12
"Gandalf the White <gandalf@wizzard.org>"
Encrypt and sign a file
> gpg -a -u Bilbo -r Gandalf --output test.txt.enc.sig --sign --encrypt test.txt
- -a: use ascii
- -u: select the private key of sender
- -r: select the public key of the receiver
Decrypt and verify
> gpg --output test.txt --decrypt test.txt.enc.sig
gpg: verschlüsselt mit 4096-Bit RSA Schlüssel, ID DEBB8A6A, erzeugt 2015-02-12
"Gandalf the White <gandalf@wizzard.org>"
gpg: Signatur vom Do 12 Feb 11:17:23 2015 CET mittels RSA-Schlüssel ID CEB679AA
gpg: Korrekte Signatur von "Bilbo Beutlin <bilbo@shire.com>" [uneingeschränkt]