mirror of
http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/opsec-blogposts.git
synced 2025-07-01 16:26:41 +00:00
Merge pull request 'age' (#17) from cynthia/opsec-blogposts:main into main
Reviewed-on: http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/opsec-blogposts/pulls/17
This commit is contained in:
commit
46591e593e
3 changed files with 124 additions and 14 deletions
BIN
pgp/0a.png
Normal file
BIN
pgp/0a.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 16 KiB |
138
pgp/index.md
138
pgp/index.md
|
|
@ -1,32 +1,44 @@
|
|||
---
|
||||
author: nihilist
|
||||
date: 2022-12-05
|
||||
gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/85"
|
||||
xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
|
||||
author:
|
||||
- cynthia (age)
|
||||
- nihilist (pgp)
|
||||
date:
|
||||
- 2025-06-09
|
||||
- 2022-12-05
|
||||
gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/226"
|
||||
xmr:
|
||||
- 84ybq68PNqKL2ziGKfkmHqAxu1WpdSFwV3DreM88DfjHVbnCgEhoztM7T9cv5gUUEL7jRaA6LDuLDXuDw24MigbnGqyRfgp
|
||||
- 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
|
||||
tags:
|
||||
- Core Tutorial
|
||||
---
|
||||
# How to use PGP encryption
|
||||
|
||||
|
||||
# How to encrypt files and messages (Age and PGP)
|
||||
|
||||
In this tutorial we're going to look at how to setup PGP keys, and use them to encrypt messages
|
||||
In this tutorial we're going to look at how to setup Age and PGP keys, and use them to encrypt messages
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## **Initial Setup**
|
||||
|
||||
### Analogy
|
||||
## Analogy
|
||||
|
||||
Bob wants to send a sensitive message to Alice. Bob intends to send his sensitive message to Alice through various means, for example on Teams, Discord or even on Wickr. However Bob knows that these service providers will never respect his privacy, they will always spy on Bob's conversation:
|
||||
|
||||
|
||||
|
||||
Bob then decides that noone other than Alice will be able to decrypt his message. So, Bob decides to use PGP encryption, to be able to send a sensitive message to Alice **on any platform** he wishes, because he knows that only Alice will be able to decrypt it:
|
||||
Bob then decides that noone other than Alice will be able to decrypt his message. So, Bob decides to use some encryption tool, to be able to send a sensitive message to Alice **on any platform** he wishes, because he knows that only Alice will be able to decrypt it:
|
||||
|
||||
|
||||
|
||||
Why should you even care about PGP ? Simple, you only want one person to be able to read your message, so you use PGP. You can use it when you do not trust the chat platform you are using, or the email provider, or any other form of communication with text. PGP gives you a simple way of encrypting your messages with others' public key, so that way you're sure that noone can read your messages.
|
||||
Why should you even care about encryption? Simple, you only want one person to be able to read your message, so you use an encryption tool. You can use it when you do not trust the chat platform you are using, or the email provider, or any other form of communication with text. They give you a simple way of encrypting your messages with others' public key, so that way you're sure that noone can read your messages.
|
||||
|
||||
## PGP
|
||||
|
||||
|
||||
|
||||
### **Initial Setup**
|
||||
|
||||
Let's begin by generating your first key:
|
||||
|
||||
|
|
@ -38,7 +50,7 @@ Let's begin by generating your first key:
|
|||
There is NO WARRANTY, to the extent permitted by law.
|
||||
|
||||
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.
|
||||
|
||||
|
||||
GnuPG needs to construct a user ID to identify your key.
|
||||
|
||||
Real name: nihilist
|
||||
|
|
@ -138,7 +150,7 @@ Now let's export our public key like so:
|
|||
|
||||
This can be put publicly on your website, so that users will be able to encrypt their messages before sending it to you.
|
||||
|
||||
## **Encrypt/Decrypt messages**
|
||||
### **Encrypt/Decrypt messages**
|
||||
|
||||
Now let's encrypt our messages with alice's public key after she generates her pgp keys:
|
||||
|
||||
|
|
@ -317,7 +329,7 @@ To sign the message while also remaining in plaintext, we use the second option
|
|||
K307GR4mNIyMy3VRgtuVdONau4X8p68tRS+wqoVRFB8GDLXTkzJsaULwghm8RQaV
|
||||
x0NOx60kgmXckP00uQM+ySDRqpHoVb5HYRqPrbOhJ6L1AFnexyhuhclvQoS4Zm0e
|
||||
PkvcMFaWOevQnbS8Vh2fVby4fsq5YdzSig4mu6KjQeR+Gu29xkAJp+lgMT1Ia0pL
|
||||
DVZaUw+AVHyaeQzdokdw0eoU01gl+dzPyaPamAGTbqI5Z7+DMOMgtgC9cpPP+26F
|
||||
DVZaUw+AVHyaeQzdokdw0eoU01gl+dzPyaPamAGTbqI5Z7+DMOMgtgC9cpPP+26F
|
||||
jTpmq7fFxQ3fpAbEIlcahZzNBSyd1QGu6uKs/V4hqx4Fj7qg4puq+raxgg0JlyEZ
|
||||
greVnUYBONlTTIDgIKqI8D5iFhW6cCHQzXvYjLqCCuY35ZHP0TRkSycZaNjO1/4/
|
||||
EaNNvLm/uzi3+HhvPW57a9+bcGiVvTLhhje8sVUxioDd36DA4fYkd8BqBNkYvjRa
|
||||
|
|
@ -419,3 +431,101 @@ Once decrypted, she can see that the message has our PGP signature.
|
|||
|
||||
And that's it! That covers the basics of how to use PGP
|
||||
|
||||
|
||||
## Age
|
||||
|
||||
|
||||
|
||||
You may be thinking: what's the difference between PGP and Age? PGP is a traditional way of encrypting files and messages, while Age is meant to be a more modern alternative to PGP.
|
||||
|
||||
Age has really tiny keys (compared to PGP key sizes), uses modern cryptographic algorithms by default, while still being more secure and simpler to use than PGP.
|
||||
|
||||
### **Initial Setup**
|
||||
|
||||
Let's begin by installing age first.
|
||||
|
||||
```bash
|
||||
root@localhost:~# apt install age
|
||||
```
|
||||
|
||||
Generate your key and output the private key into a text file. We will be outputting the private and public key to a file named `key.txt`
|
||||
|
||||
```bash
|
||||
bob@localhost:~$ age-keygen -o key.txt
|
||||
Public key: age1gme6y93jm9nx7thzfu7ma8q7t0qhxae6m4r37m23f83d3phheejs25m8h0
|
||||
```
|
||||
|
||||
Now we can give people the public key that age gave us. It can be put publicly on your website, so that users will be able to encrypt their messages before sending it to you.
|
||||
|
||||
The keys are so tiny, that if we want, we can encode the public key into a little QR code for people to scan
|
||||
|
||||
```bash
|
||||
bob@localhost:~$ sudo apt install qrencode
|
||||
bob@localhost:~$ qrencode -o pubkey_qr.png age1gme6y93jm9nx7thzfu7ma8q7t0qhxae6m4r37m23f83d3phheejs25m8h0
|
||||
```
|
||||
|
||||
|
||||
|
||||
### **Encrypt/Decrypt messages**
|
||||
|
||||
Since age doesn't have the concept of a keyring like PGP, we have to store Alice's key somewhere in a text file to use.
|
||||
|
||||
```bash
|
||||
alice@localhost:~$ age-keygen -o key.txt
|
||||
Public key: age1y7gjjkrukaxzueae3dh60f57cn893d8y38vwh774kye7p8wm850q80ehvm
|
||||
bob@localhost:~$ mkdir keyring/
|
||||
bob@localhost:~$ echo "age1y7gjjkrukaxzueae3dh60f57cn893d8y38vwh774kye7p8wm850q80ehvm" > keyring/alice.txt
|
||||
```
|
||||
|
||||
After this, we can encrypt our special file for Alice.
|
||||
|
||||
This special file will be a message in a text file.
|
||||
|
||||
```bash
|
||||
bob@localhost:~$ vim message.txt
|
||||
bob@localhost:~$ cat message.txt
|
||||
This is a very secret message!
|
||||
```
|
||||
|
||||
We can then encrypt the file with Alice's key.
|
||||
|
||||
```bash
|
||||
bob@localhost:~$ age -R keyring/alice.txt -o encrypted_message --armor message.txt
|
||||
bob@localhost:~$ cat encrypted_message
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjR29MQkg2UVQ2Q2VSbmlP
|
||||
RmE0QzJ0d0NQQ2tEN2VaL2kxWEZEK2hqeGpZClFVNUNlbmJxL1E3dDNBaFFkbzhN
|
||||
MnU4OHZneExGWk5pekdsWU9yNE5QeTAKLS0tIG0yWlMwMSs4cXM0Skg4UUtyOGJ2
|
||||
b2paVnd1WkdLL1RDdDBJYWdHT3krQTAKL+g6Z7DKLXfmYfW4I3AT9HSimwixmLyx
|
||||
D5Cc55tVZRk2BPj683U8wqSAZWqFoqJgu/97PCY/BvmBpX3KrnOc
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
```
|
||||
|
||||
Alternatively, we can also encrypt it in binary-mode, by omitting `--armor`
|
||||
|
||||
```bash
|
||||
bob@localhost:~$ age -R keyring/alice.txt -o encrypted_message message.txt
|
||||
bob@localhost:~$ xxd encrypted_message
|
||||
00000000: 6167 652d 656e 6372 7970 7469 6f6e 2e6f age-encryption.o
|
||||
00000010: 7267 2f76 310a 2d3e 2058 3235 3531 3920 rg/v1.-> X25519
|
||||
00000020: 6337 3053 314c 6753 6767 5568 675a 3733 c70S1LgSggUhgZ73
|
||||
00000030: 5030 426e 6442 7277 674c 6465 564e 4245 P0BndBrwgLdeVNBE
|
||||
00000040: 5557 5473 3077 396b 5979 490a 3936 6236 UWTs0w9kYyI.96b6
|
||||
00000050: 6378 5979 4734 7155 5a63 684c 5832 4b76 cxYyG4qUZchLX2Kv
|
||||
00000060: 464d 4365 4f6c 5a45 5662 6d67 3936 696c FMCeOlZEVbmg96il
|
||||
00000070: 6b35 3164 3761 340a 2d2d 2d20 654c 6950 k51d7a4.--- eLiP
|
||||
00000080: 544d 4e53 7a4f 6556 744e 644f 484a 5258 TMNSzOeVtNdOHJRX
|
||||
00000090: 754f 7979 424d 3438 344a 612b 364c 4f6b uOyyBM484Ja+6LOk
|
||||
000000a0: 4a63 6d41 2f75 630a c9c7 7824 3919 06c8 JcmA/uc...x$9...
|
||||
000000b0: ba74 5e39 5c89 118a 4091 3722 7741 f098 .t^9\...@.7"wA..
|
||||
000000c0: 5d84 6af2 3cb8 03fa e7a6 8b84 1a20 bf7a ].j.<........ .z
|
||||
000000d0: e948 32c6 7db9 2f1f abed a677 d5fe 5b80 .H2.}./....w..[.
|
||||
000000e0: ad2e 837b 5ed9 77 ...{^.w
|
||||
```
|
||||
|
||||
Alice can now download and decrypt this file with her key and get the messsage that Bob wanted to send her.
|
||||
|
||||
```bash
|
||||
alice@localhost:~$ age --decrypt -i key.txt encrypted_message
|
||||
This is a very secret message!
|
||||
```
|
||||
|
|
|
|||
BIN
pgp/qr.png
Normal file
BIN
pgp/qr.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 358 B |
Loading…
Add table
Add a link
Reference in a new issue