Quick reference for PGP
PGP encryption for HP-UX can be provided with the open source program GnuPG. You can download the program from HP but only for 11.23 and 11.31, part of the Internet Express collection ( ). It is available for 11.11, 11.23 and 11.31 from:
ftp://ftp.sourcedirect.com/pub/tools/PGPforHP-UX
If you have 11.11, you must also download and install the KRNG package. This is the kernel random number generator and reduces the entropy generation tom from 2 hours to 15 seconds. The KRNG capability is built into 11.23 and 11.31.
To install the package:
swinstall -s /tmp/GnuPG-11.11.depot *
For 11.11
only, install the KRNG package too.
NOTE: A reboot will be done automatically.
swinstall –x autoreboot=true -s /tmp/ KRNG11i_B…depot *
The product installs at: /opt/iexpress/gnupg
You will have to fix the man pages with:
umask 022
cd /opt/iexpress/gnupg/man
mkdir man1
cp gpg.1 gpgv.1 man1
Create a local files:
gpg –gen-key
pick key and size (default = OK, just press Enter)
key expires 0 ( default = OK, just press Enter)
Real name: (your ID such as name, whatever)
Email address:
[email protected]
(typically=email)
Comment: (anything or leave blank)
o (o = OK)
NOTE: gpg uses dash-dash for multi-character options like –genkey.
The key identifier fields (real name, email and comment) are just used to uniquely identify the key.
Any portion of the 3 fields can be used with the –r option to locate your key.
Your public key:
Prepare a public key you can send to remote senders (optional):
The file ~/.gnupg/mypublic.key name and location is arbitrary. You would give
this key file to someone who wants to send you an encrypted file.
gpg –armor –export [email protected] > ~/.gnupg/mypublic.key
Import their public key:
Add their public key for local decryption. This is the key that will be used to encode an outgoing .pgp message to the remote site.
gpg –import theirpublickey
Sign their incoming publickey to allow batch encryption.
By signing the key, you acknowledge that you trust that key for encryption on your end.
gpg –edit-key [email protected]
fpr
sign
quit
NOTE: Once signed, gpg encryption can proceed without interaction.
Check your keyring to see the list of keys that belong to you:
gpg –list-keys
NOTE: For ordinary users, you will get a warning about secure memory.
This is for super-secret conditions so you can suppress the warning with:
gpg –no-secmem-warning –list-keys
The root user will not see this warning message.
Encrypting a file:
To encrypt a file to send to the remote site:
gpg -e -r “theirID in their key” –o file.pgp fileToEncrypt
The result is file.pgp. Be sure to use the .pgp extension for consistency.
When you list the keyring (gpg –list-keys) you’ll see the owner information.
The –r option needs to specify any unique word(s) for that key. It might be the username, the email address or the comment. Any unique word for that key will select it. Be sure to put multiple words in quotes.
– See more at: http://serviceitdirect.com/blog/quick-reference-pgp#sthash.dhIdQA3i.dpuf
Tags: HP-UX