Encryption and how to read and write it with GPG.
In most cases is just a matter of copying the ~/.gnupg folder. Check available keys with commands explained below.
Owner of folder .gnupg and its contents must be the user. Folder permissions must be 700, and permissions for file gpg.conf must be 600.
IMPORTANT!!! When creating a new key, make an export of public and private keys and store them somewhere (a USB key or hard drive at home). DON'T FORGET TO STORE THE PASSWORD ALONG WITH IT, DON'T STORE THE PASSWORD UNDER THE SAME FILE THAT HAS BEEN ENCRYPTED WITH IT. AND ALWAYS STORE THE GPG FILES UNDER A GIT REPO TO RECOVER POTENTIALLY CORRUPTED FILES!!!
Commands:
# List the keys in the public key ring:
gpg --list-keys
# List the Keys in the Secret Key Ring:
gpg --list-secret-keys
# To generate a short list of numbers that you can use via an
# alternative method to verify a public key, use:
gpg --fingerprint > fingerprint
# Create a key
gpg --gen-key
# generally you can select the defaults.
# Export a Public Key
gpg --export -a "User Name" > public.key
# This will create a file called public.key with the ASCII
# representation of the public key for User Name.
# Export a Private Key
gpg --export-secret-key -a "User Name" > private.key
# This will create a file called private.key with the ASCII
# representation of the private key for User Name. It's pretty much
# like exporting a public key, but you have to override some
# default protections.
# Import a Public Key
gpg --import public.key
# This adds the public key in the file "public.key" to your
# public key ring.
# Import a Private Key
gpg --allow-secret-key-import --import private.key
# This adds the private key in the file "private.key" to your
# private key ring.
# Delete a Public Key
gpg --delete-key "User Name"
# This removes the public key from your public key ring.
# NOTE! If there is a private key on your private key ring
# associated with this public key, you will get an error! You
# must delete your private key for this key pair from your
# private key ring first.
# Delete an Private Key
gpg --delete-secret-key "User Name"
# This deletes the secret key from your secret key ring.
Keys can be set to be trust at different levels, so it won't ask for pass phrase when using them:
gpg --edit-key whatever@dom.com
gpg> trust
# select and option and...
gpg> quit
To encrypt a file:
# Check first available keys
gpg --list-keys
gpg --list-secret-keys
# To send it to another person
gpg -e -u "Sender User Name" -r "Receiver User Name" somefile
# To encrypt for yourself
gpg -e -u "Key" -r "Key" somefile
gpg -e -u "some.email.here@gmail.com" \
-r "some.email.here@gmail.com" afile
-u is the secret key to use for encrypting, -r is the public key of the person recieving the message. They can be the same (encrypting for yourself).
This should create a .gpg file that contains the encrypted data. I think you specify the senders username so that the recipient can verify that the contents are from that person (using the fingerprint?). NOTE!: the original file is not removed, you end up with two files, so if you want to have only the encrypted file in existance, you probably have to delete the original file yourself.
To decrypt data, use:
gpg -d mydata.tar.gpg >> out
If you have multiple secret keys, it'll choose the correct one, or output an error if the correct one doesn't exist. You'll be prompted to enter your passphrase. Afterwards there will exist the file mydata.tar, and the encrypted "original" mydata.tar.gpg.
Follow these steps:
# Check for the expired key
gpg --list-keys
# Edit the key, this lands on a kind of console
gpg --edit-key [keyname]
# In the gpg console
list
# Select the key by number
key 1
# Cancel expiration
expire
# Save
save