GPG Asymmetric Encryption

So you have your keys all set up, you’ve found a dozen people to sign them and you’ve entered the web of trust. Now you have an extremely confidential file, let’s say your tax records, and you want to send them to your accountant.

The first step is to find your accountants key. You know from talking to him earlier that he publishes to the same keyserver as you, but he forgot to give you his key id. To find him we have to run a GPG search as follows:

$ gpg --search-keys "Mister Accountant"
gpg: searching for "Mister Accountant" from hkp server keys.gnupg.net
(1)    Mister Accountant 
 1024 bit DSA key 63ABD9EC, created: 2007-11-07
(2)    Mister Accountant 
 1024 bit DSA key 01129335, created: 2006-09-11
(3)    Mister Jones 
 1024 bit DSA key DFAAA99E, created: 2006-02-18
Keys 1-3 of 3 for "smarthall@gmail.com".  Enter number(s), N)ext, or Q)uit >

You’ll notice from the output that multiple results have been returned. Two of them even have the same uid. So how to we know which one to use? At the moment we don’t really. We know what his email address is from his business card so let’s download both those matching keys. You can either enter multiple numbers on that screen or use this command:

$ gpg --recv-keys 63ABD9EC 01129335
gpg: key 63ABD9EC: public key "Mister Accountant " imported
gpg: key 01129335: public key "Mister Accountant " imported
gpg: Total number processed: 2
gpg:               imported: 2

Now we have both keys we need to establish which one really belong to our accountant. To do this we’ll examine the signatures on the keys. For that we use the following commands:

$ gpg --list-sigs 63ABD9EC
pub   1024D/63ABD9EC 2006-09-11
uid                  Mister Accountant 
sig          A3B14DFA 2006-09-11  Daniel Hall 
sig 3        63ABD9EC 2006-09-11  Mister Accountant 
sub   2048g/DAA19215 2006-09-11
sig          63ABD9EC 2006-09-11  Mister Accountant 

[daniel@rosella ~]$ gpg --list-sigs 01129335
pub   1024D/01129335 2007-11-07
uid                  Daniel Hall 
sig 3        01129335 2007-11-07  Daniel Hall 
sub   2048g/BBBBBBBB 2007-11-07
sig          01129335 2007-11-07  Daniel Hall 

You now see that your good friend Daniel, who you trust has signed one of the keys, but nobody has signed the other. This means that as long as you trust Daniel then you can trust that key to be Mister Accountant. So now comes the easiest part of the process. Now you encrypt the file. In this case we also want to sign it so that our accountant knows these documents come from us. We just run the command:

$ gpg -e -R 63ABD9EC --sign 

Again you can add the armour option to output the file as ASCII which is suitable for attaching to an email, or for those of us who are ultra secretive hiding inside a JPEG file. If you want to try your hand at hiding things in JPEG files install SteGUI or steghide.

Random Thought: Did you know the first compiler was written by a woman? Read the story of the first compiler.