Hacklog Volume 1 Anonymity: it security & Ethical Hacking Handbook

Download 2,32 Mb.

Pdf ko'rish

bet	33/57
Sana	01.01.2022
Hajmi	2,32 Mb.
	#289651

1 ... 29 30 31 32 33 34 35 36 ... 57

Bog'liq
Hacklog Volume 1 Anonymity IT Security Ethical Hacking Handbook

public key can only be decrypted by the relevant private key.
To simplify further, here’s an example: Andrea and Beatrice are two friends
wishing to exchange messages. However, they do not trust the communication
channels, and decide to use PGP to text each other. In order to mutually encrypt
and decrypt, they should have a common password, but the latter would have to
be shared through a communication system they don’t trust.
To solve this issues, PGP uses a type of encryption known as “asymmetric”,
where the messages are shared using public and private keys. Andrea has his
own public key, as well as Beatrice. When Andrea wants to send a message to
Beatrice, he will use her public key. If Beatrice wishes to decrypt that message,
she will have to use her private key. Since Beatrice is the sole owner of that
private key, she’s the only one who can decrypt that message. Quite simple,
right?
7.2.2.2 Creating your own PGP key
In this part of the guide, you’ll learn how to create your public and private
keys to allow other users to send you encrypted messages that only you can read.
Assuming you’re using Debian, launch the GPG GUI (Figure 25) launching the
“seahorse” program from the Terminal, or more commonly, “Passwords and
Keys” from the application list.

Figure 25: initial screen of the “seahorse” GUI on Debian GNOME 3
Now, click File -> New (or use the CTRL+N shortcut) and click PGP Key,
then select Continue. Specify your Full name and Email address. From the
advanced settings, you can change the key type (RSA is the recommended
option) and the encryption strength (up to 4096, the strongest key you can use to
date). You can also choose to assign an expiration date and an additional
comment. You can now click Create. At this point, assign a password to your
key. Then, you can see your newly created key under “GnuPG Keys”;
conversely, you have to wait for the program to generate enough entropy for
your key (I’ll explain it later). If you are a terminal enthusiast, you can do it from
there too. In this case, run the command:
$ gpg --gen-key
You will be prompted to choose a key, then you’ll assign the key length and
an optional expiration date. Just like the GUI version, you’ll now specify Name
and Email and, finally, type the passphrase. Then, you’ll be prompted to “move
around” with your keyboard and mouse: this operation allows to gather enough
entropy to be associated to the key strength. Besides pressing random keys, you
may want to do something to kill time, just like a Connect Four game!
7.2.2.3 Importing, exporting and revoking a PGP/GPG key
In order to send encrypted messages to other people, you must first import
the recipient public key. The GUI dedicated button makes it a no-brainer: you

can find it on Debian under File - > Import or using the CTRL+I shortcut; if you
wish proceed via command line, instead, just type:
$ gpg --import [filename]
If you wish to export a key, select File -> Export; alternatively, you can use
the command line (replace [ID] with the User ID – the format is like
AB1234567):
$ gpg --export [ID]
However, you’ll obtain an illegible output; you can format it in ASCII using
the following parameters:
$ gpg --export -a [ID]
then, you can also save the output to a file, like the example:
$ gpg --export -a [ID] > my.key
Additionally, you can revoke a private key, in case you lost it or, worse, if it
has been stolen. This item – as well as the next ones – is available under the
“Details” tab for each key (Figure 26).

Download 2,32 Mb.

Do'stlaringiz bilan baham:

1 ... 29 30 31 32 33 34 35 36 ... 57