lunedì 29 febbraio 2016

Configuring PGP Keys in GNU Private Guard

Imagine you are receiving a PGP encrypted file from a third-party. 
The file has been encrypted using the customer's Public Key and now you have to decrypt it in a separate server where Gnu PG is installed. 
The first thing you need to do is to import the keys so they can be used to decrypt the message.
The following command is used to import the Public Key: 

gpg --import newkey.txt
 
If a valid Public Key is given, this is how the command output should look like: 

bash-4.1$ gpg2 --import newkey.txt
gpg: key xxxxxx: "Public Key Description <email@xxx.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
 

To import the Private Key, use the following command: 

gpg --allow-secret-key-import --import newpriv_key.txt
 
To check if keys have been imported correctly, you can use the following command:

bash-4.1$ gpg --list-keys
/xxxx/xxxxx/.gnupg/pubring.gpg
-----------------------------------
pub   2048R/xxxxxxx 2016-02-17 [expires: 2019-02-16]
uid                 Public Key Description <email@xxx.com>

sub   2048R/xxxxxxx 2016-02-17 [expires: 2019-02-16]

The Private Key provided has got a passphrase. So if you want to decrypt a sample file that has been encrypted using the associated Public Key, you should use the following command.

bash-4.1$ echo <passphrase>|gpg --output test.txt --batch --passphrase-fd 0 --decrypt test.gpg
gpg: encrypted with 2048-bit RSA key, ID
XXX450C8 , created 2016-02-17
      "
Public Key Description <email@xxx.com>"
bash-4.1$ more test.txt
Hello World!!!

 

If you are getting an error when passing the passphrase, try setting up the following variables: 

 
export GPG_TTY=`tty` 
export PINENTRY_USER_DATA="USE_CURSES=1"

By doing this, I was able to decrypt the message successfully.