Title: [Eng: Tutorial] PGP Signature - Encrypt/Decrypt message (Linux Only) Post by: Learn Bitcoin on November 05, 2023, 05:39:05 PM Hi BitcoinTalk!
I have re-posted mdayonliner (https://bitcointalk.org/index.php?action=profile;u=1432468) [Eng: Tutorial] PGP Signature - Encrypt/Decrypt message - Fingerprint (https://bitcointalk.org/index.php?topic=5469280.0) because the images of main thread was broken and the author is not active anymore. As Husna QA suggested (https://bitcointalk.org/index.php?topic=5469280.msg62952506#msg62952506), I decided to write a tutorial for Linux users. Image source: encriptados.io ➥ More PGP Tutorials:
➥ Install Gnupg and gpa: Let's get started! Open your terminal and paste this command line Code: sudo apt-get install gnupg2 gpa If you have given the root privilege already, it won't ask for the password. If you haven't, please write your system password, and it should install gnupg2 and gpa. Look at the screenshot below; Quote ➥ Generate Key: Paste this command line in your terminal Code: gpg --full-generate-key RSA keys can be from 1024 bits to 4096 bits long. 3072 is the default one, but I am creating 4096 here. So write 4096 and hit enter. See the image below; Now, you can set the expiration date of your keys. 0 defines the key won't expire. I am going with 0. Write 0 and hit enter. Write Y and hit enter again. It should ask for your real name (You don't have to write your real name, of course), email, and comment. I am writing mine. Then, write O and hit enter again. It will ask for your passphrase, write your passphrase, and it should generate your keys. See the image below; Now paste this command line Code: sudo gpa If you get the error Code: failed to load module canberra-gtk-module Code: sudo apt update Code: sudo apt install libcanberra-gtk-module libcanberra-gtk3-module -y After that, again try Code: sudo gpa Ok. I have generated my keys already, and you can see them below; ➥ Export Public Key: To export your public key, right-click on your key and select Export keys... Quote Select your destination and write a name with .txt extension. In my case, I wrote publickey.txt To see your public keys, open the file. In my case, this is my public key Code: -----BEGIN PGP PUBLIC KEY BLOCK----- ➥ Export Secret Key: To export your Secret key, right-click on your key, select Backup, and save the file. It will ask for your passphrase. Quote ➥ Send Encrypted Message: Now, I am going to send an Encrypted message to BitcoinGirl.Club using his Public Key: Code: -----BEGIN PGP PUBLIC KEY BLOCK----- I have saved his Public key block in a .txt file and imported it. See the image below; Quote Now click on the Windows tab and click on Clipboard. Quote Write your message, click on the file, and choose encrypt (See the image below): Now click on Bitcoingirl's public key and click on the sign, too. It will ask for your passphrase; enter your passphrase and boom! Your encrypted message will appear in your Clipboard. Code: -----BEGIN PGP MESSAGE----- There we go. We are done already. Let me know if I made any mistake here because I have been using Linux for a month only. If you face any problem, post here, and I will try to help fix it. Even If I couldn't do it, there are a lot of community members who can step up. Title: Re: [Eng: Tutorial] PGP Signature - Encrypt/Decrypt message (Linux Only) Post by: albert0bsd on November 05, 2023, 07:12:07 PM Here is my message for you:
Code: -----BEGIN PGP MESSAGE----- my stacked publickey: Re: The BCT PGP/GPG Public Key Database: Stake Your PGP Key Here (https://bitcointalk.org/index.php?topic=1159946.msg62960442#msg62960442) Title: Re: [Eng: Tutorial] PGP Signature - Encrypt/Decrypt message (Linux Only) Post by: Learn Bitcoin on November 06, 2023, 05:46:04 AM Here is my message for you: Thanks for reading this and for the message you left. Thanks for the nice message and the recommendation of that service. I haven't used it before. But since you suggested, I will try them for sure! Here is my message for you too; Code: -----BEGIN PGP MESSAGE----- BTW, Congratulations on nice looking merit numbers! I am glad that I was the one who was able to round the number. Title: Re: [Eng: Tutorial] PGP Signature - Encrypt/Decrypt message (Linux Only) Post by: albert0bsd on November 10, 2023, 04:03:37 PM BUMP I am not sure if this kind of messages need to be bumped, tbh no much people understands this well. Title: Re: [Eng: Tutorial] PGP Signature - Encrypt/Decrypt message (Linux Only) Post by: Husna QA on December 08, 2023, 07:21:20 AM -snip- In my case, this is my public key Code: -----BEGIN PGP PUBLIC KEY BLOCK----- Below, I try to create a message that is encrypted using my two types of PGP Public keys (https://bitcointalk.org/index.php?topic=1159946.msg33414470#msg33414470) - RSA algorithms (https://keys.openpgp.org/vks/v1/by-fingerprint/58BC997445D96F68DB65C169A2CA884F183D22E9) - EdDSA/Ed25519 algorithms (https://keys.openpgp.org/vks/v1/by-fingerprint/C9B290C8C87C9BB5F440E82AD21FD04306AED362) I'm just curious whether you can decrypt both or just one algorithm. PGP Encrypted message - RSA: Code: -----BEGIN PGP MESSAGE----- PGP Encrypted message - EdDSA/Ed25519: Code: -----BEGIN PGP MESSAGE----- Title: Re: [Eng: Tutorial] PGP Signature - Encrypt/Decrypt message (Linux Only) Post by: Learn Bitcoin on December 08, 2023, 08:27:55 AM I'm just curious whether you can decrypt both or just one algorithm. It seems I was able to decrypt both algorithms. But I am confused because it seems you have written the same message in both messages and the only difference is the Fingerprint. Can you please make sure I am correct or not? https://talkimg.com/images/2023/12/08/NxsPN.png It seems Interesting BTW. I guess my PGP keys used the RSA algorithm. But, I am curious to know how you created EdDSA/Ed25519 algorithm keys and messages. Did you use different PGP software? Which one is most secure? Title: Re: [Eng: Tutorial] PGP Signature - Encrypt/Decrypt message (Linux Only) Post by: DYING_S0UL on December 08, 2023, 05:35:02 PM ...snip... Hey LB, I just had a quick question. What Linux distro are you using, with exact version and is it via duel boot or VMware virtual box method? Title: Re: [Eng: Tutorial] PGP Signature - Encrypt/Decrypt message (Linux Only) Post by: Learn Bitcoin on December 09, 2023, 06:44:48 AM ...snip... Hey LB, I just had a quick question. What Linux distro are you using, with exact version and is it via duel boot or VMware virtual box method? Hello bro. I am using Debian 12 with the Gnome 43 desktop environment. However, I have customized the interface a lot and now it looks like a Mac. LOL. Yes, I am using Linux with dual boot. Running on a virtual box is not recommended. You can still try if you want. The customization is done by my best friend. I do not have any freaking idea how the hell he did them. I barely know these commands and the installation process. So, I won't be able to guide you. Title: Re: [Eng: Tutorial] PGP Signature - Encrypt/Decrypt message (Linux Only) Post by: Husna QA on December 10, 2023, 06:27:10 PM I'm just curious whether you can decrypt both or just one algorithm. It seems I was able to decrypt both algorithms. But I am confused because it seems you have written the same message in both messages and the only difference is the Fingerprint. Can you please make sure I am correct or not? https://talkimg.com/images/2023/12/08/NxsPN.png Yes, you are right. The only difference in the message's contents is the fingerprint link listed according to the public key algorithm I used to encrypt the message. It seems Interesting BTW. I guess my PGP keys used the RSA algorithm. But, I am curious to know how you created EdDSA/Ed25519 algorithm keys and messages. Did you use different PGP software? Which one is most secure? Only GnuPG 2.1+ and a few other PGP clients support ECC. You only need to change the command line to generate the key in the terminal. -snip- ➥ Generate Key: Paste this command line in your terminal Code: gpg --full-generate-key RSA keys can be from 1024 bits to 4096 bits long. 3072 is the default one, but I am creating 4096 here. So write 4096 and hit enter. See the image below; If you carefully consider the sequence number in the section: 'Please select what kind of key you want,' then you will see that after no. 4, go straight to no. 14. What kind of keys are in between that? Here's what I got: https://i.ibb.co/JpfmjmL/Screen-Shot-2023-12-11-at-01-18-09.png -snip- Which one is most secure? Quote I think your 4096-bit RSA keys will be good enough for your usage, to start with. Title: Re: [Eng: Tutorial] PGP Signature - Encrypt/Decrypt message (Linux Only) Post by: Learn Bitcoin on December 11, 2023, 06:54:14 AM Yes, you are right. The only difference in the message's contents is the fingerprint link listed according to the public key algorithm I used to encrypt the message. Okay. Thanks for the confirmation. So, my decryption was successful. That means you can decrypt multiple algorithms even though your key is generated using RSA only.Only GnuPG 2.1+ and a few other PGP clients support ECC. You only need to change the command line to generate the key in the terminal. Oh dear. Thanks for that. I forgot about that. I did not pay attention to these options since everyone uses the RSA algorithm. I also used the same. Sometimes, exploring between the options helps me learn new things. If you carefully consider the sequence number in the section: 'Please select what kind of key you want,' then you will see that after no. 4, go straight to no. 14. What kind of keys are in between that? Here's what I got: https://i.ibb.co/JpfmjmL/Screen-Shot-2023-12-11-at-01-18-09.png Anyway, I have tried an Android app called OpenKeyChain, which you can see here: https://bitcointalk.org/index.php?topic=5474187.0 Do you think it's real RSA 4096? I don't know if a specific device needs some power to use these algorithms. I know a little about mining algorithms that need more and more power to verify blocks. But I guess mobile CPUs are enough to generate a key using the RSA algorithm. What do you think about it? Title: Re: [Eng: Tutorial] PGP Signature - Encrypt/Decrypt message (Linux Only) Post by: Husna QA on December 11, 2023, 08:53:50 AM Yes, you are right. The only difference in the message's contents is the fingerprint link listed according to the public key algorithm I used to encrypt the message. Okay. Thanks for the confirmation. So, my decryption was successful. That means you can decrypt multiple algorithms even though your key is generated using RSA only.As far as I know, that's the case as long as you're using GnuPG 2.1+ -snip- Anyway, I have tried an Android app called OpenKeyChain, which you can see here: https://bitcointalk.org/index.php?topic=5474187.0 Do you think it's real RSA 4096? I don't know if a specific device needs some power to use these algorithms. I know a little about mining algorithms that need more and more power to verify blocks. But I guess mobile CPUs are enough to generate a key using the RSA algorithm. What do you think about it? -snip- To see your public key, tap on the clipboard Icon, which will copy your PGP Public key. In my case, this is my Mobile Public key, which I generated a minute ago: Code: -----BEGIN PGP PUBLIC KEY BLOCK----- Unfortunately, at this time, I don't have an Android smartphone or an Android Emulator to try the PGP application. However, after I tried to look at the details of the Public Key that you generated using the OpenKeychain application, I confirmed that it was not a 4096-bit RSA but a 3072-bit RSA. By the way, it seems that you forgot to delete one empty character before writing -----BEGIN PGP PUBLIC KEY BLOCK----- in the public key code above. Title: Re: [Eng: Tutorial] PGP Signature - Encrypt/Decrypt message (Linux Only) Post by: Learn Bitcoin on December 12, 2023, 01:16:02 AM As far as I know, that's the case as long as you're using GnuPG 2.1+ That's awesome. I didn't know these things. I never used this software. Unfortunately, at this time, I don't have an Android smartphone or an Android Emulator to try the PGP application. My bad. Yes, it is a 3072-bit RSA. I do not understand the difference between the 4096-bit RSA and 3072-bit RSA. But when I try to import another key generated by OpenKeyChain, it shows the key is 3072-bit RSA. This app doesn't give me a choice to pick 3072-bit RSA or 4096-bit RSA. So, 3072-bit RSA is generated by default from Openkeychain. However, after I tried to look at the details of the Public Key that you generated using the OpenKeychain application, I confirmed that it was not a 4096-bit RSA but a 3072-bit RSA. By the way, it seems that you forgot to delete one empty character before writing -----BEGIN PGP PUBLIC KEY BLOCK----- in the public key code above. Thanks for pointing this out. I fixed it. Title: Re: [Eng: Tutorial] PGP Signature - Encrypt/Decrypt message (Linux Only) Post by: Husna QA on December 12, 2023, 02:20:01 AM As far as I know, that's the case as long as you're using GnuPG 2.1+ That's awesome. I didn't know these things. I never used this software. I even saw you using GnuPG version 2.2.40-1.1 in the PGP tutorial in this thread. I see the source of the packages from here: https://packages.debian.org/sid/all/gnupg2/download (https://packages.debian.org/sid/all/gnupg2/download). Maybe you can take a look back at the GnuPG installation process below: -snip- ➥ Install Gnupg and gpa: Let's get started! Open your terminal and paste this command line Code: sudo apt-get install gnupg2 gpa If you have given the root privilege already, it won't ask for the password. If you haven't, please write your system password, and it should install gnupg2 and gpa. Look at the screenshot below; Quote -snip-Unfortunately, at this time, I don't have an Android smartphone or an Android Emulator to try the PGP application. My bad. Yes, it is a 3072-bit RSA. I do not understand the difference between the 4096-bit RSA and 3072-bit RSA. -snip-However, after I tried to look at the details of the Public Key that you generated using the OpenKeychain application, I confirmed that it was not a 4096-bit RSA but a 3072-bit RSA. Maybe you can see the explanation in the following reference: https://stackoverflow.com/a/589850 (https://stackoverflow.com/a/589850) By the way, a little information (for those who don't know): Bitcoin's public-key cryptography uses secp256k1 with the ECDSA algorithm. Reference: - https://en.bitcoin.it/wiki/Secp256k1 (https://en.bitcoin.it/wiki/Secp256k1) - https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm (https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm) You can create an elliptic curve of type secp256k1 in the ECC key. https://i.ibb.co/XzM8WQr/Screen-Shot-2023-12-11-at-16-19-09.png Title: Re: [Eng: Tutorial] PGP Signature - Encrypt/Decrypt message (Linux Only) Post by: Learn Bitcoin on December 13, 2023, 08:14:41 AM As far as I know, that's the case as long as you're using GnuPG 2.1+ That's awesome. I didn't know these things. I never used this software. I even saw you using GnuPG version 2.2.40-1.1 in the PGP tutorial in this thread. I see the source of the packages from here: https://packages.debian.org/sid/all/gnupg2/download (https://packages.debian.org/sid/all/gnupg2/download). I know what software I installed and what I have used. I didn't mean I never used the software. I wanted to say that I didn't use this software till I installed Debian 12 last month. I do not have experience using this software. These were my first tries, so I don't know the detailed information about it. I didn't explore the options. I don't use Linux for daily use. I mostly use it for wallet management and some other security stuff. Maybe you can see the explanation in the following reference: https://stackoverflow.com/a/589850 (https://stackoverflow.com/a/589850) Thanks for the link. Title: Re: [Eng: Tutorial] PGP Signature - Encrypt/Decrypt message (Linux Only) Post by: Husna QA on December 13, 2023, 10:01:32 AM As far as I know, that's the case as long as you're using GnuPG 2.1+ That's awesome. I didn't know these things. I never used this software. I even saw you using GnuPG version 2.2.40-1.1 in the PGP tutorial in this thread. I see the source of the packages from here: https://packages.debian.org/sid/all/gnupg2/download (https://packages.debian.org/sid/all/gnupg2/download). I know what software I installed and what I have used. I didn't mean I never used the software. I wanted to say that I didn't use this software till I installed Debian 12 last month. I do not have experience using this software. These were my first tries, so I don't know the detailed information about it. I didn't explore the options. I don't use Linux for daily use. I mostly use it for wallet management and some other security stuff. Oh, when you said you never used this software, I thought we were talking about GnuPG. So, above, I tried to help show you the version of GnuPG that you are using to run the GNU Privacy Assistant application on Debian Linux. Here is the version of GnuPG I mean: I tried to find the source of the package, and it came from here: https://packages.debian.org/sid/all/gnupg2/download https://i.ibb.co/J2WpkPr/Screen-Shot-2023-12-13-at-16-41-02.png I'm a macOS user. The command line in the macOS Terminal is almost the same as the command line in the Linux Terminal that you use. Title: Re: [Eng: Tutorial] PGP Signature - Encrypt/Decrypt message (Linux Only) Post by: Learn Bitcoin on December 14, 2023, 08:43:40 AM Oh, when you said you never used this software, I thought we were talking about GnuPG. So, above, I tried to help show you the version of GnuPG that you are using to run the GNU Privacy Assistant application on Debian Linux. I got it. No problem. It is also true that I didn't use GnuPG before the day I installed it. As I already said, I am new to Linux and have never used macOS. I have used Cleopatra in Windows for PGP and OpenKeychain for Android. I was already happy with Cleopatra, but as you can see now, I have tried these OS just because I wanted to write a tutorial and try Linux for security purposes. I'm a macOS user. The command line in the macOS Terminal is almost the same as the command line in the Linux Terminal that you use. Interesting. Recently, I was about to buy a used Macbook Pro but then came to know it's too outdated, and if I want to repair something, I have to spend a lot of money on it. So, I went for another Lenovo Laptop besides my desktop. Title: Re: [Eng: Tutorial] PGP Signature - Encrypt/Decrypt message (Linux Only) Post by: satscraper on April 12, 2024, 10:25:34 AM Paste this command line in your terminal Code: gpg --full-generate-key RSA keys can be from 1024 bits to 4096 bits long. 3072 is the default one, but I am creating 4096 here. So write 4096 and hit enter. See the image below; I would advocate expert mode Code: gpg --expert --full-generate-key which brings up more wider list of options, particularly ECC algorithms, including my favorable one i.e. based on ed 25519 curve, which I use for setting up my hardware PGP cards Quote from: satscraper Besides, I would install Kleopatra to manage certificates, Sign/Encrypt and Verify/Decrypt actions: Code: sudo apt-get update Also, I prefer to keep my private keys inside the chips of FIPS pgp cards rather in software key manager: Code: gpg --allow-secret-key-import --import <path to secret key file> Insert hardware pgp card into relevant port, launch Kleopatra and import public key relevant to private key you have imported into pgp card. |