Encrypt a File Using GPG

1. After you log in to the server as the cloud_user account, generate a new GPG key, accepting the defaults for each prompt. For the Real name, enter cloud_user, and for the Email address, use cloud_user@localhost. You can leave the comment field blank by just pressing Enter.

    gpg --gen-key

2. Use the following for the key's passphrase: password321 (In the real world, you would want to use a more secure passphrase!).

3. After the key has been created, we will need to export it so that Gordon Freeman can decrypt files from us. Export the cloud_user public key for gfreeman to use.

    gpg -a -o gfreeman.key --export [key ID]

Use the public key reference ID from the output of the key generation.

5. Using the mail command, send an email to Gordon Freeman containing the cloud_user public key as an attachment.

    mail -s "here is your key" -a gfreeman.key gfreeman@localhost
    Don't lose this!  I'll call you with the passphrase.
    .

6. Press Enter after the final dot to send the message.

1. Now you will need to set up the GPG environment for Gordon Freeman. Use a secure shell session to log into the gfreeman account (the password for this user is the same as the cloud_user account).

    ssh gfreeman@localhost

1. Just as you did with the cloud_user account, generate a GPG key for Mr. Freeman, accepting the defaults for each prompt. For the Real name, enter gfreeman, and for the Email address, use gfreeman@localhost. You can leave the comment field blank (just press Enter).

    gpg --gen-key

1. Use the following for the key's passphrase: password321 (In the real world, you would want to use a more secure passphrase!).

2. After creating the key for Mr. Freeman, open up the mutt email client, and save the public key sent over by the cloud_user account. Press Enter on the email message, then the [v] key to view the attachment, and press the [s] key to save it to Mr. Freeman's home directory. Press the [q] key to exit mutt.

3. Now we need to import the public key from cloud_user into Mr. Freeman's keyring. Run the following command to do so:

    gpg --import gfreeman.key

1. Run the following command to view the contents of Mr. Freeman's keyring:

    gpg --list-keys

1. Log out of gfreeman's account:

    exit

When we digitally sign a file, we are using our private GPG key to guarantee that this file came from us. The user that receives the file will use their copy of the public key from you to verify that the file was signed by you.

1. Run the following command to generate a test document:

    echo "Just need you to verify this file." > note.txt

1. Now we are going to use cloud_user's private key to sign the file. Run the following command to do so, and use the passphrase that was set for the key:

    gpg --clearsign note.txt

There should now be a note.txt.asc file in cloud_user's home directory.

1. Create an email, attach the note.txt.asc file to the message, and send it to gfreeman@localhost.

    mail -s "check this out" -a note.txt.asc gfreeman@localhost
    Could you verify this file for me?
    .

1. Use a secure shell session to log in to the gfreeman account (the password for this user is the same as the one for the cloud_user account).

ssh gfreeman@localhost

1. Use the mutt email client to view and save the new email message's attachment.

2. Next, verify the note.txt.asc file that was emailed using the following:

gpg --verify note.txt.asc

1. You will receive a warning about the signature not being verified by a third party, and that's ok. What is important is the following line from the output:

gpg: Good signature from "cloud_user <cloud_user@localhost>"

This is what a verfied file displays.

1. Next, encrypt a copy of the /etc/fstab file with the following:

cp /etc/fstab ~
gpg -a -r cloud_user -e ~/fstab

You will see a general warning displayed about the key possibly not belonging to the named person. We know that this key is from cloud_user, as we have verified this. Type y at the prompt.

1. Verify that there is a file called fstab.asc in gfreeman's home directory. Create a new email to cloud_user, and attach this file:

mail -s "looks good" -a fstab.asc cloud_user@localhost
Can you decrypt this?
.

1. Log out of Mr. Freeman's account:

exit

1. As the cloud_user, open up the mutt email client and save the fstab.asc attachment from the new email.

2. Decrypt the saved fstab.asc file with the gpg command. Enter the passphrase for cloud_user's key when prompted.

    gpg fstab.asc

1. Verify that you can read the contents of the decrypted file.

    cat fstab