Basic gpg help

[Ullrich]

I know some of you are good at gpg. I have some basic questions. I am going to make a new pair of keys because my existing public key is not working. I didn't make a revocation certificate. I did a rotten job when creating public and private keys. The reason was I was not aware of all the pros and cons of gpg and PKI .

I had a crash in my previous computer. I didn't make any backup of pgp folder or keys. Thus, I lost everything.

Do you know the best way of backing up of your gpg folder and the keys?

I know the following will copy your public key and private key.

[root@c83-251-139-53 Nissanka]# gpg --export > pubkeys
[root@c83-251-139-53 Nissanka]# gpg --export-secret-keys > privkeys

How do I put them on a USB stick?
-----------------------------------------------------------

Finally, I know the following command will encrypt a file on my computer

[root@c83-251-139-53 Nissanka]# gpg -e -r Nissanka foo.txt
[ Here I am assuming that I have file named 'foo.txt'.]

The above will create a file name 'foo.txt.gpg' .

The file command will decrypt it and give me back the original file.
[root@c83-251-139-53 Nissanka]# gpg --output foo.txt --decrypt foo.txt.gpg

Please tell me if my presumptions are incorrect.

How do I encrypt folders using the gpg system?
Now I have learnt some people had gone into my computer read some files. So I must encrypt some folders which contains sensitive information; this will make life difficult for people to open the encrypted folders.

[Ullrich]

I urge someone who works or rather some knowledge of gpg to look at this.

[markkuk]

Quote:

Originally Posted by Ullrich

Do you know the best way of backing up of your gpg folder and the keys?

Just copy the ~/.gpg directory to a suitable backup medium. There's nothing special about it.

Quote:

Originally Posted by Ullrich

How do I encrypt folders using the gpg system?

You don't use gpg for that. Use cryptsetup-luks instead.

[Ullrich]

Thanks markkuk for the comments. I have never ever heard about cryptsetup-luks. It seems the best solution. This must be some recent work. It may be possible to download and install using 'yum' command.
Because yum installations make life easy. Those tarball expansions has some additional work.

Could you please tell me if it is possible to use yum to install cryptsetup-luks ? If so, what is the command?

[RobertoVanto]

% yum install cryptsetup-luks

[Ullrich]

Roberto
It didn't work. What is the problem?
----------------------------------------------------------------

[Nissanka@c83-251-139-53 ~]$ su root
Password:
[root@c83-251-139-53 Nissanka]# yum install cryptsetup-luks
Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
livna [1/4]
livna 100% |=========================| 951 B 00:00
core [2/4]
http://ftp1.skynet.cz/pub/linux/fedo...ta/repomd.xml: [Errno 14] HTTP Error 404: Date: Sat, 07 Apr 2007 11:57:19 GMT
Server: Apache/2.2.2 (Fedora)
Content-Length: 325
Connection: close
Content-Type: text/html; charset=iso-8859-1
Trying other mirror.
core 100% |=========================| 1.1 kB 00:00
updates [3/4]
updates 100% |=========================| 1.2 kB 00:00
extras [4/4]
extras 100% |=========================| 1.1 kB 00:00
Reading repository metadata in from local files
primary.xml.gz 100% |=========================| 136 kB 00:01
livna : ################################################## 354/354
Added 0 new packages, deleted 37 old in 0.68 seconds
primary.xml.gz 100% |=========================| 420 kB 00:03
updates : ################################################## 1181/1181
Added 273 new packages, deleted 308 old in 3.56 seconds
primary.xml.gz 100% |=========================| 1.4 MB 00:05
extras : ################################################## 4373/4373
Added 49 new packages, deleted 6 old in 6.09 seconds
Parsing package install arguments
Nothing to do
[root@c83-251-139-53 Nissanka]#

[markkuk]

"Nothing to do" means that the latest version of the package was already installed. Apparently cryptsetup-luks is installed by default in FC6. Check with "rpm -q cryptsetup-luks".

[Ullrich]

[Nissanka@c83-251-139-53 ~]$ su root
Password:
[root@c83-251-139-53 Nissanka]# rpm -q cryptsetup-luks
cryptsetup-luks-1.0.3-0.rc2
[root@c83-251-139-53 Nissanka]#
------------------------------------------------------
Does the above mean it is installed? If it is installed, how do I configure?

[RobertoVanto]

% man -k cryptsetup
cryptsetup (8) - setup cryptographic volumes for dm-crypt (including LUKS extension)
cryptsetup-luks (rpm) - Una utility per l'impostazione di filesystem criptati

% man 8 cryptsetup

[Ullrich]

Roberto
It didn't work.
------------------------
[root@c83-251-139-53 Nissanka]# cryptsetup
bash: cryptsetup: command not found
[root@c83-251-139-53 Nissanka]# cryptsetup-luks
bash: cryptsetup-luks: command not found
[root@c83-251-139-53 Nissanka]# cryptsetup (8)
bash: syntax error near unexpected token `8'
[root@c83-251-139-53 Nissanka]#

[Ullrich]

Now I found out; the following command is fine
man 8 cryptsetup
------------------------
LUKS EXTENSION
LUKS, Linux Unified Key Setup, is a standard for hard disk encryption. It standardizes a partition
header, as well as the format of the bulk data. LUKS can manage multiple passwords, that can be revoked
effectively and that are protected against dictionary attacks with PBKDF2.

These are valid LUKS actions:

luksFormat <device> [<key file>]

initializes a LUKS partition and set the initial key, either via prompting or via <key file>.
<options> can be [--cipher, --verify-passphrase, --key-size]

luksOpen <device> <name>

opens the LUKS partition <device> and sets up a mapping <name> after successful verification of
the supplied key material (either via key file by --key-file, or via prompting). <options> can be
[--key-file].

[ I think the following command is the correct one.
luksFormat <device> [<key file>]
What is the device? What shall I write there? What is 'key file' ?
I just want to encrypt two or three folders on my system. Those folders contain private letters.

[Ullrich]

This seems to be a very sensitive business. I must backup my data to be on the safe side. Things could go to hell. I read the following:
http://www.saout.de/tikiwiki/tiki-in...meDirUsingLUKS
Have you backed up your data before installing this?

I am working with FC5.
The following command doesn't work on my computer though I have a file named 'badblocks' in 'sbin' folder.
# /sbin/badblocks -c 10240 -s -w -t random -v /dev/vg0/home

Is it possible to do quicker? I mean some other method to execute this procedure.

Please tell me. A friend of mine who works with windows suggested 'truecrypt'. He said truecrypt was easy to use and reliable.

I am a bit scared to go ahead with this. Things could go to hell. I need your advice.

[RobertoVanto]

Make a backup it's always a good idea. But I'm not an expert in the security/encryption field. However, try to follow this link: http://liquidat.wordpress.com/2007/0...tories-on-fc6/

[Ullrich]

Roberto
This EncFs seems another variety for encryption. However, it is not straightforward. There are so many other things. There is no 100% support for Fedora users. I don't know what to do. I am using FC5.

Some friends, who uses only windows, told me that this is tantamount playing with fire. If things go wrong, I will loose everything.
I don't know what to do. I need simple straightforward method to encrypt some folders on my system. Because people have gone into my computer and gathered some information.

Please read the following:
http://liquidat.wordpress.com/2007/0...tories-on-fc6/

As already mentioned, we will use PAM to bind the GDM login to the EncFS-encrypted directories. The module needed is called pam_encfs and is unfortunatelly not available as a package for Fedora. Get it from the homepage, unpack it and run make && make install as root. There is also an example configuration file which we will use. Copy pam_encfs.conf to /etc/security/.

[Ullrich]

Could you advice me whether the following site is helpful for me?
It has Truecrypt for FC5.

How do I download using 'yum install' command?

http://rpmfarm.free.fr/5/i386/RPMS.f...ata/index.html