Silk Road forums

Discussion => Security => Topic started by: kmfkewm on September 11, 2012, 12:26 pm

Title: command line gpg - easier than shit
Post by: kmfkewm on September 11, 2012, 12:26 pm
All shell commands will be in code tags. Output from GPG to the terminal will be in quote tags. My comments are simply text.

To use GPG  you need to generate a key pair. This consists of a public key and a private key. It is safe to give the public key to anyone who you correspond with, the private key should not be shared with anyone else. You can think of the public key as being an open lock, which you give to the people who you want to be able to communicate securely with you. You can image it as the people you have shared your open lock (public key) with putting their messages to you in a secure box and locking it shut by closing your open lock on it. Now even they can not open the lock. You keep the private key yourself, in a combination safe. The combination to the safe is your passphrase. After providing your passphrase, the combination safe is opened and the private key is used to unlock you closed lock and take the message out. GPG doesn't actually require that you understand much of this, simply that you know the basics of public and private keys.

Let's generate a key pair from the command line:

Code: [Select]
gpg --gen-key
you will be presented with a series of questions regarding the key you are generating

Quote
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection?

This is simply asking you which encryption algorithms you would like to use for session key encryption and signature. It doesn't particularly matter the selection you make as all of the options are secure, however you will want to select either option one or two as three and four are used for signatures only. I will go with the default of RSA and RSA, so I enter 1 and press enter.

Code: [Select]
1
Now you will be asked the strength you would like to make the keys.

Quote
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)

Generally you will want to go with the strongest possible choice, 1,024 bit keys are currently considered to be somewhat secure but they are probably crackable by agencies such as NSA and will not be secure against less powerful attackers for very long. I will select 4,096, which should remain secure for quite a long time.

Code: [Select]
4096
Now you will be asked how long the key should remain valid for

Quote
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)

Chances are that you want your key to always be recognized as valid by the people you communicate with. I always put 0 here, as I have thus far never desired a key that expires.

Code: [Select]
0
Quote
Key does not expire at all
Is this correct? (y/N)

Code: [Select]
y
Now you will be asked the name and email address characteristics you would like associated with the key

Quote
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name:

For real name you should absolutely put the same thing as the pseudonym you use the key for. Failure to do this will result in pissed off vendors and may very well end up with you being ignored, as nobody wants to spend the time required to figure out which key belongs to you.

Code: [Select]
kmfkewm
Quote
Email address:

For email address you can either put a legitimate (anonymous) email address that you can be reached at, or something made up. I generally make something up, although using a real email address is a good way to keep in touch in case your regular channel of communication is ever compromised.

Code: [Select]
kmfkewm@silkroad.onion
You will be asked for any additional comment that you would like to be associated with your key

Quote
comment:

Code: [Select]
the email address is fake
now you will be presented with the choices you have selected and given a chance to change them if you desire to do so.

Quote
Real name: kmfkewm
Email address: kmfkewm@silkroad.onion
Comment: the email address is fake
You selected this USER-ID:
    "kmfkewm (the email address is fake) <kmfkewm@silkroad.onion>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?

I am happy with all of this so I will select O.

Code: [Select]
O
Quote
You need a passphrase to protect your secret key.

Additionally, a GUI input box may pop up. You will need to enter your passphrase twice. Your passphrase should, at a bare minimum, be longer than eight characters. ideally, it will be an entire random sentence consisting of multiple words with out care being taken for grammatical correctness or making sense.

Quote
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

At this point it is wise to randomly type on your keyboard into the terminal to help speed up the entropy gathering process. This is especially important if you are in a virtual machine, as there is not a mechanical hard drive to be used a source of randomness. During the process of gathering entropy, mathematic symbols are printed to the screen, seemingly for your amusement.

Quote
........+++++

Eventually your key will be generated, as signaled by something like this

note: this doesn't match the key I actually generated because my terminal fucked up. This doesn't usually happen :D.

Quote
gpg: ~/.gnupg/trustdb.gpg: trustdb created
gpg: key 396C7744 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   4096R/396C7744 2012-09-11
      Key fingerprint = 8D9E AFFC C6C9 2BEA 514E  265E 3CF3 2A29 396C 7744
uid                  kmfkewm (the email address is fake) <kmfkewm@silkroad.onion>
sub   4096R/66BDC3F7 2012-09-11

Now that you have generated your keys, you need to be able to get your public key to give to the people who you would like to be able to securely communicate with you. Remember, you use peoples public keys to encrypt messages to them, and they use your public key to encrypt messages to you. Private keys are used in the message decryption process.

let's export the public key

Code: [Select]
gpg -a --export kmfkewm@silkroad.onion
-a signals that the output is ascii armored and --export is the flag to export a public key. You need to make sure to specify the e-mail address of the public key you would like to export or else it will export all of your public keys as one huge ascii armor block. I believe it is also possible to do it by username, however it seems to easily be confused, as when I specified it export kmfkewm it was exporting my real key which has the username of KmfkeWm, but when I specify by email address it works as expected.

Quote
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)

mQINBFBPGkYBEAC+ORsJzjE3AhgWXS9MplXQMYe8JqCjmIzp9tTu5t+v8OlS2ibx
WqFPCsP/gD+lumnPy9zhwC1TnspcXdU8kfepK5xsrKBfGzBJ17kdkdsgAR5yQOj3
uO1thsI8e9diJaSPfJofNpsWHi93gNUNRyp+W128QebwOIMnMkF35s3X2nqKlY4O
NBXEIUBtEiI7D+qVWONLrdH9OXpOAJVYXBqFA+azF+isebLZ2TC1wrU5edMPGt1d
K9DPn7BSc3fOsIj6eR316if7Qu6dG2By9jG6ZVV7Ffvovw0tgeiQbm2aJMHdm3MU
NMrALmb6mxhgn3nYqkNFqX7UfKY3QF2ewaynseqliBEUtEDLHzD+93PT6+/jDyjS
LOc8ZUDIobfeUlk8TxwBGf6XG/o3Jca/6Ae3oRuFyLYM+yYmaQwldEaaVHn1AQPx
GpxEvoJ7Yfl7tbafCA5RBZ79x7kaslJiC+bh9yEzconof56H/awNHBrQUJB+vGjT
VjaErCsTOgE2vjPIwRvaZKo71s/tFXpw0wUd3owxoKr29dvQKgJRXycuikk8kJWF
G7WFpHlpYBiuLCKNFIIzeBX2FsvK3JVywMVlPXO1nkNJcjzTOpmhSm4Rei2btgql
aiKUax+elHE0aEGrt/zuAKkRVtaOQ483ZH+jkssaAuduAnoAX5ANfgp/ZwARAQAB
tDxrbWZrZXdtICh0aGUgZW1haWwgYWRkcmVzcyBpcyBmYWtlKSA8a21ma2V3bUBz
aWxrcm9hZC5vbmlvbj6JAjgEEwECACIFAlBPGkYCGwMGCwkIBwMCBhUIAgkKCwQW
AgMBAh4BAheAAAoJEGReY/Kkoi17n4kQAI505WN2FodXMZlU+aOfNep9k4bIeV41
NRMqOLDqip0nzL05ZsbP9cvpHdsMlSZ7DHwQ9L7ms7EhKACeHK1X6Ens13N1RNOH
cVGuiZERMKM/Jpc7M3GEIfhSK0tTzGKVi33Iwc0EGYkqYGAGFSfx0awhs/qVBxDp
ja0/cf+PeBkGOeb3DgHnQBJ+JG/l3KmQIa0T4/e1g71pL1InvSdA0YsLuxglCrMZ
T+hDo1lPdmuUjLRahrHw29eNtJsH6wkyfC7fmpDwdwwy9bfE9H0tI9zFnrJ7xyy2
yMWxaoPIkrWHXuAqHqXpCqljy4J+Yi85o2KbnZwRiKFVj9kYQYyjEEa4C/WMkYxp
6JLGaNpReK0KurJiSBa0fpjRvMN8zaEdkHNEtSwbJV2c8aFuHYvlA8ForjPT3kZ7
qrDGMVe7b8BkF82XTLvTyFZ6n+1T9fXTZjTlwHWr3xjrXoRjNH4Y/sgwWEU681WV
Ct9Q5l1ecyq3NrhVQWsZp3Mfm9EwFxN1i55uccQtZSomEsQ+e7XsExSB6fPtdPHA
WU4Hcphjyx5T4rRats4Mj3B+KH5lRNRJdGM9s9nX/1c/CQ+vg1eqifJvyjI2jvYW
HXW/J3iOSp4woRNPKPJy0YMbDMFevMOQ4M9JFkOoH+CQ4VLWTdMKPaaIosPRofm+
7JpQGJeAH1b2uQINBFBPGkYBEAD5+/TrHjszZzX58ajyJEedU1AB53P3yPrwKmH8
jnU6cLtn4mj4hhothKckVSReJkr6nuHc6CfWG1AUBxhcS4PNg8Otn/HK6/HvWnL9
hsqXxs9D9h0j5TNzoCNCGsYmjDWkClOHqSwZBvrROvmzAbMbIYWQls8JXRyArF4U
Fb7szRSfuQUEAgHkqBV54bUm/Dt5SIZgp1DhIIoeXaQptvE13pnBnuE4en0hBqTI
ZcYb+eyCjeAnXjztl6JX418k4GRbWMIYjK3Gu1QHKLhyhaFpk5awGkHUAwmPk1wd
hdiQacBQKrv2//23Qx6Ad7W+RtpsjlcxoMivrHJbZ4m54zqlP/ZJDSUcq9zLo/+/
r3eo7nv8qTUUNDKOL0VJUgH2a+th1RwFqxjf+q4BSRwg+YzQwMVlX9EUntj1ZW7o
c2K1AXciVb4cov5m6xUz8pSrVXhCEkLixaNfYGv14dCwJFVszIMAwTi5Lrdo+g/4
P1Nj8Ttg32lq5gyCNgKj4wrkCDGeaj7o32AwhfhB9hTPJQfLi6D3N7XtNS6e2YME
a5+WXklgxbWgMJvu4+zBNvgzzNNxMpgZVp3ScPKSPQI6ehLzuXtRcH8xUGPS/02b
tSoFz24bXS+kzzM7YraV+opy7g0Vrq++CeUKLg83qafscc6UW235VjTkc6UzVFHu
KHLtiwARAQABiQIfBBgBAgAJBQJQTxpGAhsMAAoJEGReY/Kkoi17Rl0P/jeafez9
vRVQYLi/7cuxXC25Shiu/D3/19ucaOTQRmWEYXbLYTqS7IaeI80POh+FwTqye7gg
3zW1O3cBGTyups44vvDJWbwTl8G3sMK/dSP3QWoThq1ooNzi9+MWahXWtmj2qJBn
UJh0fnFMzPEK0EYWWdwX+crffiUmM9fNC2qDP/WZXMWbXEHqFcjDrrq3mFWYKMSD
5jUM8o3yMngUoa4+VN4G9KbqbF91CzSnOSlwpVUIkwFOv1C3iBcAgj8lHGD+Zv18
V+uayZSSwek7w84w1oiTtfRPxPUrsuexA07jkh0F4YQFkbWaIPUFuekRwwl1thT5
nRe/IsxIXh/Qfcnrf5uuxM0gVjNh1RvgyqgmCo361odX329hL4wY/OKcppVXbmnr
kUEQROvbPIZYG5mJlr12HXvZ67hQlWLUVw/w6zoPSkq2+pP+x72WCwnodwLXw6Uw
vMSz0ZDSDAVJ6kSGuxp/nvsMMQA004rIJInbDx4f/uGbUm0GbTpbMxb/SWPRqgcn
KRn0ZtkY9e+nTvGRMiahNQ/p2F77jVgVZYTM7QC2sDdQYFeJHQDGEX3HZANK51/5
FcUwaMMUYbDZFfrLL6aLUbJvVX/vl+qIUMmZTKhqNQSICIWD2NJ8VqdMhfgIviFQ
BTMSc5GKuWYmpdkX4xwW+hWbPY0ZTP8F0wsa
=IZ3p
-----END PGP PUBLIC KEY BLOCK-----

When people want you to be able to send them encrypted messages they will send you a copy of their public keys and you will need to import them. This is an easy process, feel free to test it with the key I have listed above. First, copy the key so that it is in your clipboard.

Code: [Select]
gpg --import
now paste the key to the terminal.

Code: [Select]
ctrl d

note: ctrl represents the ctrl key, you do not type it in.

Now that people have your public key, they are able to encrypt messages to you. Also, now that you have their public key, you can encrypt messages to them. Let's encrypt a message, in this case I will simply encrypt the message to myself.

Code: [Select]
gpg -e -a
Quote
You did not specify a user ID. (you may use "-r")

Current recipients:

Enter the user ID.  End with an empty line:

Allegedly you can specify users by username, however the same issue with kMfkeWm vs kmfkewm seems to be present, so it is best to select users by their e-mail address. Alternatively, you can select them by their full user ID. Let's take a moment to side track the current train of thought to show how to get a list of the full user ID's of people whose public keys you have:

Code: [Select]
gpg --list-keys
Quote
-------------------------------------
pub   4096R/00E5A93C 2012-08-25
uid                  KmfKeWm (lol) <kmFkEwM@kewekeke.onion>
sub   4096R/E075FB13 2012-08-25

pub   4096R/A4A22D7B 2012-09-11
uid                  kmfkewm (the email address is fake) <kmfkewm@silkroad.onion>
sub   4096R/930F85D3 2012-09-11

The UID consists of everything after UID up to and including the closing >

so let's get back to encrypting messages. Since it asked my for the UID of the recipient I wish to encrypt the message to....

Code: [Select]
kmfkewm (the email address is fake) <kmfkewm@silkroad.onion>
Quote
Current recipients:
4096R/930F85D3 2012-09-11 "kmfkewm (the email address is fake) <kmfkewm@silkroad.onion>"

Enter the user ID.  End with an empty line:

At this point I could select to encrypt the message for multiple recipients, however I do not desire to do this so I simply hit the enter key with a blank line to signal that I have selected all desired recipients. Now type your message in

Code: [Select]
test
Code: [Select]
ctrl d
Quote
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (GNU/Linux)

hQIMA4foEHyTD4XTAQ/+OH12e/1CQRnjivuthCIWXUMEr3QJDW8QdPEXv5dhmVte
awQi+OUGK8oHJUv2ydrpQJdR4V4RTSiZL3r94bD+04dwxZG7Yi+TZ7//GQ21hPua
l0Dgg6G/aNZH8cn0HQRFwOY7butvMgkB1I52j/CAaMHtRJaIwtRx+56k2M6CZSRu
Su14MUm7Yv0mg0itrd9i+vNb3298ZGIE9x5BeC0rh/3P+Sng+9c8v9cPJPaDHr8m
aZp6y6CgzlGoy6dzBpKpA3HdfR4wUgW+YOmVkWAVQldKnBkcEHsLdEwqwzmD8k3l
QJtOfyLbVQhaVvacEMvSNIHGpYm55FSwG0RtIje+QosLZgBku+GOYWtT/92tDm1j
oHNr9fAkNB8KMbYyHHz7IjFhYExuF+Fes0gocRDfJ0MArUHD0OSsYQDIWMBvRbFe
F4KHDKkEr6/bMGB4NPZD69tSw0y96+VELcwEbKmgXcmKlDay5jEFkjptiX6nKpzC
gPZQUsj2bz/0jZRLRa4fjOWeDKkyhQzXtHndMVnWNjCQyJKaBU9PTHkmQ9cbWeM7
uvpVWgpGEzEL7qsmXs5EHd7C3JVLLdC3cRgsxJVIwz/vUOPdjT/xRgRIZjOAFXUb
XdaJpoATCySw8KpNYn1XQGlg6bXTI+dpuEZSXPbe1bci5hzf5QkU5sLRhxFYVJTS
QAGSmEaDsTCVD5VDL2C5xvtHgeG+GVwRKRTEFvwm6wcikcoqD8p+IpgdUg5jcd4i
L3M4RQ/EHceD4IWn7EXBGiY=
=XBGa
-----END PGP MESSAGE-----

This is the ciphertext, and it has been encrypted to my key. Of course, it will be encrypted for whoever you selected when you entered a UID.

Sometimes you will get encrypted messages and need to decrypt them. Since I just encrypted a message to myself I will now go through the process of decrypting it.

Code: [Select]
gpg -d
You are presented with a blank line. Simply paste the ciphertext that you wish to decrypt

Quote
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (GNU/Linux)

hQIMA4foEHyTD4XTAQ/+OH12e/1CQRnjivuthCIWXUMEr3QJDW8QdPEXv5dhmVte
awQi+OUGK8oHJUv2ydrpQJdR4V4RTSiZL3r94bD+04dwxZG7Yi+TZ7//GQ21hPua
l0Dgg6G/aNZH8cn0HQRFwOY7butvMgkB1I52j/CAaMHtRJaIwtRx+56k2M6CZSRu
Su14MUm7Yv0mg0itrd9i+vNb3298ZGIE9x5BeC0rh/3P+Sng+9c8v9cPJPaDHr8m
aZp6y6CgzlGoy6dzBpKpA3HdfR4wUgW+YOmVkWAVQldKnBkcEHsLdEwqwzmD8k3l
QJtOfyLbVQhaVvacEMvSNIHGpYm55FSwG0RtIje+QosLZgBku+GOYWtT/92tDm1j
oHNr9fAkNB8KMbYyHHz7IjFhYExuF+Fes0gocRDfJ0MArUHD0OSsYQDIWMBvRbFe
F4KHDKkEr6/bMGB4NPZD69tSw0y96+VELcwEbKmgXcmKlDay5jEFkjptiX6nKpzC
gPZQUsj2bz/0jZRLRa4fjOWeDKkyhQzXtHndMVnWNjCQyJKaBU9PTHkmQ9cbWeM7
uvpVWgpGEzEL7qsmXs5EHd7C3JVLLdC3cRgsxJVIwz/vUOPdjT/xRgRIZjOAFXUb
XdaJpoATCySw8KpNYn1XQGlg6bXTI+dpuEZSXPbe1bci5hzf5QkU5sLRhxFYVJTS
QAGSmEaDsTCVD5VDL2C5xvtHgeG+GVwRKRTEFvwm6wcikcoqD8p+IpgdUg5jcd4i
L3M4RQ/EHceD4IWn7EXBGiY=
=XBGa
-----END PGP MESSAGE-----

you will likely be automatically prompted for your password at this point, possibly in the terminal or possibly in a pop up GUI input box. Enter your password. To view the decrypted message you may have to hit ctrl d

Code: [Select]
ctrl d

Quote
You need a passphrase to unlock the secret key for
user: "kmfkewm (the email address is fake) <kmfkewm@silkroad.onion>"
4096-bit RSA key, ID 930F85D3, created 2012-09-11 (main key ID A4A22D7B)

gpg: encrypted with 4096-bit RSA key, ID 930F85D3, created 2012-09-11
      "kmfkewm (the email address is fake) <kmfkewm@silkroad.onion>"




test


That sums up the basic commands required to use GPG from the command line. Of course you can do a lot more with GPG, symmetric encryption, hashing, file encryption, signatures and validation, etc, but I am not going to cover all of those unless people specifically request that I do. I hope that this shows that using GPG from the command line is trivial and that using GPG in general is trivial. I believe that this tutorial is fully cross platform. You do not need any fancy GUI or OS specific bullshit to make full use of GPG, and in fact I find that controlling it entirely from the command line is far less of a hassle. It is also far more secure as now an attacker sending you malicious ciphertexts can only hope to exploit a vulnerability in the core GPG engine, instead of the GUI package or wrapper you are using for GPG.








Title: Re: command line gpg - easier than shit
Post by: kmfkewm on September 11, 2012, 01:28 pm
hm looks like Guru already explained a lot of gpg command line magic in the gpg club thread, I guess I should have looked through that thread before writing this instead of immediately after.
Title: Re: command line gpg - easier than shit
Post by: pine on September 11, 2012, 08:21 pm
I want a 8192 bit PGP key.

No particular reason. Just think they look badass :D
Title: Re: command line gpg - easier than shit
Post by: pine on September 11, 2012, 10:05 pm
You can think of the public key as being an open lock, which you give to the people who you want to be able to communicate securely with you. You can image it as the people you have shared your open lock (public key) with putting their messages to you in a secure box and locking it shut by closing your open lock on it. Now even they can not open the lock. You keep the private key yourself, in a combination safe. The combination to the safe is your passphrase. After providing your passphrase, the combination safe is opened and the private key is used to unlock you closed lock and take the message out. GPG doesn't actually require that you understand much of this, simply that you know the basics of public and private keys.

We always need more ways of using visual metaphors to explain PGP. I find once people "get" one of the visual metaphors, they are much much less likely to get confused or make elementary mistakes, even if they don't fully understand the particular procedure on their OS and PGP GUI implementation. Because of this, I intend to use a lot of different visualizations to represent the exact same thing when my tutorials are completed. People's brains are often just wired differently, something that seems a bit weird and obscure to most people can hold the key to understanding for some other people.

It's not just repetition that is the mother of all learning as it is said, because you can also produce very good parrots this way too, it is also redundancy. I think redundancy in multiple explanation of the same material is a major stumbling block at every level of education.

I think the painful truth is that a lot of the elite students in a classroom, were merely the ones that sought an alternative explanation instead of the main textbook's formalisms, while the rest grind on with a source material that is obstructionist. There is a ton of "magical thinking" going on in high schools and universities these days, but it's not a new culture. I remember Richard Feynman in a radio broadcast saying that literally every single Brazilian student of engineering, physics he met, had not an iota about what they were reading. The students would all memorize the textbooks, afraid of being left behind in the race for academic credentials.
 
This is what happened:

Feynman was in Brazil training students to become teachers (in fact, they were going to be Brazil's *first* group of science teachers) and he started to discover something rather strange. He could ask a question and the students would answer correctly and adeptly. Then he would ask the same question, the exact same question in the exact same subject, and they wouldn't understand him at all. He eventually worked out that although he could use a phrase such as "light such that it is reflected through a medium with an index", the students had no idea that this could mean a *medium meant a material such as, you know, water*. And so, a subtle word alternation meant they couldn't generate an output.

At this rate, human beings who do this, are not any better than a machine. Because that's what machines do. They process symbols we call data, but do not comprehend the meaning. If you process data, but don't comprehend what it actually means, then you are a just a machine. The lowest form of intelligence possible! Record! Replicate! That's as dumb as non-living things like DNA! Even some machines may perform better than a human in this situation!

If I wasn't to be a drug smuggler, I would have wanted to be a teacher, but not only is the economics impossible for you do not get paid even twice for being 10x more effective than the next fellow, but the entire profession is filled with "machines" like the one I just described, who go on to replicate themselves amongst the students they supposedly teach.

Lack of money I might have been able to take, I am good with money and can easily turn 1 dollar into 2, but this stupidity? Perpetuating itself because the staff wish to keep the status quo of imbeciles? Never.

In my view, 75% of all the teachers in American and European high schools ought to be fired immediately, without any pay or benefit.

The 25%, which are mostly just "ok" because they haven't been sufficiently tainted by the system, or are of unusually persistent character, should then engage with something like Khan Academy, where students learn at home, only coming into the classrooms in order to finish their homework.

Would be an improvement?

Let me emphasize, that were all the students left entirely to their own devices, they would still obtain a better level of education than they do high schools. This is why I have sympathy for those creationists who take their kids out of schools and home school them instead. It's not actually just they don't like evolution being taught to their kids (for which I have no sympathy, I consider evolution theory a very critical idea for reasons beyond just biology), that's just one single caveat, it's that they have a problem with the entire system. Maybe they don't express it as such, but I have a feeling they've intuited, correctly, that their kids will be more confident, more educated and have more enthusiasm for things like Science overall, than if they went to a traditional high school.

I was at a friend's house a while back, and they were watching "Waiting for Superman", a documentary on the American high school system, I didn't say anything, but I became so angry I had to leave the room, there are things that would make stones weep. If you think I'm joking, go and watch it for yourself.

Quote
That sums up the basic commands required to use GPG from the command line. Of course you can do a lot more with GPG, symmetric encryption, hashing, file encryption, signatures and validation, etc, but I am not going to cover all of those unless people specifically request that I do. I hope that this shows that using GPG from the command line is trivial and that using GPG in general is trivial. I believe that this tutorial is fully cross platform. You do not need any fancy GUI or OS specific bullshit to make full use of GPG, and in fact I find that controlling it entirely from the command line is far less of a hassle. It is also far more secure as now an attacker sending you malicious ciphertexts can only hope to exploit a vulnerability in the core GPG engine, instead of the GUI package or wrapper you are using for GPG.

That may be so, but the command line is terrifying to most users of Windows and Macintosh. It's a psychological hurdle so great that if you only show potential PGP users how to use the command line, you risk losing most of them altogether.
Title: Re: command line gpg - easier than shit
Post by: LouisCyphre on September 15, 2012, 01:44 am
hm looks like Guru already explained a lot of gpg command line magic in the gpg club thread, I guess I should have looked through that thread before writing this instead of immediately after.

I did some, but Louis did quite a bit more. I think he consolidated these threads all together, and they've since  been stickied, under the title: Cyphre Security Guides (master post)
Guru

The master post is here:

http://dkn255hz262ypmii.onion/index.php?topic=38861.0

It's no longer a sticky, but it is in squidShepherd's new stickied post, which is good enough.
Title: Re: command line gpg - easier than shit
Post by: LouisCyphre on September 15, 2012, 01:54 am
I want a 8192 bit PGP key.

No particular reason. Just think they look badass :D

Easy enough to do, it just requires changing a line of code and recompiling the source.  I've done it in GPG 1.4.x several times, but I don't use keys larger than 4Kb in communication for a bunch of reasons, not least being some devices shitting themselves when they try to encrypt to larger keys.

If people want keys larger than 4K because they think they need to match the security of the symmetric cipher then they should read this:

http://sixdemonbag.org/cryptofaq.xhtml#parity

Actually, reading that entire FAQ is a good idea.

If you just want a larger key for the Hell of it, well that's completely different.  ;)

It's probably about time I posted a new guide anyway, so I guess that's my next one.

This, by the way, is the obscure GPG question a certain vendor asked me ages ago which led to something else being written.  ;)
Title: Re: command line gpg - easier than shit
Post by: LouisCyphre on September 15, 2012, 02:45 am
I want a 8192 bit PGP key.

No particular reason. Just think they look badass :D

Alright, here you go:

http://dkn255hz262ypmii.onion/index.php?topic=42923.0
Title: Re: command line gpg - easier than shit
Post by: r00b00cup on October 08, 2012, 03:48 pm
Brilliant guide.
I'm running ubuntu off usb . Will it remember my key ?? it seems everytime i boot up from usb i have to download tor again - it doesn't save it.

Thanks