1
00:00:00,000 --> 00:00:12,720
In this video you learn about GPG. So what is GPG? It's a GNU privacy guard. It's a tool

2
00:00:12,720 --> 00:00:18,440
for encryption, signing and verification that is based on public key cryptography. The common

3
00:00:18,440 --> 00:00:24,440
cryptography that you will find, for instance, in TLS cryptography as well. In GPG, every

4
00:00:24,440 --> 00:00:30,080
single user has a key pair, and this key pair can be used for different reasons. Now, in

5
00:00:30,080 --> 00:00:34,279
the key pair, the private key is kept by the user. It's a big secret. It should never be

6
00:00:34,279 --> 00:00:41,200
shared. And the public key is what is going to be shared with other users. Now, GPG works

7
00:00:41,200 --> 00:00:47,119
at the notion of a key ring, and the key ring is what can be used to keep other users' keys.

8
00:00:47,119 --> 00:00:51,360
And the following procedure describes how user Anna creates a key pair and what needs

9
00:00:51,360 --> 00:00:57,720
to be done by user Linda to send her an encrypted file. I'm going to run this procedure for

10
00:00:57,720 --> 00:01:03,599
you so that you can see how it works. All right, let me create GPG configuration for

11
00:01:03,599 --> 00:01:11,040
user Anna, and let's have Anna communicate with user Linda in a GPG encrypted way. Now,

12
00:01:11,040 --> 00:01:17,440
in order to do so, I'm using SSH Anna at localhost. You should know that many things don't really

13
00:01:17,480 --> 00:01:23,080
work well in an SU-minus subshell, and that is why I'm using SSH to open a login shell,

14
00:01:23,080 --> 00:01:29,599
which is not the same as a subshell. Likewise for user Linda, Linda at localhost. All right,

15
00:01:29,599 --> 00:01:37,279
now, as user Anna, I'm going to use the command GPG minus minus full generate key, and that

16
00:01:37,279 --> 00:01:42,440
will create the key pair. Just pressing enter for all the default answers. I don't care too

17
00:01:42,440 --> 00:01:48,239
much about all these settings. It's interesting to have a look at them if you want it to be more

18
00:01:48,239 --> 00:01:54,239
secure, but for generic use and for a first try, default settings are doing all right. So we need

19
00:01:54,239 --> 00:02:04,239
a real name. So real name is Anna example. And this real name obviously is important for the

20
00:02:04,239 --> 00:02:10,039
users of the key to identify the user from whom they received the key. I have no comment and I'm

21
00:02:10,039 --> 00:02:16,919
doing an O for okay. And there we can see that the user is prompted for a passphrase. This

22
00:02:16,919 --> 00:02:25,399
passphrase is for usage of the private key, and it's a good idea to use a pretty secure passphrase.

23
00:02:25,759 --> 00:02:31,119
Oops, what do we see? I have entered an insecure passphrase. Okay, let me do it again. And let me

24
00:02:31,119 --> 00:02:45,080
make the passphrase a little bit more secure. So there we go and pressing OK. Now next it is doing

25
00:02:45,080 --> 00:02:52,279
what it is giving some information about entropy. Entropy is based on random data that needs to be

26
00:02:52,279 --> 00:03:01,759
generated for the user. And in the end, the key is is here. So what am I going to do? Well, I am

27
00:03:01,759 --> 00:03:12,039
going to use a GPG minus minus export minus eight. And I'm calling it anarchy. And I'm writing this

28
00:03:12,039 --> 00:03:28,960
anarchy to anarchy.asc. Okay, next thing user Anna needs to do is GPG export to some file pubkey.asc. And

29
00:03:29,000 --> 00:03:34,679
there we go. User Anna needs to distribute this this key. Normally, she will send it by email or

30
00:03:34,679 --> 00:03:41,520
whatever. I am going to copy the anarchy to the TMP directory so that it will be available for use

31
00:03:41,520 --> 00:03:52,600
for Linda as well. So here as usual, Linda, I'm using GPG minus minus import of TMP and pubkey. And

32
00:03:52,600 --> 00:04:01,679
there we can see that the key has been imported. And GPG minus K is showing that the key from the user

33
00:04:01,679 --> 00:04:17,679
ID Anna example is is available. So I can use GPG minus minus fingerprint Anna to show the key

34
00:04:17,679 --> 00:04:25,959
fingerprint. And there we go. So now I'm going to add to create a file echo hello greater than secrets

35
00:04:25,959 --> 00:04:33,119
dot txt. That is going to be my very secure file. And next as usual, Linda, I'm going to use GPG minus

36
00:04:33,119 --> 00:04:44,040
e minus r Anna of this secrets dot txt. So here we can see that I haven't trusted the key yet. That's a

37
00:04:44,040 --> 00:04:53,720
different procedure. I'm going to use the key anyway. And the result is listed right here secrets dot

38
00:04:53,720 --> 00:05:04,079
txt dot GPG. That's my encrypted file. I'm going to copy my secrets txt dot GPG to the TMP directory because

39
00:05:04,079 --> 00:05:14,959
that's an easy way for user Anna to pick it up. And next user Anna is doing a cat on TMP secrets, txt and

40
00:05:14,959 --> 00:05:24,679
that's unreadable. And now if user Anna is using GPG minus D instead, then she will create the decrypted

41
00:05:24,679 --> 00:05:35,040
version of the file. And in order to do so, user Anna needs to authorize by entering the passphrase. And she

42
00:05:35,040 --> 00:05:42,119
just entered the passphrase. And here we can see that user Anna has successfully decrypted the secrets dot txt.

43
00:05:42,720 --> 00:05:52,920
And that is how you can work with GPG. Now let's talk about some common GPG tasks. So you can use GPG minus e

44
00:05:52,959 --> 00:06:00,839
minus r Anna, my secrets dot txt in the way we have just done it to encrypt the file. GPG minus D decrypts the

45
00:06:00,839 --> 00:06:10,839
file. You can also sign the file to prove ownership. And in order to do so, GPG minus s is the command. GPG minus

46
00:06:11,200 --> 00:06:21,160
verify allows you to verify a file signature. And if you want to do that on ISOs and downloads, you use GPG minus

47
00:06:21,160 --> 00:06:32,559
minus verify sha256sums.gpg on sha256sums because these are commonly used for downloads as well as ISOs. GPG minus

48
00:06:32,559 --> 00:06:39,920
minus list keys or just GPG minus k will list all keys currently installed. And that is what you should know about

49
00:06:39,920 --> 00:06:40,640
GPG.