Aller au contenu

GPG

Créer une clé GPG:

Liste des clés:

Clés publiques:

$ gpg2 -list-keys
/Users/bruno/.gnupg/pubring.kbx
-------------------------------
pub   dsa2048 2010-08-19 [SC] [expires: 2024-05-11]
      85E38F69046B44C1EC9FXXXXXXXXXXXXXXXXXXXX
uid           [ unknown] GPGTools Team <team@gpgtools.org>
uid           [ unknown] [jpeg image of size 6329]
sub   rsa4096 2014-04-08 [S] [expires: 2024-05-11]
sub   rsa4096 2020-05-11 [E] [expires: 2024-05-11]

pub   dsa3072 2017-07-29 [SC] [revoked: 2019-08-16]
      C20F2E7CA759A312FC54XXXXXXXXXXXXXXXXXXXX
uid           [ revoked] Bruno Pesenti <bruno@clicclac.info>

pub   rsa4096 2019-08-16 [SC] [expires: 2025-08-16]
      2D5E6C772EC115C821BDXXXXXXXXXXXXXXXXXXXX
uid           [ultimate] Bruno Pesenti <bruno@clicclac.info>
sub   rsa4096 2019-08-16 [E] [expires: 2025-08-16]

pub   rsa4096 2019-08-16 [SC] [expires: 2024-08-16]
      995EBFA715B43A5EADA3XXXXXXXXXXXXXXXXXXXX
uid           [ultimate] Bruno Pesenti <bruno.pesenti@orange.fr>
sub   rsa4096 2019-08-16 [E] [expires: 2024-08-16]

Clés privées:

$ gpg --list-secret-keys

/Users/bruno/.gnupg/pubring.kbx
-------------------------------

sec   rsa4096 2017-07-29 [SC] [revoked: 2019-08-16]
      6DF29A830B9A7EE0130DXXXXXXXXXXXXXXXXXXXX
uid           [ revoked] Bruno Pesenti <bruno.pesenti@orange.fr>

sec   dsa3072 2017-07-29 [SC] [revoked: 2019-08-16]
      C20F2E7CA759A312FC54XXXXXXXXXXXXXXXXXXXX
uid           [ revoked] Bruno Pesenti <bruno@clicclac.info>

sec   rsa4096 2019-08-16 [SC] [expires: 2025-08-16]
      2D5E6C772EC115C821BDXXXXXXXXXXXXXXXXXXXX
uid           [ultimate] Bruno Pesenti <bruno@clicclac.info>
ssb   rsa4096 2019-08-16 [E] [expires: 2025-08-16]

sec   rsa4096 2019-08-16 [SC] [expires: 2024-08-16]
      995EBFA715B43A5EADA3XXXXXXXXXXXXXXXXXXXX
uid           [ultimate] Bruno Pesenti <bruno.pesenti@orange.fr>
ssb   rsa4096 2019-08-16 [E] [expires: 2024-08-16]

Encrypter un fichier (--encrypt):

$ gpg2 --homedir=~/.gnupg --recipient bruno.pesenti@orange.fr --encrypt $HOME/.my.cnf

$ gpg2 --output $HOME/Desktop/.password.txt.gpg --recipient bruno.pesenti@orange.fr --encrypt $HOME/.password.txt

Le fichier .password.txt est destiné à bruno.pesenti@orange.fr.

On l'a encrypté avec la clé publique de bruno.pesenti@orange.fr. Ce dernier le décryptera avec sa clé privée.

Si bruno.pesenti@orange.fr veut vous envoyer un fichier crypté, il l'encryptera avec votre clé publique, et vous le décripterez avec votre clé privée.

Décrypter un fichier (--decrypt):

$ gpg2 --homedir=~/.gnupg --output /Users/bruno/Desktop/.my.cnf --decrypt .my.cnf.gpg
gpg: encrypted with 4096-bit RSA key, ID 31C7659DE3F8009D, created 2019-08-16
      "Bruno Pesenti <bruno.pesenti@orange.fr>"

Encrypter plusieurs fichiers (--multifile --encrypt):

~/Downloads/pdf master* ⇡
$ ls | gpg2 --multifile --encrypt --recipient bruno.pesenti@orange.fr

~/Downloads/pdf master*  15s
$ ls -la
total 889052
-rw-r--r-- 1 bruno staff   2810014 Dec 24  2019 'Data Munging with Perl.pdf'
-rw-r--r-- 1 bruno staff   1349061 Feb 25 15:28 'Data Munging with Perl.pdf.gpg'
-rw-r--r-- 1 bruno staff    335834 Dec 24  2019 'Lerning perl the hars way.pdf'
-rw-r--r-- 1 bruno staff    298644 Feb 25 15:28 'Lerning perl the hars way.pdf.gpg'

Décrypter plusieurs fichiers (--multifile --decrypt):

$ ls | gpg2 --multifile --decrypt
gpg: Data Munging with Perl.pdf: unknown suffix
gpg: encrypted with 4096-bit RSA key, ID 31C7659DE3F8009D, created 2019-08-16
      "Bruno Pesenti <bruno.pesenti@orange.fr>"
gpg: Lerning perl the hars way.pdf: unknown suffix
gpg: encrypted with 4096-bit RSA key, ID 31C7659DE3F8009D, created 2019-08-16
      "Bruno Pesenti <bruno.pesenti@orange.fr>"

Vérification:

$ file .my.cnf.gpg
.my.cnf.gpg: PGP RSA encrypted session key - keyid: 31C7659D E3F8009D RSA (Encrypt or Sign) 4096b .

Encrypter un fichier (--symmetric):

$ gpg2 --output $HOME/Desktop/.password.txt.gpg --symmetric $HOME/.password.txt

Encrypter un dossier(gpgtar --encrypt):

$ gpgtar --encrypt --output .gnupgp.zip -r bruno.pesenti@orange.fr .gnupg
gpgtar: skipping unsupported file '.gnupg/S.gpg-agent.extra'
gpgtar: skipping unsupported file '.gnupg/S.gpg-agent.ssh'
gpgtar: skipping unsupported file '.gnupg/S.dirmngr'
gpgtar: skipping unsupported file '.gnupg/S.gpg-agent'
gpgtar: skipping unsupported file '.gnupg/S.gpg-agent.browser'

Décrypter un dossier(gpgtar --decrypt):

$ gpgtar --decrypt .gnupgp.zip
gpgtar: gpg: encrypted with 4096-bit RSA key, ID 31C7659DE3F8009D, created 2019-08-16
gpgtar: gpg:       "Bruno Pesenti <bruno.pesenti@orange.fr>"

Supprimer 'Overwrite' quand on ré-encrypte un même fichier:

$ gpg2 --output $HOME/Desktop/.password.txt.gpg --recipient bruno.pesenti@orange.fr --encrypt $HOME/.password.txt
File '/Users/bruno/Desktop/.password.txt.gpg' exists. Overwrite? (y/N) y

Ajouter les options batch et yes

$ cat gpg.conf
auto-key-retrieve
no-emit-version
default-key 995EBFA715B43A5EADA3XXXXXXXXXXXXXXXXXXXX
batch
yes
Dernière mise à jour: November 9, 2023