GPG: the Best Free Crypto You Aren't Using, Part II of II
And now, at long last, JoJo's ready to start encrypting everything in sight. Suppose JoJo wants to send an encrypted e-mail to Dan. The most common way for him to do this is to compose his message with the text editor or word processor of his choice and save it to disk. JoJo writes a letter with vi and saves it as dan0729.txt. Then he encrypts it with the command:
gpg --output dan0729.txt.asc --encrypt --recipient email@example.com dan0729.txt
Finally, he sends the file dan0729.txt.asc as an e-mail attachment or even listed in the body of an e-mail message (JoJo's got an “armor” line in his options file).
Note that if JoJo encrypts without passing gpg the --armor flag and he doesn't have an armor line in his options file, he should call the encrypted file dan0729.txt.gpg instead since it will be saved in the gpg binary format. Also, it will only be transmittable as an attachment. Remember, Armored ASCII is much more versatile. The gpg binary format may be preferable if file size matters because it tends to produce less output than Armored ASCII.
When Dan receives this file, he should save it to disk and decrypt it with the command:
gpg --output dan0729.txt --decrypt dan0729.txt.asc
Unlike encrypting, you don't need to specify a key when decrypting. gpg automatically determines which key to try to decrypt it with. Similarly, it doesn't matter whether the file Dan tries to decrypt is in gpg binary or Armored ASCII format; gpg will determine which format the file is in automatically, after prompting Dan for a passphrase. If Dan doesn't type his passhprase correctly, gpg won't decrypt the file.
Signing and verifying is very similar to decrypting and encrypting things. Suppose JoJo writes a nonconfidential but important letter to Dan that he wants Dan to be able to verify the validity of but doesn't need to actually encrypt. To sign his file beercontract.txt, JoJo would enter the command:
gpg --output beercontract_signed.txt --clearsign beercontract.txt
This will add a signature header and footer to the file and save it as beercontract_signed.txt. It's important that the output file be named differently than the input file, or the original file will be replaced with a signature for an empty file. You should use the clear-text method of signing when you want to be able to copy-and-paste your signed message into or out of e-mail, or otherwise treat it as plaintext.
The alternative is, you guessed it, to create a binary signature. There are two types of these. To create a binary signature that contains the original document and the signature in one compressed binary file, use the --sign command instead of --clearsign. To create a much smaller binary file containing a signature but not the file it references, use the --detach-sig command. Both --sign and --detach-sig should be preceded by an --output directive.
When Dan receives JoJo's beer contract, he can verify the signature appended to it by saving the file to disk, say as bcs.asc, and entering the command:
gpg --verify bcs.asc
Remember, if Dan doesn't have JoJo's public key in his keyring, gpg will return an error. If Dan does have JoJo's public key and the signature checks out, gpg will return something like the following:
gpg: Signature made Fri 27 Jul 2001 04:46:46 PM CDT using DSA key ID C1C34866 gpg: Good signature from "John J. Figplucker (Smooth JoJo) <firstname.lastname@example.org>"Then and only then will Dan know for sure that the contract he just received was signed by the bearer of JoJo's private key. Could JoJo have had a spear pointed at his tuckis? We don't know. Could JoJo have left his passphrase scrawled on the bottom of his keyboard, to be used by his office mates for impersonation pranks? Again, we really don't know. But if we trust JoJo to use and protect his key properly, we can be fairly sure that he did indeed create this valid signature.
I hope you're not too overwhelmed by all these options, flags and commands (Welcome to UNIX!). This has really been more of a survey than anything else; there's much I haven't covered. But I do believe that gpg is an important and useful tool. So much so that a number of people are working on more user-friendly front ends for it. The official GnuPG GUI is called the GNU Privacy Assistant (GPA), and while it's still a work-in-progress, it looks very promising indeed. It uses the GIMP toolkit, and is, unsurprisingly, nice to look at indeed.
Other GUIs under various stages of development include Seahorse and GnomePGP for the GNOME desktop; Geheimnis for KDE; TkPGP (written in Tk and therefore relatively windowmanager-agnostic); and a variety of wrappers, plugins and enhancements to popular mail user agents (or MUAs, aka e-mail clients). See the “Frontends” section of the GnuPG home page for links to these and other tools.
Practical Task Scheduling Deployment
July 20, 2016 12:00 pm CDT
One of the best things about the UNIX environment (aside from being stable and efficient) is the vast array of software tools available to help you do your job. Traditionally, a UNIX tool does only one thing, but does that one thing very well. For example, grep is very easy to use and can search vast amounts of data quickly. The find tool can find a particular file or files based on all kinds of criteria. It's pretty easy to string these tools together to build even more powerful tools, such as a tool that finds all of the .log files in the /home directory and searches each one for a particular entry. This erector-set mentality allows UNIX system administrators to seem to always have the right tool for the job.
Cron traditionally has been considered another such a tool for job scheduling, but is it enough? This webinar considers that very question. The first part builds on a previous Geek Guide, Beyond Cron, and briefly describes how to know when it might be time to consider upgrading your job scheduling infrastructure. The second part presents an actual planning and implementation framework.
Join Linux Journal's Mike Diehl and Pat Cameron of Help Systems.
Free to Linux Journal readers.Register Now!
- SUSE LLC's SUSE Manager
- Murat Yener and Onur Dundar's Expert Android Studio (Wrox)
- Managing Linux Using Puppet
- My +1 Sword of Productivity
- Non-Linux FOSS: Caffeine!
- Doing for User Space What We Did for Kernel Space
- Google's SwiftShader Released
- SuperTuxKart 0.9.2 Released
- Parsing an RSS News Feed with a Bash Script
- LiveCode Ltd.'s LiveCode