Using GPG to securely send a message

18 Nov 2015 in TIL

As part of my new found commitment to security, I've been generating new SSH keys for my various different identities. One of these involved sending my public key to a coworker so that it could be rolled out to all of our infrastructure. As Gareth is a bit of a security nut (Hi Gareth!), I opted to encrypt the message with his GPG key, so that he's the only person that can read it.

Firstly, I needed to find his public key. To do this, I searched on the public gpg key server for his email address and found his key on there.

pub 4096R/DE731050 2014-01-15 Fingerprint=648A D02C B24B FE36 D601 C976 AD43 71CA DE73 1050

Once I had his key, I needed to import it locally. To do this, I used gpg --recv-keys like so:

bash
$ gpg --recv-keys DE731050
gpg: requesting key DE731050 from hkp server keys.gnupg.net
gpg: DBG: locking for `/home/michael/.gnupg/pubring.gpg.lock' done via O_EXCL
gpg: DBG: locking for `/home/michael/.gnupg/secring.gpg.lock' done via O_EXCL
gpg: DBG: locking for `/home/michael/.gnupg/trustdb.gpg.lock' done via O_EXCL
gpg: key DE731050: public key "Gareth Llewellyn (Only accepts TLS protected SMTP connections) <[email protected]>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)

To check that it was imported correctly, I used gpg --list-keys

bash
$ gpg --list-keys
gpg: DBG: locking for `/home/michael/.gnupg/trustdb.gpg.lock' done via O_EXCL
/home/michael/.gnupg/pubring.gpg
--------------------------------
pub 2048R/F4489F24 2014-08-19
uid Michael Heap <[email protected]>
sub 2048R/5C14441F 2014-08-19
pub 4096R/DE731050 2014-01-15
uid Gareth Llewellyn (Only accepts TLS protected SMTP connections) <[email protected]>
uid Gareth Llewellyn <[email protected]>
sub 4096R/7D63EE1B 2014-01-15

I realised that I haven't yet signed this key, so I signed it

bash
gpg --sign-key DE731050

Then I used gpg to encrypt the message in a text format

bash
gpg --armor --output FooBar.txt.gpg --encrypt --recipient [email protected] FooBar.txt

Then, I took the contents of FooBar.txt.gpg and emailed it to Gareth, and (hopefully) he'll be able to decrypt it and roll out my new key.

If you're interested, here's what the encrypted message looks like:

-----BEGIN PGP MESSAGE----- Version: GnuPG v1 hQIMAwm7C359Y+4bARAApz1tYGo1ZYzdQNSCoObx+lX4/98fMLBG6UBcedG/49J2 FISt++Ycru9YNKE4AHOCSGxIuoiwA09MkJV1HhOuWNrWx+GzDCTFaE05qEINsp5H lapO0Bm8H+ypYuerr933hDRFJFDYdVNQMVvkG3tMsuRcCXkwbV/pwZ6ggySPqNUt up1K6CuhnaBZmWtcIM8+uTEDnCSTBbWlZPE9OUtPahe2lIFbefhAZpc/x2tTWyHS 0nigv/vym/0jwAWgyFLEUwVc805bIVZ42yIifoIK1VXJf73NvPO/T0H3ZhLPmTHs LSRghE8ZbfTDOKM3n85/r+ebyaqTZ76wpV6zRS5xM1jAMp72fWVwJ40u5jT3SnfR tdhFvdBxVseR+NuqzEHMbnB+LVLhnmGCHSAH/N1fmXDS34Ui6D8e4kzVhNC7NBOB iegLtzF6KyQh9VXB1ZpKerhOIT0rY5R5VQZc961M3j/o5TJEO4kVkwqTqgsCMNn+ nhxNxTPi1pJn4O6f2taBBCEEDij4I5Vu8TvVBkB8fZ627osoJ7pi2aWpJswUKmTO 9chO67DfIDQ2Ziok33mVwx8X1ENSMqPSWx2UsJ4GreZ+6DnYESfD6c+/K+DpPrvZ WMy122+JsNQfm+poOCm4jpvPkLICGNlHIC5XucMfDqeweqL5TnX3//MHn2+kD5DS 6QGXCFqgpQmI2Iq8NnZ98S22Tc/t2c+ASDDnQHojn7prp0vmxDJdsg73By7rQmAG fZcc+uadEwHXHDTSl4aSJ6g303ANZm5vFu19GBo4N4MzG585rf7FCOwC19rt2uqu aQ4sfs4RzD01BWrvN0hgnBvEsaAPxltIcVDRHIvv/JFTJtglRIdI1d39sT3f6Aec sa5eKrEmUf4v9mXxXt1CKHKWmHx75K/qbQ89Eq7tiX7gD5Wn0oshIXFZP4cyUvB8 dNmk0Uuw07ox+55jF++owaKByHQ4eJSYM1SFxLfALkwRw7ONO/P5+0iO0kYQon4b B9Lipgb6513HmDzQl6fg9A3Qut6A+UB7el3APszctdHJWXDDGcN28qRs8y4MWWPy MWOY33/ZMFwlQaCgfWaG6wtg0eNfJxHqmHBnfW6qO/JvHKfh/O7TO8RKBLSfHe2q 3EmtXrnETvggcZHBtQi6J17VOM7tT/OQGbUgIxDfE4TPIGN830t5z+mksRNT1jBF 5tSCP5Dn9KqY3gAXLFOyAmqO35D4NT74ZYDv+m9Lf+IGwm43BSK+rnXNz+tafWPT 56fb5y/HKbKuwXr3L8rJPQjcpylY/Y2y+X36+TP9sWS17vAArRFCkk0HRP9myKeB lDe//XLRMWF6rZoxrx8+fnHl0l/YXyBpEjzrWZUEYQ6+wDveXxOd6mtpuIzBcidS wqiLiTjoEzoMiULTlbhJPl6ng71qwgtyGxhEDo6s2JQ+9lTQE7VTx3Mg0GSIaZ0R M4Ji066f4qDCxwXr3yE/tx520QgFJHLTYrACTXaXJsg3rXh7NLpPmnelsubPPp0M b83kZI6Wq9S02YOhOVV+w+40SgLDSXJ61oZdnfdgXDGhQIeyBlJGh3auHc1f+Dtw U9j6yHZ0P7A98ijh4Dw6E7W6lAmDpfsKEOPN2fsQJSrO6GUlbPnejW8yuHbHAqnm an9qHMRilE+gJPddtMl+TgMzStUAvlhHScuB46dSCK5RxlngU2NcRAKrkx2XAg== =Q5o5 -----END PGP MESSAGE-----