Using GPG to securely send a message

As part of my new found commitment to security, I’ve been generating new SSH keys for my various different identities. One of these involved sending my public key to a coworker so that it could be rolled out to all of our infrastructure. As Gareth is a bit of a security nut (Hi Gareth!), I opted to encrypt the message with his GPG key, so that he’s the only person that can read it.

Firstly, I needed to find his public key. To do this, I searched on the public gpg key server for his email address and found his key on there.

pub  4096R/DE731050 2014-01-15
Fingerprint=648A D02C B24B FE36 D601  C976 AD43 71CA DE73 1050

Once I had his key, I needed to import it locally. To do this, I used gpg --recv-keys like so:

$ gpg --recv-keys DE731050 
gpg: requesting key DE731050 from hkp server keys.gnupg.net
gpg: DBG: locking for `/home/michael/.gnupg/pubring.gpg.lock' done via O_EXCL
gpg: DBG: locking for `/home/michael/.gnupg/secring.gpg.lock' done via O_EXCL
gpg: DBG: locking for `/home/michael/.gnupg/trustdb.gpg.lock' done via O_EXCL
gpg: key DE731050: public key "Gareth Llewellyn (Only accepts TLS protected SMTP connections) <[email protected]>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

To check that it was imported correctly, I used gpg --list-keys

$ gpg --list-keys
gpg: DBG: locking for `/home/michael/.gnupg/trustdb.gpg.lock' done via O_EXCL
/home/michael/.gnupg/pubring.gpg
--------------------------------
pub   2048R/F4489F24 2014-08-19
uid                  Michael Heap <[email protected]>
sub   2048R/5C14441F 2014-08-19

pub   4096R/DE731050 2014-01-15
uid                  Gareth Llewellyn (Only accepts TLS protected SMTP connections) <[email protected]>
uid                  Gareth Llewellyn <[email protected]>
sub   4096R/7D63EE1B 2014-01-15

I realised that I haven’t yet signed this key, so I signed it

gpg --sign-key DE731050

Then I used gpg to encrypt the message in a text format

gpg --armor --output FooBar.txt.gpg --encrypt --recipient [email protected] FooBar.txt

Then, I took the contents of FooBar.txt.gpg and emailed it to Gareth, and (hopefully) he’ll be able to decrypt it and roll out my new key.

If you’re interested, here’s what the encrypted message looks like:

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1

hQIMAwm7C359Y+4bARAApz1tYGo1ZYzdQNSCoObx+lX4/98fMLBG6UBcedG/49J2
FISt++Ycru9YNKE4AHOCSGxIuoiwA09MkJV1HhOuWNrWx+GzDCTFaE05qEINsp5H
lapO0Bm8H+ypYuerr933hDRFJFDYdVNQMVvkG3tMsuRcCXkwbV/pwZ6ggySPqNUt
up1K6CuhnaBZmWtcIM8+uTEDnCSTBbWlZPE9OUtPahe2lIFbefhAZpc/x2tTWyHS
0nigv/vym/0jwAWgyFLEUwVc805bIVZ42yIifoIK1VXJf73NvPO/T0H3ZhLPmTHs
LSRghE8ZbfTDOKM3n85/r+ebyaqTZ76wpV6zRS5xM1jAMp72fWVwJ40u5jT3SnfR
tdhFvdBxVseR+NuqzEHMbnB+LVLhnmGCHSAH/N1fmXDS34Ui6D8e4kzVhNC7NBOB
iegLtzF6KyQh9VXB1ZpKerhOIT0rY5R5VQZc961M3j/o5TJEO4kVkwqTqgsCMNn+
nhxNxTPi1pJn4O6f2taBBCEEDij4I5Vu8TvVBkB8fZ627osoJ7pi2aWpJswUKmTO
9chO67DfIDQ2Ziok33mVwx8X1ENSMqPSWx2UsJ4GreZ+6DnYESfD6c+/K+DpPrvZ
WMy122+JsNQfm+poOCm4jpvPkLICGNlHIC5XucMfDqeweqL5TnX3//MHn2+kD5DS
6QGXCFqgpQmI2Iq8NnZ98S22Tc/t2c+ASDDnQHojn7prp0vmxDJdsg73By7rQmAG
fZcc+uadEwHXHDTSl4aSJ6g303ANZm5vFu19GBo4N4MzG585rf7FCOwC19rt2uqu
aQ4sfs4RzD01BWrvN0hgnBvEsaAPxltIcVDRHIvv/JFTJtglRIdI1d39sT3f6Aec
sa5eKrEmUf4v9mXxXt1CKHKWmHx75K/qbQ89Eq7tiX7gD5Wn0oshIXFZP4cyUvB8
dNmk0Uuw07ox+55jF++owaKByHQ4eJSYM1SFxLfALkwRw7ONO/P5+0iO0kYQon4b
B9Lipgb6513HmDzQl6fg9A3Qut6A+UB7el3APszctdHJWXDDGcN28qRs8y4MWWPy
MWOY33/ZMFwlQaCgfWaG6wtg0eNfJxHqmHBnfW6qO/JvHKfh/O7TO8RKBLSfHe2q
3EmtXrnETvggcZHBtQi6J17VOM7tT/OQGbUgIxDfE4TPIGN830t5z+mksRNT1jBF
5tSCP5Dn9KqY3gAXLFOyAmqO35D4NT74ZYDv+m9Lf+IGwm43BSK+rnXNz+tafWPT
56fb5y/HKbKuwXr3L8rJPQjcpylY/Y2y+X36+TP9sWS17vAArRFCkk0HRP9myKeB
lDe//XLRMWF6rZoxrx8+fnHl0l/YXyBpEjzrWZUEYQ6+wDveXxOd6mtpuIzBcidS
wqiLiTjoEzoMiULTlbhJPl6ng71qwgtyGxhEDo6s2JQ+9lTQE7VTx3Mg0GSIaZ0R
M4Ji066f4qDCxwXr3yE/tx520QgFJHLTYrACTXaXJsg3rXh7NLpPmnelsubPPp0M
b83kZI6Wq9S02YOhOVV+w+40SgLDSXJ61oZdnfdgXDGhQIeyBlJGh3auHc1f+Dtw
U9j6yHZ0P7A98ijh4Dw6E7W6lAmDpfsKEOPN2fsQJSrO6GUlbPnejW8yuHbHAqnm
an9qHMRilE+gJPddtMl+TgMzStUAvlhHScuB46dSCK5RxlngU2NcRAKrkx2XAg==
=Q5o5
-----END PGP MESSAGE-----

Michael is a polyglot software engineer, committed to reducing complexity in systems and making them more predictable. Working with a variety of languages and tools, he shares his technical expertise to audiences all around the world at user groups and conferences. You can follow @mheap on Twitter

Thoughts on this post

Leave a comment?

Leave a Reply