Useage
Generate new key
# gpg --gen-keyTo list keys
# gpg --list-keysUsing keyserversTo find a key on a keyserver use the following command. A list of all matching keys will be displayed along with the ability to select which you wish to import
# gpg --search-keys 'domain.com'To update keys on your keyring to the latest version on the keyservers run the following command:
# gpg --refresh-keys'Edit a GPG key
# gpg --edit-key 01234567->Trust (sets the trust level on a key)
->lsign (signs locally - will not export to key serveers)
->quit
To encrypt a file
# gpg -e -r [email protected] [file]--batch - batch mode, will not prompt for anything, will just work or fail
--armor - ASCI armour the file (use only "normal" chars, less likely to be corrupted by a system which tries to interpret, makes resultant file bigger)
--always-trust - automatically trust recipients for this encryption. Useful for eg scripts where you do not want to have to create a private key and sign the recipient keys, and don't want to hit "y" to override this check each time.
To decrypt a file
# gpg -d [file]To setup GPG for automatic encryption of a file with cron first install GPG and import the keys we need from keyservers:
$sudo yum install gpg
$sudo -H gpg --keyserver keyserver.ubuntu.com --search-keys <name_of_person_or_company>
The -H is required for sudo to use the root $home otherwise it tries to use the current user $home and fails with bad permissions. Import any keys you need and repeat for all required keys.
Now you can run the following in root's crontab inside a script to encrypt a file using GPG:
gpg --batch --always-trust -e -r email.of@recieipent <file to encrypt>
No comments:
Post a Comment