Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Stay Ahead With Linux Security Features

Supply Chain Risk Starts At The Workstation Hero Esm H350
Price Tag 1security advisory important

The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
1 min read
Persistence Tricks Hero Esm H350
Price Tag 1security advisory open-source

You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
4 - 7 min read
Red Hat Npm Hero Esm H350
Price Tag 1security advisory Red Hat

Researchers investigating a campaign now tracked as Miasma found that more than 30 packages in Red Hat's @redhat-cloud-services npm namespace had been altered to deliver credential-stealing malware. . The packages weren't being used to deploy ransomware or sabotage systems. From what has been reported so far, the objective appears to have been much simpler: collect credentials from developer environments and use that access elsewhere. GitHub tokens, cloud credentials, SSH keys, and other...
3 - 6 min read
21.Globe RadiatingCode Esm H350
Price Tag 1cloud security security monitoring

Linux rootkits are old, but they never really disappeared. They just stopped attracting the same attention. . Most malware wants to execute and spread. A rootkit wants to stay invisible long enough that nobody notices the compromise until the damage is already done, and on Linux systems, that still works more often than many teams are comfortable admitting. That difference matters because modern infrastructure runs heavily on Linux underneath. Cloud workloads, ESXi hosts, telecom appliances,...
4 - 7 min read
SSH Forgotten Keys Persistend Risk Esm H350
Price Tag 1access control open-source

A production Linux server gets rebuilt from an old image. A contractor leaves. A CI/CD job is retired. Months later, the same SSH public keys are still sitting in authorized_keys, silently trusted by root or a service account nobody owns anymore. . That is how SSH key sprawl usually happens. It rarely stems from one obvious failure. Instead, it accumulates through years of small access decisions that never expire. For attackers, those forgotten keys are not clutter; they represent silent SSH...
3 - 6 min read
Filter Icon Refine features
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security features

We found -3 articles for you...
102
7.Locks HexConnections Esm H240
Price Tag 1email securityemail encryptionsecure communication

GPG Encryption: Secure Email Communication on Linux Systems

Much of today’s communication in the professional world occurs via email. What could be worse than sending an email to the wrong recipient or having an email intercepted by an attacker? . There are many reasons that emails should not contain information, especially confidential or personal identifiable information, in plain text. Doing so could put a full organization at risk. Is there a solution? Yes, encryption. Asymmetric cryptography, also known as public-key cryptography, is a cryptography process that is done through a public key and a private key. In asymmetric cryptography, the encryption of data is done with the public key. Once a person encrypts the data with the recipient’s public key, and sends the data, it can only be decrypted using the private, or secret, key. No one should have access to your private key, that way even if communication is intercepted or data is sent to an unintended person, they will not be able to decrypt and read the contents of the message. GPG, or GnuPG , is an implementation of PGP that can be used with different operating systems, including Linux. It is a software that allows for secure communication. GPG is also easily integrated with other applications, making it very simple to encrypt emails and share keys. This article will introduce GPG as a great way to keep private files private on Linux. How Does GPG Work? Using GPG on Linux is extremely uncomplicated. All you need to do is install it, generate your keys, share them, and then you can start using it. To install GPG, you can run sudo apt-get install gnupg in your command line. Once that is complete, run gpg --gen-key to generate a key pair. To allow people to send you encrypted data that you can decrypt using the private key, you need to share the public key. This is done by typing gpg --output ~/mygpg.key --armor --export This email address is being protected from spambots. You need JavaScript enabled to view it. . You can also send your key to a certain server by running gpg –send-keys –keyserver pgp .server.com key_id . If you want to importother user’s keys, you can do gpg --import nameofkey . This way you can encrypt any files or emails you want to send to this user, which only they will be able to decrypt with their private key. To encrypt messages you can run gpg --encrypt --sign --armor -r This email address is being protected from spambots. You need JavaScript enabled to view it. file_name . Now you can securely send an email to this person. However, if you receive an email that has been encrypted with your public key, you can decrypt it by simply running gpg file_name.asc . GPG also allows you to add digital signatures to emails, which adds an extra layer of security when it comes to confirming who a message is coming from. To verify that the message is coming from the correct person, we can use gpg --verify email.txt.asc . You can also sign messages using gpg --armor --sign --output email.txt.asc --encrypt --recipient This email address is being protected from spambots. You need JavaScript enabled to view it. email.txt . Below is a table that shows the available commands you can use with GPG, and what they each do. Option Long Flag Short Flag Definition Armor --armor -a Output modifier that changes the output to be an ASCII-armored file Encrypt --encrypt -e Encrypts file Decrypt --decrypt -d Decrypts file Sign --sign -s Used to add a digital signature Verify --verify -v Verifies signed file to make sure it is from the correct source Conclusion As I have mentioned, secure communication is very important, yet often overlooked. Emails contain sensitive data such that should only be read by the intended recipients and could otherwise put an organization at risk.GPG is a very easy tool to use with Linux that can make sure all communication is secure by implementing asymmetric cryptography.GPG can do far more than what is mentioned in this article, but for now our focus is on secure and confidential emailcommunication. Stay tuned for future LinuxSecurity articles on GPG! . The protection of sensitive information is critical in today's digital landscape. Uncover the mechanisms through which GPG ensures secure messaging on Linux platforms.. GPG Encryption,Secure Email,Asymmetric Cryptography,Linux Communication. . Zaid AlBukhari

Calendar 2 Nov 21, 2022 User Avatar Zaid AlBukhari
102
General Esm H240
Price Tag 1encryptionsecurity measuresGnuPG

Cryptography Insights: Managing Keys and Data Security with GnuPG

This week's article is an introduction to cryptography using GNU Privacy Guard. . Copyright 2000 by Richard C. Jankowski Copyright license terms available at Originally written for linuxsecurity.com Introduction We live in the digital age. Email correspondence is commonplace, business proposals are stored on computer systems, financial and legal information is sent across networks. Nobody can get this information other than the intended recipient, right? Don't bet on it. Just about everything you do while connected to a network can be easily watched. System Administrators can rifle through your email, and disgruntled employees can intercept copies of your financial and legal documents as you transfer them across your LAN. Laptops are often stolen, and the loss is much greater if the system also contains confidential information. Sending sensitive information in email, transferring it around on a network, or even leaving it on your hard drive is the digital equivalent of putting that information on a neon billboard in Times Square. Encryption is one of the most effective ways to ensure your information is secure. Correctly using a good encryption package, such as GNU Privacy Guard (GnuPG), will help insure your data remains private. Email sent encrypted with GnuPG can only be decrypted by the person whom the message is intended. Encrypted messages which are intercepted and stolen are worthless to anyone but the intended recipient. GnuPG is GPL Software that follows the OpenPGP Standard. It is intended as a replacement for the PGP encryption package, and does not use any patented encryption algorithms. It can be downloaded from http://www.gnupg.org , and runs on Linux, FreeBSD, many other flavors of UNIX, as well as Windows. Public Key Cryptography Public Key Cryptography, also known as Asymmetric Cryptography, uses a pair of keys, a public key and a secret key. The public key is usedto encrypt a message that only the corresponding secret key can decrypt. The public key is meant to be distributed, while the secret key must not. While the keys are related, it is mathematically impractical to derive one key from the other. An example would be that Susan makes her public key available to the world by putting it on her Website, emailing it to friends, etc. If I want to send Susan an encrypted message, I would use GnuPG with Susan's public key to encrypt the message, turning it from plaintext to ciphertext. Once the message has been encrypted, only the person who has possession of Susan's secret key is able decrypt it. Once I encrypt the message for Susan, I cannot derive the original message from the ciphertext. Without access to Susan's secret key, the only way to decrypt the message is by using a brute force attack. A brute force attempt would require every possible key be tried in effort to decrypt the message. This would take the computing equivalent of billions of mainframes trillions and trillions of years. Making sure Susan's secret key isn't compromised is essential in keeping her messages secure. Creating and Managing Keys Once GNU Privacy Guard is compiled and installed, you must create your keys with the command `gpg --gen-key` as following: [susan:~]$ gpg --gen-key gpg (GnuPG) 1.0.0; Copyright (C) 1999 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. gpg: /home/susan/.gnupg: directory created gpg: /home/susan/.gnupg/options: new options file created gpg: /home/susan/.gnupg/secring.gpg: keyring created gpg: /home/susan/.gnupg/pubring.gpg: keyring created Please select what kind of key you want: (1) DSA and ElGamal (default) (2) DSA (sign only) (4) ElGamal (sign and encrypt) Your selection? 1 You must select the type of key you would like touse. For most users the default, DSA and ElGamal, is sufficient. DSA keypair will have 1024 bits. About to generate a new ELG-E keypair. minimum keysize is 768 bits default keysize is 1024 bits highest suggested keysize is 2048 bits What keysize do you want? (1024) Next, you are asked what keysize you want. In general, 1024 bits is more than adequate. The larger the key the longer it will take for encrypting and decrypting messages. Requested keysize is 1024 bits Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct (y/n)? y In this example, Susan doesn't want her keys to expire, so she accepts the default. You need a User-ID to identify your key; the software constructs the user id from Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) " Real name: Susan Q. Public Email address: This email address is being protected from spambots. You need JavaScript enabled to view it. Comment: Cyphergirl You selected this USER-ID: "Susan Q. Public (Cyphergirl) " Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key. Enter passphrase: We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ... [susan:~]$ Susan is prompted for her name, email address, comment, and passphrase. GNU Privacy Guard then starts generating the keys. Once a pair of keys is generated, Susan needs to make her public key available so others can send encrypted messages to her. This is done with the "--export" option to the gpg command. The key is exported as a binary file,which isn't suitable for emailing, so the "--armor" command will ASCII armor the key. The key is also sent to stdout, to send the output to a file, use the "--output" option as follows: [susan:~]$ gpg --armor --output pubkey.asc --export This email address is being protected from spambots. You need JavaScript enabled to view it. Now that susan has exported and distributed her key, I'll send her my key (named rich.asc) so she can send me encrypted messages. [susan:~]$ cat rich.asc -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDfYgxcRBAClzpK+9KxwE4Njl2B4z3yTyiFXwEGFteJu3FM4u//CQwQAnXvk gVRy0gmHUnkxFj2yK+BFkcjaNmRZbSKcTZXsO27cv63TAQw8oNKWYzDThiFKvpB2 Srsh3ipp+qOcmk1IQXu5hmL80Xx2F0Wwl95p8uLeCkepBVC8gr4awpRHswCgz3YR EfUAhjYPgklzGdqkKxUD23MEAJAF5GYXwVxfzPZcgxOs1jpUel60wLXXQaDRmJ7i mlhBwU/j6DmDeI0tASWrtgt8mS90/PYBj1sSRzH7SqcWtUySMjypX/BEIQHNWZTn I/TXSC8Wn+SPXcqTPIEEZnJJuZTWFujoHzZgu3ARqtDFMi7Rt3SPCFRBrTwoykZX ztXMA/9kGAmQkdO9wpxRR9uXI5Stx3BMRipbI/msK3pxCXO2A5EaQADsVB/83joW 3rpApg/9HL6HwGMO6Qbh55rjbpBkaH0q0VK52aTt259PqtbE86jiPNxo3XR62UH2 bhWfAnm6IPBQ+EE7vQmglTo5WbIljykKx+Q5FvY9o7vBJSYeJ7QkUmljaCBKYW5r b3dza2kgPHJpY2hAc2F0dXJubGluay5jb20+iFUEExECABUFAjfYgxcDCwoDAxUD AgMWAgECF4AACgkQhSdZBHa/b61NXACgnfDwwAg3Oc/pFTFLajsJETx52K4AoK1f +iZCCmhkGD3nQHCqxRH5dIEfuQENBDfYgyAQBAD6luCMMwlrefFkHaRD2svnFNWG g48Zu5q4Ef1w03R+NlwbBOcxoCSthyhNY1pqxwaWZSB3yAhmgGHY8qHLcKovCMSe Qp8IjFzykt+dWzyOwRcxa9Kpo3KxD2pFzU8feQzW9F7LVv+j5SxJsPijrxjeeE0X nsR9q8myTLRd7E8/4wADBgP/V+gwREI9uds/IO2vDve6h9P7m1MYu8nEGVjOoFEO IEVJoZgu+wuaJ+m3IhABzcS8ZlDZ481hwjBT9RmLB0pyNqHQyamvGsZVvAdzNIll JMjhCxOTBNWI5A1dI2C9y4lBz/7En97k0JswsLSHsTS2+4RkdfVjHW2jjP0Kl7AF 8uGIRgQYEQIABgUCN9iDIAAKCRCFJ1kEdr9vrVNeAKC4fcHmplnjr+DXV6WLdAY+ uD4OtgCgnIR2Jq2FFLmU/u63BWTk6PMmn2c= =Unun -----END PGP PUBLIC KEY BLOCK----- The "--import" option will allow you to import a public key into your keyring as follows: [susan:~]$ gpg --import rich.asc gpg: key 76BF6FAD: public key imported gpg: /home/susan/.gnupg/trustdb.gpg: trustdbcreated gpg: Total number processed: 1 gpg: imported: 1 To list the keys in a keyring, use the "--list-keys" option: [susan:~]$ gpg --list-keys /home/susan/.gnupg/pubring.gpg ------------------------------ pub 1024D/533F200F 2000-03-07 Susan Q. Public (Cyphergirl) sub 1024g/C8F2C0F7 2000-03-07 pub 1024D/76BF6FAD 1999-09-10 Rich Jankowski sub 1024g/61A19A5E 1999-09-10 Encryption and Decryption Susan just changed the router password and wants to notify me of the change through email. Because of the sensitive nature of this message, she doesn't want to send it as plaintext. She'll then create a file called doc.txt with the following content: The new router password is "ro0t3r4dm!n" To encrypt the message using my public key she would use: [susan:~]$ gpg --armor --output doc.asc --encrypt --recipient \ This email address is being protected from spambots. You need JavaScript enabled to view it. doc.txt This will create an ASCII armored file called doc.asc: [susan:~]$ cat doc.asc -----BEGIN PGP MESSAGE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org hQEOA/Kp2qNhoZpeEAQA1ZzhxsnFN36nOqGwxugDr90IryX5gOCDLzXXPXmG/erD c+LdOIrJrt0evCUo8Oj+sWEWfg2kP8NE6yHDNnFcARvPFw/uS9HhsLefdt7A3Ylf CGCJs/C258MVK8qw0dUTOiF/x5uq3hR76YIeUWgGICNoE6V+Vmiopu5B6vBHcPYD /15grvtrvTdP2MQ5/nGYN5HQG82ZmUkAg+Aq50GQOt+w/Bwe5FhHEYI+AYenqdYC 7GN+GeG4BfraCvlcczkf/FngPCi+9wISR7V8lmzNdyh7NrWSG+ncsEPMTA9zwsi4 hLQhBgQKmUIbHlh40dQKhRA+nxaCCJ2Dlv9mTAMvg2jjyUxwSNAl82xUBSWMuOL6 94ldlXEeqI7HeGQH4jl9IZDlXImellhKtcTfIAfmy2FSMfkr3cX5lfiWntapC8ow vmyIldiKcGr9tLr4SaX9 =592O -----END PGP MESSAGE----- After getting this message, I can decrypt it with the following: [rich:~]$ gpg --output doc.txt --decrypt doc.asc You need a passphrase to unlock the secret key for user: "Rich Jankowski " 1024-bit ELG-E key, ID 61A19A5E, created 1999-09-10 (main key ID 76BF6FAD) Enter passphrase: [rich:~]$ After entering the correct passphrase for my secret key, GNUPrivacy Guard decrypts the file as doc.txt as demonstrated: [rich:~]$ cat doc.txt The new router password is "ro0t3r4dm!n" GNU Privacy Guard also uses symmetric ciphers, which will enable you to use the same key for both encryption and decryption. This is useful if you want to encrypt important files on your system. When encrypting a file with a symmetric cipher, you are prompted for a passphrase. Others who know that passphrase are able to decrypt that file. Here's an example of using a symmetric cipher to encrypt a file called sales.txt: [susan:~]$ gpg --symmetric sales.txt Enter passphrase: A hard to guess passphrase Repeat passphrase: A hard to guess passphrase [susan:~]$ Now, someone using `gpg --decrypt` will be prompted for a passphrase, only someone who knows the passphrase Susan used will be able to decrypt her document. Signing and Signature Verification Being able to verify who sent a message is as important as the message itself. GNU Privacy Guard allows users to place a digital signature on both plaintext and ciphertext to validate their origin. In signing a file, GNU Privacy Guard uses the secret key to sign, and the public key is used to validate the signature. Therefore, signed files can be verified by anyone who has access to the sender's public key. In this example, Susan has a simple plaintext message, called email.txt, which contains: Lunch meeting at 1 o'clock She's going to sign the message with "--clearsign", and then email it to me: [susan:~]$ gpg --clearsign email.txt You need a passphrase to unlock the secret key for user: "Susan Q. Public (Cyphergirl) " 1024-bit DSA key, ID 533F200F, created 2000-03-07 Enter passphrase: GNU Privacy Guard creates a signed file called email.txt.asc, that can be emailed: [susan:~]$ cat email.txt.asc -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lunch meeting at 1 o'clock -----BEGIN PGPSIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4zZTK5cg0BlM/IA8RAvF6AJ9mCL9LtPiB1sXvIjx02UAR3LsewwCdGVWg HwNh4zVRIP+dBRI3XD17O4w= =yHv6 -----END PGP SIGNATURE----- [susan:~]$ mail This email address is being protected from spambots. You need JavaScript enabled to view it. < email.txt.asc Upon reciept of this message, I can check to see if the signature is good by using the "--verify" option: [rich:~]$ gpg --verify email.txt.asc gpg: Signature made Mon Mar 13 20:24:26 2000 EST using DSA key ID 533F200F gpg: Good signature from "Susan Q. Public (Cyphergirl) " The same message could also be encrypted and signed at the same time as: [susan:~]$ gpg --armor --sign --output email.txt.asc \ --encrypt --recipient This email address is being protected from spambots. You need JavaScript enabled to view it. email.txt You need a passphrase to unlock the secret key for user: "Susan Q. Public (Cyphergirl) " 1024-bit DSA key, ID 533F200F, created 2000-03-07 Enter passphrase: Encrypted files that are also signed are verified during the decryption: [rich:~]$ gpg --decrypt email.txt.asc You need a passphrase to unlock the secret key for user: "Rich Jankowski " 1024-bit ELG-E key, ID 61A19A5E, created 1999-09-10 (main key ID 76BF6FAD) Enter passphrase: Lunch meeting at 1 o'clock gpg: Signature made Mon Mar 13 20:38:24 2000 EST using DSA key ID 533F200F gpg: Good signature from "Susan Q. Public (Cyphergirl) " Note how when "--output" is not specified, the decrypted contents go to stdout. Putting it Together To better illustrate the examples, I used the long options in this article. Most of the options don't need to be written out in the long format. Here's a few of the more common options, and their corresponding long and short option flag: Option Long Flag Short Flag Armor --armor -a Encrypt --encrypt -e Decrypt --decrypt -d Sign --sign -s Verify --verify -v Symmetric --symmetric -c This makes it a lot easier to type, as: gpg --sign --encrypt --armor --recipient This email address is being protected from spambots. You need JavaScript enabled to view it. crypt.txt is more easily invoked as: gpg -sear This email address is being protected from spambots. You need JavaScript enabled to view it. crypt.txt If you're a fan of graphical user interfaces, you don't have to use GnuPG from the command-line. A nice graphical front-end is TkPGP, and might make GNU Privacy Guard easier to use. There's a lot more to GnuPG and cryptography than was covered in this intoductory article. Checking the documentation page will go a long way in helping you use GNU Privacy Guard more effectively. GNU Privacy Guard allows you to take control of your confidential information and ensures that your privacy is not violated. After all, the only ones who probably care about your privacy are the ones trying to invade it. . Discover the methods to safeguard your confidential documents via GNU Privacy Guard, including procedures for handling keys and efficiently encrypting information.. GnuPG Encryption, Data Security, Cryptographic Techniques, Data Privacy, Asymmetric Cryptography. . Brittany Day

Calendar 2 Mar 21, 2000 User Avatar Brittany Day
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here