Stay Ahead With Linux Security Features
security advisory attack A Linux server gets cleaned up after an intrusion. The suspicious process is terminated, credentials are rotated, and the system is rebooted during maintenance. Everything seems secure. A few hours later, the same outbound connection appears again. . Situations like that point to persistence . The attacker no longer needs the original exploit because something on the host continues restoring access behind the scenes. Finding that mechanism is often more important than understanding how the...
Jun 08, 2026
threat detection scalability Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload. . A SIEM watching 20 endpoints is not doing the same job as one watching 500. More endpoints mean more logs; more logs require more storage; more storage makes search heavier. Eventually, the very architecture that made your lab easy to deploy becomes the reason your production...
Jun 04, 2026
security advisory apache A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic. . For Linux administrators, the concern is not the HTTP/2 protocol itself. It is the possibility that a single...
Jun 04, 2026
security advisory important The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
Jun 03, 2026
security advisory open-source You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
Jun 02, 2026
Refine features
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security features
We found -2 articles for you...
102
data protectionGnuPGemail encryptionHow to Securely Send Encrypted Emails on Linux for Data Protection
Email encryption is a great way to enhance your organization’s communication security by protecting your email content and ensuring unauthorized individuals can’t read the information. . Research shows that 94% of organizations have experienced phishing attacks . However, only some take these risks seriously until an incident happens with them. In the words of Edward Snowden, “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different from saying you don’t care about free speech because you have nothing to say.” With increasing data security and privacy risks, organizations must implement advanced security measures like encrypted emails. This article will explore encrypted emails, their importance, and how to send them. Understanding Encrypted vs. Secure Email Encrypted emails are different from secure emails. Understanding their differences is vital if you want to implement email security. It will help you choose a suitable security mechanism based on your communication needs and your required confidentiality level. What’s an Encrypted Email? An encrypted email is an email whose message content is encoded and transformed into an unreadable, secure format called ciphertext through an encryption technique. This ensures only those senders and receivers with appropriate keys or access permissions view and access the content. Encoding an email’s content is called email encryption, which helps protect sensitive data from harmful exposure or cyberattacks. Tools like GnuPG , S/MIME , etc., are used for end-to-end email encryption. In end-to-end encryption, emails are encrypted at the sender’s end and are meant only for the intended receiver to decrypt them on their system and view the content. The recipient and the sender must typically have an encryption code or key to access the email. This process happens automatically if both sides leverage an email client supporting encryption. An encrypted email typically hasthese features: Cryptographic keys - one public (that the sender uses for encryption) and one private (that the recipient uses for email decryption) Transport Layer Security (TLS) to protect data transmission between servers Secure/multipurpose Internet mail extensions (S/MIME) for email encryption Digital signatures for email verification What Is a Secure Email? A secure email has protective measures implemented for its safe transmission over networks. It employs security protocols like Transport Layer Security (TLS) or Secure Sockets Layer (SSL) to secure the connection between the user’s web browser and web server. This protects data from malicious intent and ensures an email’s integrity, authenticity, and confidentiality. “Secure email” is an umbrella term that includes securing emails through various protection mechanisms rather than the content itself. A secure email doesn’t necessarily use end-to-end encryption but also many other security mechanisms, such as: Multi-factor authentication (MFA) to add another security layer through OTPs, facial recognition, fingerprint scans, etc. Strong, lengthy, and unguessable passwords make it challenging for hackers to access accounts Personalized security questions (or choosing one from the given list and using a wrong answer) to prevent account hacks Digital signatures to validate email integrity Access controls so that only authorized people have the email’s access Malware protection to scan links and attachments for threats Anti-phishing tools to prevent phishing attacks In addition, email security involves making users aware of cybersecurity risks, recognizing attacks, maintaining secure communications, and meeting compliance requirements. Differences Between an Encrypted and Secure Email Parameter Encrypted Email Secure Email Focus Anencrypted email is encrypted to secure content so only authorized people can access it. A secure email is an umbrella term that includes different protocols and secure measures to protect an email’s integrity and keep it confidential. Priority Securing the content of an email Securing the connection in which the email is being transmitted over a network Security mechanisms Mainly uses end-to-end encryption email security mechanism. It can also include TLS. Apart from end-to-end encryption, it can have several email security mechanisms such as SSL, multi-factor authentication, anti-phishing and anti-malware, and digital signatures. Goal Email encryption safeguards an email’s content from eavesdropping, data exposure, and cyberattacks. Even if someone intercepts it, they can’t read the email content without the decryption key. Its goal is to provide email and connection security from malware, data breaches, phishing attacks, and other cybersecurity risks. What Is the Importance of Encrypted Email and Secure Email in Data Protection? Both encrypted email and secure email are essential. The main focus is data security and these two are just two ways to achieve it and avoid data exposure, phishing threats, and other cyberattacks. Importance of Encrypted Email In encrypted emails, the content is first scrambled or encrypted with the help of an encryption key to make the email unreadable without the decryption key. Unlike a secure email, an encrypted one is not sent in plain text. It then gets transmitted over the network to reach the intended recipient. Thus, your email message is safe even if the email connection security breaks at any point in the network. Even if someone successfully accesses the mail server or intercepts the network,they can’t read the email message, thanks to end-to-end encryption. Encrypted emails are helpful for these scenarios: Individuals who want to protect their personal or professional communication from hackers and identity thieves Organizations that host email services on their own must use email encryption Enterprises that send or receive sensitive information must use encryption email since cyberattack risks are higher for them Organizations that operate under heavily regulated industries, such as finance, health, military, etc., need strong email encryption Companies that must meet solid regulatory compliance requirements need email encryption to secure their communications Email service providers to protect their client’s information Importance of Secure Emails Sending secure emails is vital to protect your data privacy and security. They are helpful for the following scenarios: Protecting your personal or professional data against government-led surveillance, which is common in many countries from the US and UK to Germany, China, and Australia Safeguarding data from cybercriminals that may steal your identity, or money, or compromise your social accounts Securing your personal or business data from anti-parties and competitors who may misuse your data or discover your business secrets and strategies Preventing email service providers from monitoring your emails, sharing your information with advertisers, or selling your data to third parties. What Are the Benefits and Drawbacks of Sending Encrypted Email? Knowing the potential benefits and drawbacks of sending encrypted emails will help you make informed decisions when implementing email encryption in your communication network. Benefits Enhanced Security Research reveals that 95% of business leaders are stressed about email security. Hackers who can access your email content may expose confidential data and trade secrets to competitors or sell customer data onthe dark web. They can also use the data to carry full-blown attacks, such as phishing attacks, identity theft, etc., devastating a company based on reputation, money, and customer trust. Encrypted emails protect against email interception, ensuring only the designated receiver and sender read the email content. Even if someone can access your account, they can’t read the data without the decryption key. Data Privacy Security researchers have found that only 14% of email users encrypt their email communication, and 33% of users update their email passwords after a specific interval of time. Data privacy is instrumental for every individual or business. You don’t want your personal data, like social security numbers, health information, credit card details, personal photos, etc., to go public. Similarly, no company would want their internal matters exposed, which may harm their business. If you implement email encryption, you essentially keep your email content private from unauthorized people. Compliance with Regulations Businesses, especially from highly regulated industries, must adhere to regulatory requirements applicable in their areas, such as GDPR , HIPAA, PCI DSS , etc. These regulations ensure that businesses use customer data responsibly and adequately. Sending encrypted emails allows you to support the cause and stay compliant with these regulations. It also avoids the risk of penalties and upholds customers’ trust in your business. Identify Genuine Emails from Spam In 2022, 162 billion spam emails were sent to people every day in the same year. Encrypted emails help you identify genuine emails from spam or phishing emails. You can use an email encryption service with a digital signing feature to ensure an email has an authentic sender. This way, you can reduce malware and security risks. Drawbacks of Sending Encrypted Email Setup and Usage Complexity Implementing email encryption in your communication can be a time-consuming andcomplex process. Organizations generally use end-to-end encryption, S/MIME, or PGP for configuration, which are difficult for anyone and might introduce specific vulnerabilities. Compatibility Issues Encrypted emails require recipients to use a compatible decryption method to read the email content. The sender and receiver can have different or incompatible email clients or systems, hindering decryption. Possible Inconvenience for Recipients Many recipients, especially non-tech staff, may find accessing emails inconvenient as they require decryption keys. If a recipient has lost the keys, they can’t read the email. If the email content is crucial or time-sensitive, desired actions can’t be taken on time. Key Management Challenges Managing encryption keys can be challenging for many users. If they don’t know the implications and store them on public servers, hackers may access them and harm the organization. It happened in the real world when sensitive US military information was spilled online due to human error. Thus, users must be made aware of what email encryption is and how it works through proper training. Open Source Tools for Email Encryption Linux and information security (infosec) professionals prefer using open-source tools because their source code is publicly available and can be modified according to individual needs. So, if you want to implement email encryption in your communications, let’s explore some of the best open-source email encryption tools for Linux. GnuPG (GPG) GnuPG (GPG) is an open-source, accessible, and user-friendly command-line tool for Linux systems that helps implement end-to-end email encryption. This universally accepted tool lets you encrypt data and works across various email clients, including Apple Mail, Microsoft Outlook, and Thunderbird. Major GNU/Linux Oses have this tool installed by default. GPG fully implements the OpenPGP standard defined by PGP or RFC4880. This free software was introduced in1997 and has a GNU General Public license. It allows anyone to freely use, distribute, and modify it under the GNU terms. GnuPG’s latest version is 2.4.5. GPG’s key management system is versatile and has an access module with several public key directories. It’s feature-rich, boasting many front-end libraries and applications, a graphical user interface, front-end scripting tools, and more. GPG also supports Secure Shell (SSH) and S/MIME and easily integrates with various applications. How GPG implements end-to-end email encryption GPG utilizes public key encryption to safeguard emails. It combines symmetric cryptology (Secret Key) and asymmetric cryptography (Public Key + Private Key) to ensure high protection. To encrypt email content, you can utilize someone’s public key so that only the person with the corresponding private key can decrypt the email content. Here’s how to use GPG for email encryption. It also leverages embedded digital signatures to address the risks related to non-repudiation and data authentication. Download and install GPG on your Linux system Generate a public-private key pair Share the public key securely with the intended receiver Obtain the public key from the receiver Import into GPG the receiver’s public key Compose an email In the email client you use, choose the “Encrypt” button. GPG will encrypt the email message automatically. Send your email. GPG Benefits Highly secure with asymmetric cryptographic and symmetric cryptology Customizable to meet your needs and works with various email clients Easy to use and learn and widely supported Integrates with multiple applications and tools Reliability and performance Drawbacks Can be complex to set up Requires a public key exchange Use Cases GPG is preferred by organizations that are heavily regulated and require high security, such as financial institutions, healthcare organizations, banks,government bodies, activists, and individuals to protect sensitive information. S/MIME Secure/Multipurpose Internet Mail Extensions (S/MIME) is a public key encryption standard. It’s compatible with major enterprise-level email clients like Outlook, Gmail, etc. S/MIME offers two services: Email encryption to protect email content Digital signatures to verify the sender's identity How Does S/MIME Work? S/MIME leverages asymmetric encryption using a pair of Public and Private keys. These key pairs are different but mathematically related and are used for encryption and decryption. Install a S/MIME certificate on both email clients to enable email encryption on both the sender and receiver sides. When the sender sends an email, they ask the recipient for their public key and encrypt it using this public key. When the email reaches the recipient, they decrypt it with their private key. To ensure only an authorized sender can send an email, S/MIME affixes a digital signature to it. Thus, obtain the recipient's digital signature if you want to send an email with S/MIME encryption. In addition, you’ll need S/MIME certificates. Certified authorities and third-party authorities provide these S/MIME certificates. S/MIME Benefits Native support for email clients like Outlook, Gmail, etc. High-security with encryption keys Email content confidentiality and integrity Secure digital signatures for sender authentication Safety net in legal proceedings as S/MIME voluntarily offers signature non-repudiation by the sender Drawbacks Dependency on certificate authorities Cost of obtaining certificates Use Cases S/MIME is preferred mainly in the corporate environments. Businesses need it for identity verification and to prevent unauthorized access. Other Tools Other tools for email encryption include: Mailvelope Mailvelope is an open-source add-on for Chrome, Firefox, and Edge web browsers. It allows you toencrypt emails via PGP using a webmail provider. This browser extension provides end-to-end email encryption without changing your current email provider. In this tool, encryption and decryption works on endpoints, keeping data private and secure. Enigmail Enigmail is a free, open-source security extension for Postbox, Epyrus, and SeaMonkey. It lets you utilize OpenPGP to digitally sign and encrypt your email through a simple, intuitive user interface. It also allows you to decrypt emails and verify them. You can use, distribute, and modify the tool under the Mozilla Public License terms. Digital Certificates and Encryption Digital certificates ensure sender authentication, which is why it’s crucial to obtain them. As discussed earlier, you can get them from a certified authority of a third-party provider. Let’s now understand how to obtain and manage digital certificates using providers like Let's Encrypt and OpenSSL. Let's Encrypt Let's Encrypt is an open and automated Certificate Authority (CA) that offers free SSL/TLS certificates to enable secure email transmission. Provided by the Internet Security Research Group (ISRG), Let's Encrypt certificates help protect email servers. How Let’s Encrypt Works The ACME protocol and Let’s Encrypt allow you to configure an HTTPS server and obtain a digital certificate automatically. Let’s Encrypt checks that the person who controls that domain makes the certification request. To verify this, it sends a unique token only to retrieve a key from the token later by creating a DNS or web request. If the CA verifies the client, the client can request, revoke, or renew certificates for the domain. Let's Encrypt Advantages Cost-effectiveness as it offers digital certificates for free Ease of certificate management and renewal Promotes widespread encryption adoption, making the internet safer for all Automatic digital certificate generation, configuration, and usage Offers transparency ascertificates are recorded publicly, allowing anyone to inspect them Limitations Let’s Encrypt offers domain-validated certificates, meaning validating only ownership, not the entity 90-day expiration, but are renewed automatically 5 duplicate certificates per week Lacks dedicated support Use Cases Let’s Encrypt is ideal for server authentication but not directly applicable to personal email encryption. This service helps individuals and organizations who want to enable HTTPS on their websites. OpenSSL OpenSSL is an open-source, powerful, and fully-featured toolkit for enabling SSL/TLS encryption. It helps you perform general-purpose cryptography to protect your communications. The software is developed and maintained by the OpenSSL Project. It has an Apache-style license, meaning you can use it for free for your commercial and non-commercial needs under the license terms. Its core library is coded in C and offers multiple utility functions. It also has wrappers for using the OpenSSL library in different computer languages. OpenSSL is used by many web servers and major HTTPS sites and helps secure your emails. This security toolkit has three major components: The libcrypto library comes with many APIs for cryptography The libssl library comes with functions to enable peer-to-peer communication security The command-line utility performs cryptographic tasks like encrypting or decrypting files, generating certificates, etc. How to use OpenSSL to create self-signed certificates Generate a private key for encryption using OpenSSL by entering the following command: openssl genrsa -out yourdomain.key 2048 Create your Certificate Signing Request (CSR) using the private key generated above. Here’s the command to do that: openssl req -new -key yourdomain.key -out yourdomain.csr After this, you’ll be asked to fill in some information. Enter that. Create your self-signedcertificate that uses its own private key: openssl x509 -req -days 3650 -in your domain.csr -signkey yourdomain.key -out yourdomain.crt Advantages of OpenSSL Feature-rich tool Flexibility as you’ll retain complete control over the certificate attributes and parameters Wide usage and strong community support Cost-friendly as it’s free and open-source Platform independent - Linux, Windows, and macOS Limitations and Considerations Trust issues, as self-signed certificates, are not verified by an external CA Complexity, as it requires technical knowledge to generate and manage certificates. Use Cases OpenSSL is used by organizations across the world, from startups to enterprises. Some significant users include Infosys, Panasonic Corp, Fujitsu Ltd, and more. Challenges and Solutions When Sending Encrypted Email Key Management and Exchange Managing and distributing public and private encryption keys while sending encrypted emails and keeping them secure from attackers is challenging. Solution: To overcome this challenge: Store encryption keys on a secure public cloud server like AWS, GCP, etc. It’s cheaper, convenient, and user-friendly, but it might pose compliance issues in specific legislation. Store keys on a private cloud or on-premises server in the same country for better data security and compliance with applicable laws. This could be expensive, though. Exchange encryption keys manually without relying on a third party. User Education and Adoption Using email encryption is generally difficult to use, impacting the adoption rate. Solution: To overcome this challenge, address the learning curve. Invest in training your employees on using email encryption and best practices. For example, they must know how to encrypt and decrypt emails to read email content, store keys on a private server, and more. Instead of troubling users with extra account creations, logins, orquestions, prioritize user experience. Simplify email encryption by: Leveraging user-friendly resources and tools, like ProtonMail or Hushmail, to ease the adoption process. Adjusting protocols based on different environments Enabling decryption via a web browser and verifying emails to authenticate identity Implementing data access permissions and controls to encrypted emails for information security Practical Tips for Email Encryption Best Practices for Email Encryption Encrypt your emails, all of them, for greater data security and privacy Choose a suitable email encryption system and method based on your organization’s needs. Authenticate encryption indicators while transmitting emails Backup your encryption keys and certificates Be cautious about key management and storage. Store only on secured, private servers or on-premises. Educate users on email encryption and instruct them to follow best practices. What to do if a key compromise is suspected? In case your private key is compromised or stolen: Immediately change your email passwords and modify security settings. Change the passwords of your crypto wallets or accounts Quickly move your assets or data to another, secure wallet Notify your wallet provider or crypto exchange Report the incident to regulatory bodies in your region Backup and Recovery of Encryption Keys and Certificates Consider backing up your encryption keys and certificates in a secure, private server, on-premises system, or an off-site location. If you have the backup encryption certificate, you can restore your backups. Unfortunately, if you don’t, it’s not possible. Our Final Thoughts on the Importance of Sending Secure or Encrypted Email on Linux Encrypted and secure emails are essential to protect your email and the content from unauthorized access. So, implement email encryption and secure email practices to secure your organization’s communications, keepdata private, and prevent cyberattacks. With the practical advice offered in this article, you should be well on your way to improving your email security and securing your critical data against leaks and breaches. . Adopt encryption protocols and employ secure emailing techniques to safeguard correspondence and ensure information stays protected against breaches.. Encrypted Email, Email Security, Data Protection, GnuPG, S/MIME. . Brittany Day
Jun 22, 2024
•
102
email securityemail encryptionsecure communicationGPG Encryption: Secure Email Communication on Linux Systems
Much of today’s communication in the professional world occurs via email. What could be worse than sending an email to the wrong recipient or having an email intercepted by an attacker? . There are many reasons that emails should not contain information, especially confidential or personal identifiable information, in plain text. Doing so could put a full organization at risk. Is there a solution? Yes, encryption. Asymmetric cryptography, also known as public-key cryptography, is a cryptography process that is done through a public key and a private key. In asymmetric cryptography, the encryption of data is done with the public key. Once a person encrypts the data with the recipient’s public key, and sends the data, it can only be decrypted using the private, or secret, key. No one should have access to your private key, that way even if communication is intercepted or data is sent to an unintended person, they will not be able to decrypt and read the contents of the message. GPG, or GnuPG , is an implementation of PGP that can be used with different operating systems, including Linux. It is a software that allows for secure communication. GPG is also easily integrated with other applications, making it very simple to encrypt emails and share keys. This article will introduce GPG as a great way to keep private files private on Linux. How Does GPG Work? Using GPG on Linux is extremely uncomplicated. All you need to do is install it, generate your keys, share them, and then you can start using it. To install GPG, you can run sudo apt-get install gnupg in your command line. Once that is complete, run gpg --gen-key to generate a key pair. To allow people to send you encrypted data that you can decrypt using the private key, you need to share the public key. This is done by typing gpg --output ~/mygpg.key --armor --export
Nov 21, 2022
•
102
network securitydata protectionsecurity measuresGnuPG and Pine: Secure Your Emails for Enhanced Cybersecurity
Sending sensitive data through email has become a frequent practice among online workers. However, not all sources you send can be trusted entirely, as someone could be hacked or want to use your information for malicious intent. GnuPG , an easy-to-use encryption service, can help you ensure data and network security so only those who need access can see the information being sent. . GnuPG, or the GNU Privacy Guard, is a free drop-in replacement for PGP, Pretty Good Privacy. PGP is a standard file encryption and security service that utilizes public key cryptography cyber security to protect the communication between two parties. GnuPG implements the OpenPGP standard as outlined in RFC 2440. Pine is a popular mail and news client that can prioritize using GnuPG to improve security posture within a company. This article will discuss how GnuPG and Pine can work as a secure email system, ensuring data and network security. As we continue the article, GnuPG and Pine will be discussed, assuming both are installed on your device. If not, consider downloading them to follow along as you read. If you use an RPM-based system, the EnGarde 1.0.1 system already includes “pinegpgp.” To install it, implement "rpm -Uvh ." Throughout this article, all key examples are fictitious, nonexistent, and invalid. The pinepgpg examples use a valid code (0xD3292967), which can be found on the keyservers. What is GnuPG Encryption? How Is It Different from PGP? GnuPG encryption is a free network security toolkit that can be implemented quickly for beginning email security clients. This software encrypts messages and files sent between two parties, which involves scrambling the data to prevent outsiders from accessing what is written. Regarding differences, GnuPG is open-source material available to the public, while PGP is not. Though developed over twenty years ago, GnuPG is still a very helpful and secure software company that can rely on to guarantee data and network security. Can I Use GnuPG on a Remote System? Avoid doing this at all costs, as you will never have physical control over a secret key ring. Local computers should be utilized in all steps of the encryption process to avoid opportunities for cybersecurity vulnerabilities to be exploited. If you use a connected server, have a strong password that will protect your key, and make sure to have a trusted system administrator. If you must use a remote system, consider generating the keypair on a desktop and copying the keyring to the machine to ensure protection and safety. How Can I Encrypt and Sign Messages with GnuPG Commands? Here are the steps you need to take to generate keys to join everyone else with these cyber security trends that will promise your company protection. You will first need to execute the command “gpg” to set up your ~/.gnupg directory: [ryan@mastermind ryan]$ gpg gpg: Warning: using insecure memory! gpg: /home/ryan/.gnupg: directory created gpg: /home/ryan/.gnupg/options: new options file created gpg: you have to start GnuPG again so that it can read the new options file You are now set up for key generation. Start with the command “gpg --gen-key” [ryan@mastermind ryan]$ gpg --gen-key gpg (GnuPG) 1.0.4; Copyright (C) 2000 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you can redistribute it under certain conditions. See the file COPYING for details. gpg: Warning: using insecure memory! gpg: /home/ryan/.gnupg/secring.gpg: keyring created gpg: /home/ryan/.gnupg/pubring.gpg: keyring created Step 1: Select Key Type The first step in GnuPG key generation is choosing exactly what type of key you want. You will see the screen below, where you will be asked to select that key. Please select what kind of key you want: (1) DSA and ElGamal (default) (2) DSA (sign only) (4) ElGamal (sign and encrypt) Yourselection? 1 A Digital Signature Algorithm (DSA) generates digital signatures. An ElGamal (ELG-E) does both digital signatures and encryption. If you are mainly focused on identity verifications, then DSA keys are best. If you also want to send encrypted emails with sensitive information, then using EIGamal is a good idea. As a result, most people prefer to use the default option since you can perform all of the actions whenever needed. In the following steps, we will assume the user selected option 1. Step 2: Select Keypair Size You will need to determine the ELG-E keypair size in the next step. DSA keypair will have 1024 bits. About to generate a new ELG-E keypair. (1) minimum keysize is768 bits (2) default keysize is 1024 bits Highest suggested keysize is 2048 bits What keysize do you want? (1024) 1024 The default size, 1024, is the best choice, as more is unnecessary. You will then receive a confirmation on screen. Requested keysize is 1024 bits Step 3: Select Key Lifetime Choose how long the key will be valid. Typically, you will want it to be forever, and the default assumes you want a key that does not expire. If you wish to an end date, this screen is where you can make adjustments: Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 0 You will then be presented with a confirmation: Key does not expire at all Is this correct (y/n)? y Step 4: Create User ID GnuPG will generate a User ID for you that is unique to the key and derives from your name, email address, and any comments you make: You need a User-ID to identify your key; the software constructs the user id from Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) ;" Real name: Ryan W. Maple Email address: ryan@guardiandigital.com Comment: Guardian Digital, Inc. You will then need to confirm the information. You selected this USER-ID: "Ryan W. Maple (Guardian Digital, Inc.) ;" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O Step 5: Select Passphrase When signing or encrypting something, you will need a passphrase to unlock your secret key. A good passphrase requires a long combination of lowercase and uppercase letters, numbers, and punctuation. When entering your passphrase, this is what your screen will look like: You need a Passphrase to protect your secret key. Enter passphrase: Repeat passphrase: Finally, GnuPG attempts to generate many random bytes to encrypt your private key. This will be your screen: We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. Start doing the “other action” recommended to help the GnuPG generate the random numbers needed for your key. Then you will see a success message: public and secret key created and signed. What is a Revocation Certificate? You will need a revocation certificate if you forget your passphrase or the key is compromised. The GnuPG manual explains that should this take place, you must immediately notify others of the cloud security breach or network security issues. You can still verify past documents with the signature, but you should not generate more encryptions with that passphrase. To create a revocation certificate, execute the command “gpg --gen-revoke user@host”: [ryan@mastermind ryan]$ gpg --gen-revoke --output revocation.asc ryan@guardiandigital.com gpg: Warning: using insecure memory! sec1024D/60DDF66A 2001-01-03Ryan W. Maple (Guardian Digital, Inc.) ; Create a revocation certificate for this key? y Afterward, you will need to provide the reason for revocation. Option 1 is most common, but options 2 and 3 result from choosing a shorter time span on your key pair: Please select the reason for the revocation: 1 = Key has been compromised 2 = Key is superseded 3 = Key is no longer used 0 = Cancel Your decision? 1 Enter an optional description; end it with an empty line: > Reason for revocation: Key has been compromised (No description given) Is this okay? Y You need a passphrase to unlock the secret key for user: "Ryan W. Maple (Guardian Digital, Inc.) ;" 1024-bit DSA key, ID 60DDF66A, created 2001-01-03 Enter passphrase: Following this, your revocation certificate will be stored, and you will receive a warning: ASCII armored output forced. Revocation certificate created. Please move it to a medium you can hide away; if Mallory gets access to this certificate, he can use it to make your key unusable. Printing this certificate and storing it in case your media becomes unreadable is smart. But be cautious: Your machine's print system might store the data and make it available to others! Keep this certificate in a safe place: [ryan@mastermind ryan]$ cat revocation.asc -----BEGIN PGP PUBLIC KEY BLOCK-----Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see https://www.gnupg.org Comment: A revocation certificate should follow iEkEIBECAAkFAjpbhzACHQIACgkQZi8S3ZLqN2GZHgCgsWbCMQBiExcvoGDZJQfniHbGOuYAoJndfnpvYloGReJZ1nTDwKGgWoN+=aXah -----END PGP PUBLIC KEY BLOCK----- Final Details for Revocation Certificate Keep the keypair and revocation certificate in a safeplace, such as storing it on a read-only media, in a tarball, or a safe deposit box by executing the following command (as long as your file is a “revocation.asc”): [ryan@mastermind ryan]$ tar -cvf gnupg-BACKUP-2001-01.tar .gnupg revocation.asc If your key gets compromised, you can issue your certificate to make your keys null and void, protecting yourself and your company. Also, consider exporting a copy of your public key to keyservers so others can retrieve it if needed. Keyservers share public key information in a distributed fashion so that other servers can reach it quickly should any network security issues arise. To export a copy of your public key to stdout, execute the command: [ryan@mastermind ryan]$ gpg --export --armor
Apr 12, 2001
•
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More