Thursday, 30 April 2015

Digital Signature using OpenPGP (gpg2) in RHEL7

In this tutorial, Batul will create a public-private key pair. And give her public key to her friend Shabbir so that he can verify the digital signature on files sent by her.

Batul will sign a file using her private key and send the file along with the signature to Shabbir. Shabbir will verify the signature on the file using Batul's public key.

Since nobody else knows Batul's private key, only Batul could have signed the file. So Shabbir can be sure that the file has been sent by Batul and that it has not been modified in transit. 

 
Batul's Machine:
1) Install package
[batul@server3 ~]$ sudo yum -y install gnupg2

2) Generate public-private key pair. Enter passphrase to protect the private key. 
[batul@server3 ~]$ gpg2 --gen-key

3) List the key.
[batul@server3 ~]$ gpg2 --list-key
/home/batul/.gnupg/pubring.gpg
------------------------------
pub   2048R/13A3D971 2015-04-30
uid                  batul dahod (batul's encrpt key) <batul@mycompany.com>
sub   2048R/8AE3A0FA 2015-04-30

4) Save the public key in a file.
[batul@server3 ~]$ gpg2 --export "batul dahod" > batul.pub

5) The public key file 'batul.pub' is given to Batul's friend Shabbir , so that he can verify the digital signature on files sent by her.

6) Create a digital signature on the file 'hello.txt'
 [batul@server3 ~]$ gpg2 --armor --detach-sign hello.txt

You need a passphrase to unlock the secret key for
user: "batul dahod (batul's encrpt key) <batul@mycompany.com>"
2048-bit RSA key, ID 13A3D971, created 2015-04-30

7) Send the file 'hello.txt' and the signature file 'hello.txt.asc' to Shabbir.

 Shabbir's Machine:
1) Install Batul's public key
[shabbir@meru ~]$ gpg2 --import batul.pub
gpg: key 13A3D971: public key "batul dahod (batul's encrpt key) <batul@mycompany.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

2) Verify digital signature on the file 'hello.txt' using the signature file 'hello.txt.asc'
[shabbir@meru ~]$ gpg2 --verify hello.txt.asc hello.txt
gpg: Signature made Thu 30 Apr 2015 05:48:32 PM IST using RSA key ID 13A3D971
gpg: Good signature from "batul dahod (batul's encrpt key) <batul@mycompany.com>"

1 comment: