# GPG



#### Créer une clé GPG:



### Liste des clés:

Clés publiques:

```bash
$ gpg2 -list-keys
/Users/bruno/.gnupg/pubring.kbx
-------------------------------
pub   dsa2048 2010-08-19 [SC] [expires: 2024-05-11]
      85E38F69046B44C1EC9FXXXXXXXXXXXXXXXXXXXX
uid           [ unknown] GPGTools Team <team@gpgtools.org>
uid           [ unknown] [jpeg image of size 6329]
sub   rsa4096 2014-04-08 [S] [expires: 2024-05-11]
sub   rsa4096 2020-05-11 [E] [expires: 2024-05-11]

pub   dsa3072 2017-07-29 [SC] [revoked: 2019-08-16]
      C20F2E7CA759A312FC54XXXXXXXXXXXXXXXXXXXX
uid           [ revoked] Bruno Pesenti <bruno@clicclac.info>

pub   rsa4096 2019-08-16 [SC] [expires: 2025-08-16]
      2D5E6C772EC115C821BDXXXXXXXXXXXXXXXXXXXX
uid           [ultimate] Bruno Pesenti <bruno@clicclac.info>
sub   rsa4096 2019-08-16 [E] [expires: 2025-08-16]

pub   rsa4096 2019-08-16 [SC] [expires: 2024-08-16]
      995EBFA715B43A5EADA3XXXXXXXXXXXXXXXXXXXX
uid           [ultimate] Bruno Pesenti <bruno.pesenti@orange.fr>
sub   rsa4096 2019-08-16 [E] [expires: 2024-08-16]
```

Clés privées:

```bash
$ gpg --list-secret-keys

/Users/bruno/.gnupg/pubring.kbx
-------------------------------

sec   rsa4096 2017-07-29 [SC] [revoked: 2019-08-16]
      6DF29A830B9A7EE0130DXXXXXXXXXXXXXXXXXXXX
uid           [ revoked] Bruno Pesenti <bruno.pesenti@orange.fr>

sec   dsa3072 2017-07-29 [SC] [revoked: 2019-08-16]
      C20F2E7CA759A312FC54XXXXXXXXXXXXXXXXXXXX
uid           [ revoked] Bruno Pesenti <bruno@clicclac.info>

sec   rsa4096 2019-08-16 [SC] [expires: 2025-08-16]
      2D5E6C772EC115C821BDXXXXXXXXXXXXXXXXXXXX
uid           [ultimate] Bruno Pesenti <bruno@clicclac.info>
ssb   rsa4096 2019-08-16 [E] [expires: 2025-08-16]

sec   rsa4096 2019-08-16 [SC] [expires: 2024-08-16]
      995EBFA715B43A5EADA3XXXXXXXXXXXXXXXXXXXX
uid           [ultimate] Bruno Pesenti <bruno.pesenti@orange.fr>
ssb   rsa4096 2019-08-16 [E] [expires: 2024-08-16]
```



### Encrypter un fichier (--encrypt):

```bash
$ gpg2 --homedir=~/.gnupg --recipient bruno.pesenti@orange.fr --encrypt $HOME/.my.cnf
```

```bash
$ gpg2 --output $HOME/Desktop/.password.txt.gpg --recipient bruno.pesenti@orange.fr --encrypt $HOME/.password.txt
```

Le fichier `.password.txt` est destiné à *bruno.pesenti@orange.fr*. 

On l'a **encrypté** avec <u>la clé publique</u> de *bruno.pesenti@orange.fr*. Ce dernier le **décryptera** avec <u>sa clé privée</u>.

Si  *bruno.pesenti@orange.fr* veut vous envoyer un fichier crypté, il l'encryptera avec votre clé publique, et vous le décripterez avec votre clé privée.

### Décrypter un fichier (--decrypt):

```bash
$ gpg2 --homedir=~/.gnupg --output /Users/bruno/Desktop/.my.cnf --decrypt .my.cnf.gpg
gpg: encrypted with 4096-bit RSA key, ID 31C7659DE3F8009D, created 2019-08-16
      "Bruno Pesenti <bruno.pesenti@orange.fr>"
```



### Encrypter plusieurs fichiers (--multifile --encrypt):

```bash
~/Downloads/pdf master* ⇡
$ ls | gpg2 --multifile --encrypt --recipient bruno.pesenti@orange.fr

~/Downloads/pdf master* ⇡ 15s
$ ls -la
total 889052
-rw-r--r-- 1 bruno staff   2810014 Dec 24  2019 'Data Munging with Perl.pdf'
-rw-r--r-- 1 bruno staff   1349061 Feb 25 15:28 'Data Munging with Perl.pdf.gpg'
-rw-r--r-- 1 bruno staff    335834 Dec 24  2019 'Lerning perl the hars way.pdf'
-rw-r--r-- 1 bruno staff    298644 Feb 25 15:28 'Lerning perl the hars way.pdf.gpg'

```



### Décrypter plusieurs fichiers (--multifile --decrypt):

```bash
$ ls | gpg2 --multifile --decrypt
gpg: Data Munging with Perl.pdf: unknown suffix
gpg: encrypted with 4096-bit RSA key, ID 31C7659DE3F8009D, created 2019-08-16
      "Bruno Pesenti <bruno.pesenti@orange.fr>"
gpg: Lerning perl the hars way.pdf: unknown suffix
gpg: encrypted with 4096-bit RSA key, ID 31C7659DE3F8009D, created 2019-08-16
      "Bruno Pesenti <bruno.pesenti@orange.fr>"

```



### Vérification:

```bash
$ file .my.cnf.gpg
.my.cnf.gpg: PGP RSA encrypted session key - keyid: 31C7659D E3F8009D RSA (Encrypt or Sign) 4096b .
```



### Encrypter un fichier (--symmetric):

```bash
$ gpg2 --output $HOME/Desktop/.password.txt.gpg --symmetric $HOME/.password.txt
```



### Encrypter un dossier(gpgtar --encrypt):

```bash
$ gpgtar --encrypt --output .gnupgp.zip -r bruno.pesenti@orange.fr .gnupg
gpgtar: skipping unsupported file '.gnupg/S.gpg-agent.extra'
gpgtar: skipping unsupported file '.gnupg/S.gpg-agent.ssh'
gpgtar: skipping unsupported file '.gnupg/S.dirmngr'
gpgtar: skipping unsupported file '.gnupg/S.gpg-agent'
gpgtar: skipping unsupported file '.gnupg/S.gpg-agent.browser'
```



### Décrypter un dossier(gpgtar --decrypt):

```bash
$ gpgtar --decrypt .gnupgp.zip
gpgtar: gpg: encrypted with 4096-bit RSA key, ID 31C7659DE3F8009D, created 2019-08-16
gpgtar: gpg:       "Bruno Pesenti <bruno.pesenti@orange.fr>"
```



### Supprimer 'Overwrite' quand on ré-encrypte un même fichier:


```bash
$ gpg2 --output $HOME/Desktop/.password.txt.gpg --recipient bruno.pesenti@orange.fr --encrypt $HOME/.password.txt
File '/Users/bruno/Desktop/.password.txt.gpg' exists. Overwrite? (y/N) y
```

Ajouter les options batch et yes

```bash
$ cat gpg.conf
auto-key-retrieve
no-emit-version
default-key 995EBFA715B43A5EADA3XXXXXXXXXXXXXXXXXXXX
batch
yes
```