Encryption and Security Homepage
Encryption Types
Set-Up Instructions
* S/MIME Set-up Information
* OpenPGP Set-up Information
- Advanced Settings
- Encrypting Webmail
- FAQ
Key Types
OpenPGP Command Line
How PGP Works
OpenPGP Links
File Verification
Anonymous Surfing
Downloads
The Mobility Project
OpenPGP - Command Line Settings
On this page, I have listed a set of useful command line options for various purposes:
Contents:
Integrate GnuPG With Windows Command Line
Adding a photo ID to your public key
Creating a subkey
Changing an expiry date
Other Features (Advanced)
Integrate
GnuPG
With Windows
Command Line:
In
order to use GnuPG to its full potential, it is sometimes necessary to
use the command line. If you are going to do this, I would
highly
recommend that you configure GnuPG as shown below so that it is easier
for you to access the commands. This is only necessary if you
are
using Windows since Mac and Linux installations of GnuPG are already
fully integrated with the command line.
Right-Click on MY COMPUTER, select PROPERTIES, then select the
ADVANCED tab.
Click on ENVIRONMENT VARIABLES then select PATH in the top box.
Highlight PATH in the bottom box.
Click EDIT and at the end of the line, type ";C:\Program Files\GnuPG\;"
without the quotes but including the semi-colons. Where I have used
"C:\Program Files", you should put the path where you installed GnuPG.
This
will allow you to open the command prompt (START > RUN >
CMD) and
simply type "gpg" followed by the command switch to use the advanced
features of GnuPG.
Adding a photo
ID to your public
key:
This
can be a useful tool to help others confirm that the public key they
have belongs to you. Please be aware however that you will not be able
to change the photograph once you have added it to your key, and if you
use a keyserver, it will be accessible to anyone who downloads your key.
Launch the Command Prompt by
going to START > RUN and
typing "cmd" without the quotes. Then, type the following:
"gpg --edit-key [key ID]" (without quotes, replace
[key ID] with alphanumeric code of your key pair)
"addphoto"
enter the path for your photo. Pay attention to the warnings given in
the cmd window.
When you have finished, type "save" then "quit" without the quotes.
Creating a subkey:
To
create a subkey, you must use the GnuPG command line to create a "sign
only" key and an "encrypt only" subkey. In this example, I
selected a
2048bit RSA signing key with a 3096bit RSA encryption subkey, but you
can choose your own combination.
Launch
the command prompt
type "gpg --gen-key"
type "5"
type "2048"
Select your key expiry in days (I chose 366)
type "y" to confirm
Type your name
Type email address
If required, type a comment, otherwise leave blank and press enter
Type "o" for ok and press enter
Enter a passphrase (you must remember this)
Confirm your passphrase
The signing key will now generate - this may take a few minutes.
Once the signing key has been generated, you will be given a key ID. It will appear in the cmd window next to the size. For example, it might be "2048R/12AB3456". Your key ID is 12AB3456. You now need to create the encryption subkey:
In
the cmd window, type "gpg --edit-key 12AB3456
(replace with your own key ID)
Type "addkey"
enter your passphrase
Type "6"
Type "3096"
Type "366" (or the same expiration properties as you used previously)
Confirm your options by typing "y" then "y" again. The subkey will now
be created.
Type "save" and exit the cmd window
Once this has been created, open the Enigmail Key Management window and go to FILE > RELOAD KEY CACHE and your new signing key with encryption subkey will be available for use.
Changing an
expiry date:
Changing an expiry date of a key utilises the --edit-key option in the
GnuPG Command Line.
Type "gpg --edit-key 12AB3456"
(replace with your
own key ID)
Type "expire"
Enter a new key expiry date (runs from the day you alter it)
Type "y" to confirm
Enter your passphrase and press return
Type "save" when finished
Once you become more comfortable with using the GnuPG command line, you will be able to perform many operations yourself. If you are unsure of a particular command, open the Command Line and type "gpg --help" or if you are mid-way through editing a key, type "help" and all the possible commands will be shown. If you need any help with this, please feel free to contact me and I'll try to help.
Other Features
(Advanced):
There
are many more advanced features that you can use with th GnuPG Command
Line, and I've found a website with an excellent list of
commands.
These are not all the commands available, but I would imagine there's
very little that you could want to do that isn't listed here.
This
includes the ability to disable certain ciphers (if you are looking
into this, I would suggest you disable 3DES)
for encryption, and many more expert options. The document states it is
for Linux and Unix, but all the comands should still work in Windows
and MacOS. Click
here to see the list of commands.
For general advanced settings not related to the command line, click here.