PGP Keys Tool
Hi,
could you you guide me how to create PGP keys please. I see some using pgp util, some using ssh-keygen
Which one is widely used tool please? and some reference on the installing on linux would be very helpful as well :)
we need for files transfered using SFTP
could you you guide me how to create PGP keys please. I see some using pgp util, some using ssh-keygen
Which one is widely used tool please? and some reference on the installing on linux would be very helpful as well :)
we need for files transfered using SFTP
ASKER
Thanks Louis,
Honestly, I didnt know PGP stands for Pretty Good Privacy :)
What I understood from initial chat.
1. We generate PGP keys
2. Send public key to client
3. They encrypt files and transfer to us
4. Then using private I should be able to decrypt
make sense?
Honestly, I didnt know PGP stands for Pretty Good Privacy :)
What I understood from initial chat.
1. We generate PGP keys
2. Send public key to client
3. They encrypt files and transfer to us
4. Then using private I should be able to decrypt
make sense?
Yes it make sense :-)
ASKER
could you suggest how to generate PGP key please?
wich linux are you running ? have you a GUI installed, if yes which one ?
ASKER
Have Amazon LInux and Centos 7
No GUI :(
No GUI :(
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1) SFTP is used for file transfers.
2) PGP rarely used with SFTP.
3) SFTP ties in with sshd so you can either use default account management on server for password management or use ssh-keygen to generate a key to use.
4) If you're goal is automated SFTP operations (like in CRON jobs), then you'll create an empty passphrase keypair, so CRON jobs can run without blocking (forever) asking CRON for a password.
5) To create + use an empty passphrase keypair...
a) Generate Key: ssh-keygen -q -N "" -b 4096 -t rsa -f ~/.ssh/transfer.rsa -C "File Transfer Key"
b) Propagate Pub part to server. This means some way you'll concatenate the contents ~/.ssh/transfer.rsa.pub you created into the file ~$user/authorized_key on your server (where the SFTP/SSHD daemon runs).
c) Then copy a file...
6) Be aware, rsync is far easier to use than sftp. You'll follow the same steps using rsync, generate key + propagate pub key part to server.
Then use...
7) Note: Using scp or rsync will be easier to work with, as automating sftp transfers is complex.
If you must use sftp, open a new question asking for an sftp script example.
Note: The short answer for sftp scripting is you run sftp in a way where you echo/write all commands to SFTP on it's incoming STDIN.
Way easier/robust to use scp or rsync.
2) PGP rarely used with SFTP.
3) SFTP ties in with sshd so you can either use default account management on server for password management or use ssh-keygen to generate a key to use.
4) If you're goal is automated SFTP operations (like in CRON jobs), then you'll create an empty passphrase keypair, so CRON jobs can run without blocking (forever) asking CRON for a password.
5) To create + use an empty passphrase keypair...
a) Generate Key: ssh-keygen -q -N "" -b 4096 -t rsa -f ~/.ssh/transfer.rsa -C "File Transfer Key"
b) Propagate Pub part to server. This means some way you'll concatenate the contents ~/.ssh/transfer.rsa.pub you created into the file ~$user/authorized_key on your server (where the SFTP/SSHD daemon runs).
c) Then copy a file...
sftp -i ~/.ssh/transfer.rsa $user@$server ...6) Be aware, rsync is far easier to use than sftp. You'll follow the same steps using rsync, generate key + propagate pub key part to server.
Then use...
rsync -av -e "ssh /some-absolute-path/transfer.rsa" $path $user@$server:/target-path/.7) Note: Using scp or rsync will be easier to work with, as automating sftp transfers is complex.
If you must use sftp, open a new question asking for an sftp script example.
Note: The short answer for sftp scripting is you run sftp in a way where you echo/write all commands to SFTP on it's incoming STDIN.
Way easier/robust to use scp or rsync.
Gen-key is a parameter to pass to the pgp/gpg command where you specify the key type, length..
One option is you can use the public key registry to publish your PUBLIC key
Usually it is tied to an email address.
They need to add the public key to their public keyring
This way they specifiy the destination, email and the resulting asc file is the encrypted end of the file for that person.
If not mistaken, mutt, and pine can incorporate pgp/gpg into email exchange ..for "small" file attachments
One option is you can use the public key registry to publish your PUBLIC key
Usually it is tied to an email address.
They need to add the public key to their public keyring
This way they specifiy the destination, email and the resulting asc file is the encrypted end of the file for that person.
If not mistaken, mutt, and pine can incorporate pgp/gpg into email exchange ..for "small" file attachments
Aside: On the server side, consider installing the MySecureShell SFTP server, as this is a near zero-config server which works as expected.
Other SFTP servers... require a massive amount of admin time to get working.
All sensible Linux Distros provide the MySecureShell package available for installation.
Other SFTP servers... require a massive amount of admin time to get working.
All sensible Linux Distros provide the MySecureShell package available for installation.
ASKER
Thanks a lot Louis, that helped
I'm at the last step which says generating random bytes. but it's been there for more than 15 mins. Is this expected? :)
I'm moving my mouse, typing, etc. but still there :)
I'm at the last step which says generating random bytes. but it's been there for more than 15 mins. Is this expected? :)
I'm moving my mouse, typing, etc. but still there :)
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
You have to hit the keyboard keys ......:)
yes hit keyboard key => this gives the random number
generator a better chance to gain enough entropy.
but you wrote ; I'm moving my mouse, typing, etc. but still there :) try more
or perform other tasks on the system during this step to speed up the process.
but you wrote ; I'm moving my mouse, typing, etc. but still there :) try more
or perform other tasks on the system during this step to speed up the process.
ASKER
thanks, I execute below on another terminal and that helped as well
dd if=/dev/xvdf of=/dev/zeroASKER
Thanks @David, for your alternate solution
David Factor,
PGP is quite often used with sftp, especially if you deal with any banking type transactions. They want both the secure transfer AND encrypted files...
PGP is quite often used with sftp, especially if you deal with any banking type transactions. They want both the secure transfer AND encrypted files...
Source Wikipedia:
Open in new window