As I said, Im a real beginner with GPG, but a long term Linux user and comfortable enough entering terminal every so often but sticking to the GUI for most tasks.
I know gpg is command line and am not afraid of that, Ive been using two simple GPG commands:
gpg --output file.zip --decrypt file.zip.gpg
gpg -c file.zip
to do symmetric crypto, for quite a few years, like for emailing an attached file to yourself, or emailing a file to someone else with whom youve previously shared an agreed symmetric crypto key in a face to face meeting.
But Im now looking to use the asymmetric features of GPGs more advanced crypto methods in a more sophisticated way.
Ths isnt about encryption, the exact scenario here doesnt involve that, this is about authentication. I want to be able to generate very specific messages, on rare occasions that can prove i and me.
Which is to say I want to do the equivalent of presharing a password with someone, and they would then know that any communication they were to later receive which had this password was indeed me, whatever new or anonymised channel it came from. Like if I lost my email address and had to set up a new one, within the first email from the new one I could establish that, as far as the recipient is concerned, the email really is from me and not from an imposter. Or like being able to make forum posts from anonymised accounts, but having the special password included in them all in such a way that one day I could come along and say, those posts, anonymous at the time of posting, were all mine, because see here Im the only one able to sign things with the same password.
Now in the first circumstances a simple quoted password might in theory work, but only once, or maybe not even that long if the first email from a new address got intercepted, blocked and an imposter sent one of his own from another address now that he knew the password. In the second scenario, the moment you quote the password in the first of a series of posts, all from different accounts on different forums maybe, then everyone can learn it and anyone could impersonate you.
So I want to use asymmetric crypto, particularly the gpg tool as it is already preinstalled in most Linux distros so that anyone I talk with can easily have it at hand too, to sign myself wirh a password. I can pre-share information initially, but the main point is to be able to tell someone that, if you receive a message which can $(pass certain gpg based test with the right result) youll know it came from me. Its like having the opposite of normal asymmetric crypto, a publically shared key that anyone can use to decrypt the signature and a private key that only I can encrypt with.
I want this to be independent of actual encryption, I dont want to HAVE to encrypt the messages I do this with, I want to be able to sent authenticated mesages so people can authenticate them properly, but if my recipient hasnt the time right now to properly authenticate a mesage Id like them to still be able to read the contents.
I couldnt find a guide online when searching for this concept, but was probably using the wrong keywords. can anyone point me to an EASY tutorial (command line familiar but not a gpg expert and very sketchy on what various ggpg specific and crypto specific terms all mean in the formal sense, text and image (not video) tutorials preferred) about how to use gpg in this application, for making a uniquely quotable password by which I can prove that a communication I send, to a recipient I already know, is indeed me.
Thank you, your help is most greatly appreciated
Edited by EncryptiAdvicePlease, 19 October 2024 - 07:07 PM.
Back to top
