Not all encryption methods require an encryption key pair. AES256 requires only
ID: 3918411 • Letter: N
Question
Not all encryption methods require an encryption key pair. AES256 requires only a shared passphrase and the correct syntax. Use the Internet to research the correct syntax for using this encryption method with GPG and complete the following tasks to encrypt and decrypt a new file. Make screen captures to record your progress. *** My name is Korri ***
a. On TargetLinux01, log in as the student and create a new file called yourname.txt, replacing yourname with your own name, and add the following text: This is a test of AES256 encryption.
b. Use AES256 encryption with GPG to encrypt the file and remove the original file from the directory, leaving only the encrypted version of the file.
c. Copy the file to the Instructor account, change the permissions on the file, and then decrypt the file using the encryption passphrase.
SCREEN CAPTURE PLEASE
Explanation / Answer
vi /root/.gnupg/gpg.conf
Add gpg.conf encryption algo as cipher-algo AES256and below sample config file
root@testtool24:/tmp# cat /root/.gnupg/gpg.conf
# Options for GnuPG
# Copyright 1998, 1999, 2000, 2001, 2002, 2003,
# 2010Free Software Foundation, Inc.
#
# This file is free software; as a special exception the authorgives
# unlimited permission to copy and/or distribute it, with orwithout
# modifications, as long as this notice is preserved.
#
# This file is distributed in the hope that it will be useful,but
# WITHOUT ANY WARRANTY, to the extent permitted by law; withouteven the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULARPURPOSE.
#
# Unless you specify which option file to use (with the commandline
# option "--options filename"), GnuPG uses the file~/.gnupg/gpg.conf
# by default.
#
# An options file can contain any long options which are availablein
# GnuPG. If the first non white space character of a line is a'#',
# this line is ignored. Empty lines are also ignored.
#
# See the man page for a list of options.
# Uncomment the following option to get rid of the copyrightnotice
#no-greeting
# If you have more than 1 secret key in your keyring, you maywant to
# uncomment the following option and set your preferred keyid.
#default-key 621CC013
# If you do not pass a recipient to gpg, it will ask forone. Using
# this option you can encrypt to a default key. Keyvalidation will
# not be done in this case. The second form uses the defaultkey as
# default recipient.
#default-recipient some-user-id
#default-recipient-self
# Use --encrypt-to to add the specified key as a recipient toall
# messages. This is useful, for example, when sending mailthrough a
# mail client that does not automatically encrypt mail to yourkey.
# In the example, this option allows you to read your local copyof
# encrypted mail that you've sent to others.
#encrypt-to some-key-id
# By default GnuPG creates version 4 signatures for data filesas
# specified by OpenPGP. Some earlier (PGP 6, PGP 7) versionsof PGP
# require the older version 3 signatures. Setting this optionforces
# GnuPG to create version 3 signatures.
#force-v3-sigs
# Because some mailers change lines starting with "From " to">From "
# it is good to handle such lines in a special way whencreating
# cleartext signatures; all other PGP versions do it this waytoo.
#no-escape-from-lines
# If you do not use the Latin-1 (ISO-8859-1) charset, you shouldtell
# GnuPG which is the native character set. Please check theman page
# for supported character sets. This character set is onlyused for
# metadata and not for the actual message which does not undergoany
# translation. Note that future version of GnuPG will changeto UTF-8
# as default character set. In most cases this option is notrequired
# as GnuPG is able to figure out the correct charset atruntime.
#charset utf-8
# Group names may be defined like this:
# group mynames = paige 0x12345678 joe patti
#
# Any time "mynames" is a recipient (-r or --recipient), it willbe
# expanded to the names "paige", "joe", and "patti", and the keyID
# "0x12345678". Note there is only one level of expansion -you
# cannot make an group that points to another group. Notealso that
# if there are spaces in the recipient name, this will appear astwo
# recipients. In these cases it is better to use the keyID.
#group mynames = paige 0x12345678 joe patti
# Lock the file only once for the lifetime of a process. If you do
# not define this, the lock will be obtained and released everytime
# it is needed, which is usually preferable.
#lock-once
# GnuPG can send and receive keys to and from a keyserver. These
# servers can be HKP, email, or LDAP (if GnuPG is built withLDAP
# support).
#
# Example HKP keyserver:
# hkp://keys.gnupg.net
# hkp://subkeys.pgp.net
#
# Example email keyserver:
# mailto:pgp-public-keys@keys.pgp.net
#
# Example LDAP keyservers:
# ldap://keyserver.pgp.com
#
# Regular URL syntax applies, and you can set an alternateport
# through the usual method:
# hkp://keyserver.example.net:22742
#
# Most users just set the name and type of their preferredkeyserver.
# Note that most servers (with the notable exception of
# ldap://keyserver.pgp.com) synchronize changes with eachother. Note
# also that a single server name may actually point tomultiple
# servers via DNS round-robin. hkp://keys.gnupg.net is anexample of
# such a "server", which spreads the load over a number ofphysical
# servers. To see the IP address of the server actually used,you may use
# the "--keyserver-options debug".
keyserver hkp://keys.gnupg.net
#keyserver mailto:pgp-public-keys@keys.nl.pgp.net
#keyserver ldap://keyserver.pgp.com
# Common options for keyserver functions:
#
# include-disabled : when searching, include keys marked as"disabled"
# on the keyserver (not all keyservers support this).
#
# no-include-revoked : when searching, do not include keys markedas
# "revoked" on the keyserver.
#
# verbose : show more information as the keys are fetched.
# Canbe used more than once to increase the amount
# ofinformation shown.
#
# use-temp-files : use temporary files instead of a pipe to talk tothe
# keyserver. Some platforms (Win32 for one) always
# have this on.
#
# keep-temp-files : do not delete temporary files after usingthem
# (really only useful for debugging)
#
# http-proxy="proxy" : set the proxy to use for HTTP and HKPkeyservers.
# This overrides the "http_proxy" environment variable,
# if any.
#
# auto-key-retrieve : automatically fetch keys as needed from thekeyserver
# when verifying signatures or when importing keys that
# have been revoked by a revocation key that is not
# present on the keyring.
#
# no-include-attributes : do not include attribute IDs (aka "photoIDs")
# when sending keys to the keyserver.
#keyserver-options auto-key-retrieve
# Display photo user IDs in key listings
# list-options show-photos
# Display photo user IDs when a signature from a key with aphoto is
# verified
# verify-options show-photos
# Use this program to display photo user IDs
#
# %i is expanded to a temporary file that contains the photo.
# %I is the same as %i, but the file isn't deleted afterwards byGnuPG.
# %k is expanded to the key ID of the key.
# %K is expanded to the long OpenPGP key ID of the key.
# %t is expanded to the extension of the image (e.g. "jpg").
# %T is expanded to the MIME type of the image (e.g."image/jpeg").
# %f is expanded to the fingerprint of the key.
# %% is %, of course.
#
# If %i or %I are not present, then the photo is supplied tothe
# viewer on standard input. If your platform supports it,standard
# input is the best way to do this as it avoids the time and effortin
# generating and then cleaning up a secure temp file.
#
# If no photo-viewer is provided, GnuPG will look for xloadimage,eog,
# or display (ImageMagick). On Mac OS X and Windows, thedefault is
# to use your regular JPEG image viewer.
#
# Some other viewers:
# photo-viewer "qiv %i"
# photo-viewer "ee %i"
#
# This one saves a copy of the photo ID in your homedirectory:
# photo-viewer "cat > ~/photoid-for-key-%k.%t"
#
# Use your MIME handler to view photos:
# photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -fGnuPG"
# Passphrase agent
#
# We support the old experimental passphrase agent protocol as wellas
# the new Assuan based one (currently available in the "newpg"package
# at ftp.gnupg.org/gcrypt/alpha/aegypten/). To make use ofthe agent,
# you have to run an agent as daemon and use the option
#
# For Ubuntu we now use-agent by default to support moreautomatic
# use of GPG and S/MIME encryption by GUI programs. Dependingon the
# program, users may still have to manually decide to installgnupg-agent.
use-agent
# which tries to use the agent but will fallback to the regularmode
# if there is a problem connecting to the agent. The normalway to
# locate the agent is by looking at the environment variable
# GPG_AGENT_INFO which should have been set during gpg-agentstartup.
# In certain situations the use of this variable is not possible,thus
# the option
#
# --gpg-agent-info=<path>:<pid>:1
#
# may be used to override it.
# Automatic key location
#
# GnuPG can automatically locate and retrieve keys as needed usingthe
# auto-key-locate option. This happens when encrypting to anemail
# address (in the "user@example.com" form), and there are no
# user@example.com keys on the local keyring. This optiontakes the
# following arguments, in the order they are to be tried:
#
# cert = locate a key using DNS CERT, as specified inRFC-4398.
# GnuPG can handle boththe PGP (key) and IPGP (URL + fingerprint)
# CERT methods.
#
# pka = locate a key using DNS PKA.
#
# ldap = locate a key using the PGP Universal method ofchecking
# "ldap://keys.(thedomain)". For example, encrypting to
# user@example.com willcheck ldap://keys.example.com.
#
# keyserver = locate a key using whatever keyserver is definedusing
# the keyserver option.
#
# You may also list arbitrary keyservers here by URL.
#
# Try CERT, then PKA, then LDAP, then hkp://subkeys.net:
#auto-key-locate cert pka ldap hkp://subkeys.pgp.net
cipher-algo AES256
============================================
Solution a .) root@testtool24:/tmp# cat yourname.txt
This is a test of AES256 encryption.
root@testtool24:/tmp#
b.)
root@testtool24:/tmp# vi yourname.txt
root@testtool24:/tmp# gpg --output yourname.gpg --symmetricyourname.txt
gpg: gpg-agent is not available in this session
Run cli command gpg with output encrypated file ofyourname.txt
Enter passpharse
Then encrypted file as below
-rw-r--r-- 1 root root 37 Jul 2712:40 yourname.txt
-rw-r--r-- 1 root root 117 Jul 27 12:41yourname.gpg
root@testtool24:/tmp# cat yourname.gpg
½5$~??xC±?? K{??¶p3?¡?¹uM?
Nc?jK??7w??3¼`½?©CQº¤??¶3root@testtool24:/tmp# Xshell
c.) Decrypted the text file as below cli command
root@testtool24:/home/mpug# chmod 777 yourname.gpg
root@testtool24:/home/mpug# gpg --output yourname.txt -dyourname.gpg
gpg: AES256 encrypted data
gpg: gpg-agent is not available in this session
gpg: encrypted with 1 passphrase
----
After decrypted we get the original text using AES256 alog
drwxrwxr-x 3 mpug mpug 4096 Jun 29 03:10http_simulator
-rwxrwxrwx 1 root root 117 Jul 27 12:43yourname.gpg
-rw-r--r-- 1 root root 37 Jul 2712:46 yourname.txt
root@testtool24:/home/mpug# cat yourname.txt
This is a test of AES256 encryption.
Related Questions
drjack9650@gmail.com
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.