Mini tuto claves gpg o pgp
Resumen
GPG es una herramienta de cifrado muy potente y fácil de usar, que en principio, a la mayoría no nos hace falta, pero puede que se nos presente la necesidad de enviar algo por medio inseguros (porque no haya más remedio), haciéndolo de esta forma podremos hacerlo sin miedo ha que lean el contenido del archivo o nos den el cambiazo. Este es un tema bastante extenso y si no lo acabas de entender puede ser un lío
How SSH Authenticates Users
Clients generally authenticate either using passwords (less secure and not recommended) or SSH keys, which are very secure.
Password logins are encrypted and are easy to understand for new users. However, automated bots and malicious users will often repeatedly try to authenticate to accounts that allow password-based logins, which can lead to security compromises. For this reason, we recommend always setting up SSH key-based authentication for most configurations.
SSH keys are a matching set of cryptographic keys which can be used for authentication. Each set contains a public and a private key. The public key can be shared freely without concern, while the private key must be vigilantly guarded and never exposed to anyone.
Cifrado Simetrico
creamos un texto ´´´echo “Genbeta Dev” > texto.txt´´´
Lo ciframos, nos aparecerá un cuadro que nos pide la contraseña y se generará un archivo .gpg ´´´gpg -c texto.txt´´´
Lo descifraremos
gpg -d texto.txt.gpg
Cifrado Asimetrico (este es el usado en bitcoin?)
Generar el par de claves
gpg --gen-key
gpg: clave B2C1AF8F marcada como de confianza absoluta claves pública y secreta creadas y firmadas.
gpg: comprobando base de datos de confianza gpg: 3 dudosa(s) necesarias, 1 completa(s) necesarias, modelo de confianza PGP gpg: nivel: 0 validez: 1 firmada: 0 confianza: 0-, 0q, 0n, 0m, 0f, 1u pub 2048R/B2C1AF8F 2014-04-19 Huella de clave = DE33 33E1 3214 AEC4 5169 95F6 13A8 68AA B2C1 AF8F uid Xunorus info@xunorus.com.ar sub 2048R/4F1FB64A 2014-04-19
Exportar y enviar la clave privada
Difundir la clave pública que acabamos de crear (la pública, nunca la privada), para exportarla en un archivo usaremos el comando gpg -output [archivo destino] –export [ID de a clave pública] (la clave pública generada antes tiene la ID B2C1AF8F).
gpg --output XunCPub.gpg --export B2C1AF8F
Subir una clave pública a un servidor de claves
Import the keys
gpg --recv-keys key IDs
gpg --send-keys --keyserver pgp.mit.edu B2C1AF8F
Importar la clave desde el archivo o servidor de claves
importar previamente la clave, desde un archivo debemos de usar el comando gpg –import [Archivo de la clave pública]
gpg --import CPub.gpg
ya en mi anillo de claves me contesta que no hay cambios.
importación desde el servidor
tenemos que usar el comando gpg –keyserver [Dirección del servidor] –recv-keys [ID de la clave].
gpg --keyserver pgp.mit.edu --recv-keys 18384645
Cifrar con la clave pública
para cifrar el documento usaremos el comando gpg —encrypt —recipient [ID de la clave] [Archivo]
echo "Genbeta Dev" > documento.txt
gpg --encrypt --recipient 18384645 documento.txt
ls
documento.txt documento.txt.gpg
Descifrar un archivo con la clave privada
descifrar con nuestra clave privada el documento tras recibirlo
gpg -d documento.txt.gpg
Firmar archivos
Una de las medidas de seguridad básicas al pasar un mensaje es
asegurarnos que el emisor es quien dice ser, para asegurarnos de esto
digitalmente existe la firma digital , pero también podemos cifrarlo y a
su vez firmarlo, que es lo que haremos con el
comando gpg -u [ID de la clave privada] --output [Archivo resultante] --sign [Archivo para firmar]
e introduciendo la contraseña de la clave privada.
echo "Genbeta Dev" > firmar.txt
Verificar y descifrar un archivo firmado
Cualquiera con la clave pública asociada a la que ha firmado el
documento puede leerlo, de la misma forma que desciframos un archivo
(gpg -d [Archivo]) o verificándolo únicamente con el comando gpg
–verify [Archivo].
gpg --verify firmar.txt.gpg
To change or remove the passphrase, simply type:
ssh-keygen -p
Enter file in which the key is (/root/.ssh/id_rsa):
You can type the location of the key you wish to modify or press ENTER to accept the default value:
Enter old passphrase:
Enter the old passphrase that you wish to change. You will then be prompted for a new passphrase:
Enter new passphrase (empty for no passphrase): Enter same passphrase again:
Displaying the SSH Key Fingerprint
Each SSH key pair share a single cryptographic “fingerprint” which can be used to uniquely identify the keys. This can be useful in a variety of situations.
To find out the fingerprint of an SSH key, type:
ssh-keygen -l
Enter file in which the key is (/root/.ssh/id_rsa):
You can press ENTER if that is the correct location of the key, else enter the revised location. You will be given a string which contains the bit-length of the key, the fingerprint, and account and host it was created for, and the algorithm used:
4096 8e:c4:82:47:87:c2:26:4b:68:ff:96:1a:39:62:9e:4e demo@test (RSA)
Copying your Public SSH Key to a Server with SSH-Copy-ID
To copy your public key to a server, allowing you to authenticate without a password, a number of approaches can be taken.
If you currently have password-based SSH access configured to your server, and you have the ssh-copy-id utility installed, this is a simple process. The ssh-copy-id tool is included in many Linux distributions’ OpenSSH packages, so it very likely may be installed by default.
If you have this option, you can easily transfer your public key by typing:
ssh-copy-id username@remote_host
Copying your Public SSH Key to a Server Manually
If you do not have password-based SSH access available, you will have to add your public key to the remote server manually.
On your local machine, you can find the contents of your public key file by typing:
cat ~/.ssh/id_rsa.pub
mkdir /etc/ssh/xunorus cp /home/xunorus/.ssh/authorized_keys /etc/ssh/xunorus/ chown -R xunorus:xunorus /etc/ssh/xunorus chmod 755 /etc/ssh/xunorus chmod 644 /etc/ssh/xunorus/authorized_keys vi /etc/ssh/sshd_config
restorecon -r -vv /home/xunorus/.ssh
log
ssh -p 9022 xunorus@xunorus.com -vv OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: resolving “xunorus.com” port 9022 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to xunorus.com [167.250.5.13] port 9022. debug1: Connection established. debug1: identity file /home/xunorus/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/xunorus/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/xunorus/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/xunorus/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/xunorus/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/xunorus/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/xunorus/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/xunorus/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH_4* compat 0x00000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to xunorus.com:9022 as ‘xunorus’ debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: host key algorithms: ssh-rsa,ssh-dss debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: MACs ctos: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: MACs stoc: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: compression ctos: none,zlib@openssh.com debug2: compression stoc: none,zlib@openssh.com debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: diffie-hellman-group-exchange-sha1 debug1: kex: host key algorithm: ssh-rsa debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<7680<8192) sent debug1: got SSH2_MSG_KEX_DH_GEX_GROUP debug2: bits set: 3077/6144 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: got SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: ssh-rsa SHA256:QNXct4uiRJZjSNByrkO5aYrBePE6Cqdrnst1r7agio4 debug1: Host ‘[xunorus.com]:9022’ is known and matches the RSA host key. debug1: Found key in /home/xunorus/.ssh/known_hosts:4 debug2: bits set: 3095/6144 debug2: set_newkeys: mode 1 debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS received debug2: key: /home/xunorus/.ssh/id_rsa (0x80cfdfe0), agent debug2: key: /home/xunorus/.ssh/id_dsa ((nil)) debug2: key: /home/xunorus/.ssh/id_ecdsa ((nil)) debug2: key: /home/xunorus/.ssh/id_ed25519 ((nil)) debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-with-mic debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available
debug2: we did not send a packet, disable method debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/xunorus/.ssh/id_rsa debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-with-mic debug1: Trying private key: /home/xunorus/.ssh/id_dsa debug1: Trying private key: /home/xunorus/.ssh/id_ecdsa debug1: Trying private key: /home/xunorus/.ssh/id_ed25519 debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey,gssapi-with-mic).
log
Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home5/xunorus/.ssh/id_rsa2. Your public key has been saved in /home5/xunorus/.ssh/id_rsa2.pub. The key fingerprint is: b1:3f:03:c2:36:d5:bb:93:94:ac:fd:70:46:7e:2a:15
sources
https://www.digitalocean.com/community/tutorials/ssh-essentials-working-with-ssh-servers-clients-and-keys
INFO DE LA DOCUMENTACION
-c Encrypt with a symmetric cipher using a passphrase. The default symmetric cipher used is CAST5, but may be chosen with the –cipher-algo option. This option may be com‐ bined with –sign (for a signed and symmetri‐ cally encrypted message), –encrypt (for a message that may be decrypted via a secret key or a passphrase), or –sign and –encrypt together (for a signed message that may be decrypted via a secret key or a passphrase).
–gen-key Generate a new key pair. This command is nor‐ mally only used interactively.
There is an experimental feature which allows
you to create keys in batch mode. See the
file ‘doc/DETAILS’ in the source distribution
on how to use this.
–recv-keys key IDs Import the keys with the given key IDs from a keyserver. Option –keyserver must be used to give the name of this keyserver.
http://www.cartoon-world.tv/watch/south-park/
http://thepiratebay.se/torrent/9810238/The_Wolf_of_Wall_Street_%5B2013%5D-480p-BRrip-x264-StyLishSaLH_%28StyL