Tarun Rajnish

Tarun

Simplest Way to Generate PGP Keys and Encrypt a File Using PowerShell

PGP

Here is the Wikipedia link to PGP.

PGP is a common asymmetric cryptographic algorithm. In short, data is encrypted using the receivers public key and decrypted by the receiver using the private key that is mathematically related to the public key, along with a passphrase to unlock the key. One of the properties that makes PGP very secure is that it uses a MULTI-LINE private key. 

Generating a PGP Key Pair

  • Download Gpg4Win here: https://gpg4win.org/download.html
  • Restart your machine and open PowerShell (You might have to open as Administrator depending on you machine privileges)
  • Type gpg --list-keys to check if gpg has been installed properly.
  • To start generating a new key pair, type gpg --full-generate-key
  • Choose Option 1 and press Enter to select RSA encryption, which is considered very strong and safe.
  • Then you will be prompted to select the Number of Bits you want your key to be. Just press Enter for the default 3072 bits, or if you need a more secure key, type 4096.
  • Next, select your expiration timeframe. For example: 1y.
  • Type y when prompted for the confirmation if everything looks good.
  • Give a name that can identify the user, team, or functionality of the key. For example: John Doe.
  • Enter a suitable email (does not have to be a real email id) that can identify the user, team, or functionality of the key. For example: jd@gmail.com.
  • Leave a comment that describes the key.
  • Generate passphrase from https://untroubled.org/pwgen/ppgen.cgi?wordcount=3&minlen=1&maxlen=8&randcaps=first&numlen=2&submit=Generate+Passphrase
  • The key will start generating. Introduce some entropy by performing random actions on your machine that increases the randomness of the bits.
  • Confirm the public key generation by typing gpg --list-keys. Notice the key id.
  • If you need to export the key as a multi-line asc file, use gpg --export -a <public_key_id> > <public_key_filename>.asc.
  • Similarly, for the private key, you can use:
    gpg --list-secret-keys
    gpg --export-secret-key -a <private_key_id> > <private_key_filename>.asc

Encrypting a File

  • To test out encryption, create a text file hello_world.txt with some content in it.
  • To encrypt, fetch the public key id and type gpg --encrypt --recipient <public_key_id> .\hello_world.txt
  • To decrypt, the associated private key will automatically be detected since it was uploaded to the key-ring when it was created. Type gpg --decrypt .\hello_world.txt.gpg

Extra: Uploading the Key to Azure Key-Vault

In order to upload the key as a secret to Azure Key-Vault, extra care must be taken to ensure it is in multi-line format and that the Azure CLI is used to while uploading.

See my other blog post https://www.tarunrajnish.com/blog/uploading-multi-line-secrets-to-azure-key-vault/ for more information.

Related Posts:

, , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

1 × four =

Recent Posts

Search by Tag

android azure Big Data blockchain bolt thrower bubble growth certification cloud computer vision cover cv cyclic dashboard Data Engineering death decryption deep learning deeponet drum gan ghost gojira gru guitar Hashing java key-vault ltsm mern mgla ML monet music notes opeth photos picasso project robotics seq2seq SQL Server style transfer tech tool travel