Basics of GnuPG (GPG) command in Linux

What is GPG ?

GnuPG (GPG)Gnu Privacy Guard or GnuPG or popularly known as GPG is a GPL Licensed alternative to PGP (Pretty Good Privacy) and its openPGP complaint program for *nix people based on rfc 4880. It is part of GNU software project started in 1991 by Werner Koch and majorly funded by German Government.  Download its pdf format from here.

Its basic use is to send encrypted mails or files  to the recipient who can decrypt these using its private key. It is based on public and private key mechanism for encryption/decryption. We can encrypt any of our data using our own key pair and send it to the person who can read the message if he has the proper key to decrypt it! Many people use public key generated by gpg to verify his email signature too!

It uses following algorithm for various purposes used for safe message communication:
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Why GPG?

  • Because it is free and meant to be a replacement of PGP.
  • Gpg is a CLI program but there are many GUI also through which you can manage keys easily like seahorse for GNOME (yum install seahorse) and KGpg for KDE.
  • It allows you to encrypt and sign your data, includes a key management system as well as access modules for all kind of public key directories.
  •  If you wish to encrypt your message while sending mail to someone important, you may try this method.
  • You can share your public key and other users can download it to verify signature in mails/files sent by you for authenticity. It would stop social engineering through email even would stop spams send in the name of your friend’s id.

 Applications of GPG

  • GPG encryption has been added to graphical email client like Evolution for email security.
  • There is a GNOME front-end application for managing PGP and SSH keys called “Seahorse” which integrates with Nautilus, gedit and Evolution too for encryption, decryption etc.
  • PHP based email framework “horde” uses it too!
  • Enigmail is a data encryption/decryption extension for Mozilla Thunderbird and the SeaMonkey which uses GPG
  • Mozilla Firefox also gets GPG enabled using Enigform.
  • GnuPG is being used for Windows Explorer and Outlook through GPG4win tool which are wrapped in the standard Windows installer to make GnuPG easier to get installed and to be used in Windows systems.
  • There are many frontend softwares that support GPG.


How GPG works

It uses hybrid encryption techniques i.e. it uses a combination of symmetric key cryptography for speed and public-key cryptography for easy secured key exchange. By default GnuPG uses the CAST5 symmetrical algorithm.
As a matter of fact, GnuPG does not use patented or otherwise restricted software or algorithms. Instead, GnuPG uses a variety of other, non-patented algorithms.
It will be clearer that how GnuPG works once we see the working of gpg commands step by step:

  • Which version of gpg we are going to use?
  • gpg command to generate keys
  • Analysis of freshly created directory (.gnupg) and files inside it.
  • Once you get public and private key. You must keep private key safe, once you forget it then you will never be able to decrypt the data. So, better take private key backup.
  • Want to see the list of public and private keys?
  • Encrypt the message for specific recipient
  • Decrypt the encrypted message


GPG commands explained

Which version of gpg we are going to use?

[vim][sjaiswal@AlienCoders ~]$ gpg –version
gpg (GnuPG) 1.4.5
Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Home: ~/.gnupg
Supported algorithms:
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
[sjaiswal@AlienCoders ~]$

gpg command to generate keys

 [vim][sjaiswal@AlienCoders ~/gpg_test]$ gpg –gen-key
gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4094
Requested keysize is 4094 bits
rounded up to 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 3m
Key expires at Mon 03 Feb 2014 04:46:09 AM MST
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <>"
Real name: Sanjeev Jaiswal
Email address:
Comment: "GPG Key Test"
You selected this USER-ID:
    "Sanjeev Jaiswal ("GPG Key Test") <>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+gpg: /home/sjaiswal/.gnupg/trustdb.gpg: trustdb created
gpg: key CBE9BE42 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2014-02-03
pub   1024D/CBE9BE42 2013-11-05 [expires: 2014-02-03]
      Key fingerprint = 40B3 E709 81DA 43AF 1F64  117B DF03 A4AD CBE9 BE42
uid                  Sanjeev Jaiswal ("GPG Key Test") <>
sub   4096g/38765DB9 2013-11-05 [expires: 2014-02-03]

  • To generate keys using gpg, it would ask which kind of key you wish to use; you can choose any of the given option. Type 1 or 2 or 5.
  • Type the keysize between the given range
  • Then provide the expiration date of key. You can use days,weeks, months, years.
  • Once you are done with expiration days, use the next option carefully. Type Real name, Email and comment appropriately as it will be used while encrypting the data and will ask the recipient name. it will match recipient name before matching the keys.
  • Then type anything using keyboard, do mouse activities etc to speed up random generation of keys else it may take lot of time.
  • Once it will get created,  .gnupg directory under your home directory will be there. Use ls to see what all files got created.


Analysis of freshly created directory (.gnupg) and files inside it

[vim] $ ls .gnupg/
gpg.conf  pubring.gpg  pubring.gpg~  random_seed  secring.gpg  trustdb.gpg

  • gpg.conf -> it contains all options set by you. Unless you specify which option file to use (with the command line option "–options filename"), GnuPG uses the file ~/.gnupg/gpg.conf  by default. Check strings gpg.conf for more details.
  • pubring.gpg -> public key stored here. You should export it in ASCII format to send it to others.
  • pubring.gpg~ -> backup of public key
  • random_seed -> it contains all random keys used for encryption that you might be typing while generating keys.

[vim][Sanjeev@AlienCoders]$ strings random_seed
T_3     P>

  • secring.gpg -> it’s the secret key ring and one should keep it safe. Better have its backup
  • trustdb.gpg -> its trusted db which contains signatures, expiration date etc. and from time to time the trust database must be updated so that expired keys or signatures and the resulting changes in the Web of Trust can be tracked.

Normally, GnuPG will calculate when this is required and do it automatically.

Getting fingerprint and KeyID

[vim][sjaiswal@AlienCoders ~/.gnupg]$ gpg –fingerprint
pub   1024D/CBE9BE42 2013-11-05 [expires: 2014-02-03]
      Key fingerprint = 40B3 E709 81DA 43AF 1F64  117B DF03 A4AD CBE9 BE42
uid                  Sanjeev Jaiswal ("GPG Key Test") <>
sub   4096g/38765DB9 2013-11-05 [expires: 2014-02-03]
Note: KeyID here is: 0xCBE9BE42  (always prepend 0x as it is 8 hex digits)

Taking backup of private key

[vim]gpg –export-secret-keys –armor > sjaiswal-privkey.asc

Listing public and private key(s)

[vim][sjaiswal@AlienCoders ~/.gnupg]$ gpg –list-keys
pub   1024D/CBE9BE42 2013-11-05 [expires: 2014-02-03]
uid                  Sanjeev Jaiswal ("GPG Key Test") <>
sub   4096g/38765DB9 2013-11-05 [expires: 2014-02-03]
[sjaiswal@AlienCoders ~/.gnupg]$ gpg –list-secret-keys
sec   1024D/CBE9BE42 2013-11-05 [expires: 2014-02-03]
uid                  Sanjeev Jaiswal ("GPG Key Test") <>
ssb   4096g/38765DB9 2013-11-05

Encrypting Message for recipient Sanjeev Jaiswal

Type the message and save it in text file, let’s say message.txt
[vim][sjaiswal@AlienCoders ~/.gnupg]$gpg recipient Sanjeev Jaiswal  –encrypt message.txt
It will create message.txt.gpg , which is an encrypted file. To decrypt it, you need to type passphrase that you had typed while generating keys.
[vim]gpg  -r real-name –out secrets_to_aliencoders –encrypt secrets
which will have encrypted message in secrets_to_aliencoders

Decrypting the message

[vim][sjaiswal@AlienCoders ~/.gnupg]$ gpg –decrypt message.txt.gpg
You need a passphrase to unlock the secret key for
user: "Sanjeev Jaiswal ("GPG Key Test") <>"
4096-bit ELG-E key, ID 38765DB9, created 2013-11-05 (main key ID CBE9BE42)
gpg: encrypted with 4096-bit ELG-E key, ID 38765DB9, created 2013-11-05
      "Sanjeev Jaiswal ("GPG Key Test") <>"
This is Sabnjeev
[vim][sjaiswal@AlienCoders ~/.gnupg]$ gpg  –output secrets_from_tom –decrypt secrets_to_aliencoders
 Which would save the decrypted message in secrets_from_sanjeev

Editing Key

[vim]gpg –edit-key

There is more:

Photo IDs

 GnuPG has the ability to add a photo ID to a public key, exactly as in recent Windows versions of PGP. A photo ID attached to a public key can help other users to identify the owner of the key. To add a photo ID to your own public key, use the command "gpg –edit-key <name>" and then enter "addphoto". GnuPG will ask for the filename of a suitable JPEG. No other types of image files can be used.
If you want to see a photo ID on a particular key, enter the command "–show-photos" before using the command "gpg –list-keys <name>". If <name> is omitted, GnuPG will display all the photos (if any) after listing all the keys in your public keyring. Alternatively, if you want photos to be displayed in all cases by default, you should uncomment the line "# show-photos" in the options file inside !GnuPGUser.

Output of trustdb

 [vim][Sanjeev@AlienCoders]$ gpg –update-trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   7  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   7  signed:   3  trust: 0-, 0q, 4n, 3m, 0f, 0u
gpg: the next trustdb check will be done on 2014-02-04
The first line shows you the actual trust policy used by your GnuPG installation, and which you can modify at your needs. It states that a key in your keyring is valid if it has been signed by at least 3 marginally trusted keys, or by at least one fully trusted key.
The second line describes the key of level 0, that is the key owned by you. It states that in your keyring you have one level zero key, which is signed by 7 keys. Furthermore among all the level zero keys, you have 0 of them for which you haven't yet evaluated the trust level. 0 of them are the keys for which you have no idea of which validity level to assign (q="I don't know or won't say"). You also have 0 keys that you do not trust at all (n="I do NOT trust"), 0 marginally trusted keys (m="I trust marginally"), 0 fully trusted keys (f="I trust fully") and 1 ultimately trusted keys (u="I trust ultimately").
The third line analyzes the keys of level 1 in your keyring. You have 7 fully valid keys, because you have personally signed them. Furthermore, among the keys that are stored in your keyring, you have 3 of them that are not signed directly by you, but are at least signed by one of the fully valid keys. The trust status counters have the same meaning of the ones in the second line. This time you have 4 keys signed by you but for which you do not trust at all the owner as signer of third party's keys. On the other side, 3 of the 7 keys that you have signed are marginally trusted. This means that you are only marginally confident that the owners of those keys can verify well the keys that they sign.
[vim][Sanjeev@AlienCoders]$ gpg –check-trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   7  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2014-02-04

If you wish to know other commands that you may use using gpg then try
[vim]man gpg
[/vim] or
[vim]gpg –help

We uploaded it in slideshare also:


Reference: GnuPG Handbook

Read more

Minimal Basics to know about bandwidth


If you are an internet user and If you are the owner of any blog or website then you might have heard the common word “Bandwidth”. Either you go for internet connection or for web hosting plan they will sure deal in this term.

So what exactly this bandwidth is? 
In simple words, it is the amount of traffic that is allowed to you (web space allowed to you from the web hosting server) between your web site and the rest of the internet. The amount of bandwidth a hosting company can provide is determined by their network connections, plans etc. (Free, premium, golden etc kind of plans are there. I saw these in Hosting on Windows or Linux platform may also depend while providing bandwidth.

Network Connectivity

The internet, in the most simplest terms, is a group of millions of computers connected by networks. These connections within the internet can be large or small depending upon the cabling and equipment that is used at a particular internet location. It is the size of each network connection that determines how much bandwidth is available. For example, if you use a DSL connection to connect to the internet, you have 1.54 Mega bits (Mb) of bandwidth. Bandwidth therefore is measured in bits (a single 0 or 1). Bits are grouped in bytes which form words, text, and other information that is transferred between your computer and the internet.

If you have a DSL connection to the internet, you have dedicated bandwidth between your computer and your internet provider. But your internet provider may have thousands of DSL connections to their location. All of these connection aggregate at your internet provider who then has their own dedicated connection to the internet (or multiple connections) which is much larger than your single connection. They must have enough bandwidth to serve your computing needs as well as all of their other customers. So while you have a 1.54Mb connection to your internet provider, your internet provider may have a 255Mb connection to the internet so it can accommodate your needs and up to 166 other users (255/1.54).


A very simple analogy to use to understand bandwidth and traffic is to think of highways and cars. Bandwidth is the number of lanes on the highway and traffic is the number of cars on the highway. If you are the only car on a highway, you can travel very quickly. If you are stuck in the middle of rush hour, you may travel very slowly since all of the lanes are being used up.

Traffic is simply the number of bits that are transferred on network connections. It is easiest to understand traffic using examples. One Gigabyte is 2 to the 30th power (1,073,741,824) bytes. One gigabyte is equal to 1,024 megabytes. To put this in perspective, it takes one byte to store one character. Imagine 100 file cabinets in a building, each of these cabinets holds 1000 folders. Each folder has 100 papers. Each paper contains 100 characters – A GB is all the characters in the building. An MP3 song is about 4MB, the same song in wav format is about 40MB, a full length movie can be 800MB to 1000MB (1000MB = 1GB).

If you were to transfer this MP3 song from a web site to your computer, you would create 4MB of traffic between the web site you are downloading from and your computer. Depending upon the network connection between the web site and the internet, the transfer may occur very quickly, or it could take time if other people are also downloading files at the same time.

Ex: the web site you download from has a 10MB connection to the internet, and you are the only person accessing that web site to download your MP3, your 4MB file will be the only traffic on that web site. However, if three people are all downloading that same MP at the same time, 12MB (3 x 4MB) of traffic has been created. Because in this example, the host only has 10MB of bandwidth, someone will have to wait.

 The network equipment at the hosting company will cycle through each person downloading the file and transfer a small portion at a time so each person's file transfer can take place, but the transfer for everyone downloading the file will be slower. If 100 people all came to the site and downloaded the MP3 at the same time, the transfers would be extremely slow. If the host wanted to decrease the time it took to download files simultaneously, it could increase the bandwidth of their internet connection (at a cost due to upgrading equipment).


Hosting Bandwidth
In the example above, we discussed traffic in terms of downloading an MP3 file. However, each time you visit a web site, you are creating traffic, because in order to view that web page on your computer, the web page is first downloaded to your computer (between the web site and you) which is then displayed using your browser software (Internet Explorer, Netscape, etc.) . The page itself is simply a file that creates traffic just like the MP3 file in the example above (however, a web page is usually much smaller than a music file).

A web page may be very small or large depending upon the amount of text and the number and quality of images integrated within the web page. For example, the home page for is about 200KB (200 Kilobytes = 200,000 bytes = 1,600,000 bits). This is typically large for a web page. In comparison, Yahoo's home page is about 70KB.

How Much Bandwidth Is Enough?
It depends (don't you hate that answer). But in truth, it does. Since bandwidth is a significant determinant of hosting plan prices, you should take time to determine just how much is right for you. Almost all hosting plans have bandwidth requirements measured in months, so you need to estimate the amount of bandwidth that will be required by your site on a monthly basis

If you do not intend to provide file download capability from your site, the formula for calculating bandwidth is fairly straightforward:
Average Daily Visitors x Average Page Views x Average Page Size x 31 x Fudge Factor

If you intend to allow people to download files from your site, your bandwidth calculation should be: [(Average Daily Visitors x Average Page Views x Average Page Size) + (Average Daily File Downloads x Average File Size)] x 31 x Fudge Factor

Let us examine each item in the formula:

Average Daily Visitors – The number of people you expect to visit your site, on average, each day. Depending upon how you market your site, this number could be from 1 to 1,000,000.

Average Page Views – On average, the number of web pages you expect a person to view. If you have 50 web pages in your web site, an average person may only view 5 of those pages each time they visit.

Average Page Size – The average size of your web pages, in Kilobytes (KB). If you have already designed your site, you can calculate this directly.

Average Daily File Downloads – The number of downloads you expect to occur on your site. This is a function of the numbers of visitors and how many times a visitor downloads a file, on average, each day.

Average File Size – Average file size of files that are downloadable from your site. Similar to your web pages, if you already know which files can be downloaded, you can calculate this directly.

Fudge Factor – A number greater than 1. Using 1.5 would be safe, which assumes that your estimate is off by 50%. However, if you were very unsure, you could use 2 or 3 to ensure that your bandwidth requirements are more than met.

Usually, hosting plans offer bandwidth in terms of Gigabytes (GB) per month. This is why our formula takes daily averages and multiplies them by 31 (total days in a month . Maximum is better always).

Most personal or small business sites will not need more than 1GB of bandwidth per month. If you have a web site that is composed of static web pages and you expect little traffic to your site on a daily basis, go with a low bandwidth plan. If you go over the amount of bandwidth allocated in your plan, your hosting company could charge you over usage fees, so if you think the traffic to your site will be significant, you may want to go through the calculations above to estimate the amount of bandwidth required in a hosting plan.


Read more

Internet Transfer speed (MBps vs Mbps or MBps vs mbps)

.MBps is an abbreviation for Megabytes per second, whereas mbps and Mbps are abbreviations for megabits per second. Eight megabits equal one Megabyte. These abbreviations are commonly used to specify how much data can be transferred per second between two points.

To put megabits and Megabytes in perspective, lets back up for just a moment. One bit of data is a single “on” or “off” digit, a one or zero. It takes eight bits to represent a single character, or one byte of data. * 8 bits = 1 byte * 1000 bytes = 8 kilobits (kb) = 1 Kilobyte (KB) * 1000 Kilobytes (KB) = 8 megabits (mb) = 1 Megabyte (MB)

We must also translate speed to value when considering Internet service plans, advertised by download and upload speeds expressed in kilobits per second (kbps) or megabits per second.

For example, a typical Digital Subscriber Line (DSL) plan might have an upper transfer limit of 1,500 kbps, which can also be expressed as 1.5 mbps. A cable plan might be advertised with speeds up to 5,000 kbps or 5 mbps; and fiber optic Internet can reach speeds of 50 mbps or more.

Keep in mind that today all internet speed is coming in the multiple of Mega/Kilo bit per second(m/kbps), not in Mega/Kilo byte per second(M/KBps). For converting KB/s to kbps (bit rate from Byte values), the equation is basically as follows: <K> KiloBytes * 1,024 = <t> total Bytes <t> total Bytes * 8 = <b> bits <b> bits / 1,000 = <k> kilobits For example: 30 KB/s * 1,024 = 30,720 Bytes per second 30,720 Bytes per second * 8 = 245,760 bits per second 245,760 bits per second (bps) / 1,000 = (approximately) 246 kbps (245.8 kb/s)

And for kbps to KB/s (Byte values from bit rates), you switch the equations: <k> kilobits per second * 1,000= <b> total bits per second; <b> bits / 8 = <t> total Bytes per second; and <t> / 1,024 = <K> KiloBytes per second.

For example: 128 kbps (k) = 128,000 bits per second (k*1000=b) = 16,000 Bytes per second (b/8=t) , or about 15.6 KB/s (t/1,024=K) . So a 512\128 internet connection would give you about 62.5 KB/s maximum download, and about 15.6 KB/s upload (max). And a 1500\128 service (1.5 mbps download cap) would give you about 183.1 KiloBytes per second, maxium download and about 15.6 KB/s upload(max).

Note: "These are optimum bandwidths. Actual bandwidth may vary due to network traffic and and are not guaranteed. The difference between maximum speed and average speed can be especially large in wireless technology, or cable internet. The varying amount of data traffic on the Internet (and your own LAN, if applicable) and the condition of your computer equipment affect the speed of any connection at any given time." ;

"Keep in mind that [even with a 1.5 mbps connection] you will not normally see 1.5 megabits in a speed test … due to overhead the more commonly seen speed with this type of connection is in the neighborhood of 1200-1250."

Read more

Types of Network Hardware

computer network The label network hardware is generally given to any piece of equipment with the task of moving data. Common categories of network hardware include:

• Routers routers and switches


• Network Interface Cards

Routers A router is a network device with interfaces in multiple networks whose task is to copy packets from one network to another. Routers operate at Layer 3 of the OSI Model, the Network Layer. A router will utilize one or more routing protocols to create a routing table. The router will then use the information in its routing table to make intelligent decisions about what packets to copy to which interface. This process is known as routing.

Routers are available with many interface types, such as Ethernet and DSL. Wireless routers support wireless interfaces, such as 802.11 (Wi-Fi). Not all routers clearly fall into the category of network hardware. Routing software makes it possible to build a fully functional router out of a normal computer

Switches A switch is a network device with multiple ports in one network whose task is to copy frames from one port to another. Switches operate at Layer 2 of the OSI Model, the Data-Link Layer. A switch stores the MAC Address of every device which is connected to it. The switch will then evaluate every frame that passes through it. The switch will examine the destination MAC Address in each frame.

Based upon the destination MAC Address, the switch will then decide which port to copy the frame to. If the switch does not recognize the MAC Address, it will not know which port to copy the frame to. When that happens, the switch will broadcast the frame to all of its ports.

Before switches became available, devices called hubs were used. Hubs were less intelligent netword devices that always copied all frames to all ports. By only copying frames to the destination ports, switches utilize network bandwidth much more effectively than hubs did. Another piece of network hardware related to the switch is the Bridge. A Bridge is effectively a two-port switch. Because few users need a two-port switch, they are no longer manufactured. NIC

Network Interface Cards A network interface card is an expansion card which installs into a computer and enables that computer to physically connect to a local area network. The most common form of network interface card in current use is the Ethernet card. Other types of network interface cards include wireless network interface cards and Token Ring network interface cards. Other terms for network interface card include network adapter, network card and NIC. Network interface cards are becoming rare, as most motherboards now include built-in network interfaces.

Read more