1st the de-attached signature which probably the one I use the most. Your data can be compressed after signature creation, if so desired and to save space. The signature is publicly available for any persons that wish to verify the file integrity.
cli gpg -b <file.name>
This does 2 things;
1: it make a digital signature based off you private-key
2: it does NOT make any modifications to the original data
NOTE: the signature is always created from the original filename and the added suffix "sig" to the newly created signature file.
Next we will make a embedded signature. This requires the "-s" switch option. So we will take the same file & create our sign+encryption.
Now we should notice a few things,
1: we have a new file name file.txt.gpg ( data that's encrypted )
2: original data is still present
3: original datafile has not been modififed ( even the earlier sig file is still present )
So now we will delete the original data "file.txt" and then decrypt our file.txt.gpg and then compare the md5-hash and you will find we have the original file again.
Notice that our data md5 hash matches, after the decryption?
( message digest 96c23e49e65c7fd37d612b369d6a1657 )
A few things to take away here;
1: the m5 128bit hash still matches after the decryption
2: the original data was decrypted
3: the file was compared against the embedded signature to our key
NOTE: If we would have used the "-v" we would have gotten more verbose information & output
So easy, that a monkey or caveman can do it!
I hope this demonstration has been helpful. You can learn more about GNU PGP implementation at the following link;
http://en.wikipedia.org/wiki/GNU_Privacy_Guard
and about PGP in general here;
http://en.wikipedia.org/wiki/Pretty_Good_Privacy
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( $ $ )=
o
/ \
No comments:
Post a Comment