Setp-1) Generate GPG Key
Collapse source
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
[root@testing ~]# gpg --gen-key
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: Debojyoti Banerjee
Email address: debjyoti.mail@gmail.com
Comment: Test Key for DJ
You selected this USER-ID:
"Debojyoti Banerjee (Test Key for DJ) <debjyoti.mail@gmail.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Enter passphrase x
x x
x x
x Passphrase ________________________________________ x
x x
x <OK> <Cancel> x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Warning: You have entered an insecure passphrase. x
x A passphrase should contain at least 1 digit or x
x special character. x
x x
x <Take this one anyway> <Enter new passphrase> x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Please re-enter this passphrase x
x x
x Passphrase **********______________________________ x
x x
x <OK> <Cancel> x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
lknsdlsdlnmlsd;sd;sdml;sdmlsd sdgpg: key A3C0358F marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 2048R/A3C0358F 2016-04-21
Key fingerprint = 638F 00E1 B2BD 8C30 AC37 A1A5 1500 004D A3C0 358F
uid Debojyoti Banerjee (Test Key for DJ) <debjyoti.mail@gmail.com>
sub 2048R/15609209 2016-04-21
****** If there is an existing Key, simply Import the key in to the GPG key ring
1
2
3
4
$ gpg --import DJ-Test.asc
gpg: key 3F8EFF5D: public key "Test Key for DJ <debjyoti.mail@gmail.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
Setp-2) List the newly generated key in the key ring
Collapse source
1
2
3
4
5
6
7
8
9
[root@srilanka-security-testing ~]# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub 1024D/3F8EFF5D 1998-07-01
uid Merrill Lynch CLEAR system DH <clear@ml.com>
sub 2048g/A7B402D8 1998-07-01
pub 2048R/A3C0358F 2016-04-21
uid Debojyoti Banerjee (Test Key for DJ) <debjyoti.mail@gmail.com>
sub 2048R/15609209 2016-04-21
Setp-3) Encrypt a file with newly generated key
Collapse source
1
[root@srilanka-security-testing ~]# gpg --encrypt --trust-model always -r debjyoti.mail@gmail.com dj-test.txt
Setp-4) See the content of the encrypted file
Collapse source
1
2
3
4
5
6
[root@srilanka-security-testing ~]# cat dj-test.txt.gpg
▒
▒#w▒`▒ ▒l<▒Q
▒▒q▒▒?▒▒▒▒▒Q▒▒▒X▒▒L▒8겙$`▒▒▒▒;▒]^D:▒Gi▒n▒Sk▒▒▒6g▒▒c`%▒s▒x▒[͠Я▒▒P▒▒d▒▒▒-@▒▒▒▒=�,jd
▒WS▒^͇▒e▒▒^▒%uD▒▒7X/▒C▒X▒Ђ▒~▒O@Fs▒mqc▒▒▒▒e▒NlEq▒SiGw▒ʜ▒PF▒▒AͲ▒▒▒l▒▒▒▒/▒▒▒▒x▒▒[ʲo▒7#▒▒lll▒▒▒"▒▒▒▒_▒▒U▒▒▒ս▒▒▒6c3▒▒z▒Y▒,O▒▒H҄▒▒4Q▒▒▒N▒▒▒>bgc▒▒▒"▒K/ y"▒S=▒O]B▒$7]▒d▒*▒▒#▒a▒+9▒n▒+▒va▒▒▒f▒o▒仹kO▒;▒▒
▒1▒C▒6▒▒▒▒▒/▒"▒▒▒▒▒
Setp-5) Decrypt the file content
Collapse source
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[root@srilanka-security-testing ~]# gpg --decrypt --trust-model always -r debjyoti.mail@gmail.com dj-test.txt.gpg
You need a passphrase to unlock the secret key for
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Please enter the passphrase to unlock the secret key for the OpenPGP certificate: x
x "Debojyoti Banerjee (Test Key for DJ) <debjyoti.mail@gmail.com>" x
x 2048-bit RSA key, ID 15609209, x
x created 2016-04-21 (main key ID A3C0358F). x
x x
x x
x Passphrase _______________________________________________________________________ x
x x
x <OK> <Cancel> x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
user: "Debojyoti Banerjee (Test Key for DJ) <debjyoti.mail@gmail.com>"
2048-bit RSA key, ID 15609209, created 2016-04-21 (main key ID A3C0358F)
can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory
gpg: encrypted with 2048-bit RSA key, ID 15609209, created 2016-04-21
"Debojyoti Banerjee (Test Key for DJ) <debjyoti.mail@gmail.com>"
Debojyoti Banerjee
Ghosh Para, Bally Howrah
711227.
9874362020
Script to encrypt the files and upload into the FTP server "ml_encrypt_ftp.sh"
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
#!/bin/sh
# [STEP-1]
#----------------------------------------------------------
# Adding the pre defined environment variables.
# now we can use the $REPORT_LOCATION veritable or other variables
# which have been decleared in the ~/.bash_profile
#---------------------------------------------------------
source /home/test/.bash_profile
# [STEP-2]
#----------------------------------------------------------
# Declearing the files creation location and encrypted file store location
#---------------------------------------------------------
#flocation=$REPORT_LOCATION
#hashlocation=$REPORT_LOCATION/encrypted_files
flocation=/rescue/scripts/ml-encryption/TDCNF-Sample-for-Test # <-------Temporary location for testing
hashlocation=/rescue/scripts/ml-encryption/encrypted_files # <-------Temporary location for testing
fnamepatern=JK*`date +%Y`*_ML.csv # <-------This syntax for testing only
#fnamepatern=JK`date +'%d%b%Y'`_*_ML.csv # <-------Enable this section to work with the files generated in current date only
hashfnamepatern=$fnamepatern.gpg
keyid="debjyoti.mail@gmail.com" # <-------Can be found through "gpg --list-keys" command
# [STEP-3]
#----------------------------------------------------------
# Make the directories if not exist
#---------------------------------------------------------
if [ ! -d $flocation ]; then
mkdir $flocation
fi
if [ ! -d $hashlocation ]; then
mkdir $hashlocation
fi
# [STEP-4]
#-----------------------------------------------------------
# Encrypt the files one by one
#---------------------------------------------------------
cd $flocation
for i in `ls $fnamepatern`
do
gpg --encrypt --trust-model always -r $keyid $i
echo `date` $i has been encrypted
done
# [STEP-5]
#-----------------------------------------------------------
# Uploading the encrypted files to FTP
#---------------------------------------------------------
HOST='ftp.djftp.com' # <---------- FTP Host name/URL
USER='djuser' # <---------- Username
PASSWD='password' # <---------- Password
for FILE in `ls $hashfnamepatern`
do
ftp -n $HOST <<END_SCRIPT
quote USER $USER
quote PASS $PASSWD
cd TDCNF-Encryprted
put $FILE
quit
END_SCRIPT
done
# [STEP-6]
#-----------------------------------------------------------
# Finally moving the encrypted files in separate folder
#---------------------------------------------------------
mv $flocation/*.gpg $hashlocation/