We used this batch of notes to encrypt email communication between us and the https://www.offensive-security.com/ website contact. Precisely, we needed to encrypt some email attachments with sensitive data.
First of all, we tried to get their PGP Public Key from https://www.offensive-security.com/registrar.asc using curl
.
curl -O https://www.offensive-security.com/registrar.asc;
We soon realized that the data were binary because their webserver or CDN compressed the response.
$ file registrar.asc
registrar.asc: gzip compressed data, from Unix, original size modulo 2^32 7487
So we modified our curl command to decompress the response automatically:
curl --compressed -O https://www.offensive-security.com/registrar.asc;
After receiving the plaintext version of the registrar.asc
file, we were able to proceed with the encryption steps. The first thing we did was to import their key:
gpg --import registrar.asc;
$ gpg --import registrar.asc
gpg: key 6C12FFD0BFCBFAE2: 9 signatures not checked due to missing keys
gpg: key 6C12FFD0BFCBFAE2: public key "Offensive Security (Offensive Security Registrar) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2023-12-13
Using the following command, we were able to encrypt the sensitive data and send them to via mail:
The PGP command automatically used the public key that we imported in the previous step to perform the encryption. PGP named the encrypted file sensitive.mp4.gpg
. We only needed to send that file, and the corresponding party had all other information to decrypt it.
Bonus: Create our own public Key so that people can contact you with encryption
Executing the above command asked us to provide a name, an email, and a password to encrypt the data. Below is the sample output generated for us:
$ gpg --gen-key
gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.
GnuPG needs to construct a user ID to identify your key.
Real name: John Doe
Email address: [email protected]
You selected this USER-ID:
"John Doe <[email protected]>"
Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key A53FEA7768D67D2A marked as ultimately trusted
gpg: revocation certificate stored as '/home/john/.gnupg/openpgp-revocs.d/D1660B83341AEF2852A2A4C6A53FEA7768D67D2A.rev'
public and secret key created and signed.
pub rsa3072 2021-12-13 [SC] [expires: 2023-12-13]
D1660B83341AEF2852A2A4C6A53FEA7768D67D2A
uid John Doe <[email protected]>
sub rsa3072 2021-12-13 [E] [expires: 2023-12-13]
Then, we exported our public key using the command below.
Sending this file to other people or putting it on a public key server allows people to encrypt data just for you to read.