Linux-tips

using gpnupg public key cryptography to encrypt and sign email

The way public key cryptography works is you generate a key and upload it to a public key server. Someone wishing to send you an encrypted email or verify your email signature downloads your public key from the key server. To send someone an encrypted email, you'll need their public key.

This example uses my public key, replace with your own after generating it in step one. On Debian based systems:

Generate a gpg key:

gpg --gen-key

Enter your email address, and a password. System defaults will work for other options.

To list all keys:

gpg --list-keys

Add your key to bashrc by opening ~/.bashrc in a text editor and adding the line:

export GPGKEY=7890D0B4

Upload your public key to public keyservers:

gpg --send-keys --keyserver keyserver.ubuntu.com 7890D0B4

gpg --send-keys --keyserver wwwkeys.eu.pgp.net 7890D0B4

Another user can retrieve your key with the command:

gpg --keyserver keyserver.ubuntu.com --recv 7890D0B4

For browser webmail based encryption try the firegpg firefox extension. For Thunderbird/Iceweasel - apt-get install enigmail. A more detailed gnupg guide is here.

Want to make use of a postqresql database, say for speeding up Amarok? Here's a few quick and dirty commands.

Set the password for the postgres user (replace password with your password):

sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '<password>'"

Add a system user (replace user with your system user name):

sudo -u postgres createuser -D -A -P user

Create a database (replace user with your user name and database with your desired database name):

sudo -u postgres createdb -O user database

Remove a database (replace database with the name of the database you wish to remove):

sudo -u postgres dropdb database

Want an SSH server running on your machine for remote access or proxy? (like breaking out of your corporate firewall to listen to net radio).

Setting up an SSH server for remote access or proxy is easy. Install the server:

apt-get install openssh-server

edit the conf file - /etc/ssh/sshd_config - if you want to change any default options, such as port settings.

Restart the SSH server after editing:

/etc/init.d/ssh restart

log in via: ssh username@domain - to use as a proxy log in via dynamic port: ssh -D 9999 username@domain then point your browser/app to socks 5 proxy, localhost port 9999

If you do not have a static IP on your home machine, you'll need dynamic dns - a service which providers you a domain, for example: mydomain.twilightparadox.com and then using your router software or a software client for your machine updates your ip address as it changes. One such free service can be found here. 

Security can be added via the hosts files, and using denyhosts. Denyhosts adds an entry to /etc/hosts.deny after a variable number of failed login attempts. You'll first want to add localhost and any other ips which frequently log in via SSH to /etc/hosts.allow with an entry like so:

sshd: 127.0.0.1

You can add ranges also:

sshd: 192.168.0.1/24

ncurses based spaced invaders clone for your linux terminal. Fun! Debian users can apt-get install ninvaders. Others see here: http://ninvaders.sourceforge.net/