From Fedora Project Wiki

mNo edit summary
(We need to set pagure.io too to push the commit to a forked repo on pagure.io. E.g: ssh://git@pagure.io/forks/jaruga/zuul-distro-jobs.git)
 
(16 intermediate revisions by 12 users not shown)
Line 1: Line 1:
= Cryptography =
{{autolang|base=yes}}
 
'''Cryptographic technology''' helps provide security and privacy by allowing you to encrypt and sign electronic communications or disk contents.  Fedora includes the [https://www.openssh.com/ OpenSSH]  and [https://gnupg.org/ GnuPG]  tools for cryptographic communications.  [[Software/LUKS| LUKS]]  has also been integrated with Fedora to provide hard disk encryption.
Cryptographic technology helps provide security and privacy by allowing you to encrypt and sign electronic communications.  Fedora includes the [http://openssh.org/ OpenSSH]  and [http://gnupg.org/ GnuPG]  tools for cryptographic communications.  [[Software/LUKS| LUKS]]  has also been integrated with Fedora to provide hard disk encryption.


== The Theory ==
== The Theory ==


OpenSSH and GnuPG use a common cryptographic theory to allow encryption and cryptographic signatures based upon public and private keys.  In this theory, each person or organization has one or more private keys, and each private key has a corresponding public key.  The private key is required to decrypt data and create signatures.  The public key can be shared freely and is used to encrypt data and verify signatures.  More information about how and why this works can be found on the [http://openssh.org/ OpenSSH]  and [http://gnupg.org/ GnuPG]  websites.
OpenSSH and GnuPG use a common cryptographic theory to allow encryption and cryptographic signatures based upon public and private keys.  In this theory, each person or organization has one or more private keys, and each private key has a corresponding public key.  The private key is required to decrypt data and create signatures.  The public key can be shared freely and is used to encrypt data and verify signatures.  More information about how and why this works can be found on the [https://www.openssh.com/ OpenSSH]  and [https://gnupg.org/ GnuPG]  websites.


== OpenSSH ==
== OpenSSH ==
Line 13: Line 12:
=== Installing OpenSSH ===
=== Installing OpenSSH ===


OpenSSH is usually included by default on Fedora installations.  If you do not already have it installed, you can install the package using yum:
OpenSSH is usually included by default on Fedora installations.  If you do not already have it installed, you can install the package using [[dnf|DNF]] or [[yum|YUM]]:


<pre>yum install openssh</pre>
<pre>dnf|yum install openssh</pre>


=== Creating SSH Keys ===
=== Creating SSH Keys ===
Line 23: Line 22:
<pre>ssh-keygen -t rsa</pre>
<pre>ssh-keygen -t rsa</pre>


You will be prompted for a location (pressing Enter uses the default), and a passphrase.  Choose a good passphrase that you won't forget.
You will be prompted for a location (pressing Enter uses the default. You may wish to name this something specific if you are using this key to access some specific set of machines), and a passphrase.  Choose a good passphrase that you won't forget.


{{admon/warning|You must remember this passphrase!|If you forget it, you will not be able to recover it, and you will not be able to access anything using your key.  You would then have to create a new key and share the new public key with anyone who had your old one.}}
{{admon/warning|You must remember this passphrase!|If you forget it, you will not be able to recover it, and you will not be able to access anything using your key.  You would then have to create a new key and share the new public key with anyone who had your old one.}}
Line 32: Line 31:


You can share your public key openly.  Server administrators can use it to grant you access to their systems.  You should carefully protect your private key and not share it with anyone.
You can share your public key openly.  Server administrators can use it to grant you access to their systems.  You should carefully protect your private key and not share it with anyone.
You can use your <code>~/.ssh/config</code> file to determine which key is used for which hosts:
<pre>
HOST *.fedoraproject.org fedorapeople.org *.pagure.io pagure.io *.fedorainfracloud.org
    IdentityFile ~/.ssh/id_rsa_fedora
</pre>
see <code>man ssh_config</code> for more information.


Additional information is available at:
Additional information is available at:


* http://openssh.org/
* https://www.openssh.com/


== GnuPG ==
== GnuPG ==
Line 43: Line 51:
=== Installing GnuPG ===
=== Installing GnuPG ===


GnuPG is included in Fedora.  It can be installed using yum:
GnuPG is included in Fedora.  It can be installed using yum or dnf:


<pre>yum install gnupg</pre>
<pre>yum|dnf install gnupg</pre>


=== Creating GPG Keys ===
=== Creating GPG Keys ===
Line 51: Line 59:
GPG key creation is more complex than SSH key creation, and many people prefer to use a graphical interface such as <code>kgpg</code> on KDE or <code>seahorse</code> on GNOME.  <code>kgpg</code> is available in the <code>kdeutils</code> package.  <code>seahorse</code> is in the Fedora repository.
GPG key creation is more complex than SSH key creation, and many people prefer to use a graphical interface such as <code>kgpg</code> on KDE or <code>seahorse</code> on GNOME.  <code>kgpg</code> is available in the <code>kdeutils</code> package.  <code>seahorse</code> is in the Fedora repository.


See [[DocsProject/UsingGpg/CreatingKeys|  CreatingKeys]] from the Fedora Documentation Project for detailed command line instructions.
See [[Creating GPG Keys]] from the Fedora Documentation Project for detailed command line instructions.


Additional information is available at:
Additional information is available at:


* http://gnupg.org/
* https://gnupg.org/
 
== Disk and file encryption ==
 
Fedora provides full disk encryption which can be selected at installation time as well as support for transparent encrypted directories and various utilities to encrypt single files.
 
See [[Disk and File Encryption]] for an overview.
 


[[Category:DocsProject]]
[[Category:Informal_Documentation]]
[[Category:Encryption]]

Latest revision as of 11:30, 14 March 2022

Cryptographic technology helps provide security and privacy by allowing you to encrypt and sign electronic communications or disk contents. Fedora includes the OpenSSH and GnuPG tools for cryptographic communications. LUKS has also been integrated with Fedora to provide hard disk encryption.

The Theory

OpenSSH and GnuPG use a common cryptographic theory to allow encryption and cryptographic signatures based upon public and private keys. In this theory, each person or organization has one or more private keys, and each private key has a corresponding public key. The private key is required to decrypt data and create signatures. The public key can be shared freely and is used to encrypt data and verify signatures. More information about how and why this works can be found on the OpenSSH and GnuPG websites.

OpenSSH

OpenSSH is an SSH implementation included in Fedora. SSH (Secure SHell) allows encrypted and cryptographically authenticated connections between computers.

Installing OpenSSH

OpenSSH is usually included by default on Fedora installations. If you do not already have it installed, you can install the package using DNF or YUM:

dnf|yum install openssh

Creating SSH Keys

Once SSH is installed, you can use ssh-keygen to create your private and public keys:

ssh-keygen -t rsa

You will be prompted for a location (pressing Enter uses the default. You may wish to name this something specific if you are using this key to access some specific set of machines), and a passphrase. Choose a good passphrase that you won't forget.

You must remember this passphrase!
If you forget it, you will not be able to recover it, and you will not be able to access anything using your key. You would then have to create a new key and share the new public key with anyone who had your old one.

For usage instructions for ssh-keygen, run man ssh-keygen to view the manual.

By default, your new private and public keys will be stored in ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub, respectively.

You can share your public key openly. Server administrators can use it to grant you access to their systems. You should carefully protect your private key and not share it with anyone.

You can use your ~/.ssh/config file to determine which key is used for which hosts:

HOST *.fedoraproject.org fedorapeople.org *.pagure.io pagure.io *.fedorainfracloud.org
     IdentityFile ~/.ssh/id_rsa_fedora

see man ssh_config for more information.

Additional information is available at:

GnuPG

The GNU Privacy Guard (GnuPG or GPG) is a generic cryptographic tool. GPG is often used to sign email messages, and the Fedora Project uses it to sign packages.

Installing GnuPG

GnuPG is included in Fedora. It can be installed using yum or dnf:

yum|dnf install gnupg

Creating GPG Keys

GPG key creation is more complex than SSH key creation, and many people prefer to use a graphical interface such as kgpg on KDE or seahorse on GNOME. kgpg is available in the kdeutils package. seahorse is in the Fedora repository.

See Creating GPG Keys from the Fedora Documentation Project for detailed command line instructions.

Additional information is available at:

Disk and file encryption

Fedora provides full disk encryption which can be selected at installation time as well as support for transparent encrypted directories and various utilities to encrypt single files.

See Disk and File Encryption for an overview.