Lab 9 Exercise 2

Learn how to export and import keys from/to GnuPG keyring.

Export keys

So far, we've only used our own keys to encrypt and sign messages. Obviously noone else could decrypt and verify those. This is fine for testing but is not really usable in real life.

Sooner or later you'll need to import other people's public keys to encrypt messages sent to those people and verify their signatures. But before, export your own keys for others to use.

Check manual for GnuPG (gpg --help) and find out how to export your public keys. Result should be stored in ASCII-armored format. You should get something like this.

Import keys

Exchange public keys with another student (recommended) or download my public key from here.

Import the key with

    gpg --import-key

and check the output of

    gpg --list-keys

and make sure the correct key got imported. Check the key fingerprint!

Use imported public keys

Try encrypting the message for the recipient you just got the public key from.

What warning do you get? Why?

Import keys: Java way

Write Java code to import PGP keys. For this task, you may want to delete the key you've previously imported via GnuPG -- it is not possible to import the same key again.

First of all, you'll need to read key contents from file -- use FileInputStream for that.

Then, you'll need to convert the stream to something PGP generators would understand. Take a look at PGPUtil methods.

After that, read the key using PGPObjectFactory.

You should already know how to read keyring file. Refer to PGPPublicKeyRingCollection docs for inspiration on how to actually import the key.

Finally, use FileOutputStream to store modified keyring to disk. If in doubt, use other than original file to store the keyring.

Review the result with

    gpg --list-keys


    gpg --keyring <path-to-modified-keyring> --list-keys
Page edit