Using ECC with GPG to Encrypt Documents Sent in Emails
Selecting a secure algorithm configuration
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics | Code.
🔒 Related Stories: Encryption | Cybersecurity
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In the last post I wrote about NIST standards for encryption algorithms.
In this post, I’m going to show how to use ECC with GPG.
First, make sure your software is up to date and install the latest version for your operating system from this page:
Note that you can install GPG on a Mac with brew but I’ve had issues with brew in the past so I install software directly from the source when possible. I don’t install many things on my local computer. I mostly work in a cloud environment so this is not an issue for me.
You can check your GPG version and supported algorithms with the version command:
gpg --version
You can still follow most of the steps here, except that we are going to choose an ECC algorithm:
That aligns with the encryption standard from the last post (check NIST as described in that post to make sure you are using the most recent guidance):
Run this command to generate a key:
gpg --full-generate-keyChoose ECC to sign and encrypt (9 at the time of this writing):
Which curve should you use? Refer to the last post for how to find the NIST standards and acceptable curves. At the time of this writing, according to the table above, P-384 is the strongest approved option:
Fill out the information:
Enter a passphrase:
Type the following command to list all the GPG keys on your system:
gpg --list-keysYou can see in the list which algorithm each key is configured to use:
At this point you can use your key to encrypt documents as explained in my prior post:
As for some posts I’ve read about NIST ECC algorithms being “unsafe” I like this answer, and note that the guidance and algorithms are always being updated, so check for the latest guidance and monitor for changes. Also check out the link to the IETF standards in this post and make sure you’re looking at the latest one if you really want to dig into it.
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2023
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
