gpg encryption helpfull cmds and examples

to create a key:
gpg --gen-key
generally you can select the defaults.

to export a public key into file public.key:
gpg --export -a "User Name" > public.key
This will create a file called public.key with the ascii representation of the public key for User Name. This is a variation on:
gpg --export
which by itself is basically going to print out a bunch of crap to your screen. I recommend against doing this.
gpg --export -a "User Name"
prints out the public key for User Name to the command line, which is only semi-useful

to export a private key:
gpg --export-secret-key -a "User Name" > private.key
This will create a file called private.key with the ascii representation of the private key for User Name.
It's pretty much like exporting a public key, but you have to override some default protections. There's a note (*) at the bottom explaining why you may want to do this.

to import a public key:
gpg --import public.key
This adds the public key in the file "public.key" to your public key ring.

to import a private key:
NOTE: I've been informed that the manpage indicates that "this is an obsolete option and is not used anywhere." So this may no longer work.
gpg --allow-secret-key-import --import private.key
This adds the private key in the file "private.key" to your private key ring. There's a note (*) at the bottom explaining why you may want to do this.

to delete a public key (from your public key ring):
gpg --delete-key "User Name"
This removes the public key from your public key ring.
NOTE! If there is a private key on your private key ring associated with this public key, you will get an error! You must delete your private key for this key pair from your private key ring first.

to delete an private key (a key on your private key ring):
gpg --delete-secret-key "User Name"
This deletes the secret key from your secret key ring.

To list the keys in your public key ring:
gpg --list-keys

To list the keys in your secret key ring:
gpg --list-secret-keys

deleting gpg key from store

[oracle@Linux03 ~]$ gpg --list-keys
/home/oracle/.gnupg/pubring.gpg
-------------------------------
pub   2048R/17DC5B7A 2016-09-02
uid                  arvind (arvind gpg test) <arvind@gmail.com>
sub   2048R/5C9DA3C6 2016-09-02


[oracle@Linux03 ~]$ gpg --delete-keys arvind
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: there is a secret key for public key "arvind"!
gpg: use option "--delete-secret-keys" to delete it first.
[oracle@Linux03 ~]$ gpg --delete-secret-keys arvind
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


sec  2048R/17DC5B7A 2016-09-02 arvind (arvind gpg test) <arvind@gmail.com>

Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y
[oracle@Linux03 ~]$ gpg --list-keys
/home/oracle/.gnupg/pubring.gpg
-------------------------------
pub   2048R/17DC5B7A 2016-09-02
uid                  arvind (arvind gpg test) <arvind@gmail.com>
sub   2048R/5C9DA3C6 2016-09-02

[oracle@Linux03 ~]$ gpg --delete-keys arvind
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


pub  2048R/17DC5B7A 2016-09-02 arvind (arvind gpg test) <arvind@gmail.com>

Delete this key from the keyring? (y/N) y
[oracle@Linux03 ~]$ gpg --list-keys
[oracle@Linux03 ~]$ 

how to generate a new key with gpg encryption

Assuming that you have installed the gpg package on your machine.

[oracle@Linux03 ~]$ gpg --gen-key
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: arvind
Email address: arvind@gmail.com
Comment: arvind gpg test
You selected this USER-ID:
    "arvind (arvind gpg test) <arvind@gmail.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

can't connect to `/home/oracle/.gnupg/S.gpg-agent': No such file or directory

(pinentry-gtk-2:3073): GLib-GObject-CRITICAL **: Object class GtkSecureEntry doesn't implement property 'editing-canceled' from interface 'GtkCellEditable'

(pinentry-gtk-2:3076): GLib-GObject-CRITICAL **: Object class GtkSecureEntry doesn't implement property 'editing-canceled' from interface 'GtkCellEditable'
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 17DC5B7A marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   2048R/17DC5B7A 2016-09-02
      Key fingerprint = 7B68 5877 A612 F10A AD43  5E01 2320 7F55 17DC 5B7A
uid                  arvind (arvind gpg test) <arvind@gmail.com>
sub   2048R/5C9DA3C6 2016-09-02



[oracle@Linux03 ~]$ gpg --list-keys
/home/oracle/.gnupg/pubring.gpg
-------------------------------
pub   2048R/17DC5B7A 2016-09-02
uid                  arvind (arvind gpg test) <arvind@gmail.com>
sub   2048R/5C9DA3C6 2016-09-02

[oracle@Linux03 ~]$

Open Linux ports on firewall

One important firewall setting that every NIX admin should learn is about the ports and firewall security. As these are the heart of any server. An invalid or miss-configuration can lead to many threats to organizations data.

It is a good practice to close enable firewall settings on. Always open only those ports in firewall that are required for access. Close unnecessarily open ports immediately when not needed.

You can only set/see these settings when logged in as root user. Once logged in as root, firewall settings are part of administration under system. Clicking on firewall will give you below screen.

In this below screen i wan to open up port 1521 for my oracle database to be accessed from other machines. Clicking on Other ports >> Add >> user defined.

Will give you ability to allow this port via firewall settings. This is just a high level config. You can also set advanced settings selecting other options but that's out of scope for this tutorial. That's it port 1521 is available for outside world now on your host IP.