Lab 4: Digital Signatures with GPG

← Back to Week 6

Mission Objectives

Scenario:

You're a security analyst verifying the authenticity of documents. Use GPG digital signatures to ensure document integrity and authenticate the sender.

Objective 1

Generate your GPG key pair

Use: gpg --gen-key
Name: CyberAnalyst
Email: analyst@cyberops.lab
Objective 2

Export your public key in ASCII armor format

Use: gpg --export --armor analyst@cyberops.lab > mypubkey.asc
Objective 3

Create a document and sign it

echo "This is an official security report" > report.txt
gpg --sign --armor report.txt
This creates report.txt.asc (signed document)
Objective 4

Verify your own signature

Use: gpg --verify report.txt.asc
Should show "Good signature"
Objective 5

Tamper with the document and verify again to see signature failure

echo "TAMPERED DATA" > report.txt
gpg --verify report.txt.asc
Should show "BAD signature"
Objective 6

Import a colleague's public key

A pre-existing key file colleague_key.asc is available.
Use: gpg --import colleague_key.asc
Objective 7

Verify a document signed by your colleague

File threat_intel.txt.asc is signed by your colleague.
Use: gpg --verify threat_intel.txt.asc
GPG Terminal - analyst@cyberops-lab
Welcome to the Digital Signatures Lab
Learn to sign and verify documents using GPG (GNU Privacy Guard)
Pre-loaded files: colleague_key.asc, threat_intel.txt.asc
Type 'help' for available commands
analyst@cyberops-lab:~$

LAB COMPLETE!

You've mastered digital signatures with GPG

+25 XP