GNU Privacy Guard
Encryption and signing of data and communication
Distribution: source code
Distribution: binary code
Verify installed version via the command-line interface:
Generating a new key pair
To encrypt ones communications, one needs to create a key pair consisting of a public key and a secret key. Select RSA public key and RSA secret key formation with the highest key bit length offered:
Give the random number generator a better chance to gain enough entropy: play a video.
Generating a revocation certificate
Create a revocation key to revoke ones public key if it has been, or suspected to have been, compromised in any way:
Keep the revocation key in a safe place. Anyone who accesses it can use it to disable ones private key. (One could use symmetric encryption (see below) on ones revocation file.)
gpg --output revoke.asc --gen-revoke [keyid]
To communicate with others you must exchange public keys. To list the keys on your public keyring
A list of the keys registered with your e-mail should appear (and since there should be only one, it will only list your key.) Then, you can obtain your KEY-ID and run the command above in order to submit it to the key servers.
To display the private or public keys:
Exporting a Public Key
gpg -av --export [any part of the user ID]
Importing a Public Key
The output should state that the key was imported. If a particular public signing key had previously been imported then the output should state that the key was unchanged.
cd /path/to/public_signing_key_directory && cat public_signing.key | gpg --keyid-format long --import public_signing.key
Encrypting and decrypting documents
Public-key Cryptography With GNU Privacy Guard
A pair of keys is used for encryption and decryption.
To encrypt a file destined for ones friend using his public key:
gpg -o encrypted_file.gpg --encrypt -r key-id original.file
-o encrypted_file.gpg = Output to the following filename.
--encrypt = Encrypting a file
-r = Recipient. KEY-ID would be your friends KEY-ID here.
To decrypt a file that has been encrypted with ones public key:
gpg --decrypt filename.gpg
Symmetric-key Cryptography With GNU Privacy Guard
GnuPG also supports symmetric encryption algorithms, One key is used for encryption and decryption. This approach is simpler in dealing with each message, but it is less secure since the key must be communicated to the recipient.
Making and Verifying Signatures
Creating a clearsigned file (document) plus its corresponding detached signature
This is what the sender of the document performs:
gpg --output doc.txt.sig --detach-sign doc.txt
Verifying a clearsigned file (document) with its corresponding detached signature
This is what the recipient of the electronic document would need to perform:
- Import the public (signing) key of the sender of the document
Download an electronic document and its corresponding detached signature file (which will have the same name as the document file but with .asc or .sig appended to the end) from the sender
Verify the document file using its corresponding signature file (which both must be in the same directory):
gpg --keyid-format long --import key
gpg --keyid-format long --verify doc.txt.sig doc.txt
e.g. to cryptographically verify an ISO image file:
gpg --keyid-format long --verify ISO.sig ISO
Retrieving public keys from a keyserver:
Sending public keys to a key server:
gpg --keyserver hkp://pgp.mit.edu --recv-key [yourpublicid]
gpg --keyserver hkp://pgp.mit.edu --send-keys [yourpublicid]
Legal Disclaimer & Copyright Policy