GNU Privacy Guard

Encryption and signing of data and communication

https://www.gnupg.org/

Distribution: source code
Distribution: binary code

Verify installed version via the command-line interface:

gpg --version

Command syntax:

gpg [options] [files]

Generating a new key pair

https://www.gnupg.org/gph/en/manual.html#AEN26

To encrypt ones communications, one needs to create a key pair consisting of a public key and a secret key. Select RSA public key and RSA secret key formation with the highest key bit length offered:


				gpg --gen-key

Give the random number generator a better chance to gain enough entropy: play a video.

Generating a revocation certificate

https://www.gnupg.org/gph/en/manual.html#REVOCATION

Create a revocation key to revoke ones public key if it has been, or suspected to have been, compromised in any way:


				gpg --output revoke.asc --gen-revoke [keyid]

Keep the revocation key in a safe place. Anyone who accesses it can use it to disable ones private key. (One could use symmetric encryption (see below) on ones revocation file.)

Exchanging Keys

To communicate with others you must exchange public keys. To list the keys on your public keyring


				gpg --list-keys

A list of the keys registered with your e-mail should appear (and since there should be only one, it will only list your key.) Then, you can obtain your KEY-ID and run the command above in order to submit it to the key servers.

To display the private or public keys:


				gpg --list-public-keys

				gpg --list-secret-keys

Exporting a Public Key


				gpg -av --export [any part of the user ID]

Importing a Public Key


				cd /path/to/public_signing_key_directory && cat public_signing.key | gpg --keyid-format long --import public_signing.key

The output should state that the key was imported. If a particular public signing key had previously been imported then the output should state that the key was unchanged.

Encrypting and decrypting documents

https://www.gnupg.org/gph/en/manual.html#AEN111

Public-key Cryptography With GNU Privacy Guard

A pair of keys is used for encryption and decryption. To encrypt a file destined for ones friend using his public key:


				gpg -o encrypted_file.gpg --encrypt -r key-id original.file

Explanation:
-o encrypted_file.gpg = Output to the following filename.
--encrypt = Encrypting a file
-r = Recipient. KEY-ID would be your friends KEY-ID here.

To decrypt a file that has been encrypted with ones public key:


				gpg --decrypt filename.gpg

Symmetric-key Cryptography With GNU Privacy Guard

GnuPG also supports symmetric encryption algorithms, One key is used for encryption and decryption. This approach is simpler in dealing with each message, but it is less secure since the key must be communicated to the recipient.
To encrypt:


				gpg -c filename.txt

To decrypt:


				gpg filename.txt

Making and Verifying Signatures

https://www.gnupg.org/gph/en/manual.html#AEN136
https://launchpad.net/+help-registry/verify-downloads.html

Creating a clearsigned file (document) plus its corresponding detached signature

This is what the sender of the document performs:


				gpg --output doc.txt.sig --detach-sign doc.txt

Verifying a clearsigned file (document) with its corresponding detached signature

This is what the recipient of the electronic document would need to perform:

Import the public (signing) key of the sender of the document

	
					gpg --keyid-format long --import key

Download an electronic document and its corresponding detached signature file (which will have the same name as the document file but with .asc or .sig appended to the end) from the sender
Verify the document file using its corresponding signature file (which both must be in the same directory):
e.g. to cryptographically verify an ISO image file:

Key Management

https://www.gnupg.org/gph/en/manual.html#MANAGEMENT

Distributing Keys

https://www.gnupg.org/gph/en/manual.html#AEN464

Retrieving public keys from a keyserver:


				gpg --keyserver hkp://pgp.mit.edu --recv-key [yourpublicid]

Sending public keys to a key server:


				gpg --keyserver hkp://pgp.mit.edu --send-keys [yourpublicid]

Dependencies

+curl,+libgcrypt,+libusb,+openldap +libgpg-error +binutils,+bzip2,+gzip,+tar,+xz,+zlib

References

https://www.archlinux.org/packages/core/x86_64/gnupg/

http://www.linuxfromscratch.org/blfs/view/svn/postlfs/gnupg.html

http://www.t2-project.org/packages/gnupg.html

directory.fsf.org

documentation

http://fosswire.com/post/2008/06/getting-started-with-gnu-privacy-guard/

http://www.slashroot.in/gpg-gnu-privacy-guard-tutorial-commandline-encryption-and-decryption

http://digital-era.net/gpa-gnu-privacy-assistant/

Legal Disclaimer & Copyright Policy

TUTORIALS