GnuPG
Article by
on May 20, 2014The GNU Privacy Guard (GnuPG or GPG) is an implementation of the OpenPGP message format for encrypting and decrypting messages.
Setup
Generating a GPG key is easy, it should look something like:
$ gpg --gen-key gpg (GnuPG) 1.4.14; Copyright (C) 2013 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 4096 Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>" Real name: Your Name Email address: yourname@example.com Comment: You selected this USER-ID: "Your Name <yourname@example.com>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ....+++++ ..................................+++++ We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ...............................+++++ .....+++++ gpg: key 823EB930 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u pub 4096R/823EB930 2014-05-20 Key fingerprint = F872 B0A0 0950 8EA4 5CEF 7C04 84B3 F297 823E B930 uid Your Name <yourname@example.com> sub 4096R/3489DA32 2014-05-20
Fingerprints
A fingerprint is a quick way to identify a GPG key.
Get a Fingerprint from a key file
$ gpg --with-fingerprint file.pub
Search for a key by fingerprint
$ gpg --search-key 44F9512B
List Keys You Have
$ gpg -K
Or, for more info:
$ gpg -K --keyid-format long --with-fingerprint
Publishing Your Key
Print Your Public Key to Screen
$ gpg --armor --export F10500E6
Submit Your Key to a PKS
http://keyserver.ubuntu.com:11371/
OR
$ gpg --keyserver keyserver.ubuntu.com --send-keys F10500E6
Where F10500E6 is your key fingerprint.
Reference: http://askubuntu.com/questions/220063/how-to-publish-gpg-key-in-ubuntu-12-10
Importing Someone Else's Key
For you to encrypt data with someone else's public key you must first import it.
(insert how to here)
Encrypting and Decrypting Email
Encrypting an Email
$ gpg --encrypt --recipient 'youremail@example.com' email.txt
And a file called "email.txt.gpg" will be created which you can then send in the body of an email.
Decrypting an Email
You can only decrypt email for which you have the private key. To do so, run:
$ gpg --output email-decrypted.txt --decrypt email.txt.gpg