Note: Any feedback on this entry's information is appreciated.
GPG stands for GNU Privacy Guard. According to Wikipedia, it's a free-software replacement for OpenPGP.
People should care about GPG because it's used to:
GPG works by generating a keypair which is composed of:
To encrypt a message, you'll need the recipient's public key. Once the message has been encrypted, it will be decrypted only by the recipient's private key. To allow the recipient to verify it was you, not an impostor, who sent the message, you can sign the message (this is explained in Encrypt Text).
Note: This assumes you're using a terminal. If you need or prefer a GUI, you can find resources elsewhere.
To generate a keypair, you must run
gpg --gen-key or
gpg --full-gen-key. Follow the steps on the screen and keep the default options.
After you're done, run
gpg -k to see a list of all the keys on your keyring. Here is an example of what you're looking at:
/home/user/.gnupg/pubring.kbx ------------------------------ pub rsa4096 DATE [SC] FINGERPRINT uid [trust] Your Name <firstname.lastname@example.org> sub rsa4096 DATE [E]
Before you can send someone a message, you must obtain their public key. You must either ask them for the key, download it if they link to it, or search for their keys on a keyserver. You can also import your own public and private keys if needed.
If you asked or got the recipient's public key, run the following command:
gpg --import name-pub.asc
If you want (or prefer) to search for their public key, run the following command:
gpg --search-keys email@example.com gpg: data source: kerserver.org:port (1) Person Name <firstname.lastname@example.org> 4096 bit RSA key FINGERPRINT, created: DATE
If the output is what you expected, run the following command:
gpg --receive-keys FINGERPRINT
To verify that the newly imported key is in your keyring, run
Here is what I do to encrypt messages. This may not be the "correct" or best way to do this, but I opt for this because it's pretty easy for me to remember.
echo "My message here." | gpg --armor --encrypt --sign --user MY_FINGERPRINT --recipient RECIPIENT_FINGERPRINT | xclip
The message will automatically be inserted into your clipboard thanks to
xclip. You can now simply send the content to the recipient.
If a message was encrypted using your public key, you should simply be able to run the following command:
echo "whole mess of text here lmao" | gpg --decrypt
If, however, it gives you an error, you can just specify what key to use like so:
echo "whole mess of text here lmao" | gpg --decrypt --user FINGERPRINT
There will be some cases where you'll have or want to export keys, most commonly your own public key so others can send you encrypted messages.
To export a public key, run the following command:
gpg --export --armor FINGERPRINT
To export a private key, run the following command:
gpg --export-secret-keys --armor FINGERPRINT
Note: Exporting private keys will prompt you to input the key's password. This is expected behavior.
If you ever need to delete a key from your keyring, run the following commands:
# Delete public key only gpg --delete-keys FINGERPRINT # Delete private key only gpg --delete-secret-keys FINGERPRINT # Delete public and private keys gpg --delete-secret-and-public-key FINGERPRINT
Homepage | Blog Page