“GnuPG uses public-key cryptography so that users can communicate securely. In a public-key system, each user has a pair of keys consisting of a private and public key. A user’s private key is kept secret; it need never to be revealed. The public-key maybe given to anyone with whom the user wants to communicate.” – The GNU Privacy Handbook
GnuPGP or GPG (Gnu Privacy Guard) is a computer program that implements the OpenGPG standard; an open source alternative to the PGP commercial product.
The core package for GnuPGP gnupg is installed by default on Ubuntu. This quick start guide will discuss about performing file encryption with GPG.
Generating a Key
Type the following command:
$ gpg --gen-key
After executing the command you will be prompt with the following:
Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only)
Enter option 1 to allow encryption and decryption.
What keysize do you want? (2048)
Enter 2048 which is the default recommended by GnuPGP
Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years
Enter 0 so that there is no expiration date for the key.
Next you will need to enter your user information.
You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) "
Enter your “Real name”, “Email address”, and “Comment” is optional.
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?
Confirm your information by entering O, and the key generation will begin.
Enter passphrase:
Next you will need to enter a passphrase; remember that if you forget your passphase then your key will be useless.
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. +++++.++++++++++.++++++++++.+++++++++++++++++++++++++.+++++++++++++++.+++++++++++++++...+++++.+++++++++++++++++++++++++++++++++++++++++++++>++++++++++>.+++++............................................................................+++++ Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 283 more bytes)
During the key generation follow the instruction mentioned above and wait patiently for your key to complete generating.
When the key has completed generating the following summary will be prompted:
gpg: key 2DFD492E marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u pub 1024D/2DFD492E 2009-10-14 Key fingerprint = FCAC 0686 401B A333 546E F081 0459 61E9 2DED 490C uid Vincent Kong <vkong@myemail.com> sub 2048g/457534BF 2009-10-14
The new generated key ID is 2DFD492E
Listing the keys
$ gpg --list-keys
Importing a Public Key
$ gpg --import KEYFILE
Encrypting a File
To encrypt a file for another user, the encryption must be done with their public key, which needs to be imported first.
$ gpg --output ENCRYPTED_FILE.gpg --encrypt --recipient USER_PUBLIC_KEY_ID ORIGINAL_FILE
Decrypting a File
If a user sent you a file that has been encrypted with your public key, it can be decrypted with the following:
$ gpg --decrypt ENCRYPTED_FILE.gpg
Exporting Your Public Key
$ gpg --armor --export KEY_ID
Signing a Public Key
In GnuPG, if you get an error saying There is no assurance this key belongs to the named user when trying to encrypt, you need to sign the public key.
$ gpg --sign-key PUBLIC_KEY_ID
Edit a Key
$ gpg --edit-key KEY_ID
Information associated to KEY_ID will be displayed followed by the Command> prompt; type help to display the list of command which can be used to modify the key
A detailed how-to guide about GnuPGP can be found here.
Link Summary
Related posts: