2024-03-06
Before you can encrypt or sign anything, you need a key pair: a public key and a private key. The public key can be shared freely; anyone can use it to encrypt a message for you. Your private key, however, must be kept secret; it’s used to decrypt messages and verify signatures.
To generate a key pair, use the following command:
gpg --gen-keyYou’ll be prompted to choose a key type (RSA and RSA and Elliptic Curve are popular choices), key size (longer keys are more secure but slower), and provide your name, email address, and a comment (optional). Remember this information, especially your passphrase, as you’ll need it later.
The process might take a few minutes depending on your key size. Once completed, you’ll have a new key pair.
To view your generated keys, use:
gpg --list-keysThis command will show you the details of your keys, including their ID, key type, and expiration date. You’ll see both your public and private keys listed.
To share your public key with others, you need to export it. This allows others to encrypt messages that only you can decrypt.
gpg --armor --export <your-email-address> > public_key.ascReplace <your-email-address> with the email address you associated with your key. The --armor flag ensures the key is in ASCII format, making it easily transferable. The exported key will be saved in public_key.asc.
Let’s encrypt a file named my_secret_file.txt using someone else’s public key (e.g., recipient_public_key.asc):
gpg --encrypt --recipient recipient@example.com --output encrypted_file.gpg my_secret_file.txtReplace recipient@example.com with the recipient’s email address associated with their public key. The encrypted file will be named encrypted_file.gpg.
To decrypt the file, use your private key:
gpg --decrypt encrypted_file.gpg > decrypted_file.txtYou’ll be prompted for your passphrase. The decrypted file will be saved as decrypted_file.txt.
GPG can also be used to digitally sign files, ensuring their authenticity and integrity. Signing a file creates a signature that verifies the file hasn’t been tampered with.
gpg --sign my_file.txtThis command will create a signature file (usually with the .sig extension).
To verify a signature:
gpg --verify my_file.txt.sig my_file.txtThis will confirm if the signature is valid and the file hasn’t been altered since it was signed.
To receive encrypted messages, you need to import the sender’s public key:
gpg --import recipient_public_key.ascIf your private key is compromised, you must revoke it to prevent unauthorized access. This is a complex procedure and requires careful consideration. Consult the gpg documentation for details on revocation.
This guide provides a solid foundation for using GPG. Remember to always handle your private key with utmost care and practice safe key management. Further exploration of gpg’s options and features will improve your ability to secure your communications and data effectively.