GPG Guide - Set-Up, Configuration and Use

Gnu Privacy Guard (GPG) is the only tool you'll need for PGP on linux.  You should be able to find it easily enough in whatever repo you're using.

GPG will create files by default in your home directory and ~/.gnupg/
Then you'll want to issue one of the following (possibly with options and filenames!):  

      gpg --generate-key
      gpg --import-keys

Generate-keys will ask you a bunch of questions, all self-explanatory. The comment can be anything - a popular use is to put your Web site URL in here.  After a bit of huffing and puffing, you should now have yourself a GPG identity with a public and private key pair either imported or just generated a second ago. Quickly verify you have at least one key pair available by issuing:

      gpg --list-keys
      gpg --list-secret-keys

It should spit back something similar to the below for each:

           pub   rsa3072 2019-03-27 [SC] [expires: 2021-07-26]
               xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
          uid           [ultimate] Chris Manning (https://linuxdoctorafcb.blogspot.com)  <linuxdoctorafcb@gmail.com>
          sub   rsa3072 2019-03-27 [E]

The xxxxx's (the fingerprint) should be identical on both keys.
The first line tells us if it's a PUBlic or SECret key, the key type and length in bits (RSA, DSA), date created and expiry date (if one has been set).
Next is the fingerprint - a hash of the key.
Next line is the unique UserID made up of your name, email address and comment.
The final line tells us there is a subkey, and it can be used for [E]ncryption.
 
      gpg --export-key -a "User Name" > public.key


This will create a file called public.key with the ascii representation of the public key for User Name. 

      gpg --export-secret-key -a "User Name" > private.key
 
This will create a file called private.key with the ascii representation of the private key for User Name.

To just sign and not encrypt a message (ie to leave it as a plaintext, fully readable message but just verified 100% as you - all PGP signed) then use this: 


      gpg --clearsign filename.txt


This adds an encoded copy of the message at the bottom.  All the recipient has to do is see if the encoded copy matches the content of the message, if it does, it must be from ME!

No comments:

Post a Comment

Subscribe to: Posts (Atom)