Using PGP Keys on GNU/Linux
Some of my students asked me on how to use pgp with GNU/Linux.
I figured out it'd make a nice post...
PGP (Pretty Good Privacy) is a powerful tool for securing your communications and ensuring data integrity. It's widely used for encrypting and signing data, making it an essential component for privacy-conscious individuals. This guide will walk you through generating, importing, exporting, signing, verifying, encrypting, and decrypting PGP keys on GNU/Linux.
Generating PGP Keys
Generating a PGP key pair (public and private keys) is the first step in using PGP. Use the following command:
$ gpg --full-generate-key
gpg (GnuPG) 2.4.1; Copyright (C) 2022 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
# ...
You'll be prompted to:
- Select the kind of key (RSA and RSA is a common choice).
- Choose the key size (2048 bits is standard, but 4096 bits offers stronger security).
- Set an expiration date for the key.
- Enter your user ID information (name, email, and optional comment).
- Create a passphrase to protect your private key.
Importing PGP Keys
Importing PGP keys allows you to communicate securely with others. You can import keys from a file, using curl, or from a keyserver.
If you have a PGP key inside a file (e.g., publickey.asc), import it using:
$ gpg --import publickey.asc
If your key is in online,
you can pipe it directly from a URL using curl:
$ curl -sL https://example.com/pgp.pub | gpg --import
If you don't have access to a suitable web server, gnupg provides a nice (obviously not bloated at all) way to import keys using keyservers.
$ gpg --search-keys "username" # or :
$ gpg --keyserver keyserver.ubuntu.com --search-keys "username"
Exporting PGP Keys
Exporting your public key allows others to encrypt messages for you. You can export keys to a file, a keyserver, or a custom domain.
To export your public key to a file, use:
$ gpg --armor --export your_email@example.com >mypgp.pub
This command exports your public key in ASCII-armored format to a file named mypgp.pub. You may also use a keyserver :
$ gpg --send-keys --keyserver keyserver.ubuntu.com your_key_id
Or exporting it to a custom domain :
$ gpg --armor --export your_email@example.com > mypgp.pub
# Then upload mypgp.pub to https://example.org/mygpg.pub
Signing and Verifying Messages
Signing a message ensures its authenticity and integrity. You can use clear signing or detached signatures.
To create a clear-signed message, use:
$ gpg --clearsign message.txt
This command creates a signed message file (message.txt.asc) that includes your digital signature.
If you wan't do creates a separate signature file (message.txt.sig), you can use:
$ gpg --detach-sign message.txt
To verify a signed message, use:
$ gpg --verify message.txt.asc
Encrypting and Decrypting Messages
To encrypt a message for a recipient, use:
$ gpg --encrypt --recipient recipient_email@example.com message.txt
This command creates an encrypted file (message.txt.gpg) that can only be decrypted by the intended recipient.
To decrypt a message, use:
$ gpg --decrypt message.txt.gpg
You'll be prompted to enter your passphrase to decrypt the message.
And voilà!
https://sites.pitt.edu/~poole/PGP
https://www.gnupg.org/download/index.html
https://www.redhat.com/en/blog/getting-started-gpg
See you,