Use gpg
Contents
Introduction
gpg (more specific: GnuPG) can be used to encrypt/decrypt all sort of data, text including mails and binary files, for use of a recipient or for everyone who knows the passphrase (symmetric encryption). It is one of the most established standards for encryption and embedded into many applications, though this article focuses on direct use of gpg on the CLI.
Installation
Packages should be available for all distributions. The package is usually called "gnupg". If you do not know how to install packages, look here.
Usage
Creating a key
First, you should create an own key. This will allow you to sign data with your key, so other people can be sure it stems from you (if they trust the authenticity of your key) and it will allow people to encrypt data with your public key that only you, using your private key, can decrypt.
GPG stores all of its data under ~/.gnupg, though that will be created automatically. So just run:
gnupg --gen-key
Select "DSA and ElGamal" as key type and select a decent key length. If you are not concerned about how long your key will be in its ASCII representation (so you do not want to attach it to every mail or so), you should probably just use 4096.
Now you can select when the key will expire. This is up to you, however for a first test, you might want to create a key that expires after some days, so no one thinks that this is a permanent key though you do not use it any longer.
Confirm and enter you name, mail address and an optional comment. The mail address should be one that people will try to mail to later (if using the key for mailing) so that they get the key right off the key server.
Confirm another time and now choose a secure passphrase for the private key. This will protect your private key from illicit use, even if someone gets it (you should make sure it does not come this far!). Now just generate some entropy, surf the web, move the move etc., and your key should be generated and ready to use.
Perhaps you want to deploy your key to a key server now for your contacts to download. Read more about this below.
Exporting your key
...
Importing keys
...
Listing all known keys
...
Encryption
...
Decryption
...
Signing and verifying signs
...
Symmetric encryption/decryption
...
Going further
- Setup gpg-agent which helps you by caching pass phrases, if you want.
- Install a graphical frontend like kgpg (good KDE frontend, albeit a bit buggy).