All Linux HowTo's Security HowTo's

GPG & PGP Made Easy with a Complete Walk Through

This article explains how to work with PGP keys. PGP keys come in pairs – a private key and a public key. Private keys are to be kept secret to the owner while public keys can be shared with the world.

We’ll be using GnuPG otherwise known as GPG which is compatible with PGP.

Example Scenario

In this example, Lisa will be sending an encrypted file to Bart. For this to happen, they both need GPG (or PGP) keys. Bart will share his public key with Lisa allowing Lisa to use Bart’s public key to encrypt the file. The result will be a file from Lisa that only Bart can decrypt.

Bart’s Steps

Create Bart’s key pair

gpg --gen-key

You will go through a Q&A. The defaults are fine. If you are planning to do automated encryption and decryption you should skip the passphrase.

If you’ve having trouble with entropy, consider running “haveged -F” in a different console on that server. It will help.

IMPORTANT: The email address that we use in the above key generation process is important as we use it to identify the keys later on. In other words, use a sensible email address that others will see and use later.

List Bart’s keys

Bart lists his current keys by issuing the following command.

gpg --list-keys

Export Bart’s public key

gpg -armor --export bart@example.com > barts_public_key.asc

Bart will now have a file called “barts_public_key.asc” which he can share with Lisa.

Lisa’s Steps

Import Bart’s public key

Lisa is the recipient of Bart’s public key. She needs to import it before using it.

IMPORTANT: Make sure Lisa has her own set of keys. She can generate them in the same way Bart did above.

gpg --import barts_public_key.asc

Lisa lists her available keys

Having just imported Bart’s public key, Lisa can now list them.

gpg --list-keys

The output will be something like this:

[root@www ~]# gpg --list-keys
pub   2148R/328AAA00 2018-02-19
uid                  Bart Simpsons (A Test Key) <bart@example.com>

pub   2148R/4EAA4794 2018-02-19
uid                  Lisa Simpsons (A Test Key) <lisa@example.com>

Lisa encrypts a file that only Bart can decrypt

 gpg --encrypt --recipient bart@example.com testfile.txt

The above command will create a new file called “testfile.txt.gpg” which is the encrypted version of the original “testfile.txt” file. Lisa can send the newly encrypted file to Bart knowing that only Bart can open it.

Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.