The contents on this site are being moved to Highlander Nexus

UsingGPG

From Linux and MacOSX Wiki
Jump to: navigation, search

Using GPG


Purpose: This documentation will show you how you can encrypt an email message using GPG.

The GNU Privacy Guard (GPG) provides digital encryption and signing services using the OpenPGP standard.

If you're running a Debian or Red Hat Enterprise Linux (RHEL) system GPG should be available by default.

To check whether GPG is installed:

On a RHEL system execute:

rpm -qa | grep gnupg2

On a Debian system execute:

dpkg -s gnupg

If GPG is not installed, install it by issuing:

on Debian systems:

apt-get install gnupg

on RHEL systems:

yum install gnupg2

For macOS, GPGTools is recommended. You can get it at http://gpgtools.org; follow the installation instructions.

  1. To begin using GPG, a public and private key pair must be created:

    2. gpg --gen-key

    Follow the on-screen instructions, which will create a private and public key located in your ~/.gnupg directory.

  2. It is a good idea to create a "revocation certificate" in case your private key is compromised (i.e., someone has obtained your private key); this is optional but highly recommended.

    3. To create a revocation certificate:

    gpg --gen-revoke you@example.com

    The email address used above is the one you entered in step 1.

    Store your revocation certificate in a safe place.

  3. Now that the public and private keys have been created you can encrypt a message to send by email.

  4. To send an encrypted message you must have the recipient's public key. If you do not already have the recipient's public key you may be able to retrieve it from a keyserver, such as http://mit.pgp.edu

    5. To make your own public key available, you can upload that key to a keyserver such as http://mit.pgp.edu Instructions for uploading your public key are at that URL.

  5. Assuming you have the recipient's public key, encrypt the message by signing it with that key:

    6. gpg --output message.gpg --encrypt --recipient donjoe@example.com message

  6. The above command creates the encrypted file message.gpg

    7. When you send message.gpg via email only the recipient can read it using their private key.

    In order for the recipient to decrypt message.gpg the following command must be executed in the directory that contains message.gpg:

    gpg message.gpg

    The recipient will be prompted to enter their private key's passphrase when they execute the above command; this is the passphrase which the recipient provided when they created their private and public key pair.

    After this command is executed the decrypted message will be available as 'message' in the current working directory.

  7. In order for someone to send you an encrypted message, they will have to follow steps 1-5 above but with the roles reversed.

Retrieved from "https://wiki.linux.njit.edu/index.php?title=UsingGPG&oldid=112"