The contents on this site are being moved to Highlander Nexus
UsingGPG
Using GPG
The GNU Privacy Guard (GPG) provides digital encryption and signing services using the OpenPGP standard.
If you're running a Debian or Red Hat Enterprise Linux (RHEL) system GPG should be available by default.
To check whether GPG is installed:
On a RHEL system execute:
rpm -qa | grep gnupg2
On a Debian system execute:
dpkg -s gnupg
If GPG is not installed, install it by issuing:
on Debian systems:
apt-get install gnupg
on RHEL systems:
yum install gnupg2
For macOS, GPGTools is recommended. You can get it at http://gpgtools.org; follow the installation instructions.
To begin using GPG, a public and private key pair must be created:
It is a good idea to create a "revocation certificate" in case your private key is compromised (i.e., someone has obtained your private key); this is optional but highly recommended.
Now that the public and private keys have been created you can encrypt a message to send by email.
To send an encrypted message you must have the recipient's public key. If you do not already have the recipient's public key you may be able to retrieve it from a keyserver, such as http://mit.pgp.edu
Assuming you have the recipient's public key, encrypt the message by signing it with that key:
The above command creates the encrypted file message.gpg
In order for someone to send you an encrypted message, they will have to follow steps 1-5 above but with the roles reversed.
gpg --gen-key
Follow the on-screen instructions, which will create a private and public key located in your ~/.gnupg directory.
To create a revocation certificate:
gpg --gen-revoke you@example.com
The email address used above is the one you entered in step 1.
Store your revocation certificate in a safe place.
To make your own public key available, you can upload that key to a keyserver such as http://mit.pgp.edu Instructions for uploading your public key are at that URL.
gpg --output message.gpg --encrypt --recipient donjoe@example.com message
When you send message.gpg via email only the recipient can read it using their private key.
In order for the recipient to decrypt message.gpg the following command must be executed in the directory that contains message.gpg:
gpg message.gpg
The recipient will be prompted to enter their private key's passphrase when they execute the above command; this is the passphrase which the recipient provided when they created their private and public key pair.
After this command is executed the decrypted message will be available as 'message' in the current working directory.