GnuPG refers to GNU Privacy Guard and it is the tool from GNU used for secure data storage and secure data communication. With this tool, a user can encrypt and decrypt a file using a password. Along with data encryption, it can be used for generating digital signatures. Other widely used tool that provides cryptographic privacy is PGP (Pretty Good Privacy). GnuPG and PGP, both of the programs implement OpenPGP standard.
Remember, in a public-key system, every user is allotted a pair of keys, Public key and Private key. Public key can be shared with any user who wants to communicate with you. But, Private key is kept disclosed.
This article explains installation and basic key generation process with the use of GPG command. Here we go!
For all the systems running Debian-based distros, use following command to install GnuPG:
sudo apt-get install gnupg
As mentioned earlier, there are two kinds of keys, Public and Private. So, our first step will be generating public and private keys using GnuPG.
Step 1: Generating the Key Pair
To generate the key pair, use the following command:
This command runs in Interactive modes i.e. it expects various inputs to be given from the user side.
Step 2: Select the Algorithm
It will ask you to select one of the four algorithms to generate the keys, with each of them having certain advantages and disadvantages. Select the one of your choice or Press 1 or Enter to use the default RSA and RSA algorithm.
Step 3: Key Size
After selecting the algorithm, you will be asked to select the key size. It is obvious that, larger is the key size, more is the security. A 2048 bits long key would be enough secure. Enter the key size or hit Enter to use the default value (2048 bits).
Step 4: Validity of the Key
Next thing you will have to is to determine validity of the key i.e. the number of days for which the key will remain valid. If you do not want your key to expire, enter 0 (zero).
You will be asked for the confirmation, press Y to confirm.
Step 5: Creating a User ID & Password
There is an User ID and a password associated with each and every key. To create a User ID and Password, you will have to provide your Name, Email Address and a Passphrase.
Step 6: Get Your Key
So as to create a unique key, the system requires some random bytes.
So, it will ask you to perform some operations so that the system gets sufficiently random bytes.
Thus, we have created the key pair for using with GnuPG. The output generated will provide important information which is Key-ID: 913527C0 and we need this Key ID to perform the several operations (which will be discussed later).
Step 7: Listing the Key Pair
The key pair can be listed with the use of --list-keys and --list-secret-keys options.
Step 8: Exporting your Public Keys
We now have with us a key pair, its time to publish our public key on the internet, using which other people can communicate with us.
gpg --armor --export --output my_pubkey.gpg mandar
Now, my_pubkey.gpg will contain my public key. Here, I have used my User ID (mandar)as an argument. You may use your Key-ID or Email address as an alternative for User ID. So, it may become:
gpg –armor –export –output my_pubkey.gpg 913527C0
gpg --armor --export --output my_pubkey.gpg firstname.lastname@example.org
We are ready to send the "my_pubkey.gpg" file to the person we wish to communicate with.
Step 9: Sending Keys to a Key Server
In case you want to communicate with many individuals, it will be very difficult to share your public key with each and every person separately. Instead, you can share your public key on a server called Key-Sever. So anybody who wants to communicate with you can get your public key from the key server.
gpg --send-keys --keyserver keyserver.ubuntu.com 913527C0
Encrypt a File
You can encrypt single file with a passphrase using the command given below:
sudo gpg -c <file_name>
While encrypting a file, you will be asked to enter a passphrase and repeat it. Once it is done, it will create an encrypted version of your original file as "file_name.gpg"
Please remember that, if somehow you forget your passphrase, then you cannot decrypt the file, the encryption process being very strong.
Decrypt a File
You can decrypt an encrypted file "file_name.gpg" using following command:
sudo gpg <file_name.gpg>
You will be asked to enter the passphrase for decryption. If it is found to be correct, your file will be recovered.
In case you want to decrypt a file and store the output in some file "output_file", use following command:
sudo gpg <file_name.gpg> -o <output_file>
That's all! I hope you will like this article. Feel free to comment for your valuable feedback.