Intro to PGP
PGP stands for Pretty Good Privacy, and refers to a software system which facilitates private communication over email. It was eventually the basis for an open communication standard called OpenPGP, which now has many implementations. In the context of this site, anytime we refer to "PGP" we're referring to any implementation of OpenPGP. Usage of PGP is centered around the distribution of keys. Each user has a key pair consisting of a public key and a private key with an associated email address. The public key is generally distributed freely, via something like a PGP Key Server, and the private key is stored privately and encrypted with a password. A message encrypted with a public key can only be decrypted by the corresponding private key. Messages can also be signed by a private key and anybody with the corresponding public key can verify the signature. In this tutorial we'll go over how to use the linux program gpg.
GPGGPG stands for GNU Privacy Guard and is a play on the original acronym PGP. To see if you have the program installed, on the command line type
$ gpg --versionIf gpg is installed on your system the output will be the details about the current version. If gpg is not installed on your system the output will be an error message saying as much, hopefully along with some installation instructions. On Debian Linux gpg can be installed with the command:
$ sudo apt-get install gnupgIf you're just installing gpg now you'll want to generate a key pair. Your key pair will allow other people to send you private messages that only you can decrypt, and will allow you to sign messages so that others can verify that a message came from you. To generate a key pair use the command
$ gpg --gen-keyYou'll be prompted to pick a signature scheme and an encryption scheme, after which you'll be prompted for a key size. We recommend RSA for both signing and encrypting and at least a 2048 bit key.To export your public key, use the command
$ gpg --export --armor [e-mail]The output will be a block of text which looks something like this
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1 mQENBFZN8sgBCADaTjalXomHCLsB94e8lJCOTKnbRstrCq0q0I5An6MQyr1EhdWw 7vM7gF8g304ibEo/CnfeXCCYAsIYdE8BQARcMnUs+aglVMH+fu8bXcw/AODcca26 +6oKLQ0YKf2WAwXJ8f6J/JoxuYCcEON4zdfm+8DddXglpVzg8h5vpAQXGwNhHG8+ U9L/sheUN1IPm9rpP3I8B5gQhTijq1WBG086mzO4fEzq2AtaLo+RNX3hEjxqcSHN xfwcNveYwtg/O31+WK+zx6ai2ocTsgq4i9DOAsFtNfp7NXzqbk4X0fyHoAI2iDj1 8R7VOKvE4Kfuq4n6U7UdMefLr2lweQOKjzZvABEBAAG0N2lkMC1yc2EucHViICho dHRwOi8vaWQwLXJzYS5wdWIpIDxpZDByc2EucHViQGdtYWlsLmNvbT6JATgEEwEC ACIFAlZN8sgCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJECUD0PGoGwnU CmwH+weJzjr7MiZWDDyMb7jKzo7qWPpALzaR4N4XBsBWZZKkEPEiJ1lUUb7XYLFw zKDtJ0yzM6WotdZ1DoPBh4+5i9PQ7GY+LyRdMSxfxIAv5c400nNym+HPV5PdO8C/ 4ZMo+ta8EB6g/hBtQx6XEF6KDbWaINQHM9EiKWsMxi0gTybdX13wnlZY1lJtwH4y QbUpS/JuD2jjHOrr5gkmjKvSTIaAp7Q5RHHMMnWlMl4jnNMkz4vGZzQNfu1TX70d l3decxO3hgLg1eBnPjMhq4vsJ10VL6GBRkDhxvyhQQEm6T5mymqscXZ89dGPZj+0 9MOOhC49jUP2gNzEXMGUCTZ62r+5AQ0EVk3yyAEIAKfVki44s71WTO06jC3iu0dl BXqME6+T5mG7W89yej/EXg01ibFxOMPIdH6B0sj1KpKYn2uoDGQCVOjemP7z4EyM bbZD0XclNu4l/hDnV+c+UNyMcGEDLtpByML8h2WUDn2PGpl0UxRdJN3td6sbWfRe jA+HsNqdighjml/qs3+lGa+vFyUDelJvbPvANYhHyS61txQ2cvuiDm9wqa4dFmTG DthC0RqgwO4L76xpD8GMlIQlQ7GecaNnDF7FyIn9wrKr4PnZYVtVCBUgriezwANT ObjaKuudmpQ7fDV2pQoYgh0mZ3nHR1m/Dmk3tJbdb3sBK6G6bZk1mywCkO2akMsA EQEAAYkBHwQYAQIACQUCVk3yyAIbDAAKCRAlA9DxqBsJ1HxZB/0ez6WK00b5sFBp dWe0PsEY48zsFf+kigmOu5zryJiej+21Qrl4+ErdOS7qXm6h59K+xvkqmMVXtS2N ONd4kbsJJVlV+80UXQKyT9LqlDRRZhVRYxl1zcbn1+lAyfxNvQSsV/w2PZaFpZPa vfx8H+tYBS7zm8UwaW+RLtXRjRiRBhqe2tUIEfrqz+gfR2ZlYH7bq+6v0IUmAGxR 4d11vpQO5Fblapfu0mPsxwD6K6x6JnCGjFg1Vx+SjRmSz/AvvZ5tX2lyqVaGWtLe OJ+SiIqAnY7AnQRcF47WMJwbg33NRakOle+oYFReHVL+tOaa+pLutAc/OxLqFCkQ DACgFk/S =/fM+ -----END PGP PUBLIC KEY BLOCK-----This block of text can be distributed freely and allows anybody who has it to send you encrypted messages. You may want to upload it to a key server like pgp.mit.edu to make it easier for people to find. Next you can start importing other people's public keys. You can start with the one posted above, which is our public key for the email address id0rsa.pub at gmail. To import the key, save the block of text to a file and use the command
$ gpg --import [file]Once imported, you can encrypt a message to us like this
$ echo "hello id0!" | gpg -e --armorOr you could verify our signature like this
$ cat signed_message.asc | gpg -d
ReviewTo prove that you've installed and can use gpg, import our key and use it to decrypt this message that we've signed.
-----BEGIN PGP MESSAGE----- Version: GnuPG v1 owEBUAGv/pANAwACASUD0PGoGwnUAcsgYgBWV5BZVGhhbmsgeW91IFBoaWwgWmlt bWVybWFubiGJARwEAAECAAYFAlZXkFkACgkQJQPQ8agbCdTZawgA2DHj0TSzWFvT xESb5+g5WkoKwPIZB28ywQJxUOk54+8H/sC66Bp1zPdSRWfT4JXUD8AMb7lxXz5e dwcr4Nrg696GZNYEKT9mMzPJzISAAYyxTpuZRAM1nKc/a1fn/1+Xxyyl6aclXDbZ CEYj3ATtED9hmIld/l+igwbcIWmlEoqHF7xdHvLAylV3y3q785zXRqXxB2Xqj4O2 LLNFMc9BzzIow4mbIlcspPCWp7c8LGDqUCxbfRa/H4zaH104HU2kSE4VjkLcDE/e ObAVRyJkpQZzhMflQOjqX8Ru3qI973P+UtMga0e5uc+0JF5SsCiYon9I+Z3Uq8Lv C3R5ohVWmQ== =8YPr -----END PGP MESSAGE-----Enter the message below.