PGP stands for Pretty Good Privacy, and refers to a software system which facilitates private communication over email. It was eventually the basis for an open communication standard called OpenPGP, which now has many implementations. In the context of this site, anytime we refer to "PGP" we're referring to any implementation of OpenPGP. Usage of PGP is centered around the distribution of keys. Each user has a key pair consisting of a public key and a private key with an associated email address. The public key is generally distributed freely, via something like a PGP Key Server, and the private key is stored privately and encrypted with a password. A message encrypted with a public key can only be decrypted by the corresponding private key. Messages can also be signed by a private key and anybody with the corresponding public key can verify the signature. In this tutorial we'll go over how to use the linux program gpg.

GPG

GPG stands for GNU Privacy Guard and is a play on the original acronym PGP. To see if you have the program installed, on the command line type

$ gpg --version

If gpg is installed on your system the output will be the details about the current version. If gpg is not installed on your system the output will be an error message saying as much, hopefully along with some installation instructions. On Debian Linux gpg can be installed with the command:

$ sudo apt-get install gnupg

If you're just installing gpg now you'll want to generate a key pair. Your key pair will allow other people to send you private messages that only you can decrypt, and will allow you to sign messages so that others can verify that a message came from you. To generate a key pair use the command

$ gpg --gen-key

You'll be prompted to pick a signature scheme and an encryption scheme, after which you'll be prompted for a key size. We recommend RSA for both signing and encrypting and at least a 2048 bit key.To export your public key, use the command

$ gpg --export --armor [e-mail]

The output will be a block of text which looks something like this

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQENBFZN8sgBCADaTjalXomHCLsB94e8lJCOTKnbRstrCq0q0I5An6MQyr1EhdWw
7vM7gF8g304ibEo/CnfeXCCYAsIYdE8BQARcMnUs+aglVMH+fu8bXcw/AODcca26
+6oKLQ0YKf2WAwXJ8f6J/JoxuYCcEON4zdfm+8DddXglpVzg8h5vpAQXGwNhHG8+
U9L/sheUN1IPm9rpP3I8B5gQhTijq1WBG086mzO4fEzq2AtaLo+RNX3hEjxqcSHN
xfwcNveYwtg/O31+WK+zx6ai2ocTsgq4i9DOAsFtNfp7NXzqbk4X0fyHoAI2iDj1
8R7VOKvE4Kfuq4n6U7UdMefLr2lweQOKjzZvABEBAAG0N2lkMC1yc2EucHViICho
dHRwOi8vaWQwLXJzYS5wdWIpIDxpZDByc2EucHViQGdtYWlsLmNvbT6JATgEEwEC
ACIFAlZN8sgCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJECUD0PGoGwnU
CmwH+weJzjr7MiZWDDyMb7jKzo7qWPpALzaR4N4XBsBWZZKkEPEiJ1lUUb7XYLFw
zKDtJ0yzM6WotdZ1DoPBh4+5i9PQ7GY+LyRdMSxfxIAv5c400nNym+HPV5PdO8C/
4ZMo+ta8EB6g/hBtQx6XEF6KDbWaINQHM9EiKWsMxi0gTybdX13wnlZY1lJtwH4y
QbUpS/JuD2jjHOrr5gkmjKvSTIaAp7Q5RHHMMnWlMl4jnNMkz4vGZzQNfu1TX70d
l3decxO3hgLg1eBnPjMhq4vsJ10VL6GBRkDhxvyhQQEm6T5mymqscXZ89dGPZj+0
9MOOhC49jUP2gNzEXMGUCTZ62r+5AQ0EVk3yyAEIAKfVki44s71WTO06jC3iu0dl
BXqME6+T5mG7W89yej/EXg01ibFxOMPIdH6B0sj1KpKYn2uoDGQCVOjemP7z4EyM
bbZD0XclNu4l/hDnV+c+UNyMcGEDLtpByML8h2WUDn2PGpl0UxRdJN3td6sbWfRe
jA+HsNqdighjml/qs3+lGa+vFyUDelJvbPvANYhHyS61txQ2cvuiDm9wqa4dFmTG
DthC0RqgwO4L76xpD8GMlIQlQ7GecaNnDF7FyIn9wrKr4PnZYVtVCBUgriezwANT
ObjaKuudmpQ7fDV2pQoYgh0mZ3nHR1m/Dmk3tJbdb3sBK6G6bZk1mywCkO2akMsA
EQEAAYkBHwQYAQIACQUCVk3yyAIbDAAKCRAlA9DxqBsJ1HxZB/0ez6WK00b5sFBp
dWe0PsEY48zsFf+kigmOu5zryJiej+21Qrl4+ErdOS7qXm6h59K+xvkqmMVXtS2N
ONd4kbsJJVlV+80UXQKyT9LqlDRRZhVRYxl1zcbn1+lAyfxNvQSsV/w2PZaFpZPa
vfx8H+tYBS7zm8UwaW+RLtXRjRiRBhqe2tUIEfrqz+gfR2ZlYH7bq+6v0IUmAGxR
4d11vpQO5Fblapfu0mPsxwD6K6x6JnCGjFg1Vx+SjRmSz/AvvZ5tX2lyqVaGWtLe
OJ+SiIqAnY7AnQRcF47WMJwbg33NRakOle+oYFReHVL+tOaa+pLutAc/OxLqFCkQ
DACgFk/S
=/fM+
-----END PGP PUBLIC KEY BLOCK-----

This block of text can be distributed freely and allows anybody who has it to send you encrypted messages. You may want to upload it to a key server like pgp.mit.edu to make it easier for people to find. Next you can start importing other people's public keys. You can start with the one posted above, which is our public key for the email address id0rsa.pub at gmail. To import the key, save the block of text to a file and use the command

$ gpg --import [file]

Once imported, you can encrypt a message to us like this

$ echo "hello id0!" | gpg -e --armor

Or you could verify our signature like this

$ cat signed_message.asc | gpg -d

Review

To prove that you've installed and can use gpg, import our key and use it to decrypt this message that we've signed.

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1

owEBUAGv/pANAwACASUD0PGoGwnUAcsgYgBWV5BZVGhhbmsgeW91IFBoaWwgWmlt
bWVybWFubiGJARwEAAECAAYFAlZXkFkACgkQJQPQ8agbCdTZawgA2DHj0TSzWFvT
xESb5+g5WkoKwPIZB28ywQJxUOk54+8H/sC66Bp1zPdSRWfT4JXUD8AMb7lxXz5e
dwcr4Nrg696GZNYEKT9mMzPJzISAAYyxTpuZRAM1nKc/a1fn/1+Xxyyl6aclXDbZ
CEYj3ATtED9hmIld/l+igwbcIWmlEoqHF7xdHvLAylV3y3q785zXRqXxB2Xqj4O2
LLNFMc9BzzIow4mbIlcspPCWp7c8LGDqUCxbfRa/H4zaH104HU2kSE4VjkLcDE/e
ObAVRyJkpQZzhMflQOjqX8Ru3qI973P+UtMga0e5uc+0JF5SsCiYon9I+Z3Uq8Lv
C3R5ohVWmQ==
=8YPr
-----END PGP MESSAGE-----

Enter the message below.

Solution