Open in app

Sign in

Write

Sign in

GPG for dummies

Mastering GPG in less than 5 minutes

Adam Zerella
5 min readAug 19, 2019

Gnu Privacy Guard or GPG is a rewrite of the famous encryption program; Pretty good privacy or PGP, a program that implements the OpenPGP encryption standard.

In short, it allows you to encrypt and decrypt things using public-private key based cryptography. If you’re looking to encrypt files or messages, this is what you want.

1. Installation

Depending on your platform, you can install the GPG command line tool with the following commands

macOS

The easiest installation here is to use the popular package manager Homebrew.

brew install gpg

Linux

Using your favourite Linux based package manager.

# For Debian based distributions
sudo apt install gpg# For RHEL based distributions
sudo dnf install gpg

Windows

Ugh, Windows always makes things hard doesn’t it? You have a few choices here though I would recommend the package manager chocolatey.

Alternatively, you could install MinGW or Cygwin to emulate a UNIX like terminal and download the GPG binaries built for Windows into your PATH environment variable.

choco install gpg4win-vanilla

2. Generate a key

Here we will generate a public and private key for us to encrypt and sign all the things.

gpg --full-generate-key

2.1 Key type

Using the RSA algorithm for our key types will be sufficient, I won’t even begin to explain RSA as only about 3 people on the planet understand it.

Setting GPG key pair type

2.2 Key size

Select your key length, the default is 2048 bits but I like to opt for 4096 bits as it’s technically more secure.

Setting GPG key pair length

2.3 Expiration date

When should this key pair expire? For most people I would say that never is acceptable, unless you need to rotate keys regularly because of Russia.

Setting GPG key pair expiration

2.4 Key details

This is the public information attached to your public key, used to identify whose key belongs to who. You cannot change this information later on so make sure it’s all correct.

Entering user information for a GPG key pair

2.5 Passphrase

Set a password for this key, something like hunter42 should do.

Entering a password to encrypt your GPG key pair with.

We now have a new key pair with a public and private key stored in our key chain, this is usually located in our home directory somewhere like ~/.gnupg/pubring.kbx

3. Encrypt a file

Let’s say I had a file called cats.txt and wanted to encrypt it.

3.1 Find your PUBLIC key

The first thing I need to do is use my public key as a recipient of the encrypted file. Meaning, my key encrypts and decrypts this file.

gpg -k
Output of `gpg -k`

Here you can see the public key is 3AE2A95D0DBC702469A7FB9EA7136D1B231AB5BA

3.2 Encrypt the file

gpg -r 3AE2A95D0DBC702469A7FB9EA7136D1B231AB5BA -e cats.txt

Alternatively, you can use the email in your key chain.

gpg -r 'bob.smith@example.com' -e cats.txt

This will produce a new file called cats.txt.gpg, which is the encrypted file.

4. Decrypt a file

This process is the same as step 3 but even easier. Assuming the given file is encrypted with our public key as a recipient.

gpg -d cats.txt.gpg

This will output to directly to the console or STDOUT, we can redirect the output into the original file like so

gpg -d cats.txt.gpg > cats.txt
Linux: Password manager prompting for password input

5. Export a PUBLIC key

If we want to encrypt a file and share it with somebody, we first need to have their public key information. Ask them to export their key into a file, like so

gpg --export 'bob.smith@example.com' > bob_smith.pgp

Alternatively, we can export the public key with ASCII armor

gpg --export --armor 'bob.smith@example.com' > bob_smith.asc

ASCII armor looks like this — you may have seen it before.

ASCII armor of a public PGP key.

Pro-tip: You can paste this ASCII armor into websites like GitHub to sign your commits or messages.

Adding a GPG key to your GitHub profile.

You would also need to configure your .gitconfig with

[commit]
    gpgsign = true
[gpg]
    program = gpg

6. Import a PUBLIC key

Same as step 5 but in reverse.

# Importing the encrypted PGP key
gpg --import bob_smith.pgp# Importing the ASCII armor encrypted key
gpg --import bob_smith.asc
Importing a public PGP ASCII armor key file

From here, we can repeat step 3 but with the recipients we recently imported into our key chain. This file can then be shared with alice.smith where she can decrypt it with her personal private key.

gpg -r 'bob.smith@example.com' \
    -r 'alice.smith@example.com' \
    -e cats.txt

From here you’ve basically mastered the vast majority of GPG and PGP encryption use cases.

We didn’t talk about advanced features like sending your key pair to a global server or importing a key pair from the internet but that’s for another day.

Happy hacking!

📝 Read this story later in Journal.

👩‍💻 Wake up every Sunday morning to the week’s most noteworthy stories in Tech waiting in your inbox. Read the Noteworthy in Tech newsletter.

Gpg
Pgp
Github
Cryptography
Guides And Tutorials

--

--

Adam Zerella

Written by Adam Zerella

105 Followers

Adam is just another software engineer trying to build cool things for the world

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams