GPG for dummies
Mastering GPG in less than 5 minutes
Gnu Privacy Guard or GPG is a rewrite of the famous encryption program; Pretty good privacy or PGP, a program that implements the OpenPGP encryption standard.
In short, it allows you to encrypt and decrypt things using public-private key based cryptography. If you’re looking to encrypt files or messages, this is what you want.
1. Installation
Depending on your platform, you can install the GPG command line tool with the following commands
macOS
The easiest installation here is to use the popular package manager Homebrew.
brew install gpg
Linux
Using your favourite Linux based package manager.
# For Debian based distributions
sudo apt install gpg# For RHEL based distributions
sudo dnf install gpg
Windows
Ugh, Windows always makes things hard doesn’t it? You have a few choices here though I would recommend the package manager chocolatey.
Alternatively, you could install MinGW or Cygwin to emulate a UNIX like terminal and download the GPG binaries built for Windows into your PATH environment variable.
choco install gpg4win-vanilla
2. Generate a key
Here we will generate a public and private key for us to encrypt and sign all the things.
gpg --full-generate-key
2.1 Key type
Using the RSA algorithm for our key types will be sufficient, I won’t even begin to explain RSA as only about 3 people on the planet understand it.
2.2 Key size
Select your key length, the default is 2048
bits but I like to opt for 4096
bits as it’s technically more secure.
2.3 Expiration date
When should this key pair expire? For most people I would say that never is acceptable, unless you need to rotate keys regularly because of Russia.
2.4 Key details
This is the public information attached to your public key, used to identify whose key belongs to who. You cannot change this information later on so make sure it’s all correct.
2.5 Passphrase
Set a password for this key, something like hunter42
should do.
We now have a new key pair with a public and private key stored in our key chain, this is usually located in our home directory somewhere like ~/.gnupg/pubring.kbx
3. Encrypt a file
Let’s say I had a file called cats.txt
and wanted to encrypt it.
3.1 Find your PUBLIC key
The first thing I need to do is use my public key as a recipient of the encrypted file. Meaning, my key encrypts and decrypts this file.
gpg -k
Here you can see the public key is 3AE2A95D0DBC702469A7FB9EA7136D1B231AB5BA
3.2 Encrypt the file
gpg -r 3AE2A95D0DBC702469A7FB9EA7136D1B231AB5BA -e cats.txt
Alternatively, you can use the email in your key chain.
gpg -r 'bob.smith@example.com' -e cats.txt
This will produce a new file called cats.txt.gpg
, which is the encrypted file.
4. Decrypt a file
This process is the same as step 3 but even easier. Assuming the given file is encrypted with our public key as a recipient.
gpg -d cats.txt.gpg
This will output to directly to the console or STDOUT, we can redirect the output into the original file like so
gpg -d cats.txt.gpg > cats.txt
5. Export a PUBLIC key
If we want to encrypt a file and share it with somebody, we first need to have their public key information. Ask them to export their key into a file, like so
gpg --export 'bob.smith@example.com' > bob_smith.pgp
Alternatively, we can export the public key with ASCII armor
gpg --export --armor 'bob.smith@example.com' > bob_smith.asc
ASCII armor looks like this — you may have seen it before.
Pro-tip: You can paste this ASCII armor into websites like GitHub to sign your commits or messages.
You would also need to configure your .gitconfig
with
[commit]
gpgsign = true
[gpg]
program = gpg
6. Import a PUBLIC key
Same as step 5 but in reverse.
# Importing the encrypted PGP key
gpg --import bob_smith.pgp# Importing the ASCII armor encrypted key
gpg --import bob_smith.asc
From here, we can repeat step 3 but with the recipients we recently imported into our key chain. This file can then be shared with alice.smith
where she can decrypt it with her personal private key.
gpg -r 'bob.smith@example.com' \
-r 'alice.smith@example.com' \
-e cats.txt
From here you’ve basically mastered the vast majority of GPG and PGP encryption use cases.
We didn’t talk about advanced features like sending your key pair to a global server or importing a key pair from the internet but that’s for another day.
Happy hacking!
📝 Read this story later in Journal.
👩💻 Wake up every Sunday morning to the week’s most noteworthy stories in Tech waiting in your inbox. Read the Noteworthy in Tech newsletter.