<!--<<TableOfContents()>>-->
# GPG quick and dirty
This is largely taken from http://www.desktoplinux.com/articles/AT3341468184.html with some mistakes corrected.
## Install GPG
```
aptitude install gnupg
```
## Generate your key
```
gpg --gen-key
DSA and Elgama for encryption
4096 is a good size, there's no point in skimping on security to safe a few seconds or minutes
Your key should expire at some point. There are a number of reasons for this like...
(1) if you loose control of your private key you would limit your exposure time.
(2) it forces you yearly to reevaluate your security.
```
## Upload your key to a public PGP keyserver
```
gpg --keyserver pgp.mit.edu --send-keys <fingerprint>
```
Or upload your key through the web or email interface http://pgp.mit.edu/
**gpg -K** will show what private keys you have - export the PUBLIC component of this keypair and upload it to the public servers.
## Generate a revocation certificate
```
gpg --output revokedkey.asc --gen-revoke <fingerprint>
```
Store for later in case your key needs to be revoked.
if need to revoke
1.) gpg --import revokedkey.asc
1.) gpg --keyserver pgp.mit.edu --send-keys <fingerprint>
## Retrieve remote public keys
```
gpg --fetch-keys <uri>
```
Or, if keys are on a key server...
```
gpg --keyserver pgp.mit.edu --search-keys <name, email>
gpg --keyserver pgp.mit.edu --recv-keys <id>
```
## Start using GPG
Encrypt a file for a given user, and sign it with your private key:
```
gpg --sign --recipient <keyid or unambiguous search> --encrypt filename
```
Decrypt a file that someone encrypted with your public key, and verify their signature:
```
gpg --verify --decrypt filename.gpg
```
----
CategoryHomepage