<!--<<TableOfContents()>>--> # GPG quick and dirty This is largely taken from http://www.desktoplinux.com/articles/AT3341468184.html with some mistakes corrected. ## Install GPG ``` aptitude install gnupg ``` ## Generate your key ``` gpg --gen-key DSA and Elgama for encryption 4096 is a good size, there's no point in skimping on security to safe a few seconds or minutes Your key should expire at some point. There are a number of reasons for this like... (1) if you loose control of your private key you would limit your exposure time. (2) it forces you yearly to reevaluate your security. ``` ## Upload your key to a public PGP keyserver ``` gpg --keyserver pgp.mit.edu --send-keys <fingerprint> ``` Or upload your key through the web or email interface http://pgp.mit.edu/ **gpg -K** will show what private keys you have - export the PUBLIC component of this keypair and upload it to the public servers. ## Generate a revocation certificate ``` gpg --output revokedkey.asc --gen-revoke <fingerprint> ``` Store for later in case your key needs to be revoked. if need to revoke 1.) gpg --import revokedkey.asc 1.) gpg --keyserver pgp.mit.edu --send-keys <fingerprint> ## Retrieve remote public keys ``` gpg --fetch-keys <uri> ``` Or, if keys are on a key server... ``` gpg --keyserver pgp.mit.edu --search-keys <name, email> gpg --keyserver pgp.mit.edu --recv-keys <id> ``` ## Start using GPG Encrypt a file for a given user, and sign it with your private key: ``` gpg --sign --recipient <keyid or unambiguous search> --encrypt filename ``` Decrypt a file that someone encrypted with your public key, and verify their signature: ``` gpg --verify --decrypt filename.gpg ``` ---- CategoryHomepage