Skip to topic | Skip to bottom
Home
Main
Main.GPG-HowTor1.12 - 16 May 2014 - 09:16 - JimBasneytopic end

Start of topic | Skip to actions

GPG HowTo

Install GnuPG

You can download and install GnuPG from http://gnupg.org/download/ or https://gpgtools.org/.

Generate a keypair:

$ gpg --gen-key
Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection? 
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 5y
Key expires at Mon Aug  3 14:59:39 2009 CDT
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: Heinrich Heine
Email address: heinrichh@duesseldorf.de
Comment: Der Dichter
You selected this USER-ID:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 66F456CC marked as ultimately trusted
public and secret key created and signed.

pub   1024D/16F456CC 2008-07-09 [expires: 2009-08-03]
      Key fingerprint = 90D3 9626 E6AF CE96 40FB  15FC B399 2A3F 16F4 56CC
uid                  Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>
sub   2048g/280E702E 2008-07-09 [expires: 2009-08-03]
$ export MYKEYID=16F456CC

Export the public key to an ASCII file:

$ gpg --export -a $MYKEYID > gpg-pubkey.asc

Send your key to the PGP keyserver network:

$ gpg --keyserver pgp.mit.edu --send-keys $MYKEYID
gpg: sending key 16F456CC to hkp server pgp.mit.edu

List your key(s) with fingerprint(s)

$ gpg --list-secret-keys --fingerprint 
/Users/jbasney/.gnupg/secring.gpg
---------------------------------
sec   1024D/424ACD8C 2009-01-01 [expires: 2010-01-26]
      Key fingerprint = 7396 9433 032F 4DC9 94A4  514A 1155 CA38 424A CD8C
uid                  Jim Basney <jbasney@ncsa.uiuc.edu>
ssb   2048g/A97983D9 2009-01-01

Sign someone else's key:

$ export YOURKEYID=16F456AA # the key you want to sign
$ gpg --keyserver pgp.mit.edu --recv-key $YOURKEYID
$ gpg --sign-key $YOURKEYID
$ gpg --keyserver pgp.mit.edu --send-key $YOURKEYID

Verify signatures on a key:

$ gpg --check-sigs $YOURKEYID

Sign a message:

$ cat message.txt 
This is a test message.
$ gpg --clearsign < message.txt > signed-message.txt

You need a passphrase to unlock the secret key for
user: "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
1024-bit DSA key, ID 16F456CC, created 2008-07-09

$ cat signed-message.txt 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is a test message.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAkh1H1UACgkQs5kqP2b0VswtUgCgyfQSxS39anW/5G2NoMOfErd8
vl0An2AJnWv/1JVVhwVvzOaRRf7UejhR
=uk/w
-----END PGP SIGNATURE-----

Verify a signed message:

$ gpg --verify < signed-message.txt 
gpg: Signature made Wed Jul  9 15:28:05 2008 CDT using DSA key ID 66F456CC
gpg: Good signature from "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Sign a file (i.e., make a detached signature):

$ cat example.txt
hello
$ gpg -b example.txt 

You need a passphrase to unlock the secret key for
user: "Jim Basney <jbasney@ncsa.uiuc.edu>"
1024-bit DSA key, ID 424ACD8C, created 2009-01-01

$ ls -l example.txt*
-rw-r--r--  1 jbasney  jbasney   6 May 27 13:54 example.txt
-rw-r--r--  1 jbasney  jbasney  72 May 27 13:54 example.txt.sig

Verify a signed file (using a detached signature):

$ gpg --verify example.txt.sig 
gpg: Signature made Wed May 27 13:54:36 2009 CDT using DSA key ID 424ACD8C
gpg: Good signature from "Jim Basney <jbasney@ncsa.uiuc.edu>"

Other Resources

Thunderbird with Enigmail OpenPGP add-on

The Enigmail add-on to Thunderbird email client adds an OpenPGP menu to Thunderbird that provides the full assortment of features to handle PGP signed/encrypted email and key management. It requires that GnuPG be installed, which is available from http://www.gnupg.org/ for several OS.

Creating PGP Fingerprint Printouts

The OpenPGP key paper slip generator is a handy tool for face-to-face distribution of PGP fingerprints.
to top

You are here: Main > GPG-HowTo

to top

Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback