PGP How to (small guide)

This is a initial configuration in order to use the PGP keys, in newer posts I will explain how to encrypt files, sign and clearsign files and documents with it.

Create a new PGP key

This should be a one time command, the whole idea behind PGP it’s to keep your keys and make them recognized (signed), so it’s a bad idea to generate a lot of them. To generate one just type the following command and fill the required data.

gpg --gen-key

Sign the other users public key

If you are sure that one key belongs to a user, sign it and upload it to a keyserver, it will add trust to that public key for other users to use, also asks to other users to sign your own public key.

In order to sign a key

  • Download from a keyserver or import the other user(s) public key(s)
  • Sign the other user key
  • Upload it to a keyserver, or armor it and send it as a file

Each one of this steps are described below

Sign a public key

With this command you can display all the imported keys stored on your keyring

gpg --list-keys

After that copy the key identificator for the desired public key to sign and sign it

gpg --sign-key [OTHER_USER_KEY_ID]

Uploading a public key to a keyserver

One of the most important things about a PGP key, is that it becomes recognized, the whole idea about them it’s to trust that you are you, so send it to the public keyservers

gpg --keyserver --send-keys [KEY_ID]
gpg --keyserver --send-keys [KEY_ID]

Download public keys from a keyserver

To download a public key from someone you should have their key id or lookup from the keyservers, make sure that the key that you are downloading belongs to the user, in this example we use the keyserver

gpg --keyserver --recv-keys [OTHER_USER_KEY_ID]

The other option it’s to receive via email the armored public key and import it as you restore a public key (below) importing the file that you received

Editing your PGP key

If you want to add a new email address, a picture of you, or change the passphrase this is the command for you
gpg --edit-key [KEY_ID]

Backing / Restoring keys between computers

Backing up your public key
gpg -ao [YOUR_NAME]-public.key --export [KEY_ID]

Backing up your private key
gpg -ao [YOUR_NAME]-public.key --export-secret-keys [KEY_ID]

Restoring both keys
gpg --import [YOUR_NAME]-public.key && gpg --import [YOUR_NAME]-private.key

Encrypting some text file

First import the receiver public key if you haven’t already

gpg --import

Then encrypt the file

gpg --encrypt --sign --armor -r name_of_file

Decrypting some text file

Note that you need to have the key for doing so obviously

gpg --output plain.txt --decrypt encrypted.txt.asc

Trusting a key

You can change the “amount of trust” that you have in a key with the following commands, note that the trust command is provided in the shell that opens gpg, provide the selection and then quit to exit

gpg --edit-key [KEY_ID]
> trust



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s