Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

How to use GPG/PGP to share passwords

Sometimes we need to transmit passwords over unsecured channels, like Slack or email. There are lots of password managers, but their password sharing functionality is less robust than I like. For example, 1Password lets you share passwords, but to do so you must share your entire keychain - which is not useful.

To solve this, we can use public/private keys to transmit messages over any channel, that can only be decrypted by the end user. This is stuff of the future! It seems like it would be complicated, but common use cases are very easy to set up and use!

Setup

  • Install GPG: brew install gnupg2 or sudo port install gnupg

  • Generate your keys gpg --gen-key

    Notes:

    • When prompted for what type of Key, accept the default (Currently: RSA).
    • Key size should be at least 2048 bits. 4096 is better.
    • Key should probably not expire.
    • When prompted for your name, just enter your name like "John Smith", don't add the <youremail@emaildomain.com> manually (you'll be prompted for your email right after).
    • Leave the comment blank if you don't have something specific that goes there
    • You can append multiple email addresses to your GPG key.
    • It can take upwards of 10 minutes for your key to become available for download after pushing for the first time.
  • Share your public key gpg --send-keys {REPLACE_THIS_WITH_YOUR_KEY_ID} (this command will never send a private key, so its OK to make a mistake. The example below shows how to find the ID of the key you just created.)

Example: The Key ID is B5D90537 in the following:

pub   2048R/B5D90537 2013-05-24
uid                  John Smith <john.smith@gmail.com>
sub   2048R/BBFDCFD6 2013-05-24

Usage

  • Pull in someone elses public key gpg --search-keys janesmith@corp.com

  • Encrypt a message echo "Hi Jane" | gpg --encrypt --armor --recipient "janesmith@corp.com"

  • Send the message over any convenient medium!

  • Jane decrypts the message like this: echo "BIG LONG GPG STRING" | gpg --decrypt

  • Sometimes Multiline strings don't work in your shell. In that case, save it in a file: ```gpg --decrypt $FILENAME``

That's it! If we share our public keys using known email addresses, it's very easy to pull in each others public keys.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.