Skip to content

Instantly share code, notes, and snippets.

@bvanderveen

bvanderveen/howtogpg.md

Last active March 18, 2019 19:32
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save bvanderveen/4b4f58caafddcf06e2d608bba0e3b633 to your computer and use it in GitHub Desktop.
Save bvanderveen/4b4f58caafddcf06e2d608bba0e3b633 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
howtogpg.md

How even GPG

Good question. We'll assume a gpg2 install available at gpg.

Make a keypair

First you have to have a key-pair.

gpg --full-generate-key

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection?

Type 1 (RSA and RSA).

RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)

You want 2048.

Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years

You don't want your key to expire. Type 0.

Key does not expire at all
Is this correct? (y/N)

For God's sake, yes (y)!

It prompts you for your name and email address and a comment. Use your discretion.

It asks you for a passphrase. Use your discretion. Don't forget your passphrase.

Export your public key

gpg --armor --export <your email address>

You can send this to people and they can encrypt things to you. You might want to publish your key fingerprint as well.

gpg --fingerprint <your email address>

Decrypting a message

As follows:

gpg --output <output file> --decrypt <input file>

Encrypting a message

You have to import the counterparty's public key. But first, you should make sure you don't have a public key with the same fingerprint because someone might be messing with you.

gpg --with-fingerprint <counterpary's public key file>

Now look at your list of imported keys:

gpg --list-keys --with-fingerprint

Make sure the fingerprint of the newly-received public key file doesn't already exist in your keyring. Then, you're good to import.

gpg --import <counterparty's public key file>

Now encrypt some data. For example, read from stdin:

echo "asdfbuttslol" | gpg --encrypt --recipient <counterparty's email address> --armor --output foo.asc -

This generates foo.asc, with ASCII-encoded encrypted message in it.

Signing

Don't sign lightly. Don't sign messages like "Yes", "No", or anything else you don't want taken out of context. Anyway…

Clearsign your plaintext message and then encrypt it.

echo "world is a hug" | gpg --armor -u <your email address> --clearsign --output - -

Then encrypt the output.

Verify signature

Have the counterparty's public key imported, then:

gpg --verify <signed or clearsigned file>

Good luck, have fun, try not to die.

All together now…

Check out my .bash_profile for inspiration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment