Story: Troy needs to send a secret text file to Joe, here is how to do it with GPG.
GPG: GNU Privacy Guard.
Prerequisite for both sides:
- install homebrew: https://brew.sh/
- install gpg:
brew install gnupg
Overview:
- Joe, the receiver, needs to generate gpg key pair, and give the public key to Troy, the sender.
- Troy uses Joe's GPG public key to encrypt the secret text file, and send the encrypted file to Joe
- Joe decrypt the file with his private GPG key, which only he knows and never sent to any one else.
Details:
Joe:
- generate gpg key:
gpg --full-generate-key
- list existing keys:
gpg --list-secret-keys --keyid-format=long
- The GPG key id is the part on line
sec ed25519/<key-id>
, run this in terminal or add to bashrc:export GPGKEY=<key-id>
- publish your public key:
gpg --send-keys --keyserver keyserver.ubuntu.com $GPGKEY
(optional) - export public key:
gpg --armor --export $GPGKEY > joe.asc
- send joe.asc to Troy
Troy:
- import Joe's public key:
gpg --import joe.asc
- list imported keys:
gpg --list-keys
, the full key name will be something likeJoe Guo (Graviton) <joe@graviton.xyz>
- encrypt the secret with Joe's public key:
gpg -e -r "Joe Guo (Graviton) <joe@graviton.xyz>" secret.txt
, this will generate asecret.txt.gpg
file - send the gpg file to Joe
Joe:
- ensure you have:
export GPGKEY=<key-id>
, gpg will use it by default - decrypt the secret:
gpg -d secrets.txt.gpg
refs: