GPG (GNU Privacy Guard) is a tool for secure communication and data encryption. Managing GPG keys involves creating, importing, exporting, and revoking keys. Here's a step-by-step guide:
If you haven't installed GPG on your system, you can do so by using a package manager. For example, on macOS, you can use Homebrew:
brew install gpg
On Debian/Ubuntu Linux:
sudo apt-get install gnupg
To create a new GPG key, open a terminal and run:
gpg --full-generate-key
Follow the prompts to set up your key. This involves choosing the key type, key size, key validity, and providing your name and email address.
You can list your GPG keys using the following command:
gpg --list-keys
This will display a list of your GPG keys along with their details.
To share your public key with others, you can export it:
To a file:
gpg --armor --export your@email.com > public_key.asc
To the clipboard:
gpg --armor --export your@email.com | pbcopy
This command exports the public key to a file named public_key.asc
. Share this file with others who need to encrypt messages to you.
Exporting your secret key is important for backup purposes. Keep this file secure and do not share it.
gpg --armor --export-secret-keys your@email.com > private_key.asc
If someone shares their public key with you, you can import it:
gpg --import public_key.asc
Replace public_key.asc
with the actual filename of the public key.
To encrypt a file, use the -e
option followed by the recipient's email:
gpg -e -r recipient@email.com filename.txt
To decrypt a file, use:
gpg -d filename.txt.gpg
If your private key is compromised or lost, you should revoke it. Find the key ID using gpg --list-keys
and then run:
gpg --edit-key key_id
Within the key edit menu, type revkey
and follow the prompts to generate a revocation certificate. Share this certificate with others.
Remember to manage your GPG keys securely, especially the private key, as it is crucial for decrypting messages and files. Regularly back up your keys to avoid data loss.