Skip to content

Instantly share code, notes, and snippets.

@turboBasic

turboBasic/GPG-Simple-How-To.md

Last active September 22, 2022 11:05
Show Gist options
  • Save turboBasic/2249c2e66cdd4e3cc8d2fd91fdd7ff15 to your computer and use it in GitHub Desktop.
Save turboBasic/2249c2e66cdd4e3cc8d2fd91fdd7ff15 to your computer and use it in GitHub Desktop.
Download ZIP
GPG Simple How-To #gpg
Raw
GPG-Simple-How-To.md

GNU PGP (gpg) Simple How-To πŸ”‘

This is made because man page for gpg always 😱 scared me like hell and I still do not understand why so basic thing as encrypting short message has to take so vast amount of mental and psychic energy to understand how it works.

πŸ“– Contents

  1. Conventions
  2. Flowcharts
    2.1. Message lifecycle
    2.2. Key lifecycle
  3. Encrypt stuff
  4. Decrypt stuff
  5. Other

☝️ Conventions

  • message --- unencrypted text file
  • message.gpg --- encrypted file in binary format
  • message.asc --- encrypted file in ascii text format
  • dude@du.de --- πŸ‘³β€β™‚οΈ (or πŸ‘©) to whom we send encrypted message and receive encrypted messages from. We have his/her public πŸ”‘ in our keyring (to be explained below, just accept this fact now). And this guy has your public πŸ”‘, so they can send you something encrypted personally for you
  • i@i.am --- this is you :person_with_blond_hair:. You have your own key pair at your location, i.e. both private and public key
  • πŸ’€ --- topics marked with skull are not necessary and might be distracting for beginner. Skip them unless you really-really want to screw things up. I left them here so that there is an easy way to fail :trollface:

πŸ”„ Flowcharts

Message lifecycle

  1. πŸ‘§ types and saves file message
  2. πŸ‘§ finds public key of πŸ‘¦ and encrypts the message which becomes message.gpg
  3. πŸ‘§ makes message.gpg available to πŸ‘¦ in any possible way
  4. πŸ‘¦ uses his private key and decrypts message.gpg which turns to human-readable message

Note: nothing prevents πŸ‘§ and πŸ‘¦ to be the same person. In this case it is simpler to use symmetric encryption

Key lifecycle

This is the most complex part. I suggest that in the first place you just create your key pair, and publish or just give your public key to someone who is going to send you encrypted messages. We intentionally skip revocation certificate topic as this is like going to jungle -- I have never seen a person who started learning this part in the beginning and managed to not freak out in the end


πŸ”¨ creation of keys

  1. πŸ‘¦ generates private.key and public.key (a.k.a. key pair). He remember a passphrase used during creation of the key pair and never tells it to anyone
  2. πŸ‘¦ tweets or posts on facebook his public.key

🚚 moving keys to other computer

you can't believe, but this used to be too complex for me to comprehend how to use previously generated keys on another place, eg. at your work pc

  1. (WIP) You want to send/read encrypted message on your new job laptop

πŸ’€ editing keys

  1. (WIP) Add another e-mail to the key
  2. (WIP) Add photo to the key

πŸ’€ killing keys

  1. (WIP) Your stopped using e-mail for any reason
  2. (WIP) Your private key has been lost/stolen
  3. (WIP) Your key pair has expired (yes, exaclty like πŸ” or 🍌)

πŸ”’ Encrypt stuff

Public/private key encryption

  • encrypts message.txt for dude@du.de and saves to binary file message.gpg:
    gpg --encrypt --recipient dude@du.de message
  • the same as above, but saves encrypted message to ascii file message.asc:
    gpg --encrypt --recepient dude@du.de --armor message
  • type-saving version of previous command:
    gpg -ear dude@du.de message

Symmetric encryption

  • encrypts using symmetric key and saves to message.gpg:
    gpg --symmetric message
  • the same as above, saves to ascii file message.asc:
    gpg --symmetric --armor message
  • type less, get the same:
    gpg -ac message

πŸ”“ Decrypt stuff

Both for public/private key and symmetric encryption methods

  • decrypts file and prints on screen:
    gpg --decrypt message.asc
  • type less:
    gpg msg.asc

πŸ”‘ Dealing with your key pairs

Create key pair

  • gpg --gen-key
  • #f03c15 WIP

Storing key pair

Use the following alternatives:

  • print on πŸ“ƒ and keep in deposit box
  • save on πŸ’Ύ and keep in deposit box
  • save as secret note in Lastpass
  • #f03c15 WIP

🚚 Transfer your keys to the new location and start using it there

on the main location:

  1. gpg --export-secret-keys --armor i@i.am > private.key
    #f03c15 WIP

on the new location:

  1. gpg --search-keys dude@du.de --- finds public πŸ”‘ on keyservers and allows to import it (of course it work if only you have published yourkey before)
  2. gpg --import public.key --- imports your (or other guy's) public πŸ”‘ (if it is not published at keyservers)
  3. gpg --allow-secret-key-import --import private.key --- imports your private πŸ”‘ so that you can decrypt messages for you
  4. gpg --import-options=merge-only --import private.key --- ??? only updates existing keys in the keyring ???
    #f03c15 WIP

πŸ‘½ Other

πŸ¦„ Here go fun things

  • type and encrypt to file:
    gpg --symmetric --armor > message.asc
  • type less & πŸ”’ :
    gpg -ac > m.asc
  • type, encrypt and upload to the ☁️ :
    gpg -ear dude@du.de | curl --form file=@-;filename=msg.asc http://filepush.co/upload

πŸ’₯ Other awesome GnuPG cheatsheets

created using stackedit.io

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment