Using PGP Encryption

It's time to start learning how to use encryption and then send encrypted messages and data for sensitive information.
You should have installed GnuPG (Gnu Privacy Guardian). Here's a step-by-step tutorial for handling it.

Generate your Keypair

Type:
gpg --gen-key
You will have a similar message
gpg (GnuPG) 1.4.1; Copyright (C) 2005 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection?
Choose the first
Your selection? 1
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Choose the default 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0)
Choose "0" if you don't wish that your key expires, if you want that it expires within 2 years, type 2y, 395 for one year and one month, etc.
Follow the interactive menu, and set your full name in Real name field, your mail (of course, it's unique) in mail field.
Once confirmed, enter your password twice. System will generate your secret key (that you must not share with anybody).
To check your key, type
gpg --list-keys
You will have something like
pub   1024D/ 2006-01-09
uid                  Your Name <>
sub   4096g/ 2005-01-09

Export, import public keys

Start to export your public key, so that other users will be able to send to you encrypted messages:
gpg --export -a > public
The --export option will export your public key, the -a sets the armor the output (set it as ASCII); as the output will be displayed in stdout, you should redirect it to a file. If no mail or no finger is set, you will export all your public keys.
To import a public key, type:
gpg --import public_file.asc
gpg: key 135EA668: public key "Richard Stallman (Chief GNUisance) <>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0  valid:   5  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 5u
gpg: next trustdb check due at 2007-01-09
You may download my public key and import it
curl http://swobodin.fedora-tn.org/wp-content/stuff/public.asc.bz2 | bunzip2 -c - | gpg --import

Encrypt, Sign your data

Encryption

The follwing commands encrypts your file
gpg -aer Swobodin -o somemsg.asc somemsg
-a: armor output (ASCII)
-e: encrypt file
-r: set a receiver, This can be a string (if it's unique), a full e-mail address or a finger ID, eg.: 8A784A88
-o: output file
Note that even you can not decrypt the resulted file: only the receiver may do it! If you want to encrypt the file for yourself, set your finger ID as receiver.
To decrypt a file, you need both the secret key (which must be put in a secure place) and the passphrase. Use the following command to decrypt a file whose the receiver is you:
gpg -d somemsg.asc
You will be asked for the passphrase if the secret key is found.
If you want to encrypt a file without receiver (anyone can open it with the passphrase), use the -c flag:
gpg -ac -o somemsg.asc somemsg
You will have to enter the passphrase twice.

Why to sign a file?

If the receiver has your public key, the program will check if you are really the one who sent the file or not, since you need both the secret key and the passphrase to sign a file.

Sign a file

To integrate signature within data in the same file
gpg --clear-sign -u your_mail -o output.asc somemsg
separate the signature from the data, still in the same file
gpg --clear-sign -u your_mail -o output.asc somemsg
to make a detached signature file
gpg -b -u your_mail -o output.asc somemsg
In the 3 cases above, you need the secret key of the e-mail or the finger ID you entered, then you have to enter the password interactively.