Sean O'Donnell
Open Source Software and Linux Systems Engineering

A Beginners Guide to using GnuPG (gpg) Encryption on the Unix/Linux OS

Category: Unix/Linux
Author: Sean O'Donnell
Thu, Feb. 20th, 2003 @ 2:20:22 (MST)

This tutorial will discuss the basic commands used to get started using GnuPG.

To download the latest version of GnuPG for the Linux OS, please visit the following link: http://www.gnupg.org/.

gpg --gen-key

The following example displays the most common procedure used to Generate a Private and Public Key Pair using GnuPG.

To Generate a New Key Pair, simply login to your shell, and type the following command,

gpg --no-secmem-warning --gen-key

You will then be guided through the Key Generation Process, which should look something like the following:

$ gpg --no-secmem-warning --gen-key
gpg (GnuPG) 1.0.6; Copyright (C) 2001 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Please select what kind of key you want:
   (1) DSA and ElGamal (default)
   (2) DSA (sign only)
   (4) ElGamal (sign and encrypt)
Your selection? 1
DSA keypair will have 1024 bits.
About to generate a new ELG-E keypair.
              minimum keysize is  768 bits
              default keysize is 1024 bits
    highest suggested keysize is 2048 bits
What keysize do you want? (1024) 2048
Do you really need such a large keysize? Y
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct (y/n)? Y

You need a User-ID to identify your key; the software constructs the user id
from Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: Bob Jones
Email address: example@mysite.com
Comment: GnuPG Key Example
You selected this USER-ID:
    "Bob Jones (GnuPG Key Example) <example@mysite.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
++++++++++++++++++++++++++++++++++++++++.+++++.
++++++++++++++++++++++++++++++.+++++.+++++.
+++++++++++++++++++++++++++++++++++++++++++++
>++++++++++...............................<.+++++..........>
+++++.........<+++++..>+++++..................................
...............................................................................
..............................................+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
...+++++.+++++..+++++++++++++++.+++++++++++++++.
+++++++++++++++.++++++++++++++++++++....
++++++++++.+++++++++++++++....+++++.+++++++++++
++++++++++++++.
+++++.++++++++++>.++++++++++>....+++++...................
+++++^^^
public and secret key created and signed.

We have now generated a 2048bit DSA Key using the following Criteria:

  • Real name: Bob Jones
  • Email address: example@mysite.com
  • Comment: GnuPG Key Example

gpg --list-keys

This command allows you to list the available GnuPG public keys.

The Command above (when executed via shell) should look similar to the following:

$ gpg --no-secmem-warning --list-keys
/home/sean/.gnupg/pubring.gpg
------------------------------
pub  1024D/5B393290 2003-04-02 Bob Jones (GnuPG Key Example) <example@mysite.com>
sub  2048g/25B2C40B 2003-04-02

gpg --armor --export

This command allows you Export your PGP Public Key Block.

$ gpg --no-secmem-warning --armor --export example@mysite.com

The Command above (when executed via shell) should look similar to the following:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.4 (GNU/Linux)

mQGiBEB8mNgRBADMFbvASzkVwW9jQHiBptv8T7KhHhL6HRgBHZHlbRflMYZRnzms
NOKWppUYyuksP7F+N1u3WxPLLIVViw+OroGo6Zc0NTgqZkJmn2vELG1eMYCUoYh3
FF4xyFvzMVTMSgJgPv6aX1tW8BoV9HGll+ZXxmgVqbBwfGI2GRIX1+pfGwCgyeZ5
/v0WgY2o7XoG9CokD6AbackD/2lvDa1UiDAIIMuHHKqeuzBY0ELbVkS/ITihPbVW
HRFV+xjuBUWTabWG398HjYxCnmhnFGRQL8Nl4x9VUBdOxQnbi17nfVhUGefqERHK
HNzbDuQwHS5aNqmiSGWrfrjquDpJaGZhQKmcaqhTIRNU2NlkldM0c4kK65fodrn3
riM9A/0TcQGM6ATOuWLK70JWTC3KkES098StvAGvEZ3EN3ziBdG+IcPbNVsFpt/q
4xBIFLWpCLyUoI29l36f0PeTFZZPEk/4CnOxzjMyVjHNh/KF5JWaFWYah+1s96UV
ejD6+JSbbm9nIeUurrffBOPBVK4rUIpiaFZzroAb4qG2JK2Y9rQxU2VhbiBPJ0Rv
bm5lbGwgKG15UEdQS2V5KSA8c2VhbkBzZWFub2Rvbm5lbGwuY29tPoheBBMRAgAe
BQJAfJjYAhsDBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJELatDBEmqj6DmwcAmQHZ
I9opDMzCVEzw0FOZ66eunxExAJ4zEUZ9tIsvs2r12fBSNgKKPto2Z7kCDQRAfJjb
EAgAtbdqrihaDaPJGy7LeA0oPXUW1B2kV/V59zsHV2gClHbVbBJKU2TqKf8ft88s
elpFYr2QWLrRq1fzQ/mgmh+JNrD9ub1+oYgsj6mUQfaSHYRNsZbeUBaYeg2pIWeH
FM/CyU9skNIN6Am5yIvConH8FVGk/JkIXu0tPLvAX25cmexC/tnSkNYHkhrcc7wF
nKmxrtnGUky6PQb6KuAslAQbbAWEoCh8/LSU8h386UdGJxBTWdeJo88HsDNV9hXs
nwRGrY0e15CipU/2gEnuVzGmNzYtwY3SNAcU5KvVicOhJKMKYhymm4cX/tDB5zKw
QJpAf9KrJFbUCN6RUN2jl69a8wADBQgAikFYaEPdR+xTtadfUtIvc6anZtRdY1hQ
qljELn6wpSfpUm+WhdHc12bX/gqwvZLxoBvpIH3OKsjQ0XJG7LmG2H9FpythjySr
pVDUg34l19cQwWRGzlRw/cVVUs84Z/mSiB/VQKtLCem1n8j3Hem8M2wNQyXZJA3t
PLHRCjNydXcJhcbUv80s4SKcJndfxwgoZPI2IE7zzaVXt3gyW0Oj8ycQb6niSMI8
MI0zEY+XlmxFSPte2ILKzZMgFVCaPpruodSB/u96nvRKwvcv1O4+DeriKV7/cChs
4yOIWegN94VCClznwLjEcprvEgmHtVX03liskhTNgh3bIbW+v3kmrYhJBBgRAgAJ
BQJAfJjbAhsMAAoJELatDBEmqj6DvBoAn1SwibNZCuKGYMuQJ+LtkeW7TBihAKCx
OHwOtifzHJo3ilkhPWN+1UAjYw==
=yotN
-----END PGP PUBLIC KEY BLOCK-----

test.txt

The following file (test.txt) will be used as an example to encrypt a text file.

Here is some text that will be stored in the test.txt file.

save the text/data above to a file named 'test.txt'.

gpg --encrypt-files

The following example displays the most common procedure used to Encrypt File(s) using GnuPG.

It should look something like the following:

$ gpg --no-secmem-warning --encrypt-files -r example@mysite.com test.txt

The file 'test.txt' should now be encrypted to a new file named 'test.txt.gpg'.

You can delete the old 'test.txt' file now.

rm -rf test.txt

Now that the original file 'test.txt' has been deleted, we can test the encrypted file by decrypting it.

gpg --decrypt-files

$ gpg --no-secmem-warning --decrypt-files  -r example@mysite.com test.txt.gpg

The command above should prompt you to enter the passphrase for the key....

You need a passphrase to unlock the secret key for
user: "Bob Jones (example@mysite.com) <example@mysite.com>"
2048-bit ELG-E key, ID 39BC1B8A, created 2004-08-02 (main key ID 570ADC7B)

Enter passphrase:

Once you enter your passphrase, if all is well, the file should now be decrypted, and restored back to the original file name (test.txt).

Copyleft (<) 1998-2014 www.seanodonnell.com