====== Privacy with GNU Privacy Guard ======
===== Use =====
==== General ====
There is a lot of documentation about GnuPG on the [[http://www.gnupg.org/documentation/index.en.html|official web site]]. For the impatient, I suggest to read a very nice and compact tutorial that can be found [[http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto.html|here]]. In particular, you should read the [[http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto-1.html|Concepts]] and the [[http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto-3.html|Using Keys]] chapters.
Just a few obvious rules... that apparently are not that obvious to everybody ;-)
* to encrypt a message (file) for your personal use, use your own public key
* to encrypt a message for a friend of yours, use his public key
* to sign a message: use your private key
* you should be sure that you can trust your public keys. The ideal thing is to organize //key exchange parties// with your friends or at least, to ask your friends to confirm that the key you have is valid (e.g. by comparing key fingerprint that you obtain from ''gpg --list-keys --fingerprint'' on the phone ).
Anyway, the very first thing to do is to create your own private/public key pair:\
# gpg --gen-key
gpg (GnuPG/MacGPG2) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 2
DSA keys may be between 1024 and 3072 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 3
Key expires at Sat Sep 5 16:59:34 2009 CEST
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: Flash Gordon
Email address: flash.gordon@gmail.com
Comment: this is another test key
You selected this USER-ID:
"Flash Gordon (this is another test key) "
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: WARNING: some OpenPGP programs can't handle a DSA key with this digest size
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 48C7AF6A marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2009-09-03
pub 2048D/48C7AF6A 2009-09-02 [expires: 2009-09-05]
Key fingerprint = 695D 354D E592 8677 50E5 5E62 DF8B 511A 48C7 AF6A
uid Flash Gordon (this is another test key)
sub 2048g/E9BEF1D2 2009-09-02 [expires: 2009-09-05]
An handy way of sharing your public key is to upload it to a public key server like ''keys.gnupg.net''. This allows your friend to easily search and obtain your public key and vice-versa. To upload your public key, first decide which one to upload. Therefore list your keys
# gpg --list-keys
/Users/cangiani/.gnupg/pubring.gpg
----------------------------------
pub 1024D/2D09619D 2009-09-02 [expires: 2009-09-03]
uid Ciccio Pasticcio (this is a test key)
sub 1024g/AF0BF493 2009-09-02 [expires: 2009-09-03]
pub 2048D/48C7AF6A 2009-09-02 [expires: 2009-09-05]
uid Flash Gordon (this is another test key)
sub 2048g/E9BEF1D2 2009-09-02 [expires: 2009-09-05]
and copy the //key ID// for the selected key from the list (e.g. ''48C7AF6A'' for //Flash Gordon//). Then upload it to one or more servers:
# gpg --keyserver keys.gnupg.net --send-keys 48C7AF6A
gpg: sending key 48C7AF6A to hkp server keys.gnupg.net
In order to search and fetch the public key of a friend of yours using his mail address, do the following (for Damir's address for example):
gpg --keyserver keys.gnupg.net --search-keys damir.laurenzi@epfl.ch
gpg: searching for "damir.laurenzi@epfl.ch" from hkp server keys.gnupg.net
(1) Damir Laurenzi (gpg key test)
1024 bit DSA key 86134762, created: 2009-06-09
(2) damir laurenzi (no password)
1024 bit DSA key B3AB018C, created: 2007-06-28 (revoked)
Keys 1-2 of 2 for "damir.laurenzi@epfl.ch". Enter number(s), N)ext, or Q)uit > 1
gpg: requesting key 86134762 from hkp server keys.gnupg.net
gpg: key 86134762: public key "Damir Laurenzi (gpg key test) " imported
gpg: Total number processed: 1
gpg: imported: 1
or just fetch the key if you already know the //key ID//:
# gpg --keyserver keys.gnupg.net --recv-keys 86134762
gpg: requesting key 86134762 from hkp server keys.gnupg.net
gpg: key 86134762: public key "Damir Laurenzi (gpg key test) " imported
gpg: Total number processed: 1
gpg: imported: 1
You can check that the newly imported key is in your public keys wallet:
# gpg --list-keys
/Users/cangiani/.gnupg/pubring.gpg
----------------------------------
pub 1024D/2D09619D 2009-09-02 [expires: 2009-09-03]
uid Ciccio Pasticcio (this is a test key)
sub 1024g/AF0BF493 2009-09-02 [expires: 2009-09-03]
pub 2048D/48C7AF6A 2009-09-02 [expires: 2009-09-05]
uid Flash Gordon (this is another test key)
sub 2048g/E9BEF1D2 2009-09-02 [expires: 2009-09-05]
pub 1024D/86134762 2009-06-09 [expires: 2019-06-07]
uid Damir Laurenzi (gpg key test)
sub 2048g/45397CF2 2009-06-09 [expires: 2019-06-07]