How to secure yourself with gpgSat 13 June 2015 by Godson
Generate your key
Run following command in your shell,
Now program will ask you to choose couple of options, use following preferences
Please select what kind of key you want: 1 RSA and RSA (default)
What keysize do you want? (2048) 4096
Key is valid for? (0) 0
Is this correct? (y/N) y
Now enter name, email and comment message.
Change (N)ame, (C)omment, (E)-mail or (O)kay/(Q)uit? o
Finally, enter a passphrase to protect your secret key.
Edit your key
We can later edit key to use other options.
e.g Lets set our key to use stronger hashes.
1. Edit key using following command,
gpg --edit-key email@example.com
Now set hash preferences as follows,
gpg> setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP
Really update the preferences? (y/N) y
Enter your passphrase
Save new preferences by command,
Make available your key
There are 2 ways to make available your key to other users
Give them manually
Use following command,
gpg --armor --export firstname.lastname@example.org
You will get your public key. Copy and paste it and send to other user.
Upload to key server
Uploading public key to key server can be done by two ways.
First is using forms available on server and second is using gpg interface.
For later try following command,
gpg --list-keys email@example.com
Grab your key id from the output and upload to keyserver like http://pgp.mit.edu,
gpg --send-keys --keyserver pgp.mit.edu <key-id>
Importing other keys
- Import other user's keys
We can import keys of other users with multiple ways.
from text file
if someone sends you text file containing his public key, import it as,
gpg --import <pub_key_file>
from key server
There are some popular key serves which host public keys. One of such server is
http://pgp.mit.eduHere you can search particular user's key as follows,
gpg --keyserver pgp.mit.edu --search-keys <string>
The easy way to validate person's identification is match fingerprint of key
gpg --fingerprint firstname.lastname@example.org
Sign imported key
Sign imported key as,
gpg --sign-key email@example.com
Optionally you can send back signed key
Using gpg key
To encrypt message using your key use following command,
gpg --encrypt --sign --armor -r firstname.lastname@example.org <filename>
To decrypt file,
Creating revocation certificate
There is always possibility that your master key-pair may get lost. (and may be stolen if you are unfortunate).
If this happen, you must tell other people to not use your public key.
This can be done using revocation certificate.
Generate revocation certificate using following command,
gpg --output \<email@example.com\>.gpg-revocation-certificate --gen-revoke firstname.lastname@example.org
Store it safe somewhere separately from master key-pair
Some useful commands
List available keys
Update key information