GPG encryption keys Under Linux

From Linuxknowledgebase

This is a quick overview that details the creation process of a GPG public and private key under Linux.

I had to go through that procedure yesterday, and I will share it here.

First, a GPG key is a piece of data used to encrypt or decrypt messages. In order to encrypt a message, you need the recipient's public key. To decrypt a message, you need the passphrase stored in the key, and the private key. That way, messages containing sensitive data sent to one recipient, can only be decrypted by that recipient who has the private GPG key, with the use of a passphrase.

Here are the main commands in order to create GPG keys: Open a shell under Linux

$ gpg --gen-key --armor 

This last command will launch the creation process for a private and public gpg key. Just answer the questions based on your needs (encryption scheme, bits, expiration, etc. note that you can use the defaults options for atypical permanent GPG key). The keys will be stored in ~/.gnupg/

$ gpg --export -o filename.key 

This last command will export the public key stored in ~/.gnupg/ to the file filename.key, in a ascii format so it can be distributed to associates for encrypted communication.

$ gpg --import filename.key 

This last command will import the public key of one recipient stored in filename.key, and allow you to encrypt sensitive data with the recipient's public key.

$ gpg -d messagefile.txt

This last command will attempt to decrypt a GPG message stored in messagefile.txt. It will prompt the user for a passphrase which should match the passphrase specified during creation of private GPG key.

$ gpg -e recipient message.txt 

This last command will encrypt message.txt using recipient's public key for encryption. Note that the public key has to be imported using the gpg --import command.

Hope that this information helps, feel free to contribute your notes.