A Simple GPG User Guide: SEND PRIVATE ENCRYPTED EMAILS

/ CyberSecurity / By

Introduction

GPG (Gnu Privacy Guard) is an implementation of PGP (Pretty Good Privacy), which is an open standard for encryption schemes. GPG is widely used for securing sensitive information and ensuring the authenticity of messages. In this guide, I will walk you through the basics of GPG and provide you with step-by-step instructions on how to use it effectively.

GPG Basics

Overview

GPG, also known as GnuPG, is a tool that provides digital encryption and signing services using the OpenPGP standard. It allows you to encrypt files and messages to protect your privacy and ensure the authenticity of your communications. GPG features complete key management and various encryption options.

Installing GPG

To get started with GPG, you need to install it on your computer. The installation process may vary depending on your operating system. Here are the installation instructions for two common operating systems:

MacOS

To install GPG on MacOS, follow these steps:

  1. Open a terminal window.
  2. Install Homebrew by entering the following command:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
  1. Install GPG by entering the following command:
brew install gnupg

Linux

To install GPG on Linux, follow these steps:

  1. Open a terminal window.
  2. Enter the following command:
sudo apt-get install gnupg

Key Management

Generating a Key Pair

Before you can start encrypting and decrypting files, you need to generate a key pair. A key pair consists of a public key and a private key. The public key is used to encrypt messages and files, while the private key is used to decrypt them.

To generate a key pair, follow these steps:

  1. Open a terminal window.
  2. Enter the following command:
gpg --gen-key
  1. Follow the prompts to select the key type, key size, and key expiration date. You can use the default options or customize them according to your preferences.
  2. Enter a user ID, which is typically your name and email address.
  3. Enter a passphrase to protect your private key. Make sure to choose a strong and secure passphrase.

Exporting and Importing Public Key

To share your public key with others or import someone else’s public key, you need to know how to export and import public keys.

Exporting Your Public Key

To export your public key, use the following command:

gpg --export -a "Your Name" > your_public_key.asc

This command exports your public key and saves it in a file called your_public_key.asc. You can then share this file with others securely.

Importing a Public Key

To import someone else’s public key, use the following command:

gpg --import their_public_key.asc

Replace their_public_key.asc with the filename of the public key file you received. This command will add the public key to your keyring, allowing you to encrypt messages and files for that person.

Deleting Public and Private Keys

If you no longer need a specific public or private key in your keyring, you can delete it.

Deleting a Public Key

To delete a public key, use the following command:

gpg --delete-key "User Name"

Replace "User Name" with the name associated with the key you want to delete. Please note that if there is a corresponding private key in your keyring, you must delete the private key first.

Deleting a Private Key

To delete a private key, use the following command:

gpg --delete-secret-key "User Name"

Replace "User Name" with the name associated with the private key you want to delete. This command will remove the private key from your secret keyring.

Listing Keys in Keyring

To see a list of all the keys in your public keyring, use the following command:

gpg --list-keys

This command will display information about each key, including the key ID, creation date, and associated user IDs.

To see a list of all the keys in your secret keyring, use the following command:

gpg --list-secret-keys

This command will display the same information as above but for the keys in your secret keyring.

Encryption and Decryption

Encrypting Files

To encrypt a file using GPG, use the following command:

gpg -e -u "Sender User Name" -r "Receiver User Name" file.txt

Replace "Sender User Name" with your name or the name associated with your secret key and "Receiver User Name" with the name or email address of the person you want to encrypt the file for. This command will create a file called file.txt.gpg containing the encrypted data.

Decrypting Files

To decrypt an encrypted file, use the following command:

gpg -d file.txt.gpg

This command will prompt you to enter your passphrase and then decrypt the file. The decrypted file will be named file.txt.

Extracting and Decrypting Files

If you want to extract the original file while decrypting it, use the following command:

gpg -o outputfile -d encryptedfile.gpg

Replace outputfile with the desired filename for the decrypted file and encryptedfile.gpg with the name of the encrypted file. This command will decrypt the file and save it with the specified filename.

Advanced Features

Key Trust and Levels of Trust

GPG introduces the concept of key trust, which determines the level of trust you have in a specific key. There are different levels of trust, including unknown, none, marginal, full, and ultimate. The trust level reflects the degree to which you trust the owner of the key.

To trust an imported third-party GPG key, use the following command:

gpg --edit-key "User Name"

Within the GPG command line interface, type trust and hit Enter. Follow the prompts to select the level of trust you wish to assign to the key.

Sharing Secret Keys

GPG allows you to export and import secret keys, allowing you to share key pairs across different devices or with other individuals.

To export a private key, use the following command:

gpg --export-secret-key -a "User Name" > private_key.asc

This command exports your private key and saves it in a file called private_key.asc. Make sure to protect this file and only share it with trusted individuals.

To import a private key, use the following command:

gpg --allow-secret-key-import --import private_key.asc

Replace private_key.asc with the filename of the private key file you received. This command will add the private key to your secret keyring.

GPG Cheat Sheet

If you need a quick reference for GPG commands and their usage, you can refer to the GPG Cheat Sheet. It provides an overview of commonly used GPG commands and their syntax. You can find the cheat sheet at GPG Cheat Sheet.

Conclusion

GPG is a powerful tool for securing your sensitive information and ensuring the authenticity of your messages. By following the instructions in this guide, you should now have a good understanding of the basics of GPG and be able to use it effectively. Remember to keep your keys secure and share them only with trusted individuals.

Reference

  1. A simple GPG user guide – GitHub
  2. BSI-Project “EasyGPG”: Simplifying e-mail encryption
  3. File encryption and decryption made easy with GPG – Red Hat
  4. Short, easy to understand explanation of GPG/PGP for nontechnical …
  5. GPG Cheat Sheet