PGP Guide
PGP can refer to two things:
The Pretty Good Privacy software originally written by Phil Zimmermann, and now owned by Symantec. The formats for keys, encrypted messages and message signatures defined by that software. These have now been formalised as the OpenPGP standard. The GPG software is an independent implementation of the OpenPGP standards, so you can use it to exchange encrypted messages with people using other OpenPGP implementations (e.g. Symantec's PGP).
Due to its popularity on Linux systems, it is also fairly common for people to incorrectly use the term "GPG" to refer to the whole OpenPGP cryptography system (e.g. "GPG keys" or "GPG signatures"). It is usually pretty clear what they mean from the context though.
# OSX
brew install gnupg
# Ubuntu
apt-get install gnupg
# RedHat/Fedora/CentOS
yum install gnupg
gpg --gen-key
The first key is your private (or secret) key. You must keep this private key safe at all times, and you must not share it with anyone. The private key is protected with a password. The second key is your public key, which you can safely share with other people. Anything that is encrypted using the public key can only be decrypted with the related private key.
# List private keys
gpg --list-secret-keys
# List public keys
gpg --list-keys
# Outputs:
# pub 4096R/F9C3014D 2014-09-18
# uid Sepehr Lajevardi <lajevardi@gmail.com>
# sub 4096R/57B451B8 2014-09-18
#
# Which translates to:
# - pub: Public key
# - 4096R: The number of bits in the key, and the type (RSA)
# - F9C3014D: The key ID
# - 2014-09-18: The date of key creation
# - Sepehr Lajevardi: Real name
# - <lajevardi@gmail.com>: And the email
gpg --delete-keys lajevardi@gmail.com
gpg --edit-key lajevardi@gmail.com
trust (invoke trust subcommand on the key)
5 (ultimate trust)
y (if prompted)
quit
# 1. Import
# When you import a public key, you are placing it into what is commonly referred to as the "GPG keyring"
gpg --import someone.asc
# 2. Export someone's key
gpg --export --armor > someone.asc
## 1. Export
cp ~/.gnupg/pubring.gpg /path/to/backups/
cp ~/.gnupg/secring.gpg /path/to/backups/
cp ~/.gnupg/trustdb.gpg /path/to/backups/
# Or, instead of backing up the trustdb
gpg --export-ownertrust > ownertrust.txt
## 2. Import
cp /path/to/backups/*.gpg ~/.gnupg/
# or, if you exported the ownertrust
gpg --import-ownertrust ownertrust.txt
This only really works if you don't mind losing any other keys (than your own).
# 1. Export
gpg --export --armor lajevardi@gmail.com > public.asc
gpg --export-secret-keys --armor lajevardi@gmail.com > private.asc
gpg --export-ownertrust > ownertrust.txt
# 2. Import
# Imports the public as well
gpg --import --armor private.asc
gpg --import-ownertrust ownertrust.txt
# Encrypts a file to lajevardi@gmail without signing it, author will be unknown.
gpg --encrypt --recipient lajevardi@gmail.com file.txt
# Encrypts and signs the message with author private key
gpg --encrypt --sign --recipient lajevardi@gmail.com file.txt
# Decrypt
gpg --decrypt file.gpg
gpg --send-key lajevardi@gmail.com [--keyserver sks-keyservers.net]
Revoke certificates are required when we need to remove our key from keyservers and literally revoking the certificate.
gpg --gen-revoke lajevardi@gmail.com
Here's a sample revoke certificate:
Revocation certificate created.
Please move it to a medium which you can hide away; if Mallory gets
access to this certificate he can use it to make your key unusable.
It is smart to print this certificate and store it away, just in case
your media become unreadable. But have some caution: The print system of
your machine might store the data and make it available to others!
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: A revocation certificate should follow
iQIfBCABAgAJBQJSTxNSAh0AAAoJEIKHahUxGx+E15EP/1BL2pCTqSG9IYbz4CMN
bCW9HgeNpb24BK9u6fAuyH8aieLVD7It80LnSg/+PgG9t4KlzUky5sOoo54Qc3rD
H+JClu4oaRpq25vWd7+Vb2oOwwd/27Y1KRt6TODwK61z20XkGPU2NJ/ATPn9yIR9
4B10QxqqQSpQeB7rr2+Ahsyl5jefswwXmduDziZlZqf+g4lv8lZlJ8C3+GKv06fB
FJwE6XO4Y69LNAeL+tzSE9y5lARKVMfqor/wS7lNBdFzo3BE0w68HN6iD+nDbo8r
xCdQ9E2ui9os/5yf9Y3Uzky1GTLmBhTqPnl8AOyHHLTqqOT47arpwRXXDeNd4B7C
DiE0p1yevG6uZGfhVAkisNfi4VrprTx73NGwyahCc3gO/5e2GnKokCde/NhOknci
Wl4oSL/7a3Wx8h/XKeNvkiurInuZugFnZVKbW5kvIbHDWJOanEQnLJp3Q2tvebrr
BBHyiVeQiEwOpFRvBuZW3znifoGrIc7KMmuEUPvA243xFcRTO3G1D1X9B3TTSlc/
o8jOlv6y2pcdBfp4aUkFtunE4GfXmIfCF5Vn3TkCyBV/Y2aW/fpA3Y+nUy5hPhSt
tprTYmxyjzSvaIw5tjsgylMZ48+qp/Awe34UWL9AWk3DvmydAerAxLdiK/80KJp0
88qdrRRgEuw3qfBJbNZ7oM/o
=isbs
-----END PGP PUBLIC KEY BLOCK-----
Difference between PGP and GPG
Instructions for exporting/importing (backup/restore) GPG keys