PGP

Pretty Good Privacy (PGP) is an encryption program that is used for signing, encrypting, and decrypting texts, emails, files, and the likes. It's incredibly powerful and incredibly widespread.


Setup

After installing gpg, setting up your own key is simple.


gpg --gen-key

The first key is your private or 'secret' key. Keep this key safe. Don't share it with anyone. The second key is your public key, which you should make public and share with as many people as you can.


My public PGP key is here


But what do I do with this?

Your public key can be used to encrypt messages. Your private key can then be used to decrypt those messages. Very simple. Very effective.


This system can be used for another party to securely send messages or files to you.


Useful Commands


# List public keys
gpg --list-keys

# Import to keyring
gpg --import someone.asc

# Export someone's key
gpg --export --armor > file

# Encrypts a file for a recipient
gpg --encrypt --recipient [email protected] file.txt

# Encrypts and signs the message with author's private key
gpg --encrypt --sign --recipient [email protected] file.txt

# Decrypt
gpg --decrypt file.gpg

Further Exploring

• "Signing PGP Keys", carouth.com

• "How To Use GPG to Encrypt and Sign Messages", fedingo.com

• "Key Signing Party", Wikipedia.org

• "PGP Web of Trust: Core Concepts Behind Trusted Communication" - Konstantin Ryabitsev, Linux.com

• "Asymmetric Algorithms", Cryptography.io


References

[1] "Difference between PGP and GPG", askbuntu.com

[2] "How to Verify PGP Signature of Downloaded Software in Linux", Digitalocean.com