/home/software/contact

pgp_setup

pgp

pgp or pretty good privacy is an encryption program. most commonly used for signing, encrypting, decrypting files and text.

the public key

this is what you can share with others so they can encrypt stuff to you and verify things you signed.

fingerprint

this is a unique identifier for your public key. it is a string of numbers and letters that looks like this:

C69 3D6 944 838 888 888 888 888 888 888 888 888 888 888 888 888

private key

this is what you keep secret. it is used to decrypt files and sign messages.

installing

probably its already installed on your system.

sudo dnf install gnupg # fedora

generating a key

gpg --full-generate-key
~ ::  gpg --full-gen-key
gpg (GnuPG) 2.4.4; Copyright (C) 2024 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
 
Please select what kind of key you want:
   (1) RSA and RSA
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (9) ECC (sign and encrypt) *default*
  (10) ECC (sign only)
  (14) Existing key from card
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

exporting a key

gpg --armor --export "your_email@random.corp" > my_email_public_key.asc

you can now share this file your friends and they can encrypt things to you

importing a key

gpg --import public.asc

verifying a public key

make sure the public key that your friend sent to you, has not been tampered with.

gpg --fingerprint friend@random.corp

The output will look something like this:

pub   rsa3072 2024-10-06 [SC]
      53C8 E08C 0D90 2A15 6F70  E60F 3B3A 149C 22E3 F797
uid           [ultimate] friend (comment) <friend@random.corp>
sub   rsa3072 2024-10-06 [E]

ask your friend to run the same command and tell you the fingerprint. if the fingerprints match, you can trust it.

signing a file

gpg --sign file.txt

if you have multiple gpg keys on your system, you can specify which key via associated email address, like so:

gpg --sign --default-key email@address gpg.docx

encrypting a file

gpg --encrypt -r "email@address" file.txt

change the address to the email address of the recipient.

decrypting a file

gpg --decrypt file.txt.gpg