pgp_setup
pgp
pgp or pretty good privacy is an encryption program. most commonly used for signing, encrypting, decrypting files and text.
the public key
this is what you can share with others so they can encrypt stuff to you and verify things you signed.
fingerprint
this is a unique identifier for your public key. it is a string of numbers and letters that looks like this:
C69 3D6 944 838 888 888 888 888 888 888 888 888 888 888 888 888
private key
this is what you keep secret. it is used to decrypt files and sign messages.
installing
probably its already installed on your system.
sudo dnf install gnupg # fedora
generating a key
gpg --full-generate-key
~ :: gpg --full-gen-key
gpg (GnuPG) 2.4.4; Copyright (C) 2024 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(9) ECC (sign and encrypt) *default*
(10) ECC (sign only)
(14) Existing key from card
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
exporting a key
gpg --armor --export "your_email@random.corp" > my_email_public_key.asc
you can now share this file your friends and they can encrypt things to you
importing a key
gpg --import public.asc
verifying a public key
make sure the public key that your friend sent to you, has not been tampered with.
gpg --fingerprint friend@random.corp
The output will look something like this:
pub rsa3072 2024-10-06 [SC]
53C8 E08C 0D90 2A15 6F70 E60F 3B3A 149C 22E3 F797
uid [ultimate] friend (comment) <friend@random.corp>
sub rsa3072 2024-10-06 [E]
ask your friend to run the same command and tell you the fingerprint. if the fingerprints match, you can trust it.
signing a file
gpg --sign file.txt
if you have multiple gpg keys on your system, you can specify which key via associated email address, like so:
gpg --sign --default-key email@address gpg.docx
encrypting a file
gpg --encrypt -r "email@address" file.txt
change the address to the email address of the recipient.
decrypting a file
gpg --decrypt file.txt.gpg