Skip to main content

Quick Start

GnuPrivacyGuard basics

These are the bare-bones instructions to get you going. Reading the documentation (online at http://www.gnupg.org/en/manual.html) is highly recommended.

It is a good idea to get a buddy to go through this at the same time that you do -- that way you will have someone to exchange keys and encrypted files with.

  1. Create yourself a key.
$ gpg --gen-key
  • select the default generation type
  • select the default length (or longer if you want)
  • select the expiry time
  • enter your real name
  • enter your email address
  • enter a comment
  • enter a passphrase to protect your key
  1. Send your key to the people who are going to use it to send email to you or verify email from you.
  • extract the key from gpg:

    $ gpg --armor --output file --export (email address)

eg:

gpg --armor --output my-key --export DMackintosh@uxilium.com

will place my public key in the file "my-key" in a format that is suitable for emailing.

  • attach or embed this file in an email.

3. Receive the public key of a person who you are going to send email to. (Option: see how to use the key server service.)

  • extract the public key into a file.

  • import that key into gpg:

    $ gpg --import (file-that-key-is-in)

  • confirm somehow that this key is genuine (phone, registered mail, whatever)

  • sign the imported key to tell gpg that you trust it

    $ gpg --edit-key (email-address-associated-with-the-key) Command> sign Command> quit Save changes? y

  • you can check that you have signed it properly:

    $ gpg --edit-key (email-address-associated-with-the-key) Command> check

4. Encrypt a file to be sent to another user:

$ gpg --output (encrypted-file-name) --encrypt --recipient (email-address-you-have-a-key-for) (unencrypted-file)
  • (encrypted-file-name) can now be attached to an email.

5. Decrypt a file sent to you:

$ gpg --output (unencrypted-file) --decrypt (encrypted-file)
  • (unencrypted-file) is now a normal file.