January 15, 2021

How to use GPG

At work today I had a request from a vendor to supply a GPG public key to encrypt some data and I thought I will write an article on how to use GPG. Now that I got a little bit of information about it out of the way let's go.

Installing GPG

GPG should be installed by default in most Linux systems. But if it isn't I will use the following command in a Debian/Ubuntu based system to install the program.  
sudo apt install gpg

Creating a key

Once the program is installed I will generate a new key pair. To do that I will use gpg --generate-key. During the generation process I was prompted for a Real Name and an Email address. After I entered the required information the program will ask if I want to change any information or okay to proceed. Once I said it's okay to proceed I will be prompted to enter a password for the private key.

The completed process for generating a PGP key.

Now that I have generated a key pair I will use the private key to sign, encrypt or decrypt files. I will show the process of encrypting a text file, decrypting a file and exporting the public key using the gpg command.

Encrypting files with your key

I created a text file called file.txt that has a simple string of text inside of it. I want to encrypt this file and send it over to my friend. In order to do that I am going to use this command gpg --encrypt file.txt.  I will be prompted for a user id and this is where I would enter the email address that I entered when I created the key in the first step.

In the last line of the photo that there is now an additional file with the .gpg extension.  That file is the encrypted file that I will send to my friend. The public key that I will export in the section below will be sent to my friend.  That key will allow them to encrypt a response to me.

Exporting the public key

Now I need to export the public key for my friend to use. To get the key exported I will use gpg --output test.asc --armor --export [email protected]. The --output flag is what the public key will be called, the --export flag is telling the program what key to export and the --armor creates and ASCII armored output.

Importing your public key your file

When my friend receives the public key, they will have to import the public key into their keystore. To do that they need to use the type gpg --import test.asc. The public key that I gave them can only encrypt the data and they don't have the ability to decrypt the file.

Decrypting the message

Once the key has been generated and I received their response I can decrypt the file by using this gpg --decrypt file.txt.gpg > file.txt.

You can see in the picture above that the file was decrypted and I used the cat command to view the contents of the text file that I just decrypted.

I hope that I helped explain the process of using gpg to help secure the transmission of your data. If you have any suggestions please email me and let me know.