Overview
gpg protects data using public-key cryptography. It generates and manages pairs of private and public keys, allowing for secure exchange of file and email content. It supports strong encryption algorithms and is available on various operating systems.
Key Features
- Public/private key pair generation and management
- File and message encryption/decryption
- Digital signature generation and verification
- Public key sharing via key servers
Key Options
The gpg command offers numerous options for various tasks. Here are some of the most frequently used ones.
Key Management
Encryption and Decryption
Signing and Verification
Generated command:
Try combining the commands.
Description:
`gpg` Executes the command.
Combine the above options to virtually execute commands with AI.
Usage Examples
Here are some common examples of using gpg to generate keys, encrypt/decrypt files, and create/verify signatures.
Generate a New Key Pair
gpg --gen-keyFollow the interactive prompts to set the key type, size, expiration date, name, email, etc.
View Public Key List
gpg --list-keysCheck all public key information stored in your current keyring.
Encrypt File (Specify Recipient)
gpg --encrypt --recipient Alice secret.txtEncrypts 'secret.txt' using the public key of the specified recipient (e.g., 'Alice'). The result is saved as 'secret.txt.gpg'.
Decrypt File
gpg --decrypt secret.txt.gpgDecrypts the encrypted file 'secret.txt.gpg'. Requires your private key passphrase. The output is to standard output. You can save it to a file using the `--output` option.
Add Digital Signature to File
gpg --sign document.txtAdds a signature to 'document.txt'. The signed file is created as 'document.txt.gpg'.
Verify Signed File
gpg --verify document.txt.gpgVerifies the signature of 'document.txt.gpg'. The signer's public key must be in your keyring.
Export Public Key (ASCII Armor)
gpg --export --armor Alice > alice_pubkey.ascExports the public key of user ID 'Alice' in ASCII Armor format and saves it to 'alice_pubkey.asc'.
Installation
gpg is usually pre-installed on most Linux distributions or can be easily installed from standard repositories. Here are the installation commands for major distributions.
Debian/Ubuntu
sudo apt update && sudo apt install gnupgInstall gpg using the APT package manager.
RHEL/CentOS/Fedora
sudo dnf install gnupgInstall gpg using the YUM or DNF package manager.
Arch Linux
sudo pacman -S gnupgInstall gpg using the Pacman package manager.
Tips & Precautions
Tips and precautions for using gpg safely and efficiently. Pay special attention to key management and password security.
Use Strong Passphrases
Use a strong and memorable passphrase when generating keys. The passphrase is the key element protecting your private key.
- Strong Passphrase: Minimum 12 characters, combination of uppercase, lowercase, numbers, and special characters.
Backup Your Private Key
Your private key is extremely important, so it's recommended to back it up to a secure offline storage (e.g., USB drive, encrypted external hard drive). If you lose your key, you cannot recover your encrypted data.
- Backup Method: gpg --export-secret-keys --armor [USER_ID] > private_key.asc
Generate a Revocation Certificate
Immediately after generating a key, create and securely store a revocation certificate. This is used to invalidate the key if it is compromised or lost.
- Generate Revocation Certificate: gpg --gen-revoke [USER_ID]
Utilize Key Servers
You can upload your public key to a key server, making it easily discoverable and usable by others. This facilitates public key exchange.
- Upload to Key Server: gpg --send-keys [USER_ID]