Run:
			gpg --gen-key
		
		You will be asked:
			Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection?
		
		Hit ENTER to select default.
Next, you will be asked:
			RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
		
		Hit ENTER to select default 2048 length.
Next, you will be asked:
			Please specify how long the key should be valid.
         0 = key does not expire
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0)
		
		Hit ENTER to select default 0 i.e. key does not expire.
It will again ask you to confirm your choice.
			Key does not expire at all
Is this correct? (y/N)
		
		Press ‘y’ this time.
Then it will ask you for your:
			Real name:
Email address:
Comment:
		
		Enter your details. You can use comment to enter something like purpose of the key.
Next you will be asked to enter passphrase twice. Remember this passphrase.
Next, you may see a message like:
			generator a better chance to gain enough entropy.
Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 281 more bytes)
		
		Just open another terminal window and run some commands which generates plenty of activity.
My favorite is running a disk write performance benchmark using:
			dd bs=1M count=1024 if=/dev/zero of=test conv=fdatasync
		
		You will something like:
			gpg: key 0B2B9B37 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   2048R/0B2B9B37 2014-05-01
      Key fingerprint = 4AEC D912 EA8F D319 F3A7  EF49 E8F8 5A12 0B2B 9B37
uid                  rtCamp (S3 Backup) 
sub   2048R/3AA184AD 2014-05-01
		
		Output all this, line containing: pub   2048R/0B2B9B37 2014-05 -01 is most important.
0B2B9B37 is your GPG Key in this case.
In case you forget to copy your key, you can find it list keys commands.
List Public Keys
			gpg --list-keys
		
		You will see something like:
			/root/.gnupg/pubring.gpg
------------------------
pub   1024D/CD2EFD2A 2009-12-15
uid                  Percona MySQL Development Team 
sub   2048g/2D607DAF 2009-12-15
pub   2048R/0B2B9B37 2014-05-01
uid                  rtCamp (S3 Backup) 
sub   2048R/3AA184AD 2014-05-01
		
		List Private Keys
			gpg --list-secret-keys
		
		You may notice lesser number of keys. It’s perfectly fine as you might have others public key in your keyring which earlier command displayed. (e.g. Percona public key).
If you lose your private keys, you will eventually lose access to your data!
Export Public Key
			gpg --export -a "rtCamp" > public.key
		
		Export Private Key
			gpg --export-secret-key -a "rtCamp" > private.key
		
		Now don’t forget to backup public and private keys.
You can email these keys to yourself using swaks command:
			swaks --attach public.key --attach private.key --body "GPG Keys for `hostname`" --h-Subject  "GPG Keys for `hostname`"  -t admin@example.com
		
		If you ever have to import keys then use following commands.
Import Public Key
			gpg --import public.key
		
		Import Private Key
			gpg --allow-secret-key-import --import private.key
		
		At time you may want to delete keys.
Delete Public key
			gpg --delete-key "Real Name"
		
		Delete Private key
			gpg --delete-secret-key "Real Name"
		
		Sometime you need to generate fingerprint.
			gpg --fingerprint
		
		Will show something like:
			pub   2048R/0B2B9B37 2014-05-01
      Key fingerprint = 4AEC D912 EA8F D319 F3A7  EF49 E8F8 5A12 0B2B 9B37
uid                  rtCamp (S3 Backup) 
sub   2048R/3AA184AD 2014-05-01
		
		
			gpg -e -u "Sender (Your) Real Name" -r "Receiver User Name" file.txt
		
		This will encrypt file.txt using receiver’s public key.
Encrypted file will have .gpg extension. In this case it will be file.txt.gpg which you can send across.
I think -u is not necessary for encryption. It basically adds senders fingerprint (which we saw above). This way receiver can verify who sent message.
			gpg -d file.txt.gpg
		
		Decrypt command will pick correct secret key (if you have one).
Comments