This article explains how to work with PGP keys. PGP keys come in pairs – a private key and a public key. Private keys are to be kept secret to the owner while public keys can be shared with the world.
We’ll be using GnuPG otherwise known as GPG which is compatible with PGP.
Table of Contents
In this example, Lisa will be sending an encrypted file to Bart. For this to happen, they both need GPG (or PGP) keys. Bart will share his public key with Lisa allowing Lisa to use Bart’s public key to encrypt the file. The result will be a file from Lisa that only Bart can decrypt.
Create Bart’s key pair
You will go through a Q&A. The defaults are fine. If you are planning to do automated encryption and decryption you should skip the passphrase.
If you’ve having trouble with entropy, consider running “haveged -F” in a different console on that server. It will help.
IMPORTANT: The email address that we use in the above key generation process is important as we use it to identify the keys later on. In other words, use a sensible email address that others will see and use later.
List Bart’s keys
Bart lists his current keys by issuing the following command.
Export Bart’s public key
gpg -armor --export [email protected] > barts_public_key.asc
Bart will now have a file called “barts_public_key.asc” which he can share with Lisa.
Import Bart’s public key
Lisa is the recipient of Bart’s public key. She needs to import it before using it.
IMPORTANT: Make sure Lisa has her own set of keys. She can generate them in the same way Bart did above.
gpg --import barts_public_key.asc
Lisa lists her available keys
Having just imported Bart’s public key, Lisa can now list them.
The output will be something like this:
[root@www ~]# gpg --list-keys pub 2148R/328AAA00 2018-02-19 uid Bart Simpsons (A Test Key) <[email protected]> pub 2148R/4EAA4794 2018-02-19 uid Lisa Simpsons (A Test Key) <[email protected]>
Lisa encrypts a file that only Bart can decrypt
gpg --encrypt --recipient [email protected] testfile.txt
The above command will create a new file called “testfile.txt.gpg” which is the encrypted version of the original “testfile.txt” file. Lisa can send the newly encrypted file to Bart knowing that only Bart can open it.