PGP Encryption Guide

TL;DR

This guide shows you how to encrypt and decrypt messages using PGP (Pretty Good Privacy). It’s a way to keep your emails and files private. We’ll use the command line for this, as it gives you the most control.

Generating Key Pair

1. Install GPG: If you don’t have it already, install GnuPG (GPG). On Debian/Ubuntu:

   sudo apt update && sudo apt install gnupg

   On macOS with Homebrew:

   brew install gpg

2. Generate a Key: Run the following command. Replace “Your Name” and “your@email.com” with your details.

   gpg --full-name "Your Name" --keytype rsa --keysize 4096 --email "your@email.com"

3. Set a Passphrase: You’ll be prompted to enter a strong passphrase. *Remember this!* It protects your private key.

   GPG will then generate your key pair (public and private keys). This can take some time.

4. List Your Keys: To see your generated keys:

   gpg --list-keys

   This will show you the Key ID, which you’ll need later. It looks something like ABCDEF1234567890.

Encrypting a Message

1. Export Public Key: Export your public key to a file:

   gpg --armor --export "your@email.com" > public.key

2. Encrypt the File: To encrypt a file (e.g., message.txt) for someone, you need their public key.
   Assuming you have their public key in a file called recipient_public.key:

   gpg --encrypt --recipient "Recipient's Email" --file message.txt --output encrypted.txt

   Or using the recipient’s Key ID:

   gpg --encrypt --recipient ABCDEF1234567890 --file message.txt --output encrypted.txt

3. Send the Encrypted File: Send encrypted.txt to the recipient securely (e.g., via email, but not plain text!).

Decrypting a Message

1. Receive the Encrypted File: Obtain the encrypted file from the sender.
2. Decrypt the File: Use your private key to decrypt it:

   gpg --decrypt --file encrypted.txt --output decrypted.txt

3. Enter Passphrase: You’ll be prompted for the passphrase you set when generating your key.
4. View Decrypted File: The decrypted content will be saved in decrypted.txt.

Important Notes

• Key Security: Keep your private key *very* safe! Do not share it with anyone.
• Passphrase Strength: Use a strong, unique passphrase.
• Public Key Verification: Always verify the recipient’s public key before encrypting sensitive information to ensure you are communicating with the correct person. This is beyond the scope of this basic guide but crucial for cyber security.
• Revocation Certificate: Create a revocation certificate when generating your key, in case your private key is compromised.