Tutorial: GPG (Gnu Privacy Guard)

This post is a short memo as regards the usage of GnuPG aka Gnu Privacy Guard aka GPG for short.

Overview

GnuPG is an implementation of the OpenPGP standard also known as RFC4880.

It defined an hybrid encryption framework based on the notion of Web of Trust to offer basically Mail | Document | Git commit... encryption / signature.

Installation

  • On Mac OS: use the GPGTools Suite, which features (among others) GPG for Apple Mail, GPG Keychain, GPG Services and MacGPG.
  • On Windows: use GPG4Win (tutorial), which features (among others) GnuPG, GnuPG for Outlook (GpgOL), Kleopatra and GNU Privacy Assistant (GPA)[^1] and GPG Explorer eXtension (GpgEX)
  • On All OS: you can rely on Thunderbird and the Enigmail plugin

Basic GPG CLI Usage

GPG Key manipulation:

1
2
3
4
$> gpg --gen-key                  # Generate your PGP key
$> gpg --list-keys [pattern]      # List available PGP key(s)
$> gpg --keyserver pgp.mit.edu --search-keys <pattern> # Search & Import
$> gpg --keyserver pgp.mit.edu --recv-keys <ID>        # Import

To Send encrypted mails to user@domain.org, which assumes that you trust his key i.e. sign (after careful check) this key using GPG Keychain / GPA.

1
2
3
$> gpg [-K] --fingerprint <mail>                 # Get (with -K) / Check fingerprint
$> gpg --sign-key --ask-cert-level <ID>          # Sign Key <ID> AFTER check
$> gpg --keyserver pgp.mit.edu --send-keys <ID>  # Send back signed key

To encrypt/decrypt or extracting a signature:

1
2
3
4
5
$> gpg --encrypt [-r <recipient>] <file>     # => <file>.gp
$> rm <file>            # see below: encryption DOES NOT delete <file>
...
$> gpg --decrypt <file>.gpg           # Decrypt PGP encrypted file
$> gpg --armor --detach-sign <file>   # Extract signature file <file>.asc

Warning: Encryption does not delete the input (clear-text) file!

FAQ

Where is located the GPG Keychain / Keyring ?

Depending on your system:

  • On Linux / Mac OS: under ~/.gnupg
  • On Windows: under C:\\Documents and Settings\<LOGIN>\Application Data\gnupg\