Getting Started GnuPG is a tool for secure communication. This chapter is a quick-start guide that covers the core functionality of GnuPG. This includes keypair creation, exchanging and verifying keys, encrypting and decrypting documents, and authenticating documents with digital signatures. It does not explain in detail the concepts behind public-key cryptography, encryption, and digital signatures.
This is covered in Chapter 2. It also does not explain how to use GnuPG wisely. This is covered in Chapters 3 and 4. GnuPG uses public-key cryptography so that users may communicate securely. In a public-key system, each user has a pair of keys consisting of a private key and a public key.
A user's private key is kept secret; it need never be revealed. The public key may be given to anyone with whom the user wants to communicate. GnuPG uses a somewhat more sophisticated scheme in which a user has a primary keypair and then zero or more additional subordinate keypairs. The primary and subordinate keypairs are bundled to facilitate key management and the bundle can often be considered simply as one keypair.
Generating a new keypair The command-line option --gen-key is used to create a new primary keypair. This is free software, and you are welcome to redistribute it under certain conditions. Please select what kind of key you want: GnuPG is able to create several different types of keypairs, but a primary key must be capable of making signatures. There are therefore only three options. Option 1 actually creates two keypairs. A DSA keypair is the primary keypair usable only for making signatures.
An ElGamal subordinate keypair is also created for encryption. Option 2 is similar but creates only a DSA keypair.
Option 4  creates a single ElGamal keypair usable for both making signatures and performing encryption. In all cases it is possible to later add additional subkeys for encryption and signing.
For most users the default option is fine. You must also choose a key size. GnuPG, however, requires that keys be no smaller than bits. Therefore, if Option 1 was chosen and you choose a keysize larger than bits, the ElGamal key will have the requested size, but the DSA key will be bits. About to generate a new ELG-E keypair. Also, encryption and decryption will be slower as the key size is increased, and a larger keysize may affect signature length.
Once selected, the keysize can never be changed. Finally, you must choose an expiration date. Please specify how long the key should be valid. The expiration time should be chosen with care, however, since although it is possible to change the expiration date after the key is created, it may be difficult to communicate a change to users who have your public key.
You must provide a user ID in addition to the key parameters. The user ID is used to associate the key being created with a real person. Only one user ID is created when a key is created, but it is possible to create additional user IDs if you want to use the key in two or more contexts, e.
A user ID should be created carefully since it cannot be edited after it is created. GnuPG needs a passphrase to protect the primary and subordinate private keys that you keep in your possession. You need a Passphrase to protect your private key.
There is no limit on the length of a passphrase, and it should be carefully chosen. From the perspective of security, the passphrase to unlock the private key is one of the weakest points in GnuPG and other public-key encryption systems as well since it is the only protection you have if another individual gets your private key. Ideally, the passphrase should not use words from a dictionary and should mix the case of alphabetic characters as well as use non-alphabetic characters.
A good passphrase is crucial to the secure use of GnuPG. Generating a revocation certificate After your keypair is created you should immediately generate a revocation certificate for the primary public key using the option --gen-revoke. If you forget your passphrase or if your private key is compromised or lost, this revocation certificate may be published to notify others that the public key should no longer be used.
A revoked public key can still be used to verify signatures made by you in the past, but it cannot be used to encrypt future messages to you. It also does not affect your ability to decrypt messages sent to you in the past if you still do have access to the private key. The generated certificate will be left in the file revoke.
If the --output option is omitted, the result will be placed on standard output. Since the certificate is short, you may wish to print a hardcopy of the certificate to store somewhere safe such as your safe deposit box. The certificate should not be stored where others can access it since anybody can publish the revocation certificate and render the corresponding public key useless. To communicate with others you must exchange public keys. To list the keys on your public keyring use the command-line option --list-keys.
The command-line option --export is used to do this. It takes an additional argument identifying the public key to export. As with the --gen-revoke option, either the key ID or any part of the user ID may be used to identify the key to export. GnuPG therefore supports a command-line option --armor  that causes output to be generated in an ASCII-armored format similar to uuencoded documents. In general, any output from GnuPG, e. For info see http: GnuPG uses a powerful and flexible trust model that does not require you to personally validate each key you import.
Some keys may need to be personally validated, however. A key is validated by verifying the key's fingerprint and then signing the key to certify it as a valid key. A key's fingerprint can be quickly viewed with the --fingerprint command-line option, but in order to certify the key you must edit it.
This may be done in person or over the phone or through any other means as long as you can guarantee that you are communicating with the key's true owner. If the fingerprint you get is the same as the fingerprint the key's owner gets, then you can be sure that you have a correct copy of the key.
After checking the fingerprint, you may sign the key to validate it. Since key verification is a weak point in public-key cryptography, you should be extremely careful and always check a key's fingerprint with the owner before signing the key. Once signed you can check the key to list the signatures on it and see the signature that you have added. Every user ID on the key will have one or more self-signatures as well as a signature for each user that has validated the key.
A public key may be thought of as an open safe. When a correspondent encrypts a document using a public key, that document is put in the safe, the safe shut, and the combination lock spun several times.
The corresponding private key is the combination that can reopen the safe and retrieve the document. In other words, only the person who holds the private key can recover a document encrypted using the associated public key. The procedure for encrypting and decrypting documents is straightforward with this mental model. If you want to encrypt a message to Alice, you encrypt it using Alice's public key, and she decrypts it with her private key. If Alice wants to send you a message, she encrypts it using your public key, and you decrypt it with your private key.
To encrypt a document the option --encrypt is used. You must have the public keys of the intended recipients. The software expects the name of the document to encrypt as input; if omitted, it reads standard input. The encrypted result is placed on standard output or as specified using the option --output.
The document is compressed for additional security in addition to encrypting it. The encrypted document can only be decrypted by someone with a private key that complements one of the recipients' public keys.
In particular, you cannot decrypt a document encrypted by you unless you included your own public key in the recipient list. To decrypt a message the option --decrypt is used. You need the private key to which the message was encrypted. Similar to the encryption process, the document to decrypt is input, and the decrypted result is output. Documents may also be encrypted without using public-key cryptography. Instead, you use a symmetric cipher to encrypt the document.
The key used to drive the symmetric cipher is derived from a passphrase supplied when the document is encrypted, and for good security, it should not be the same passphrase that you use to protect your private key. Symmetric encryption is useful for securing documents when the passphrase does not need to be communicated to others. A document can be encrypted with a symmetric cipher by using the --symmetric option. Making and verifying signatures A digital signature certifies and timestamps a document.
If the document is subsequently modified in any way, a verification of the signature will fail. A digital signature can serve the same purpose as a hand-written signature with the additional benefit of being tamper-resistant.
The GnuPG source distribution, for example, is signed so that users can verify that the source code has not been modified since it was packaged. A signature is created using the private key of the signer. The signature is verified using the corresponding public key. For example, Alice would use her own private key to digitally sign her latest submission to the Journal of Inorganic Chemistry.