GPG or the GNU Privacy Guard is a free and open source software that implements OpenPGP public-key cryptography message format (RFC4880). You can use GPG to encrypt, decrypt, sign and verify files or emails. To use GPG, you need to generate the public-key/private-key pairs in your computer by running this command, and choose the default option
gpg --gen-key
The application will ask you to enter your ID and passphrase, make sure you choose a strong passphrase to guarantee the safety and security of your keys.
Encrypting and Decrypting Files
You can use GPG to encrypt files, it can be only decrypted by those who have your public-key. The command that can be used to encrypt file is :
gpg --out encrypted_file.txt --encrypt original_file.txt
Run this command to decrypt. Files encrypted with private key can only be decrypted with public key and vice-versa.
gpg --out decrypted.txt --decrypt encrypted_file.txt
Signing Email or body of texts
Alternatively, you can chose to sign emails/texts instead of encrypting them. Signing files is a way to ensure that the message/texts/emails are from the right sender and its content has not been tempered with. You can run this command to sign email or texts :
gpg --clearsign original_text.txt
This will produce a signature file which content the original text with PGP signature embedded at the bottom of the message.
To verify it (assuming you have the public key), you need to run this command:
gpg --verify original_text.txt.asc
Signing Files
If you are distributing binary files, you can use the detach signature option to create a separate file which can be use to verify who signs the file and whether the files have been modified since it was last signed. To sign files, you need to run this command :
gpg --output signature_original_file.sig --detach-sig original_file.txt
This will produce a separate signature_original_file.sig file which can be used by anybody to verify whether the content of the files has been changed since it was last signed, assuming the public key is available. To verify the signature, you can run this command :
gpg --verify signature_original_file.sig original_file.txt
Exporting Public Keys
In Public-Key Cryptography, only public-key should be exported and given to trusted individuals. You can run this command to export public key in GPG :
gpg --armor --export
you can give or distribute “your_id_public.key” file to trusted people to enable them to send you encrypted messages/files or to sign email they sent to you.
Importing Public Keys
In order to use other people’s public key in order to signature or encrypt a files/email, you need to import it into your own keyring. To do that, you need to run this command :
gpg --import somebody_else_public.key
In order to view the lists of public keys that are being kept, you only need to this command:
gpg --list-keys
More Information?
You can get more information and tutorials from these sites:
Hopefully this can help you answer your queries.
Seems a bit technical and geeky to me. Most people just don’t get how to do this and wouldn’t subject others to it unless they were techies too. For those that want to simplify encryption, try ThreadThat.com. There’s nothing to download, no keys to generate and it’s free.