I’ve asked myself the above question a ton of times and this guide here is the product of my struggles.
First of all, install the GPG package. If you are on Arch, you can use
# pacman -S gnupg
Also install rng-tools. This gives a random number generator which helps to add entropy quicker when generating your keys. (I have read that this results in insecure keys, but I think it should be pretty okay.)
# pacman -S rng-tools
Start the random number generation dump.
# rngd -r /dev/urandom
Then generate your keys.
The process should be relatively painless. The defaults for everything should be good enough. Enter your name, comment and email-ID, secure your private key with a very strong passphrase. After enough entropy is created, you should be done. Now
Should show you your freshly generated key! Now your private key should be kept secret at all costs. Lock it away as if your life depended on it. If someone gets access to it, you’re screwed.
The next thing you need to do is to share your public key with people you want to communicate securely with. Most people just put their public keys on keyservers like the MIT keyserver and people who want a particular person’s public key can get their public key from the keyserver directly.
In order to put up your key on the MIT keyserver, create an ASCII-armored version of your public key :
gpg --export -a "KEYNAME" > public.key
Now copy and paste the contents of ‘public.key’ in the text box on the MIT keyserver page, it’ll take care of the rest.
Okay good. You have now created a public-private key pair and you have set up your public key for display. If you now find someone who you want to send an encrypted message to, first get ahold of their public key. Copy and paste their ASCII public key block into a file (I’m going to call it FRIENDS_PUB_KEY) and put it on your system. Next, you need to IMPORT that key of theirs.
gpg --import FRIENDS_PUB_KEY
The first thing you need to do after creating (or importing other public keys ) is to check your key’s fingerprint.
gpg --edit-key FRIENDS_PUB_KEY
Now enter the following.
This should output the key’s fingerprint.
This next step is very important. Once you have your friend’s key’s fingerprint, you need to verify that you and him have the SAME fingerprint (either over the phone, or snail mail or pigeon post). This ensures that the key has not been tampered with and that you will really be sending your encrypted messages to your friend and not to a man-in-the-middle. If your fingerprint and your friend’s fingerprint don’t match, then that means that someone has tampered with your friend’s public key and is probably waiting for you to send all of your messages to him instead of your friend.
Now if you want to encrypt a text file, a picture etc. this is how you do it.
gpg -e -u "YOUR_KEY_NAME" -r "RECEIPIENT_KEY_NAME" somefile
This will create a file called ‘somefile.gpg’. You can now send this file over to your friend and be confident that he and only he will be able to decrypt it’s contents (unless ofcourse you’re in deep shit).
In order to decrypt a file you have got from a friend, here is what you do.
gpg -d somefile.gpg
GPG will automatically search for the relevant secret key to do the decryption with, if it finds the key, your file will be sucessfully decrypted. If the secret key doesn’t exist, it’ll complain saying that it can’t find the secret key.