This is made because man page for gpg always π± scared me like hell and I still do not understand why so basic thing as encrypting short message has to take so vast amount of mental and psychic energy to understand how it works.
message--- unencrypted text filemessage.gpg--- encrypted file in binary formatmessage.asc--- encrypted file in ascii text format- [email protected] --- π³ββοΈ (or π©) to whom we send encrypted message and receive encrypted messages from. We have his/her public π in our keyring (to be explained below, just accept this fact now). And this guy has your public π, so they can send you something encrypted personally for you
- [email protected] --- this is you :person_with_blond_hair:. You have your own key pair at your location, i.e. both private and public key
- π --- topics marked with skull are not necessary and might be distracting for beginner. Skip them unless you really-really want to screw things up. I left them here so that there is an easy way to fail
- π§ types and saves file
message - π§ finds public key of π¦ and encrypts the
messagewhich becomesmessage.gpg - π§ makes
message.gpgavailable to π¦ in any possible way - π¦ uses his private key and decrypts
message.gpgwhich turns to human-readablemessage
Note: nothing prevents π§ and π¦ to be the same person. In this case it is simpler to use symmetric encryption
This is the most complex part. I suggest that in the first place you just create your key pair, and publish or just give your public key to someone who is going to send you encrypted messages. We intentionally skip revocation certificate topic as this is like going to jungle -- I have never seen a person who started learning this part in the beginning and managed to not freak out in the end
- π¦ generates
private.keyandpublic.key(a.k.a. key pair). He remember a passphrase used during creation of the key pair and never tells it to anyone - π¦ tweets or posts on facebook his
public.key
you can't believe, but this used to be too complex for me to comprehend how to use previously generated keys on another place, eg. at your work pc
- (WIP) You want to send/read encrypted message on your new job laptop
- (WIP) Add another e-mail to the key
- (WIP) Add photo to the key
- (WIP) Your stopped using e-mail for any reason
- (WIP) Your private key has been lost/stolen
- (WIP) Your key pair has expired (yes, exaclty like π or π)
- encrypts message.txt for [email protected] and saves to binary file message.gpg:
gpg --encrypt --recipient [email protected] message - the same as above, but saves encrypted message to ascii file message.asc:
gpg --encrypt --recepient [email protected] --armor message - type-saving version of previous command:
gpg -ear [email protected] message
- encrypts using symmetric key and saves to message.gpg:
gpg --symmetric message - the same as above, saves to ascii file message.asc:
gpg --symmetric --armor message - type less, get the same:
gpg -ac message
- decrypts file and prints on screen:
gpg --decrypt message.asc - type less:
gpg msg.asc
gpg --gen-keyWIP
Use the following alternatives:
- print on π and keep in deposit box
- save on πΎ and keep in deposit box
- save as secret note in Lastpass
on the main location:
gpg --export-secret-keys --armor [email protected] > private.key
on the new location:
gpg --search-keys [email protected]--- finds public π on keyservers and allows to import it (of course it work if only you have published yourkey before)gpg --import public.key--- imports your (or other guy's) public π (if it is not published at keyservers)gpg --allow-secret-key-import --import private.key--- imports your private π so that you can decrypt messages for yougpg --import-options=merge-only --import private.key--- ??? only updates existing keys in the keyring ???
- type and encrypt to file:
gpg --symmetric --armor > message.asc - type less & π :
gpg -ac > m.asc - type, encrypt and upload to the βοΈ :
gpg -ear [email protected] | curl --form file=@-;filename=msg.asc http://filepush.co/upload
- GnuPG cheatsheet at devhints.io
- git-crypt: store secret information in public repositories
- Protecting code integrity with PGP - profound, yet still simple guide to advanced usage of PGP
created using stackedit.io