Skip to content

Instantly share code, notes, and snippets.

@kristianfreeman

kristianfreeman/gpg.md

Last active August 31, 2022 18:46
Show Gist options
  • Save kristianfreeman/6124830 to your computer and use it in GitHub Desktop.
Save kristianfreeman/6124830 to your computer and use it in GitHub Desktop.
Download ZIP
what is a gpg key?
Raw
gpg.md

(taken from http://aplawrence.com/Basics/gpg.html, hosted on gist for safety)

Recently someone asked me for a GPG or PGP public key so that they could send some sensitive material to me by email. I understood what they meant, but inwardly I groaned because I've just never had any reason to use public key encryption, and had no idea how to create the key or decrypt what would be sent back to me. Looking at "man bgp" on my Linux box didn't make me feel any better, and a Google search for gpg docs didn't immediately turn up anything that wasn't techno gobbledy-dee-geek. Eventually (after I had figured out the basics by trial and error), I did find GNU Privacy Guard HandBook, which probably would have gotten me up to speed a little faster, but which still was more than I needed to know at the moment. This, therefore, is a quick introduction so that you don't have to get a headache from the man page as I did. After learning what is presented here, you can visit the GNU page for more in depth coverage. Public key, private key

The basic concept is this: You generate a pair of matched keys. One of these is referred to as your "Public" key, and the other as "Private". You give the Public key to anyone who asks for it; you can even publish it on your web site. You keep your Private key secret, locked up on your own computer. A document (a text or binary file) can be encrypted using either key, and is decrypted with the other. The choice of which key to use to encrypt depends upon your purpose.

For example, if you want to send me something, you'd encrypt it using my public key. No one else can decrypt it; only my private key will work. On the other hand, I might be concerned that it really is you sending me a message. In that case, you'd encrypt your message using your private key (this is called "signing"). If I can decrypt it with your public key (presumably I somehow obtained that key and trust that it really is yours), I know that the message really came from you.

Read more: [http://aplawrence.com/Basics/gpg.html#ixzz2aeLFgjgr]

@JoaoBatistaSS1999
Copy link

Great overview, I was having a hard time setting my password to commit images to DockerHUB.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment