GPG Basic usage tutorial
Posted: 01 Apr 2025 02:27
Basic understanding on how to use computer required.
`text` means quoting technical stuff that is sensitive to case and typos.
# Installation
For Windows I recommend installing git bash, as it comes with gpg and a bunch of other useful unix tools.
https://git-scm.com/downloads
# Usage
Open git bash. Follow further instructions.
Perform `gpg --full-generate-key` command. Choose following options:
```
ECC (sign and encrypt)
NIST P-384
0 (never expire)
```
DO NOT USE REAL NAME IN Real Name FIELD
You can leave most of the fields completely empty.
name it.
Use
`gpg --export --armor key_name`, replacing `key_name` with the key's name. This will export public key that you can send to receiver through insecure channel.
Public keys begin with `-----BEGIN PGP PUBLIC KEY BLOCK-----`.
NEVER SHARE PRIVATE KEYS.
Receive public key from your comrade from which you want to receive messages. Import this key using
`gpg --import file.pgp` or `echo "KEY" | gpg --import`, replacing `file.pgp` with a filepath or `KEY` with the key.
`gpg --edit-key keyname` with key name in place of `keyname` to edit they key.
`sign` to sign the key
`trust` to change trust level
`5` for ultimate trust
`y` confirm
`save` save
- This will get rid of key ownership confirmation upon encryption
Basic way of using gpg is to use `echo "message to encrypt" | gpg --encrypt --armor --recipient key_name` with recipient's key name in the place of key_name. Decryption is `echo "encrypted message" | gpg --decrypt`.
But that's a bit inconvenient, is it?
You may want to use following bash script instead:
with `key_name` replaced with recipient's key name.
To use this bash script, simple perform `path_to_script.sh "encrypted/decrypted message"`. It will automatically determine whether you intended to decrypt or encrypt.
File encryption is basically the same. `cat path_to_file.any_format | gpg --encrypt --recipient key_name > path_to_file.format.pgp`. File decryption is accordingly `cat path_to_file.pgp | gpg --decrypt > path_to_file.format`
You can also use this bash script for files:
with `key_name` replaced with recipient's key name.
`text` means quoting technical stuff that is sensitive to case and typos.
# Installation
For Windows I recommend installing git bash, as it comes with gpg and a bunch of other useful unix tools.
https://git-scm.com/downloads
# Usage
Open git bash. Follow further instructions.
Perform `gpg --full-generate-key` command. Choose following options:
```
ECC (sign and encrypt)
NIST P-384
0 (never expire)
```
DO NOT USE REAL NAME IN Real Name FIELD
You can leave most of the fields completely empty.
name it.
Use
`gpg --export --armor key_name`, replacing `key_name` with the key's name. This will export public key that you can send to receiver through insecure channel.
Public keys begin with `-----BEGIN PGP PUBLIC KEY BLOCK-----`.
NEVER SHARE PRIVATE KEYS.
Receive public key from your comrade from which you want to receive messages. Import this key using
`gpg --import file.pgp` or `echo "KEY" | gpg --import`, replacing `file.pgp` with a filepath or `KEY` with the key.
`gpg --edit-key keyname` with key name in place of `keyname` to edit they key.
`sign` to sign the key
`trust` to change trust level
`5` for ultimate trust
`y` confirm
`save` save
- This will get rid of key ownership confirmation upon encryption
Basic way of using gpg is to use `echo "message to encrypt" | gpg --encrypt --armor --recipient key_name` with recipient's key name in the place of key_name. Decryption is `echo "encrypted message" | gpg --decrypt`.
But that's a bit inconvenient, is it?
You may want to use following bash script instead:
Code: Select all
#!/bin/bash
input="$1"
if [[ "$input" == *"-----BEGIN PGP MESSAGE-----"* ]]; then
decrypted=$( echo "$input" | gpg --decrypt )
echo "$decrypted"
else
encrypted=$( echo -e "$input" | gpg --encrypt --armor --recipient key_name | sed -z "s/\n\n/\n/" )
echo "$encrypted"
fiTo use this bash script, simple perform `path_to_script.sh "encrypted/decrypted message"`. It will automatically determine whether you intended to decrypt or encrypt.
File encryption is basically the same. `cat path_to_file.any_format | gpg --encrypt --recipient key_name > path_to_file.format.pgp`. File decryption is accordingly `cat path_to_file.pgp | gpg --decrypt > path_to_file.format`
You can also use this bash script for files:
Code: Select all
#!/bin/bash
file="$1"
if [[ "$file" == *".gpg" || "$file" == *".pgp" ]]; then
decrypted="$file"
decrypted="${decrypted%.gpg}"
decrypted="${decrypted%.pgp}"
cat "$file" | gpg --decrypt > "$decrypted"
else
cat "$file" | gpg --encrypt --recipient key_name > "$file".gpg
fi