GnuPG, generally often called GPG, is an open supply implementation of the Fairly Good Privateness cryptography commonplace. It presents symmetric and uneven encryption for information at relaxation and in transit.
This text introduces the way to use GPG, demonstrates its set up on frequent OSes and offers directions for its use.
How does GPG shield information?
Encryption seeks to fulfill the next three targets:
- Authenticity. Guaranteeing the supply of a message.
- Integrity. Guaranteeing a message didn’t change unexpectedly.
- Nonrepudiation. Guaranteeing the supply of the message.
GPG satisfies all three targets by combining symmetric and uneven cryptography to guard saved information and digital communications.
Symmetric and uneven cryptography are important elements of at present’s safety and privateness methods. Symmetric cryptography makes use of a single non-public key (shared secret) to each encrypt and decrypt information, whereas uneven cryptography makes use of a mathematically associated private and non-private key pair. Knowledge encrypted with one key can solely be decrypted by the opposite — for instance, information encrypted utilizing the general public key can solely be decrypted utilizing the associated non-public key.
GPG combines these two approaches and permits customers to make sure information privateness, supply and integrity. In consequence, GPG is broadly used and supported.
Frequent GPG use instances
Take into account the next methods to make use of GPG to safe information storage and transmission:
- Encrypted e-mail for confidentiality.
- Digitally signed e-mail for authenticity.
- Encrypted information for information confidentiality.
- Digitally signed software program packages, scripts and different purposes.
- Digitally signed Git commits.
Take into account your personal workflow to find out extra methods GPG can shield your info.
Set up GPG
GPG is free and open supply software program, serving to to make sure its safety and stability. It’s obtainable for frequent platforms, together with Linux, macOS and Home windows.
Most Linux distributions embody GPG by default. Use the gpg –version command to confirm you may have a present model. Use your distribution’s most well-liked package deal supervisor if GPG is not current.
For Ubuntu, Debian Linux Mint and comparable distributions, kind:
sudo apt set up gnupg
On Pink Hat Enterprise Linux, Fedora, Rocky and comparable distributions, kind:
sudo dnf -y set up gnupg
MacOS customers can set up GPG utilizing the Homebrew package deal supervisor by typing:
brew set up gnupg
MacOS customers can even use the GPG Suite graphical software to handle encryption.
Those that favor the Home windows platform can entry GPG two methods: GnuPG binary is the official installer from the GnuPG web site, and Gpg4win is the graphical/command-line software.
How one can use GPG for symmetric cryptography
Symmetric encryption presents essentially the most easy administration course of. You could, nonetheless, be capable to securely ship the important thing to any distant connections the place decryption must happen. This strategy works greatest for information encryption eventualities on a single system or inside a safe setting.
The only approach to encrypt a file makes use of this command:
gpg -c private-file.txt
It ends in an encrypted file named private-file.txt.gpg.
GPG prompts you to enter a passphrase to guard the file.
You may specify extra element, equivalent to a selected file title, through the use of the next extra complicated command:
gpg --output new-private-file.txt.gpg --symmetric private-file.txt
To then decrypt the new-private-file.txt.gpg file, kind:
gpg --output private-file.txt --decrypt private-file.txt.gpg
You may substitute the -o and -d flags for rather less typing. GPG routinely prompts for the passphrase you set for the non-public key.
Use this course of to guard information backup information, confidential info on shared computer systems or assets you are transferring to and from distant storage gadgets.
Be aware that GPG generates a brand new model of the file throughout the encryption course of. The unique nonencrypted file stays on the drive. Take into account securely deleting it utilizing a command equivalent to shred.
How one can generate key pairs for uneven cryptography
Start utilizing GPG by producing a public-private key pair. These keys are mathematically associated. With uneven cryptography, when you encrypt information with one key, you need to decrypt it with the opposite key. Listed below are examples of the 2 choices:
- Confidentiality. Encrypt with the general public key, decrypt with the non-public key.
- Digital signatures, integrity. Encrypt with the non-public key, decrypt with the general public key.
On a Linux system, kind the next command to generate the important thing pair:
gpg --full-generate-key
You may have numerous choices to customise the important thing size, kind and different settings. GPG prompts you to enter your title and e-mail deal with as a part of your key identification. You may also set a robust passphrase to guard your non-public key.
You’ll probably have to share your public key with different customers to allow them to decrypt information encrypted utilizing your non-public key. Use the next command to export the required public key info:
gpg --armor --export [email protected] > pubkey.asc
If you happen to obtain one other person’s public key or want to supply directions to a recipient of your public key, use this command to import it into your system:
gpg --import pubkey.asc
Confirm the important thing exists by typing gpg –list-public-keys. The person’s public key allows you to decrypt information encrypted with the associated non-public key.
How one can use GPG for uneven cryptography
To encrypt a file utilizing one other person’s public key — due to this fact making certain solely that person can decrypt the information based mostly on their possession of the associated non-public key — kind the next command:
gpg --output secret-file.txt.gpg --encrypt --recipient [email protected] secret-file.txt
This command specifies the title of the encrypted file — secret-file.txt.gpg — and the recipient’s e-mail deal with — [email protected]. You’re encrypting the secret-file.txt file on this instance.
On the different finish of the information switch, the person enters the next command to start the decryption course of:
gpg --output secret-file.txt --decrypt secret-file.txt.gpg
That person enters the passphrase defending their non-public key to finish the method.
Integrating GPG encryption into your day by day routine can significantly improve the safety of your information. You already do backups, proper? Now, you may encrypt these backups for higher confidentiality. You additionally conduct important enterprise utilizing e-mail. Studying the way to use GPG to digitally signal messages provides a considerable layer of safety to communications.
Damon Garn owns Cogspinner Coaction and offers freelance IT writing and modifying companies. He has written a number of CompTIA research guides, together with the Linux+, Cloud Necessities+ and Server+ guides, and contributes extensively to Informa TechTarget, The New Stack and CompTIA Blogs.
