\documentclass{article} \usepackage{fullpage} \setlength{\parskip}{1eM} \title{GnuPG in a Tiny Nutshell} \author{Dave Worth (cesium@ahpcc.unm.edu)} \begin{document} \maketitle \noindent First note, for the real details that I may gloss over \verb|%man gpg| \noindent Target Audience: Those unfamilar with PGP/GPG or only familar with PGP 2.6.x \noindent GPG is a free, opensource implementation of the OpenPGP standard, and is thus cool. It generates big keys and has a very friendly interface unlike bits of PGP. \begin{enumerate} \item Get GPG or use a machine which has it. \item This is actually a personal decision and one probably based on where you plan on checking your mail. Truchas have gpg version 1.0.1 and if you check your mail there it's not such a bad idea to generate your key there. If you fetchmail your mail locally then you probably want gpg locally. The source is available from It's in the FreeBSD ports tree. \item To generate a key just run \verb|%gpg --gen-key| and follow the instructions. \begin{enumerate} \item Choose a key type, DSA and ElGamal (default) are generally appropriate. \item Choose a key size, the minimum should be 1024, 2048 is better. (1024 is default) \item Choose a key expiration. This is up to you and for general purpose, non-super-secret uses never is fine. Though in more important circumstances expiring keys can be useful. \item When asked give gpg your real name, your email address, you can generally give the comment field a miss. \item When prompted choose a passphrase, make it long enough to be secure, but make sure you remember it... numbers, letters, symbols, etc... the usual password stuff. \end{enumerate} GPG will now begin to generate the actual key, it will say: "We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy." Do that, give it something to generate entropy... It may ask for more bytes, do more stuff... it did this 3 times on truchas for me. \item Generate a revocation key by running \verb|%gpg --gen-revoke| and follow instructions. It will ask for your passphrase... Print out the generated revocation key and keep it safe somewhere. \item Export your ascii armored public key. The term ascii armor is key in GPG land... If you do not ascii armor all output from GPG is binary, which is sometimes not so helpful (and harder to include in the body of an email message). To export your key run \verb|%gpg --armor --export ""|. Copy the output and put it in your .plan in your home directory, and mail it systems. \end{enumerate} \noindent List all of the keys in your keyring run \verb|%gpg --list-keys| \noindent To list a small subset of keys in your keyring then you may follow list keys by the first few characters (taken case-insensitively) of their "real name" thus to find all the people who's keys you have whose first name starts with a ''d'' just run \verb|%gpg --list-keys d| \noindent To sign a file run \verb|%gpg --clearsign | Note: \verb|%gpg --sign | will make the output binary and less useful \noindent To verify a signature run \verb|%gpg --verify | The owner of the signature's public key must be in your keyring for this to work. \noindent To encrypt a file run \verb|%gpg --encrypt | \noindent To sign an encrypt run \verb|%gpg --sign --encrypt | or for fun \verb|%gpg -se | You will be asked for the name of the person you are encrypting to... \noindent To decrypt a file run \verb|%gpg --decrypt | \end{document}