PrettyGood Privacy abbreviated as
PGP is the most widely used encryption standard when it comes to end-to-end information encryption. It is used to verify whether the sent message is genuine or not.
The GNU Privacy Guard is an implementation of the OpenPGP standard which features a key management system, along with access modules of all kinds of public key directories. Messages are encrypted using asymmetric key pairs individually generated by GnuPG users. The public keys are exchanged with other users either via key servers on the internet or any other safe way to ensure identity spoofing is not done so by corrupting the public key.
Digital signatures may also be added to a message to enforce its integrity. This is achieved by appending the signature using the private key generated which will be verified by the recipient’s copy of the sender’s public key.
Here, we show you the steps to take for installing and configuring GnuPG on Ubuntu 18.04.
Update System Packages
$ sudo apt update && sudo apt upgrade
Install GnuPG Package
$ sudo apt install gnupg
Generate your Key Pair
Once the package is installed, you can now go ahead and generate your key pair. Type in the following command:
$ sudo gpg --gen-key
Follow the subsequent prompts by entering your information as seen in the response below:
gpg: WARNING: unsafe ownership on homedir '/home/linuxuser/.gnupg'gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Note: Use "gpg --full-generate-key"for a full featured key generation dialog. GnuPG needs to construct a user ID to identify your key. Real name: Linux User Email address: email@example.com You selected this USER-ID: "Linux User <firstname.lastname@example.org>" Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
You will then be prompted to enter your passphrase and confirm it.
Special Note: Please ensure that the information you are entering is valid
The system will then use a process known as
entropy to generate the key pair. This is the amount of unpredictability in the system.
Create a Revocation certificate
When your private key has been compromised, you may need to revoke it and warn other users against receiving messages coming signed with the compromised private key. This is because an attacker may be impersonating you. To do this, enter the following command – Ensure you replace the email with the email entered during generation of your key pair.
$ gpg --output revoke.asc --gen-revoke email@example.com
You will receive the following output.
Revocation certificate created. Please move it to a medium which you can hide away; if Mallory gets access to this certificate he can use it to make your key unusable. It is smart to print this certificate and store it away, just incaseyour media become unreadable. But have some caution: The print system of your machine might store the data and make it available to others!
Ensure you follow the instructions on the output above. You may also revoke permissions on the certificate document just to ensure no one compromises it.
$ sudo chmod 0600 revoke.asc --gen-revoke firstname.lastname@example.org
You have learned how to install the GnuPG package, create a key pair and a revocation certificate.
The next recommended step is to look at how to upload the key pair to a key server in order to save other GnuPG public keys and to encrypt messages with the public keys and sign them.