How to Use GnuPG keys for Encrypting Messages on Ubuntu 18.04

Introduction

Hint: With Views, you can create custom lists of dynamic content from e-commerce catalogs, forum content, or blog posts. Use Thumbnail Images & Node Titles for links to content.

Prerequisites

  • VPS/Dedicated Server running Ubuntu 18.04
  • A non-root user with root privileges
  • Already Installed GnuPG. If you haven’t installed GnuPG, you can follow our tutorial How to install OpenPGP on Ubuntu 18.04

Steps

Importing Keys

You would want to import other users’ public keys either as a file they sent to you or from a key server they uploaded it to.

To import it from a file, use the below command while replacing your public_key_file with the exact name of the file containing the public key.

$ sudo gpg --import public_key_file

If a key was uploaded to the server, you can use the following command to import the key from an internet key server. Examples of key servers include but not limited to:

  • pgp.mit.edu
  • keyserver.ubuntu.com
  • zimmermann.mayfirst.org
  • sks-keyservers.net

You may use the name or the email address of the public key you are looking to download from the key server.

$ sudo gpg --keyserver keyserver.ubuntu.com  --search-keys user@email.com

Once you download the public key from the key-server, you want to ensure that the public key that you have exchanged has not been compromised. You can derive a fingerprint from the entire public key and compare the resulting hashes using the following command while replacing the email with your own email address used when generating your public key.

$ sudo gpg --fingerprint linuxuser@mail.com
pub   rsa3072 2018-09-25 [SC] [expires: 2020-09-24]
      EF09 1967 8848 814D 1790  7D3A 26A2 F881 948B B4D4
uid           [ultimate] Linux User <linuxuser@email.com>
sub   rsa3072 2018-09-25 [E] [expires: 2020-09-24]

Once verified, the imported key now needs to be signed to tell GnuPG that you have verified the authenticity of the key and you trust it.

$ gpg --sign-key user@email.com

Exporting Keys

As mentioned in importing keys, you may want to share your public key via email or upload it to an key-server.

To share it in person or via email,  use the following command to extract the public key to a file while replacing the below email:

$ sudo gpg --output ~/mygpg.key --armor --exportlinuxuser@email.com

The output should be a file called mygpg.key which will be stored in your desired location (in my case, the home directory). You can now copy and paste the key to an external drive, share via NFS or whichever way you deem suitable.

To upload your key on a key server, you first have to decide the suitable server for you and use the following command to upload the public key to the key server. Make sure to give it an identification that is easy to remember, like an email address.

$ sudo gpg --send-keys --keyserver sks-keyservers.net linuxuser@email.com

Encrypting Messages

To encrypt a document, you first need to ensure that you have your own generated key pair and also you have the public key for the intended recipient. Use the command below to encrypt a message:

$ sudo gpg --output doc.gpg --encrypt --recipient user@email.com doc

Decrypting Messages

To decrypt the message, you need to have the public key of the message sender. To do this, type in the following command.

$ sudo gpg --output desiredFileName.txt --decrypt doc.gpg

The doc.gpg is the name of the encrypted file while desiredFileName.txt is the name of the file you want to save the decrypted content to.

On entering this command, you will be prompted for your passphrase before decryption is done.

Special Note: You will have a maximum of 3 attempts to enter your correct passphrase.

Conclusion

The GPG package can also be installed in an email client such as Mozilla’s Thunderbird email client as an add-on (called Enigmail). The package will help you share your keys via email; as an attachment and save them on your desktop.

You can easily import keys from any key-server and encrypt an email for multiple recipients at the same time.

Check out these top 3 Linux hosting services

Was this article helpful?