What is GPG, and how can I install it?
On this page:
Overview
GNU Privacy Guard (GnuPG, or GPG) is a complete and free replacement for PGP. Because it does not use the patented IDEA algorithm, you can use it without any restrictions. GnuPG is an RFC2440 (OpenPGP) compliant application.
GPG gives your email something that it otherwise doesn't have: privacy. It encrypts your mail so that nobody but the intended person can read it. When encrypted, the message looks like a meaningless jumble of random characters. Additionally, GPG can be used to encrypt datafiles on your machine, protecting sensitive information (such as passwords) from prying eyes.
You can also use GPG to apply a digital signature to a message without encrypting it. This is normally used in public postings, such as Usenet, where you don't want to hide what you are saying, but rather want to allow others to confirm that the message actually came from you. Once a digital signature is created, it is impossible for anyone to modify either the message or the signature without the modification being detected by GPG.
Where to get GPG
GPG is available from GnuPG.org. Installation instructions are available there also. Additionally, most Linux distributions include GPG in their standard installation media.
Configuring GPG
After installation you will have an executable file called gpg.
Once GPG is successfully installed, the first thing you should do is create your unique public/private key pair:
- Enter
gpg --gen-keyat the command line.
- You will see the following output:
gpg (GnuPG) 1.2.2; Copyright (C) 2002 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details.
Please select what kind of key you want:
(1) DSA and ElGamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection?Choose
1. - Next you will see:
DSA keypair will have 1024 bits.
About to generate a new ELG-E keypair.
minimum keysize is 768 bits
default keysize is 1024 bits
highest suggested keysize is 2048 bits
What keysize do you want? (1024)Enter the size (in bits) that you would like your GPG key to be. Generally the default of 1024 is fine.
- Next you will see:
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0)Enter the expiration period you would like for your key. For example, entering
3wwould set the expiration period for 3 weeks. You will be asked to confirm your choice. - Next you will see:
You need a User-ID to identify your key; the software constructs the user id from Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) "
Enter the information as requested. The information you entered will be displayed and you will be given a chance to change it if needed. If you are satisfied with the information, press
oto save it and continue. - You will be prompted to create and confirm a passphrase. Your
passphrase can be any sentence or phrase and may have many words,
spaces, punctuation, or any other printable characters.
- Next you will see:
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.
Follow the suggestions on your screen to ensure that your key is based on truly random numbers. Generating your keys can take up to several minutes.
Portions of this document are adapted from GnuPG.org.
Last modified on October 22, 2010.
