This post shows students and new users steps to generate and manage GPG keys on Ubuntu Linux.
In some cases you may need to generate and manage GPG keys on Ubuntu Linux servers or desktops. As you may already know, GPG encryption helps keep files save and secure.
Using GPG encryption to encrypt your data before transfer ensures that they will not be viewed or read by anyone without a valid matching key pair. This technology works across diverse platforms, including Windows, Mac OS and Linux.
This brief tutorial shows students and new users how to generate and mange GPG keys on Ubuntu servers or desktops.
When you’re ready to get GPG working on Ubuntu, follow the steps below:
How to install GnuPG
In order to use GPG encryptions, you will have to install a software that helps generate and manage your GPG encryptions and keys. On Linux systems, a popular tool to help with GPG is GnuPG.
GnuPG is a free software implementation of the OpenPGP standard that allows you to encrypt and sign your data and communications using GPG encryptions.
On Ubuntu, open your command line terminal and run the commands below to install GnuPG.
sudo apt update sudo apt install gnupg
After installing GnuPG, run the commands below to see if it’s installed and which encryption algorithms are supported. run the commands below:
gpg --help Output: gpg --help gpg (GnuPG) 2.2.4 libgcrypt 1.8.1 Copyright (C) 2017 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /home/richard/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 Syntax: gpg [options] [files] Sign, check, encrypt or decrypt Default operation depends on the input data
How to generate your GPG key pair
Now that GnuPG is installed, you’ll need to generate your own GPG key pair, consisting of a private and public key.
The private key is your master key. It allows you to decrypt/encrypt your files and create signatures which are signed with your private key.
The public key is shared with those who should open and view content you encrypt with your private key and also verifies that the content encrypted with your private key actually come you.
To generate your key pair, run the commands below:
That should initial GPG key generation process. You will be asked your real name and email address to use to identify the key. You should see similar output as below:
gpg --gen-key gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Note: Use "gpg --full-generate-key" for a full featured key generation dialog. GnuPG needs to construct a user ID to identify your key. Real name: Richard Email address: email@example.com You selected this USER-ID: "Richard <firstname.lastname@example.org>" Change (N)ame, (E)mail, or (O)kay/(Q)uit? O We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: /home/richard/.gnupg/trustdb.gpg: trustdb created gpg: key F6A785CA937400D3 marked as ultimately trusted gpg: directory '/home/richard/.gnupg/openpgp-revocs.d' created gpg: revocation certificate stored as '/home/richard/.gnupg/openpgp-revocs.d/77B56FA102AECAC136D1C361F6A785CA937400D3.rev' public and secret key created and signed. pub rsa3072 2019-07-01 [SC] [expires: 2021-06-30] 77B56FA102AECAC136D1C361F6A785CA937400D3 uid Richard <email@example.com> sub rsa3072 2019-07-01 [E] [expires: 2021-06-30]
You’ll be prompted to type and confirm your passphrase for the private key.
After that, your keypair should be generated.
How to export your public key
If you need to export and share your public key to others, you run the commands below. The public key is used to authenticate that the content encrypted by you actually came from you.
It is also used to decrypt the content you encrypted.
gpg --armor --export firstname.lastname@example.org > public_key.asc
You can also use the commands below to export the key into a readable text file.
gpg --armor --output key.txt --export email@example.com
You can then send the public key file to those who should get it.
How to encrypt and decrypt files
To encrypt a file you want to secure, you run the commands below. The public.text file becomes confidential.text.enc protected file.
gpg --encrypt --recipient 'firstname.lastname@example.org' --output confidential.txt.enc public.txt
You should see an output as below:
Output gpg: checking the trustdb gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: next trustdb check due at 2021-06-30
You can now delete the public.txt file and only have the encrypted version.
To decrypt the confidential.txt.enc file using the public key. run the commands below:
gpg --decrypt --output public.txt confidential.txt.enc
You’ll be asked to provide your passphrase to allow access to your private key to be able to decrypt the file.
Enter the key to decrypt.
Output gpg: encrypted with 3072-bit RSA key, ID 4BFCC6007183FE53, created 2019-07-01 "Richard <email@example.com>"
The confidenatial.txt.enc file becomes public.txt.
That should do it!
For Windows users, they can use Gpg4win instead.
You may also like the post below: