PGP keys explained One of the most secure ways to encrypt your data is by using PGP keys. On the other hand, it can also be used to verify the identity of an individual. It has been designed for E-Mail messages, but it can also be used for files. This topic has been covered on many websites, but most of them aren't really clear. I'll try to make it as clear as possible, and therefore stick to the basics. For this tutorial I'll use the application GPG, which is pre-installed on most Linux distributions (Debian, Ubuntu, CentOS). It can also be installed on other systems, including Mac OS X and Windows. Public and Private Keys To use PGP, you need to generate a Key-Pair. A Key-Pair contains two keys: a Public Key and a Private Key. When you encrypt a file with one key, you can only decrypt it with the other key. As the name suggests, the Private Key is private. You should not share this key, and keep it only to you. The Public Key on the other hand, can be given to anyone. You can even publish it on your website if necessary. So basically, if a file is encrypted with a Public Key then only you can decrypt it. This way people are sure that only you can view the contents of the file. But if a file is encrypted with your Private Key, everyone else who has the Public Key can decrypt it. That does not protect the contents of the file, but does guarantee that you are really the one who sent it, and not an impersonator. I will mostly cover encrypting files to protect the contents. Installing GPG Install GPG for your platform. If you are running a modern Linux distribution, it might already be installed by default. - Windows: gpg4win package using the application Kleopatra - Mac OS X: GPGTools If your Linux distribution does not have GPG installed, then refer to the documentation or package manager of that distribution. Generating a Key Pair First of all you need to generate a Key Pair. Enter the following command: Code: gpg --gen-key If you've never used GPG before , it will create a configuration. The output will look similar to this: Code: gpg:directory '/home/user/.gnupg' created gpg:new configuration file '/home/user/.gnupg/gpg.conf created gpg:WARNING:options in '/home/user/.gnupg/gpg.conf are not yet active during this run It will return to a prompt, because it needs to start again in order to load the new configuration. So repeat the command: Code: gpg --gen-key It will now ask what kind of key you want. Select '1' and press ENTER/Return. You can now specify the period which the key is valid. Set it to '0' to prevent it from expiring. It will ask if this is correct, so enter 'y'. Now it's time to create a Private Key. It will ask for your Real Name, E-mail Address and Comments (optional). Specify those. The following message should appear: Code: Change (N)âme, ©moment, (E)mail or (O)kay/(Q)uit? To change something, press the corresponding letter. Otherwise press "o" to continue. To protect the Private Key, create a Pass Phrase. When that has been completed, it will generate the key pair using random data from your RAM. It should ask you to perform random actions during that process, so just launch some applications until it's done. Viewing your keys To view your keys, enter the following command: Code: gpg --list-key Each key is identified by a name and e-mail address. Exporting Keys To export your Public Key (which should be given to anyone who wants to send encrypted files to you), use this command: Code: gpg --export -a [email protected] > /home/user1/public.txt Of course, replace the e-mail to your address, and the path to the location where you want to save the file. To export your Private Key (only for backup purposes, don't share this file!): Code: gpg --export-secret-key -a [email protected] > /home/user1/secret.txt Importing Keys To import a key, use this command: Code: gpg --import /home/user1/key.txt Where you specify the location of the key. It can be either a Public or Private Key. Encrypting files Let's say I have a file called mysecret.doc and I want to encrypt it. I'll save it as mysecret_encrypted.doc. Use this command: Code: gpg --out secret_encrypted.doc --encrypt secret.doc It will now ask for recipients. Enter the E-Mail addresses or names of these people. Remember that you need their Public Keys to do this. When you're done, press ENTER/RETURN. You can now send the encrypted file (not the original file) to the receipient(s). Decrypting files The recipient will now decrypt the file using his Private Key. The file is mysecret_encrypted.doc and I'll save the decrypted file as mysecret.doc. Code: gpg --out secret.doc --decrypt secret_encrypted.doc Enter the pass phrase of your Private Key to encrypt the file. I will update this thread when appropriate