1. Installation
Most Linux distributions come with GPG pre-installed. For macOS, use Homebrew to keep the footprint small.
# macOS (using Homebrew) brew install gnupg # Ubuntu/Debian sudo apt install gnupg # Fedora sudo dnf install gnupg
2. Generating Your Key Pair
Generate a key pair with maximum control over security parameters.
gpg --full-generate-key
- Algorithm: RSA and RSA (4096 bits) or Ed25519.
- Expiration: 2y recommended.
3. Backup & Key Migration
To move your identity or keep a hard copy offline, you must export both keys.
Exporting Public & Private Keys:
# Export Public Key (Shareable) gpg --armor --export your-email@example.com > my-public-key.asc # Export Private Key (KEEP SECRET!) gpg --armor --export-secret-keys your-email@example.com > my-private-key.asc
Importing Keys on a New System:
# Import both to restore your identity gpg --import my-public-key.asc gpg --import my-private-key.asc
4. Managing Contact Keys
To email someone securely, you need their public key.
gpg --import contact_key.asc
5. Encrypting an Email Body
Write your message to message.txt then run:
gpg --encrypt --armor --recipient friend@example.com message.txt
This generates an ASCII block in message.txt.asc for copy-pasting into your email client.
6. Decrypting Received Messages
Decrypt incoming ciphertext saved as secret.asc:
gpg --decrypt secret.asc
CRITICAL: Verify fingerprints with
gpg --fingerprint contact@example.com before trusting a new key.