PGP File Encryption Using GnuPGJuly 19th, 2006
I frequently get asked how to encrypt files using Pretty Good Privacy (PGP). There is very good documentation available on the Web, but here is my condensed version.
Public key cryptography uses a pair of keys for encryption: a public key, which encrypts data, and a corresponding private, or secret key for decryption. Your public key can be distributed to anyone and does not pose a risk. Your private key needs to be kept safe and not given to anyone. Anyone with a copy of your public key can encrypt information that only you can decrypt using your private key.
I use free software called GnuPG (http://gnupg.org/). Once you have the software installed you need to create a public/private key pair and then you need to exchange public keys with the party you wish to exchange encrypted files.
Here’s what you need to do:
1. Download and follow the instructions to install the software:
http://www.gnupg.org/(en)/download/index.html (look for the Binaries section to make your life easier)
2. Generate a public/private key pair: Go to your GnuPG install directory and type in
gpg --gen-key. The default settings are usually good (DSA (1024 bit) and Elgamal (2048 bit)/never expires).
C:\Program Files\GNU\GnuPG>gpg –gen-key
gpg (GnuPG) 1.4.4; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
gpg: keyring `C:/Documents and Settings/Leonard/Application Data/gnupg\secring.gpg’ created
gpg: keyring `C:/Documents and Settings/Leonard/Application Data/gnupg\pubring.gpg’ created
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form:
“Heinrich Heine (Der Dichter) < email@example.com>”
Real name: Leonard Labuschagne
Email address: firstname.lastname@example.org
Comment: Da Vinci Planet
You selected this USER-ID:
“Leonard Labuschagne (Da Vinci Planet) < email@example.com>”
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. â€¦. [lots of text and characters while generating keys]
gpg: C:/Documents and Settings/Leonard/Application Data/gnupg\trustdb.gpg: trust db created
gpg: key 51756B80 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 1024D/51756B80 2006-07-18
Key fingerprint = 2492 ACA4 EA74 BF33 C45E 31D5 F719 9D78 5175 6B80
uid Leonard Labuschagne (Da Vinci Planet)
sub 2048g/C3BFDE51 2006-07-18
3. Export your public key so that you can give it to others. Run a command similar to this one (replace key name with the key name that you chose when you generated the key pair):
gpg --armor --output YourCompany.asc --export "YourCompany "
C:\Program Files\GNU\GnuPG>gpg –armor –output DaVinciPlanet.asc –export “Leonard Labuschagne (Da Vinci Planet) “
4. To encrypt a file for someone else to decrypt you have to import their public key. Copy their public key file to your GnuPG install directory and run the command
gpg --import other_persons_pub_key_file.asc
5. Sign their public key. You need to know their User ID (the name that they gave their key). Run the command
gpg --sign-key "their User ID"
To encrypt files, use the following format:
gpg --yes -eq -r "their User ID" -o encrypted_file.pgp file_to_encrypt
For instance if someone wanted to send me an encrypted file, they would use the following:
gpg –yes -eq -r “Leonard Labuschagne (Da Vinci Planet) < firstname.lastname@example.org>” -o encrypted_file.pgp file_to_encrypt
To decrypt files, use the following format:
gpg -o decrypted_file_name file_to_decrypt.pgp
The GNU Privacy Guard – gnupg.org
A Practical Introduction to GNU Privacy Guard in Windows – glump.net
GnuPG on WikiPedia