FAQ:
How do I use GPG?
Answer:
This is just to encrypt files for yourself. If you also want to use gpg to send/receive encrypted files/mails, everything becomes more complicated. I agree that is stupid to use an asymmetric encryption algorithm if there is only one party involved, but some people might also want to exchange encrypted files with somebody else. It is possible to encrypt/decrypt files with a symmetric cypher by using
gpg -c file_name
In this case you do not even need to generate a key pair.
If you encrypt/decrypt too much data, you might get asked to wait until more entropy has been gathered (for random number generation).
The most important command line options:
Command | Description |
gpg --gen-key |
Generate your personal pair of keys.
- Choose DSA and El Gamal. (DSA for signing, El Gamal for encrypting)
- I recommend 1024 Bit within NATS cluster. (Speed is not that much of an issue, so the advantage of smaller keys is not too big. I do not think that it makes too much sense creating/storing keys > 1024 Bit on a computer within a network.)
- Choose 0 (key does not expire). Otherwise you have to extend the expiration date before the key becomes invalid.
- Enter your name, your email address, and some comment
- Enter a passphrase to protect your secret key
gpg uses assymetric encryption and thus very long keys. Since it is not feasible to memorize a 1024 bit key, the key must be stored somewhere. To protect it, gpg uses a symmetric encryption algorithm. To make it somewhat more secure, gpg uses a passphrase which can be longer than just a password. IMPORTANT: IF YOU FORGET YOUR PASSPHRASE, YOU CAN NO LONGER DECRYPT YOUR FILES.
- Now the key pair should be created. You can verify it using
gpg --list-keys
|
gpg -e -r <recipient> <file_name> |
Encrypt only (faster because no need to enter pass phrase!)
You still have to delete the original file
|
gpg <file_name> |
Decrypt the file
|
Back to: SecurityFAQ
--
MichaelDaum --
08 Sep 2003