Gpg

GPG (GNU Privacy Guard) is a patent-free, GPL-licensed version of Pretty Good Privacy (PGP) used to encrypt and decrypt data. This program uses public key encryption technology to create a key pair, consisting of a secret key and a public key.

= Overview =

Using Gpg you can For both you will need to create a private/public key pair using the command gpg --gen-key You should save your private key from getting lost or spied out. You can distribute your public key. And you can let others sign it to prove you really exist which will form a web of trust.
 * digitally sign texts (to prove they are from you)
 * encrypt texts

= Digital Signatures =

The concept of Digital Signatures was hatched to verify the authenticity of a message. As the name suggests, the message is digitally signed by the sender. A digital signature is made through a combination of the secret key and the text. Using the senders public key, the message can be verified. Just like a message encrypted using a public key can only be decrypted by the corresponding secret key, a message verified using your public key could only have been signed using your secret key. With the verification, the recipient (or the world) knows that the message came from the sender (or at least someone with access to the sender's private key) and has not been changed during the transportation process. The signature can either be packaged with the original file or sent separately (detached).

To create an ASCII detached signature for a file with your default key:

gpg -ab filename

To sign a binary file and attach a signature (encoded message/signature):

gpg -s filename

To sign an email (cleartext message with ASCII GPG signature attached):

gpg --clearsign filename

To verify the signature, enter the name of the detached signature file or the signed file:

gpg --verify filename

= Encryption =

gpg -e report.txt

Encrypts the specified file. You will be prompted for a destination user ID.

gpg --decrypt report.txt.gpg

Decrypts the specified file. You will be prompted for the passphrase.

= Web of trust =

A web of trust are a lot of persons who trust each other. To show their trust, they have signed each other's keys. The web of trust is extended in key signing parties that go like this: gpg --gen-key You keep your private key and are free to distribute your public key. gpg --list-keys /home/me/.gnupg/pubring.gpg -- pub  1024D/45E377BB 2008-02-03 [...] gpg --send-key gpg --search-key me@home gpg --sign-key 45E377BB gpg --send-key 45E377BB
 * you (me@home.org) meet John Foo (foo@bar.org) who is already a member of the web of trust
 * you install gpg and by that automatically set a default key server. However, if your default key server is missing, use the option --keyserver pgp.mit.edu
 * you have a private/public key pair or generate it with
 * you find out your key's name
 * you upload your public key to your key server
 * John downloads your key from the key server
 * John controls your passport and signs your key
 * John uploads your key again
 * You are now part of the web of trust and your public key is on the key server.

= How to... =

Find out your secret key
gpg --list-secret-keys

Import a key
If you re-setup your computer, you need to import your private key again from a backup like this: cat secring.gpg|gpg --import Then you have to set it as default key and trust it ultimately using kgpg.

Cryptographically encrypt mails
In order to get Kmail 1.6 to encrypt emails, you need to have [GnuPG] installed. With everything properly installed, you can go to the "Settings" menu, select "Configure KMail". Select "Security", and go to the "OpenPGP" tab. Select "GnuPG - Gnu Privacy Guard" from the "Encryption Tool" list, along with any options you would like enabled. Now go to "Identities" and "Modify" the identity you'd like to enable encryption for. Go to the "Advanced" tab and select the OpenPGP key corresponding to your key. Encryption should now work.

There is a howto available at the official KMail website.

= External links =


 * gpg man page
 * GnuPG home page
 * KGPG & GPG article
 * Wikipedia article on Public-key Cryptography