Gpg Key-Pair Encryption and Decryption Examples

by Ramesh

Using gpg you can generate private and public keys that can be used to encrypt and decrypt files as explained in this example.

Step 1: Create a new GPG key-pair

The bold items mentioned in this example are inputs from user.

# gpg --gen-key

	gpg --gen-key
	gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
	This is free software: you are free to change and redistribute it.
	There is NO WARRANTY, to the extent permitted by law.

	Please select what kind of key you want:
	   (1) DSA and Elgamal (default)
	   (2) DSA (sign only)
	   (5) RSA (sign only)

	Your selection?
	DSA keypair will have 1024 bits.
	ELG-E keys may be between 1024 and 4096 bits long.

	What keysize do you want? (2048)
	Requested keysize is 2048 bits
	Please specify how long the key should be valid.
	         0 = key does not expire
	        = key expires in n days
	      w = key expires in n weeks
	      m = key expires in n months
	      y = key expires in n years

	Key is valid for? (0)
	Key does not expire at all
	Is this correct? (y/N) y

	You need a user ID to identify your key; the software
         constructs the user ID
	from the Real Name, Comment and Email Address in this form:
	    "Heinrich Heine (Der Dichter) "

Real name: Ramesh Natarajan
Email address: ramesh.thegeekstuff@gmail.com
Comment: testing demo key

You selected this USER-ID:
    "Ramesh Natarajan (testing demo key) "

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
	You need a Passphrase to protect your secret key.

Enter passphrase:
Repeat passphrase:

We need to generate a lot of random bytes. It is a good idea
to perform some other action (type on the keyboard, move the
mouse, utilize the disks) during the prime generation; this
gives the random number generator a better chance to gain
enough entropy.

	.+++++++++++++++++++++++++.+++++++++++++++++++++++
	gpg: key 90130E51 marked as ultimately trusted
	public and secret key created and signed.

	gpg: checking the trustdb
	gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
	gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
	pub   1024D/90130E51 2010-01-02
	Key fingerprint = B8BD 46EF 41E7 44B9 F934  7C47 3215 5713 9013 0E51
	uid  Ramesh Natarajan (testing demo key)
	sub   2048g/35C5BCDB 2010-01-02

Step 2: Export your public key

Syntax: gpg --export {user-name}

# gpg --export ramesh > ramesh-pub.gpg

# file ramesh-pub.gpg
ramesh-pub.gpg: GPG key public ring

# gpg --armor --export ramesh > ramesh-pub-asc.gpg

Step 3: Import others public key

Use –import option to import others public key.

Syntax:	gpg --import FileName

Step 4: Send encrypted message

In this example, let us see how John can send an encrypted message to Bob.

John encrypts the input file using Bob’s public key. The example below creates a binary file.

$ gpg --recipient bob --encrypt filename

For some reason, if John cannot send the encrypted-binary files to Bob, he can always create a ASCII-encrypted-file as shown below.

$ gpg --recipient bob --armor --encrypt filename

Step 5: Read the encrypted message

In this example, le us see how Bob can read the encrypted message from John.
Decrypt the message using your private key.

Syntax:	gpg --decrypt file

$ gpg --decrypt test-file.asc 

You need a passphrase to unlock the secret key for
user: "ramesh (testing demo key) "
2048-bit ELG-E key, ID 35C5BCDB, created 2010-01-02 (main key ID 90130E51)

Enter passphrase:

Note: After entering the passphrase, the decrypted file will be printed to the stdout.

Use the following command to redirect the decrypted message to a text file.

# gpg --decrypt test-file.asc > file.txt

Additional GPG commands:

You can list all the GPG keys as shown below.

# gpg --list-keys

/home/ramesh/.gnupg/pubring.gpg
--------------------------------
pub   1024D/90130E51 2010-01-02
uid   ramesh (testing demo key)
sub   2048g/35C5BCDB 2010-01-02

# gpg --list-secret-keys

/home/ramesh/.gnupg/secring.gpg
--------------------------------
sec   1024D/90130E51 2010-01-02
uid   ramesh (testing demo key)
ssb   2048g/35C5BCDB 2010-01-02

Comments on this entry are closed.

janice kolacy January 4, 2012, 10:43 am

I am getting a lot of messages what is it and how can I read it. re.s56bjeOrlkQ/a1lF1xE7FgZ6LxztZ8oLdLh+yPiepqKthz1DT….I need help

∞
dsbanks99 June 14, 2012, 12:39 pm

This is a confusing example because for some reason there are three people in the scenario, Ramesh, John and Bob. At what point did Bob and/or John get Ramesh’s key?

∞
Alex July 7, 2012, 4:51 am

Janice, it’s just some kind of spam probably…

∞
manish July 8, 2012, 10:53 am

why we use export or import keys function?

∞
sudhir September 4, 2012, 1:21 pm

Manish, we use export/import options to install or uninstall the gpg keys. import will install the key into key ring. export will extract the key from the keyring.

∞
Alex September 14, 2012, 9:20 am

manish
If you want to share your key with anyone for example.

∞
Siva Prasad October 3, 2012, 10:57 pm

Thanks a lot Ramesh. It saved my day.

∞
Jalal Hajigholamali December 13, 2012, 5:34 am

Hi

Thanks, Nice Article……

∞
kulbir Raj January 14, 2014, 9:47 am

It was very satisfactory to learn the concept.
…Thanks ,,,,,indeed very effectively presented.

∞
Arun Lal January 20, 2014, 1:13 pm

How can we remove the imported key from the host? and is it possible to use 2 different public key files to encrypt two different files?

∞

Next post: Tee Command Usage Examples

Previous post: OD Command Usage Examples