Gpg Key-Pair Encryption and Decryption Examples

by Ramesh

Using gpg you can generate private and public keys that can be used to encrypt and decrypt files as explained in this example.

Step 1: Create a new GPG key-pair

The bold items mentioned in this example are inputs from user.

  1. # gpg --gen-key
  2.  
  3.     gpg --gen-key
  4.     gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
  5.     This is free software: you are free to change and redistribute it.
  6.     There is NO WARRANTY, to the extent permitted by law.
  7.  
  8.     Please select what kind of key you want:
  9.        (1) DSA and Elgamal (default)
  10.        (2) DSA (sign only)
  11.        (5) RSA (sign only)
  12.  
  13.     Your selection?
  14.     DSA keypair will have 1024 bits.
  15.     ELG-E keys may be between 1024 and 4096 bits long.
  16.  
  17.     What keysize do you want? (2048)
  18.     Requested keysize is 2048 bits
  19.     Please specify how long the key should be valid.
  20.              0 = key does not expire
  21.             = key expires in n days
  22.           w = key expires in n weeks
  23.           m = key expires in n months
  24.           y = key expires in n years
  25.  
  26.     Key is valid for? (0)
  27.     Key does not expire at all
  28.     Is this correct? (y/N) y
  29.  
  30.     You need a user ID to identify your key; the software
  31.          constructs the user ID
  32.     from the Real Name, Comment and Email Address in this form:
  33.         "Heinrich Heine (Der Dichter) "
  34.  
  35. Real name: Ramesh Natarajan
  36. Email address: ramesh.thegeekstuff@gmail.com
  37. Comment: testing demo key
  38.  
  39. You selected this USER-ID:
  40.     "Ramesh Natarajan (testing demo key) "
  41.  
  42. Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
  43.     You need a Passphrase to protect your secret key.
  44.  
  45. Enter passphrase:
  46. Repeat passphrase:
  47.  
  48. We need to generate a lot of random bytes. It is a good idea
  49. to perform some other action (type on the keyboard, move the
  50. mouse, utilize the disks) during the prime generation; this
  51. gives the random number generator a better chance to gain
  52. enough entropy.
  53.  
  54.     .+++++++++++++++++++++++++.+++++++++++++++++++++++
  55.     gpg: key 90130E51 marked as ultimately trusted
  56.     public and secret key created and signed.
  57.  
  58.     gpg: checking the trustdb
  59.     gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
  60.     gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
  61.     pub   1024D/90130E51 2010-01-02
  62.     Key fingerprint = B8BD 46EF 41E7 44B9 F934  7C47 3215 5713 9013 0E51
  63.     uid  Ramesh Natarajan (testing demo key)
  64.     sub   2048g/35C5BCDB 2010-01-02

Step 2: Export your public key

  1. Syntax: gpg --export {user-name}
  2.  
  3. # gpg --export ramesh > ramesh-pub.gpg
  4.  
  5. # file ramesh-pub.gpg
  6. ramesh-pub.gpg: GPG key public ring
  7.  
  8. # gpg --armor --export ramesh > ramesh-pub-asc.gpg

Step 3: Import others public key

Use –import option to import others public key.

  1. Syntax:    gpg --import FileName

Step 4: Send encrypted message

In this example, let us see how John can send an encrypted message to Bob.

John encrypts the input file using Bob’s public key. The example below creates a binary file.

  1. $ gpg --recipient bob --encrypt filename

For some reason, if John cannot send the encrypted-binary files to Bob, he can always create a ASCII-encrypted-file as shown below.

  1. $ gpg --recipient bob --armor --encrypt filename

Step 5: Read the encrypted message

In this example, le us see how Bob can read the encrypted message from John.Decrypt the message using your private key.

  1. Syntax:    gpg --decrypt file
  2.  
  3. $ gpg --decrypt test-file.asc 
  4.  
  5. You need a passphrase to unlock the secret key for
  6. user: "ramesh (testing demo key) "
  7. 2048-bit ELG-E key, ID 35C5BCDB, created 2010-01-02 (main key ID 90130E51)
  8.  
  9. Enter passphrase:

Note: After entering the passphrase, the decrypted file will be printed to the stdout.

Use the following command to redirect the decrypted message to a text file.

  1. # gpg --decrypt test-file.asc > file.txt

Additional GPG commands:

You can list all the GPG keys as shown below.

  1. # gpg --list-keys
  2.  
  3. /home/ramesh/.gnupg/pubring.gpg
  4. --------------------------------
  5. pub   1024D/90130E51 2010-01-02
  6. uid   ramesh (testing demo key)
  7. sub   2048g/35C5BCDB 2010-01-02
  8.  
  9. # gpg --list-secret-keys
  10.  
  11. /home/ramesh/.gnupg/secring.gpg
  12. --------------------------------
  13. sec   1024D/90130E51 2010-01-02
  14. uid   ramesh (testing demo key)
  15. ssb   2048g/35C5BCDB 2010-01-02