HOWTO Setup GnuPG Quickly

Introduction

GnuPG stands for GNU Privacy Guard. It is a free, open-source GNU program for cryptography. It is typically used for encrypting, decrypting, and authenticating email messages. See the GnuPG website for more information.

This page is a guide for the impatient user who wants to set up GnuPG, start using it, and ask questions later (or never).

Obtain and Install GnuPG

First, check to see if GnuPG is already installed on your system:
gpg --version
Even if it's installed, compare your version with the latest version, found at the GnuPG website to see if you should upgrade. If the latest version is already installed, go to the next section.

Go to http://www.gnupg.org/download.html and download and install the sources directly, or follow a link from that page to a binary distribution for your particular system. Install the software as you would any other program.

If you are looking for an RPM (for RedHat Linux distros) and can't find one for the most recent version of GnuPG from that page, check out http://www.redhat.com/mirrors.html and find a link under the ``Red Hat Linux'' or ``Updates'' columns from a site you trust. If a new version has just been released, you may have to wait a few days or a week for an RPM to become available.

Generate Your Private/Public Key Pair

If this is the first time installing GnuPG, here are steps to quickly generate your public/private key pair, as well as some useful settings. For the ultra-impatient, you can just read the words in bold, though it is highly recommended that you RTFM (Read The Fine Manual) to know what is going on. Please read the disclaimer at the bottom of this page so that if you accidentally encrypt all your personal information and forget who you are, it's not my fault.

  1. Generate your public/private key pair.
    gpg --gen-key
    The following steps for generating the key pair were written using version 1.0.6 of GnuPG. Other versions may differ.
  2. Export your public key and send copies to all your friends.
    gpg --armour --export my_email_address --output mykey.asc
    Substitute my_email_address with the email address you entered when generating your key.

    Take a look at mykey.asc and verify that it begins with

    -----BEGIN PGP PUBLIC KEY BLOCK-----
    and contains a large block of nonsense text. This is your public key; this file can safely be spread far and wide. This is required by other people in order for them to send you encrypted messages.
That's it! Now just read the disclaimer below and you're done.

Importing Someone Else's Public Key Into Your Key Ring

If someone else has just completed the above steps and has sent you their public key in a file theirkey.asc, you can import it into your public key ring, simply by doing:
gpg --import theirkey.asc
This step is necessary if you want to encrypt a message to that person, or you want to verify a message signed by them.

Optional Settings

There are few things one might want done automatically when using GnuPG. For example, when encrypting messages to other people using a public key, you might want the message to also be decryptable by yourself so that you can review email that you sent out. (The default behavior is to only encrypt a message using the public key of the recipient, which you cannot even decrypt.) GnuPG allows you to save such options in a file that gpg will always check when it is run. Here are a few useful options: The default location for the options file is in a file called options in your .gnupg directory, usually found as a subdirectory in your home directory. Use your favorite text editor to enter in any or all of the lines listed above, and save it to this options file.

Disclaimer

These tips are distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Use at your own risk.

Back to Pine Privacy Guard home page.