Generate GPG Private&Public key in linux step by step
Step1 :
'gpg --gen-key' is the linux command to generate the GPG key
# gpg --gen-key
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection?
Select default option and type 'Enter' button.
Your selection?
RSA keys may be between 1024 and 4096 bits long
Step2 :
Asking for the bit size default option is 2048 , you can give your customized option also.
What keysize do you want? (2048)
Step3:
Next it's asking for key valid time. Please select 'key does not expire(0)'. you can select other option also based on your requirement.
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Step4 :
it's asking for for few details. Please provide your details as per the setup.
Real name: gpgkey
Email address: gpg@linux.com
Comment: gpg
You selected this USER-ID:
"gpgkey (gpg) <gpg@linux.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?
After above steps type 'o' to commit the changes
Step5 :
After above steps completed asking for Passowrd . in future this password used for gpg encryption and decryption.
+-----------------------------------------------------+
| Enter passphrase |
| |
| |
| Passphrase _________________________________ |
| |
| <OK> <Cancel> |
+-----------------------------------------------------+
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
Try to type some words in terminal or any tasks in another terminal for gain enough entropy
Some times it will take lot of time based on cpau and memory usage.
Step6 :
to list the generated gpg keys on linux machine user 'gpg --list-keys' command.
# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub 2048R/4B1114B3 2017-04-18
uid gpgkey (gpg) <gpg@linux.com>
sub 2048R/E61A31A1 2017-04-18
Step7 :
Export the public key
Syntax : gpg --export -a "keyname" > "outputkeyfilename"
#gpg --export -a gpgkey > public.key
Step8 :
Import the public key
To import the public key on client machine Please use below command
Place ' public.key' in any directory and 'cd' to that directory
#gpg --import public.key
To list the imported public use below command
# gpg --list-secret-keys
/root/.gnupg/secring.gpg
------------------------
sec 2048R/4B1114B3 2017-04-18
uid gpgkey (gpg) <gpg@linux.com>
ssb 2048R/E61A31A1 2017-04-18
After importing the public key in client machine Please follow below steps to trust the key.
# gpg --edit-key gpgkey
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
pub 2048R/4B1114B3 created: 2017-04-18 expires: never usage: SC
trust: ultimate validity: ultimate
sub 2048R/E61A31A1 created: 2017-04-18 expires: never usage: E
[ultimate] (1). gpgkey (gpg) <gpg@linux.com>
Command> trust
pub 2048R/4B1114B3 created: 2017-04-18 expires: never usage: SC
trust: ultimate validity: ultimate
sub 2048R/E61A31A1 created: 2017-04-18 expires: never usage: E
[ultimate] (1). gpgkey (gpg) <gpg@linux.com>
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
pub 2048R/4B1114B3 created: 2017-04-18 expires: never usage: SC
trust: ultimate validity: ultimate
sub 2048R/E61A31A1 created: 2017-04-18 expires: never usage: E
[ultimate] (1). gpgkey (gpg) <gpg@linux.com>
Command> quit
Encrypt the file with gpg key :
Syntax : gpg
-r keyname --out file.tar.gz.gpg --encrypt file.tar.gz
# gpg
-r gpgkey --out file.tar.gz.gpg --encrypt file.tar.gz
Decrypt the file with gpg key :
Syntax : gpg
--out file.tar.gz --decrypt file.tar.gz.gpg
#gpg --out file.tar.gz --decrypt file.tar.gz.gpg
Openpgp file Encryption :
Syntax : gpg --openpgp -r 4B1114B3(or) gpgkey --out fie.pgp --encrypt file.csv
#gpg --openpgp -r 47B5B409 --out fie.pgp --encrypt file.csv
Openpgp file Decryption :
Syntax : gpg --openpgp --out file.csv --decrypt fie.pgp
#gpg --openpgp --out file.csv --decrypt fie.pgp
