{
	"title": "GnuPG",
	"subtitle": "Digital Security made easy"
}

#### Introduction

[GnuPG][1] or `gpg` implements the [OpenPGP][2] standard.

With this it is possible to secure digital communication by:

- encryption
- signatures
- authentication

Assuming a user named John Smith with the mail address john.smith@example.com
`gpg` can be used to generate a primary key for certification of other keys and
signatures based on the ED25519 algorithm which never expires.

```
gpg --quick-generate-key "John Smith <john.smith@example.com>" ed25519 cert,sign never
```

The output looks similar to the one below.

```
gpg: directory '/home/john/.gnupg' created
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /home/john/.gnupg/trustdb.gpg: trustdb created
gpg: directory '/home/john/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/john/.gnupg/openpgp-revocs.d/2DA27087D0D30BC33EF921134C5E480B970685E2.rev'
public and secret key created and signed.

pub   ed25519 2026-06-11 [SC]
      2DA27087D0D30BC33EF921134C5E480B970685E2
uid                      John Smith <john.smith@example.com>
```

The fingerprint `2DA27087D0D30BC33EF921134C5E480B970685E2` is needed for the
following commands.

`gpg` is used to add a sub key for encryption.

```
gpg --quick-add-key 2DA27087D0D30BC33EF921134C5E480B970685E2 cv25519 encrypt never
```

Also an authentication sub key is created with `gpg`.

```
gpg --quick-add-key 2DA27087D0D30BC33EF921134C5E480B970685E2 ed25519 auth never
```

All relevant data is stored in `/home/john/.gnupg` and the private keys can be
listed with `gpg`.

```
gpg --list-secret-keys
```

See the [Arch Linux wiki][3] for details on how to use GnuPG.

[1]: https://gnupg.org/
[2]: https://www.openpgp.org/
[3]: https://wiki.archlinux.org/title/GnuPG