blob: 7c92736b2fd7de52c8858ff56abe726a657657bf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
{
"title": "GnuPG",
"subtitle": "Digital Security made easy"
}
#### Introduction
[GnuPG][1] or `gpg` implements the [OpenPGP][2] standard.
With this it is possible to secure digital communication by:
- encryption
- signatures
- authentication
Assuming a user named John Smith with the mail address john.smith@example.com
`gpg` can be used to generate a primary key for certification of other keys and
signatures based on the ED25519 algorithm which never expires.
```
gpg --quick-generate-key "John Smith <john.smith@example.com>" ed25519 cert,sign never
```
The output looks similar to the one below.
```
gpg: directory '/home/john/.gnupg' created
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /home/john/.gnupg/trustdb.gpg: trustdb created
gpg: directory '/home/john/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/john/.gnupg/openpgp-revocs.d/2DA27087D0D30BC33EF921134C5E480B970685E2.rev'
public and secret key created and signed.
pub ed25519 2026-06-11 [SC]
2DA27087D0D30BC33EF921134C5E480B970685E2
uid John Smith <john.smith@example.com>
```
The fingerprint `2DA27087D0D30BC33EF921134C5E480B970685E2` is needed for the
following commands.
`gpg` is used to add a sub key for encryption.
```
gpg --quick-add-key 2DA27087D0D30BC33EF921134C5E480B970685E2 cv25519 encrypt never
```
Also an authentication sub key is created with `gpg`.
```
gpg --quick-add-key 2DA27087D0D30BC33EF921134C5E480B970685E2 ed25519 auth never
```
All relevant data is stored in `/home/john/.gnupg` and the private keys can be
listed with `gpg`.
```
gpg --list-secret-keys
```
See the [Arch Linux wiki][3] for details on how to use GnuPG.
[1]: https://gnupg.org/
[2]: https://www.openpgp.org/
[3]: https://wiki.archlinux.org/title/GnuPG
|
