GNU gpg is encryption and signing tool.
The GNU Privacy Guard (GnuPG or GPG) is a free software replacement for the PGP suite of cryptographic software.
GnuPG encrypts messages using asymmetric keypairs individually generated by GnuPG users. The resulting public keys can be exchanged with other users in a variety of ways, such as Internet key servers. They must always be exchanged carefully to prevent identity spoofing by corrupting public key ↔ ‘owner’ identity correspondences. It is also possible to add a cryptographic digital signature to a message, so the message integrity and sender can be verified, if a particular correspondence relied upon has not been corrupted.
How do I create my own GnuPG private and public key
1) Login to your shell account
2) Use gpg command to create the keys
$ gpg --gen-key
Output:
gpg (GnuPG) 1.4.1; Copyright (C) 2005 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. gpg: directory `/home/vivek/.gnupg' created gpg: new configuration file `/home/vivek/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/vivek/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/vivek/.gnupg/secring.gpg' created gpg: keyring `/home/vivek/.gnupg/pubring.gpg' created Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only) Your selection? Press [Enter] Key DSA keypair will have 1024 bits. ELG-E keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) Press [Enter] Key Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) Press [Enter] Key Key does not expire at all Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) " Real name: Vivek Gite Email address: vivek@nixcraftcorp.com Comment:[Enter] key You selected this USER-ID: "Vivek Gite " Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O You need a Passphrase to protect your secret key. Enter passphrase: [Enter password twice] We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. .+++++....+++++++++++++++..++++++++++..++++++++++...++++++++++++++++++++.+++++++++++++++++++++++++++++++++++.+++++..++++++++++++++++++++.++++++++++..+++++.+++++.+++++>+++++....+++++>.+++++...................................................................+++++^^^^^^^^^^^ gpg: /home/vivek/.gnupg/trustdb.gpg: trustdb created gpg: key 8E19F126 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u pub 1024D/8E19F126 2007-02-10 Key fingerprint = A7AF E25D 3E8D 6946 37CC 8CCE 12C4 8DC1 8E19 F126 uid Vivek Gite sub 2048g/032824B9 2007-02-10
3) Now keys generated, you can list your own key using:
$ gpg -K
OR
$ gpg --list-keys
Output:
/home/vivek/.gnupg/pubring.gpg ------------------------------ pub 1024D/CA7A8402 2007-02-10 uid Vivek Gite sub 2048g/0A7B4F93 2007-02-10
Let us try to understand the line pub 1024D/CA7A8402 2007-02-10:
- pub : Public key
- 1024D : The number of bits in the key
- CA7A8402 : The key ID
- 2007-02-10 : The date of key creation
- Vivek Gite : The user real name
- <vivek@nixcraftcorp.com> : The email id
Most important is the key ID i.e. CA7A8402. Make sure you use powerful passphrase to protect keys and not the easy one.
4) To list secret key, type the command:
$ gpg --list-secret-keys
Output:
/home/vivek/.gnupg/secring.gpg ------------------------------ sec 1024D/CA7A8402 2007-02-10 uid Vivek Gite ssb 2048g/0A7B4F93 2007-02-10
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
- RSS feed or Weekly email newsletter
- Share on Twitter • Facebook • 3 comments... add one ↓
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
hello
why does the output of
#gpg –list-keys
and
gpg –list-secret-keys are same ??
secret key should show up the private key ?
if not then where can I find my private key because I wanna take the backup of it.
Thanks
Dear sir,
The work you done here is fantastic . I can understand upto this point (private and public key creation) . Do you can please explain it further , I mean how to use this keys in a real world scenario. If you can let me know in my id : anes(dot)pa(at)gmail(dot)com.
Thanks
Anes
Nice tut.. Can we use the same gpg key for two different logins.. If so, what is the procedure?