<p>Note: If gpg2 gives you error about invalid/unknown/etc. command, use gpg instead.</p>
<h2id="what-do-you-need">What do you need:?</h2>
<h3id="linux-debian-based-distributions">Linux (Debian based distributions)</h3>
<p>You need at least package gnupg, but I recommend installing packages icedove enigmail pinentry pinentry-curses pinentry-gtk2 pinentry-qt4 signing-party and gnupg2.</p>
<p>NOTE: If you aren't using Debian, install package "thunderbird" instead of "icedove".</p>
<h3id="mac-os-x">Mac OS X</h3>
<p>You need at least <ahref="http://www.gpgtools.org/">GPG-tools</a>, but I also recommend you to install <ahref="https://www.mozilla.org/en-US/thunderbird/">Thunderbird</a> and <ahref="Enigmail.html">Enigmail</a>.</p>
<h3id="windows">Windows</h3>
<p>You need at least <ahref="http://www.gpg4win.org/">GPG4Win</a>, but I recommend installing <ahref="https://www.mozilla.org/en-US/thunderbird/">Thunderbird</a> and <ahref="Enigmail.html">Enigmail</a> too.</p>
<h3id="step-1">Step 1</h3>
<p>This depends are you generating a new key or importing old key.</p>
<h4id="step-1-generating-a-new-key">Step 1: Generating a new key</h4>
<p>Open terminal (or cmd.exe if you are using Windows) and run</p>
<p>The second command also shows the key fingerprint which is usually used to identify the key. Note that you can see both keyid formats in fingerprint. The last eght characters in keyid are the short format and the last sixteen characters are the long format. If you want to see the long keyid, run</p>
<blockquote>
<p>gpg2 --list-keys --keyid-format long</p>
</blockquote>
<p>Now add the uid with the following commands:</p>
<blockquote>
<p>gpg2 --edit-key KEYID</p>
</blockquote>
<p>and enter command:</p>
<blockquote>
<p>adduid</p>
</blockquote>
<p>and you are asked for name and email address again. This time you can give them both.</p>
<p>If that UID which has only your first name isn't the first UID, select it by giving command, which is the number of the UID, for example:</p>
<blockquote>
<p>2</p>
</blockquote>
<p>and * appears to that UID to tell you that that UID is selected. Now give command</p>
<p><code># Options for GnuPG # Copyright 1998, 1999, 2000, 2001, 2002, 2003, # 2012— Mika Suomalainen (Mkaysi) https://raw.github.com/Mkaysi/shell-things/master/gnupg/gpg.conf # 2010 Free Software Foundation, Inc. # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # # This file is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.</code> License information so I won't break license of the default config file, which I have appended.</p>
<p>So default keyserver is specified and unknown keys are always received when something what requires missing key is procressses and revoked keys aren't included in search results and verbose output is used.</p>
<p>By the way, you can find my gpg.conf <ahref="https://raw.github.com/Mkaysi/shell-things/master/gnupg/gpg.conf">here</a>.</p>
<h4id="group-lines">Group lines</h4>
<p>Group lines are a way to write email to one recepient and have it encrypted to multiple keys automatically.</p>
<p>If you have homepage, it's recommended that you put your key there. My key can be found at <ahref="../../PGP/key.txt">PGP/key.txt</a></p>
<p>You can get your public key with command</p>
<blockquote>
<p>gpg2 --export -a KEYID</p>
</blockquote>
<p>or if you use Linux and have installed package signing-party, you can use</p>
<blockquote>
<p>pgp-clean KEYID</p>
</blockquote>
<p>to get your public key without signatures (I will explain them later). WARNING: pgp-clean seems to also remove encryption subkey.</p>
<h4id="with-keyservers">With keyservers</h4>
<p>If you followed my configuration, you are usng pool.sks-keyservers.net as your keyserver and you are automatically receiving unknown keys from t, whenever you try to verify something, what is signed with unknown key.</p>
<p>To send your public key to keyserver, run</p>
<blockquote>
<p>gpg2 --send-keys KEYID</p>
</blockquote>
<p>To receive key from keyserver, run</p>
<blockquote>
<p>gpg2 --recv-keys KEYID</p>
</blockquote>
<p>To search keys from keyserver, use</p>
<blockquote>
<p>gpg2 --search-keys QUERY WORDS</p>
</blockquote>
<p>or if you are using Linux and have packages signing-party and dialog installed, you can use</p>
<blockquote>
<p>keylookup QUERY WORDS</p>
</blockquote>
<h5id="word-of-warning">Word of warning</h5>
<p>Keyservers only append content. Information on keyserver cannot be removed. This means, that when you delete uid, signature or whatever, it reappears when you run</p>
<blockquote>
<p>gpg2 --refresh-keys</p>
</blockquote>
<p>or receive your key from keyserver again. Thought content (uids, signatures, keys etc.) can be revoked.</p>
<h1id="you-can-now-move-to-icedove-thunderbird-guide-and-after-that-or-enigmail-guide-because-things-after-this-are-usually-done-by-email-client.">You can now move to Icedove / Thunderbird guide and after that | or Enigmail guide, because things after this are usually done by email client.</h1>
<p>But you should continue reading to understand how to use GPG without email client.</p>
<h2id="trusting-keys.">Trusting keys.</h2>
<p>If you want to make gpg know that you trust key of another person, you have two opinons. Enter the "key editing shell", with</p>
<blockquote>
<p>gpg2 --edit-key KEYID</p>
</blockquote>
<p>and</p>
<h3id="way-1-lsign">Way 1: lsign</h3>
<p>Lsign signs the key locally making it impossible to export the signature. Use it if you trust the key owner to be who the key says, but you haven't met him/her personally.</p>
<p>Lsign the key with</p>
<blockquote>
<p>lsign</p>
</blockquote>
<p>and then you can exit gpg with</p>
<blockquote>
<p>quit</p>
</blockquote>
<p>confirming to svae changes with</p>
<blockquote>
<p>y</p>
</blockquote>
<h3id="way-2-sign">Way 2: sign</h3>
<p>If you trust the key owner to be whom the key says and you have met him/her personally and have seen proof of his/her identify (i.e. passport) or he/she is member of your family or long time friend, you can sign the key with</p>
<blockquote>
<p>sign</p>
</blockquote>
<p>making the signature exportable or sendable to keyserver. Now exit gpg with</p>
<blockquote>
<p>quit</p>
</blockquote>
<p>saving the changes with</p>
<blockquote>
<p>y</p>
</blockquote>
<p>and send the signed key to keyserver with</p>
<blockquote>
<p>gpg2 --send-keys KEYID</p>
</blockquote>
<p>Other people will see your signature next time when they receive the key agan or run</p>
<blockquote>
<p>gpg2 --refresh-keys</p>
</blockquote>
<p>NOTE: You can upgrade lsigned signature to signed signature with the "sign" command.</p>
<h4id="trust">Trust</h4>
<p>Trust determines does gpg trust the key to validate other keys. Trust is only visible to you. You can se trust with</p>
<blockquote>
<p>trust</p>
</blockquote>
<p>and then exit gpg with</p>
<blockquote>
<p>quit</p>
</blockquote>
<p>saving the changes with</p>
<blockquote>
<p>y</p>
</blockquote>
<h2id="signing">Signing</h2>
<h3id="signing-a-message">Signing a message</h3>
<p>Run</p>
<blockquote>
<p>gpg2 --clearsign</p>
</blockquote>
<p>and write your message. When you are ready, add one empty line and press CTRL-D and gpg outputs signed message.</p>
<h3id="signing-a-plaintext-file">Signing a plaintext file</h3>
<p>Just run</p>
<blockquote>
<p>gpg2 --clearsign file.txt</p>
</blockquote>
<p>and the signed content will be found from file.txt.asc</p>
<p>NOTE: .asc is same as .txt and can be opened with normal text editor.</p>
<p>gpg2 --encrypt -a -r receiver (-r receiver...)</p>
</blockquote>
<p>If you followed my configuration instructions, you are automatically receiver. Replace "receiver" with KEYID. Write your message, add empty line and press CTRL-D and gpg outputs encrypted content.</p>
<h3id="decrypting">Decrypting</h3>
<p>Just run</p>
<blockquote>
<p>gpg2 --decrypt</p>
</blockquote>
<p>paste the encrypted content, add empty line and press CTRL-D and gpg outputs, the decrypted content.</p>
<p><arel="license"href="http://creativecommons.org/licenses/by-nc-sa/3.0/"><imgalt="Creative Commons License"style="border-width:0"src="http://i.creativecommons.org/l/by-nc-sa/3.0/88x31.png"/></a><br/><spanxmlns:dct="http://purl.org/dc/terms/"property="dct:title">GPG guide</span> by <axmlns:cc="http://creativecommons.org/ns#"href="http://mkaysi.github.com/articles/guides/GPG/GPG.html"property="cc:attributionName"rel="cc:attributionURL">Mika Suomalainen</a> is licensed under a <arel="license"href="http://creativecommons.org/licenses/by-nc-sa/3.0/">Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License</a>.</p>
<h2id="questions-and-asnwers">Questions and asnwers</h2>
<h3id="how-do-i-ask-question">How do I ask question?</h3>
<p>Just email me, the addresses can be found from my GPG key, which has been mentioned on this page some times. Please cleasign your question, so I won't get power to fake it, and please don't use HTML.</p>
