GPG Installation and Setup

Owned by Dmitry Donosiyan (Unlicensed)
Last updated: Jul 12, 2019
3 min read

In this page:

Installation

GNU Privacy Guard is available for free from www.gnupg.org for a variety of operating systems, including Windows, Linux, other flavors of Unix and MacOS X.

To install GPG, run the following command:

$ yum install gnupg2 pinentry-gtk

Dependency package pinentry-gtk can be missing on your Linux system, so it should be installed beforehand, if necessary.

Setup

GPG uses public key cryptography for encrypting and signing messages. Public key cryptography involves your public key which is distributed to the public and is used to encrypt messages to be delivered you and to decrypt signatures you have created, and your private key which complements your public key by allowing you to decrypt messages you receive and to encrypt signatures. Together, these are referred to as a key pair.

Creating Private Key Pair

The first thing to do after successful GPG installation is to generate the necessary keys used for encrypting and decrypting files. Please keep to the following steps:

$ gpg --gen-key
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
 
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection?RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits

Please specify how long the key should be valid.
       0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years

Key is valid for? (0) 2y
Key expires at Thu 15 Jan 2015 08:39:54 PM CET

Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: YOUR NAME
Email address: your.name@domain.com
Comment:

You selected this USER-ID:
    "YOUR NAME <your.name@domain.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

You need a Passphrase to protect your secret key.

etc.

Exporting Public Key

To be able to receive encrypted files, you need to export your public key. The text files generated below can be emailed as attachment or more preferable distributed in a more secure way, such as manually handed over via USB memory.

gpg --armor --output "key.txt" --export "YOUR NAME"

               

Open the output file, key.txt. You should see something resembling this:

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: GnuPG v1.2.1 (MingW32)

mQGiBD53m34RBAC6GXvDFWD3a+GOkQKubz5Koq9lks9d+gel29/sA5kqSfQnoaeR
qdTKLlB+oNsVjDX/Szfi3fsrK5zmKKZVHv3JO4DkxtABf4HgfaGkpav2PvXevYoB
YWSGTclHOHN5D3xsbIX6wvunkNhllcqrFlC3braG2tQnt2+PMk1gMA2jhwCg7qam
RtC27n0RY25jMfM/fESTImcD/1OtFwRtchqjPvl2IHSCBlltJyksuStevOfAFnc1
p3H+JqdUiKVf8oAF4NP4KarXL34xPCJXLKlBwHC3SH8powy2HX0mhsCjvVQQeLOP
fU3Q5DJxGM16hfmqlD1k4a7NUjnXwlCrce4rVToFbCnLrJTVoMDyNhowrXPbPCVM
N3FNA/0Uciz19raTBGkwo6kpsicpZG7Mk4eGFK5ssWxPxlLYoQ7yzgekWd9h6zBT
IQpdkatzdNf7xDEaUEBhO4vD7Il02OLigro95N5savsH9StTNCsJgmaiwtX5hxuF
WpW974xgfCmbGOPnbs1QTuyT85VllLxHI5fsGOYKCd/qo8H4nLQHQksgVGVzdIhZ
BBMRAgAZBQI+d5t+BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRDCVd5vH6A96m7fAKDs
YVhdSqNn+u/rkj1pU6kFldY0JwCcCCXth72RJ9tAIz5gq9M3m6y2+7q5AQ0EPneb
gRAEAIb/sxLIAKaahBfBpGxpn3ZKhvug1z6yP7jLWFNLFugaakYjm5LXsI5Hpj06
mAE2fJPUNc1of0ZaK4La3XA8l/nVaadDP6FDqnxuPv3ne5JAxcK76ecT+m0ljQXZ
oVnUkqeNnwtcIs0fmmXnaeD68OHdidYsIuuEDhrFvPAT6cfAAMFA/923B1Bm4NR
riLy8QxYNuTxImtxoVg4NtfnYuHWyoxP1Ic3C1nZD2+fxf2685KNKx+3ZwaE81zN
ZNl0kNdFhB24Vmr6HM5C+eSlHj8C+LOUdP1A/9Un5utceg/qjNYkRXJx5mjyCizh
Gg/+1mLB5e+OA9Tl5R+96PKPFov+UjNPu4hGBBgRAgAGBQI+d5uBAAoJEMJV3m8f
oD3qewYAoNFRCBVfbX+LKxmWOZoqyQhB7jfnAKDDOCzQhZLZmrf0Uqdk6yj+HDm0
rA==
=+DfK

-----END PGP PUBLIC KEY BLOCK-----

Copy the entire contents of that file, including the lines beginning with “-----,” and paste them on a web page or in an email message to someone else. That’s all it takes to export your public key.

Note: it is possible to export your private key in the same manner, with the “--export-secret-keys” instead of “--export.” This is useful for backup or for transferring it to another computer, as long as you know what you’re doing and you can be sure the new copy will be secure. Make sure you don’t ever accidentally publish your private key! Before you publish a key in ASCII form, check that the first line has the word “PUBLIC,” not “PRIVATE.”

Example of private key import is below:

gpg --allow-secret-key-import --import private.key

To sign the key you should  type(It is necessary for encryption)

gpg --edit-key YOUR_NAME

then type 

trust

and then choose "ultimate" ownertrust

Set up parameters in w_custom_config.inc

Set the following parameters in w_custom_config.inc

<!--Encrytpion/Decryption -->
<COL TAG="ENCRYPTION_MODE" EXPRESSION="'GPG'" USERDESCRIPTION="Encrypt/Decrypt logic used by the workflow. Choose GPG,PGP,NONE"/>
<COL TAG="GPG_USERID" EXPRESSION="'YOUR NAME'" USERDESCRIPTION="UserId for the encryption process" />