How to Generate and Manage GPG Keys on Ubuntu Linux

|

|

The post is a tutorial on the generation and management of GPG keys on Ubuntu systems using GnuPG. It discusses the installation process of GnuPG, the creation of GPG key pairs, encryption and decryption of files, and the exportation of public keys. It stresses the utility of GPG encryption in maintaining data security across platforms.

This post shows students and new users steps to generate and manage GPG keys on Ubuntu Linux.

Using GPG encryption to encrypt your data before transfer ensures that they will not be viewed or read by anyone without a valid matching key pair. This technology works across diverse platforms, including Windows, Mac OS, and Linux.

Learning how to generate and manage GPG keys on Ubuntu Linux is important for anyone who wants to ensure the security and privacy of their data. GPG encryption provides a way to encrypt files and communications, meaning that only those who have the necessary key pair can access the data.

This can be especially important for businesses or individuals who must protect sensitive information from unauthorized access.

Users can ensure their data is secure and protected from prying eyes by learning how to generate and manage GPG keys on Ubuntu Linux.

When you’re ready to get GPG working on Ubuntu, follow the steps below:

How to install GnuPG

To use GPG encryptions, you must install software that helps generate and manage your GPG encryptions and keys. On Linux systems, a popular tool to help with GPG is GnuPG.

GnuPG is a free software implementation of the OpenPGP standard that allows you to encrypt and sign your data and communications using GPG encryptions.

Open your command line terminal on Ubuntu and run the commands below to install GnuPG.

sudo apt update
sudo apt install gnupg

After installing GnuPG, run the commands below to see if it’s installed and which encryption algorithms are supported. Run the commands below:

gpg --help

Output:
gpg --help
gpg (GnuPG) 2.2.4
libgcrypt 1.8.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/richard/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Syntax: gpg [options] [files]
Sign, check, encrypt or decrypt
Default operation depends on the input data

How to generate your GPG key pair

Now that GnuPG is installed, you’ll need to generate your own GPG key pair, consisting of a private and public key.

The private key is your master key. It lets you decrypt/encrypt your files and create signatures signed with your private key.

The public key is shared with those who should open and view the content you encrypt with your private key and also verifies that the content encrypted with your private key comes from you.

To generate your key pair, run the commands below:

gpg --gen-key

That should initial the GPG critical generation process. You will be asked for your real name and email address to identify the key. You should see a similar output as below:

gpg --gen-key
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Note: Use "gpg --full-generate-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: Richard
Email address: admin@example.com
You selected this USER-ID:
    "Richard <admin@example.com>"

Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
gpg: revocation certificate stored as '/home/richard/.gnupg/openpgp-revocs.d/77B56FA102AECAC136D1C361F6A785CA937400D3.rev'
public and secret key created and signed.

pub   rsa3072 2019-07-01 [SC] [expires: 2021-06-30]
      77B56FA102AECAC136D1C361F6A785CA937400D3
uid                      Richard <admin@example.com>
sub   rsa3072 2019-07-01 [E] [expires: 2021-06-30]

You’ll be prompted to type and confirm your passphrase for the private key.

After that, your key pair should be generated.

How to export your public key

You run the commands below if you need to export and share your public key with others. The public key is used to authenticate that the content encrypted by you came from you.

It is also used to decrypt the content you encrypted.

gpg --armor --export admin@example.com > public_key.asc

You can also use the commands below to export the key into a readable text file.

gpg --armor --output key.txt --export admin@example.com

You can then send the public key file to those who should get it.

How to encrypt and decrypt files

To encrypt a file you want to secure, you run the commands below. The public. text file becomes confidential.text.enc protected file.

gpg --encrypt --recipient 'admin@example.com' --output confidential.txt.enc public.txt

You should see the output below:

Output
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2021-06-30

You can now delete the public.txt file and only have the encrypted version.

Decrypting Files

To decrypt the confidential.txt.enc file using the public key. Run the commands below:

gpg --decrypt --output public.txt confidential.txt.enc

You’ll be asked to provide your passphrase to allow access to your private key to decrypt the file.

Enter the key to decrypt.

Output
gpg: encrypted with 3072-bit RSA key, ID 4BFCC6007183FE53, created 2019-07-01
"Richard <admin@example.com>"

The confidential.txt.enc file becomes public.txt.

That should do it!

Windows users can use Gpg4win instead.

You may also like the post below:

Like this:



4 responses to “How to Generate and Manage GPG Keys on Ubuntu Linux”

  1. John Bras Avatar
    John Bras

    Tks for sharing the tutorial.

    But, I have a few questions:

    1) how to backup and recover your gnupg key created with this process if you need to reinstall your system ?
    2) if you have a desktop, a laptop and a netbook, should you install the same key you created on the first one on the two others ?
    2.1) if yes, do I use same method as question 1, above, to recover the key on the new system ?
    2.2) if not, I believe I will need to backup all new keys (of each system) if I need to reinstall the any one system. But this will became a mess for backups of common used shared/files on a the file-server from the different machines, if files are encrypted. How to avoid this ?
    Best regards

  2. lij Avatar
    lij

    why go over exporting and not cover importing?
    exporting is intuitive from the man page. no one on the entire goddamn internet has accurate instructions for importing.

    accurate solutions actually work instead of just issuing different errors

  3. Vishwa Avatar
    Vishwa

    When I generate key for the 2nd time. Its failing, getting struck.

  4. fossildoc Avatar
    fossildoc

    This is a very confusing tutorial. Several file names are used with no explanation of what they represent. Shaded text is clipped at the right margin. No reason is given why a private key is needed to decrypt a file. The decryption method is totally arcane. This site has no value whatever, IMO.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.