Lost Newbie

Kirk Fort kfort at kfort.dyn.ml.org
Fri Sep 25 09:36:42 CEST 1998


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alright, Ill do my best to try to explain some stuff to you.

To generate a secret/public keypair, run gpg --gen-key

Data that is encrypted with a public key can only be decrypted by the
matching secret key.  The secret key is protected by a password, the
public key is not.

So to send your friend a message, you would encrypt your message with his
public key, and he would only be able to decrypt it by having the secret
key and putting in the password to use his secret key.

Gpg is also usefull for signing things.  Things that are encrypted with
the secret key can be decrypted with the public key. To sign something, a
hash is taken of the data, and then the hash is encrypted with the secret
key. If someone has your public key, they can first verify that it is from
you by decrypting it, then verify that it hasn't changed by checking the
hash.

A keyring is just a large file that stores keys. You have a public keyring
where you store yours and your friend's public keys.  You have a secret
keyring that you keep your secret key on.

You can 'conventionally' encrypt something by using the option 'gpg -c'.
It is encrypted using a passphrase, and does not use public and secret
keys.  If the person you send the data to knows that passphrase, they can
decrypt it. This is usually most usefull for encrypting things to
yourself, although you can encrypt things to your own public key in the
same way.

You can add and copy keys to and from your keyring with the 'gpg --import'
and 'gpg --export' option. 'gpg --export-secret-keys' will export secret
keys. This is normally not usefull, but you can generate the key on one
machine then move it to another machine.

Keys can be signed under the 'gpg --edit-key' option.  When you sign a
key, you are saying that you are certain that the key belongs to the
person it says it comes from.

Hmm, what else.  You have already figured out the -o option it looks like.
- -r just lets you specify the recipient (which public key you encrypt with)
on the command line instead of typing it interactively.

Oh yeah, this is important. By default all data is encrypted in some weird
binary format.  If you want to have things appear in ascii text that is
readable, just add the '-a' option.

So if I want to encrypt a message to my friend, sign the message, and do
it in ascii, I type 'gpg -esar myfriend mymsg'.  'man gpg' is a good way
to figure out all the options.  The biggest problem you will have is their
is not (yet) a good usable version of gpg that works under windows.  I
believe that people are working on it.  Remember that gpg is still version
0.4.0 . New versions are released about every week or so.  This is still
alpha software.  Things break and you sorta need to keep up with this list
to get the full use out of gpg.  If you need more functionality, windows
and mac versions, you might want to try pgp for now.  pgp is the precursor
to gpg.  It does the same thing as gpg, but comes under different
licensing terms.  I don't know if the way you want to use it would be
considered 'commercial'.  It can be found at www.pgpi.con and www.pgp.com
which sends you to www.na.com I believe.

Hope you are able to get something working.  If you have anymore questions
let me know.

Kirk Fort

-----BEGIN PGP SIGNATURE-----
Version: GNUPG v0.4.0 (FreeBSD)
Comment: Get GNUPG from ftp://ftp.guug.de/pub/gcrypt/

iEYEARECAAYFAjYLjl4ACgkQf+niZZlBRVOIygCeNyxsmOldoya7kH3zkruKwqhdzoIAn0Kh
XW0OcNkcN+HhDosy4oX1CF6r
=5raZ
-----END PGP SIGNATURE-----





More information about the Gnupg-devel mailing list