Home Interests Security

How to Send and Receive Encrypted Messages Using GPG

Another tale of Alice and Bob.
howchoo   (467)
November 22, 2023
12 minutes

Share

Interests
Posted in these interests:
cryptography • 1 guides
security • 6 guides

GPG (GnuPG) is a free and complete implementation of PGP (pretty good privacy). It is a tool used for encrypting, decrypting, and signing messages (or many forms of data). In this guide, we’ll cover the steps to send and receive secure messages using GPG.

For this guide, we’ll assume you want to exchange messages with your good friend, Alice.

1 – Install GPG

First, GPG must be installed.

Ubuntu/Debian

sudo apt-get install gnupg

CentOS

sudo yum install gnupg

MacOS

Using Homebrew.

brew install gnupg

2 – Generate your public and private keys

The first thing we’ll do is generate a pair of keys. To do this run:

gpg --gen-key

You will be guided through the process of generating the key pair. Your keys will be associated with your name and email address.

The private key is protected with a password. Use a strong password, and store that password somewhere secure (password manager and/or physical safe).

Your public key is just that: public. This is the key you can share with anyone.

The private and public keys are generated as a pair, which means they can only be used with their counterpart. The public key, which can be distributed to others, is used to encrypt messages intended for you. So when Alice wants to send you a message, she’ll encrypt the message using your public key. And only the accompanying private key can decrypt that message.

At this point, Alice should follow this step and generate her key pair as well.

3 – Export your public key

Now that you’ve created your key pair, we’ll export the public key.

gpg --export EMAIL > pubkey.asc

The email address you used when you generated your key will be used to export the key as well. This command will generate a file called pubkey.asc. In the future, Alice will import this key and use it to encrypt messages for you.

Alice should follow this step and export her public key as well.

4 – Exchange public keys with Alice

Now you can exchange public keys with Alice.

Note: When sending your key, it’s important that Alice can trust that the key came from you and likewise, that you can trust that the real Alice received your key. This is a security challenge of it’s own and is outside the scope of this guide. Just be sure to use a communication channel that is trustworthy enough.

5 – Import Alice’s public key

Now that you have Alice’s key file, you can import it using:

gpg --import alicepubkey.asc

At this point, you may want to trust Alice’s public key. To do so use:

gpg --edit-key Alice

Then in the gpg prompt, type:

trust

Then select the level of trust 1-5.

6 – Review the keys in your keyring

Let’s list the keys in our keyring to verify that the correct keys exist.

gpg --list-keys

You should see output similar to this:

$ gpg --list-keys

/Users/me/.gnupg/pubring.kbx
-------------------------------
pub   rsa2048 2017-05-03 [SC] [expires: 2019-05-03]
      A43BE404BXE42BF68C3810A329BD7XBDE33C02E9
uid           [ultimate] Tyler <[email protected]>
sub   rsa2048 2017-05-03 [E] [expires: 2019-05-03]

pub   rsa2048 2017-08-01 [SC] [expires: 2019-08-01]
      975B17E6B7A17E4431145375X13E5Y76D6EAEB19
uid           [ultimate] Alice <[email protected]>
sub   rsa2048 2017-08-01 [E] [expires: 2019-08-01]

7 – Encrypt the message you want to send

Assuming your message for Alice is stored in a file called message-for-alice, we can encrypt the message with the following command:

gpg --encrypt --recipient [email protected] message-for-alice

This will encrypt your message using Alice’s public key. The encrypted message will be saved as a new file called message-for-alice.gpg.

Now you can send the encrypted message to Alice.

8 – Decrypt message you’ve received

Upon receiving a message from Alice, you can decrypt the message using your private key.

gpg --decrypt message-for-me.gpg

This will print the message to the console. To write the message to a file use:

gpg --decrypt --output message message-for-me.gpg

9 – Sign a message

Signing a message allows the recipient to verify that the message was not modified during transmission. This is especially important when the message is sent over an insecure channel.

For this example, we’ll sign the message that we encrypted for Alice.

gpg --output message.sig --sign message-for-alice.gpg

This will create a file called message.sig, which is a signed version of the encrypted message.

10 – Verify a signed message

To verify the signed message, use:

gpg --decrypt --output message.gpg message.sig

This assumes that the message was first encrypted, then signed. You should see something like the following output that verifies the digital signature:

gpg: Signature made Tue Nov 21 21:51:45 2017 PST
gpg:                using RSA key A43BE404B2E42BF68C3860A329BD72BDE33C02E9
gpg: Good signature from "Tyler <[email protected]>"

The output file, message.gpg is still encrypted. So you can use the same method to decrypt:

gpg --decrypt --output message message.gpg

11 – GPG Frontends

There are a handful of frontends listed on the gnupg.org site, and I have not tested many of them. But if you’re timid on the command line and would like to find a GUI, there are a few available for each operating system.

NEXT UP

1Password vs NordPass: Who Wins Might Surprise You!

We put the two password managers side by side for you!
howchoo   (467)
September 28, 2023

You might be thinking: 1Password versus NordPass? It’s no contest! 1Password is huge, while NordPass is tiny! Well, it turns out we thought the same thing too. But when we reviewed each in all the major password manager categories, we discovered that it wasn’t the blow-out we would have imagined. We’ve tested each individually We’ve been using 1Password as

Continue Reading

howchoo

 467 guides

Introducing Howchoo, an enigmatic author whose unique pen name reflects their boundless curiosity and limitless creativity. Mysterious and multifaceted, Howchoo has emerged as a captivating storyteller, leaving readers mesmerized by the uncharted realms they craft with their words. With an insatiable appetite for knowledge and a love for exploration, Howchoo's writing transcends conventional genres, blurring the lines between fantasy, science fiction, and the surreal. Their narratives are a kaleidoscope of ideas, weaving together intricate plots, unforgettable characters, and thought-provoking themes that challenge the boundaries of imagination.

Discover interesting things!

Explore Howchoo's most popular interests.

Explore