Basic Guide to PGP On Linux
Full credit goes to MLP_is_my_OPSEC for writing this tutorial – Thanks for publishing and giving us your permission to post it!
Part 0 – Introduction
I promised it, and here it is! The PGP guide for Linux! Great timing too for Moronic Monday. For this guide we’ll be using GnuPG with Gnu Privacy Assistant as a graphical front-end. We will be using CLI to install these two pieces of software, and creating the keypair. The example OS in question is Linux Mint, so the commands for install may differ from your current OS. Don’t fret though! That’s the only part that may not be relevant to your OS, the rest of the guide will be the same across distros.
Part 1 – Installing the software
Like I said in the intro, we’ll be using GnuPG with Gnu Privacy Assistant. I like GPA as a graphical front-end because its layout is really easy to understand and follow.
- Open up Terminal
- Type, without quotes, ‘sudo apt-get install gpa gnupg2’, then hit ‘enter’
- Enter your password, hit ‘enter’
- It will pull the dependancies needed for both to work properly, tell you the space needed, and ask you to confirm. Type ‘y’ then hit ‘enter’ to confirm
- Wait a bit as everything installs
This should only take a few minutes to complete. See this picture to confirm you’re doing the steps correctly:
Part 2 – Generating your keypair
Part 1 was easy, eh? Don’t worry things don’t get much harder. The next step is to create your keypair. We’ll be using 4096 bit RSA to keep things extra secure!
- In your Terminal, type without quotes ‘gpg –gen-key’, then hit ‘enter’
- It will ask you what kind of key you want. For our usecase, we want option ‘1’ :
- Next step is key length. The longer the length, the more secure it is. We’ll go with 4096 bits:
- It will now ask if you want your key to expire after a certain amount of time. This is up to personal preference, but we’ll choose ‘key does not expire’, so just hit ‘enter’
- Confirm that yes, the key will not expire. Type ‘y’, then hit ‘enter’
- The next step will be to enter an ID to make it easier for people to identify your key. If you’ve made it this far, you should know what to do
- It will ask if this information is correct. If it is, type ‘O’ and hit ‘enter’
Here is a great XKCD comic on creating secure passphrases
- Enter a passphrase to protect your secret key.
- Here comes the fun part. It’s going to generate your key, and will ask you to do some random stuff to create entropy. I like to have a Youtube video going with a torrent running in the background, while randomly mashing keys in a text editor. See the picture for an example of what will be output in the terminal
- annnddddd we’re done!
Part 3 – Obtaining your public key
So we’ve installed the software, generated our super secure keypair. Now what? Well if you want to actually use it we need to obtain our public key. Everything from here will be done through the graphical front-end.
- Open Terminal, type ‘sudo gpa’, hit ‘enter’. Type in your password yeahIknowwhatyou’rethinking
- You’ll be greeted by this beautiful window
- Click on the keypair you just created, click ‘Keys’ up at the top, then ‘Export keys…’
- Select where you want it saved, enter a filename, and click ‘Save’
- Browse to the location in your file manager, open up that file with a text editor
There’s your public key! Don’t forget to put this on your market profile so people can contact you easier.
Part 4 – Obtaining your private key
If you ever want to switch operating systems or PGP programs, you’ll need to do this. It’s just as easy as obtaining your public key. Make sure you keep this file safe!
- Hopefully you still have GPA open. If not, follow step #1 of Part 3
- Click on your keypair, click ‘Keys’ up at the top then ‘Backup’
- Select where you want it saved, keep the filename it gives you, and click ‘Save’
- A window will pop up, you can back up to a floppy if you’re stuck in the ’80s
Remember to keep this file safe! Don’t forget your passphrase!
Part 5 – Importing a public key
So you want to buy some dank marijuanas, you’ll need to encrypt your message unless you want LE kicking down your door and putting a boot to your throat. How is this done? Easy!
- Obtain the recipients public key, which can hopefully be found on their profile
- Copy everything, paste into a text editor, save it somewhere
- Up at the top, click ‘Keys’, then ‘Import key…’
- Select the key, then click ‘Open’. You’ll see this window
- We’re done!
I used some random key found on DDG. Thanks Alan!
Part 6 – Importing a private key
You finally realized that Microsoft/Apple is spying on you, and want to switch to an operating system that respects your right to privacy. How do you bring your key over?
- Up at the top, select ‘Keys’, then ‘Import Keys…’
- Select your backup, it should have a file extension of .asc
- This window will appear
- Your key is now imported
I could do this blindfolded!
Part 7 – Encrypting a message
GPA makes this easy as pie. Seriously, if you still can’t do it after following the below steps you shouldn’t be here.
- Click ‘Windows’ at the top, then ‘Clipboard’
- This beautiful window will appear
- Type in your message
- Click the envelope with the blue key
- Select the recipient of the message, sign it with your key if you want, then click ‘Ok’
- Your encrypted message will now appear in the buffer. Copy everything and send this to the recipient
Part 8 – Decrypting a message
You sent your message, and the vendor responded! Now what? You’ll want to decrypt the message with your public key.
- Copy everything the vendor sent you, paste it into the buffer
- Click the envelope at the top with the yellow key
- Enter your passphrase
- Read your message
Part 9 – Conclusion
There we have it, an easy to follow PGP guide for Linux with pictures! PGP can be overwhelming at first, but with persistence and the willingness to learn anyone can do it. Hopefully this guide will keep you guys safe on the DNM! I’ll have an OS X guide coming soon, and possibly a Windows guide following that. Any and all constructive feedback is appreciated, as well as suggestions for other guides!