All linux commands are in italic text


GnuPG is a complete and free replacement for PGP.

Because it does not use the patented IDEA algorithm, it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application.

GnuPG is Free Software . GnuPG can be freely used, modified and distributed under the terms of the GNU General Public License.

PGP, on which OpenPGP is based, was originally developed by Philip Zimmermann in the early 1990s.

Project Aegypten provides Sphinx-Clients (Mutt, KMail, …) compatible to S/MIME within a GnuPG framework. Within this project a few new tools have been developed, most notably "gpgsm" as the S/MIME counterpart of "gpg".

Here are some key features of "GnuPG":

· Full replacement of PGP.
· Does not use any patented algorithms.
· GPLed, written from scratch.
· Can be used as a filter program.
· Full OpenPGP implementation (see RFC2440 at RFC Editor ).
· Better functionality than PGP and some security enhancements over PGP 2.
· Decrypts and verifies PGP 5, 6 and 7 messages.
· Supports ElGamal, DSA, RSA, AES, 3DES, Blowfish, Twofish, CAST5, MD5, SHA-1, RIPE-MD-160 and TIGER.
· Easy implementation of new algorithms using extension modules.
· The User ID is forced to be in a standard format.
· Supports key and signature expiration dates.
· English, Danish, Dutch, Esperanto, Estonian, French, German, Japanese, Italian, Polish, Portuguese (Brazilian), Portuguese (Portuguese), Russian, Spanish, Swedish and Turkish language support.
· Online help system.
· Optional anonymous message receivers.
· Integrated support for HKP keyservers (
· Clears signed patch files which can still be processed by patch.
· and many more things….

step 0

first you have to :

step 1

not necessary to be root in this step

  • gpg --gen-key

an example

  • real name : Etienne Waliez
  • email address : eb.iiff|enneite#eb.iiff|enneite
  • password : jesuisungrandamidelaffii

1024 bits is no more a good size for you key
2048 bits is a very good size for your key
please see :
DSA et ElGamal (by default) is a good choice
The keys validity period is a delicate issue (see google); a period of five years is a good choice.

step 2

you have

  • to generate a revocation certificate : gpg --output revoke.asc --gen-revoke Etienne
  • to save the /.gnupg directory (and all its files) on a usb key or (best) to burn it on a CDrom
  • to write (in not clear way) your password on a fixed book of your personnal bookshelf

step 3

your fingerprint can be write on your visiting card :

  • gpg --fingerprint
  • for example : 5BF7 988C 9367 2E86 DE52 F141 5F5F 34EE A0BB ED3B

your public key can be send to a key server ( for example ) :

  • gpg --keyserver --send-key 0xA0BBED3B
  • you have note that A0BBED3B are the 4 last bytes of the fingerprint

you can import a public key from a key server ( for example ) :

  • gpg --keyserver --recv-key 0x2CC455D9
  • gpg --list-keys to verify the importation

step 4

to use gnupg with your MUA you have to follow this path :

step 5

Practice makes perfect …

man gpg
gpg --list-public-keys
gpg --refresh-keys
gpg --keyserver --refresh-keys
gpg --keyserver --recv-keys 0x2CC455D9
gpg --keyserver --recv-keys 0x2CC455D9
gpg --finger 0x2CC455D9
gpg --sign-key 0x2CC455D9
gpg --edit-key 0x2CC455D9
gpg --keyserver --send-key 0x2CC455D9
gpg --keyserver --send-keys
gpg --list-public-keys
gpg --list-sigs 0x2CC455D9
gpg --export -a 0x2CC455D9 > rene2CC455D9.key
gpg --import -a rene2CC455D9.key
gpg --import -a --import-options merge-only rene2CC455D9.key
cat rene2CC455D9.key
gpg -er rene test.txt
gpg --armor -er rene test.txt
gpg --clearsign message.txt > message.txt.asc
gpg --gen-revoke rene2CC455D9.key
gpg --verify message.txt
gpg --decrypt message.txt.asc > message.txt
gpg --local-user 0x5A17505A --decrypt message.txt.asc >message.txt


Miscellaneous Links

Unless otherwise stated, the content of this page is licensed under GNU Free Documentation License.