All linux commands are in italic text (excepted in step 5)

Since october 2017 the 4th Rene Paul Mages (ramix) fingerprint is : 0E53 808A 4AB3 8DF8 2679 2EEB B8CF 35A4 9840 A6F7


GnuPG is a complete and free replacement for PGP.

Because it does not use the patented IDEA algorithm, it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application.

GnuPG is Free Software . GnuPG can be freely used, modified and distributed under the terms of the GNU General Public License.

PGP, on which OpenPGP is based, was originally developed by Philip Zimmermann in the early 1990s.

Project Aegypten provides Sphinx-Clients (Mutt, KMail, …) compatible to S/MIME within a GnuPG framework. Within this project a few new tools have been developed, most notably "gpgsm" as the S/MIME counterpart of "gpg".

Here are some key features of "GnuPG":

· Full replacement of PGP.
· Does not use any patented algorithms.
· GPLed, written from scratch.
· Can be used as a filter program.
· Full OpenPGP implementation (see RFC2440 at RFC Editor ).
· Better functionality than PGP and some security enhancements over PGP 2.
· Supports ElGamal, DSA, RSA, AES, 3DES, Blowfish, Twofish, CAST5, MD5, SHA-1, RIPE-MD-160 and TIGER.
· Easy implementation of new algorithms using extension modules.
· The User ID is forced to be in a standard format.
· Supports key and signature expiration dates.
· English, Danish, Dutch, Esperanto, Estonian, French, German, Japanese, Italian, Polish, Portuguese (Brazilian), Portuguese (Portuguese), Russian, Spanish, Swedish and Turkish language support.
· Online help system.
· Optional anonymous message receivers.
· Integrated support for HKP keyservers (
· Clears signed patch files which can still be processed by patch.
· and many more things….

step 0

first you have to :

step 1

not necessary to be root in this step

  • gpg --full-gen-key

an example

  • real name : Etienne Dupont
  • email address : gro.ximar|tnopud.enneite#gro.ximar|tnopud.enneite
  • password : ActivisteDepuisMai2003

1024 bits is no more a good size for you key
2048 bits is a good size for your key
4096 bits is a very good size for your key
please see :
DSA et ElGamal (by default) is a good choice
The keys validity period is a delicate issue (see google); a period of five years is a good choice.

step 2

you have

  • to generate a revocation certificate : gpg2 --output revoke.asc --gen-revoke Etienne
  • to save the /.gnupg directory (and all its files) on a usb key or (best) to burn it on a CDrom
  • to write (in not clear way) your password on a fixed book of your personnal bookshelf

step 3

your fingerprint can be write on your visiting card :

  • gpg2 --fingerprint
  • for example : 0E53 808A 4AB3 8DF8 2679 2EEB B8CF 35A4 9840 A6F7

your public key can be send to a key server ( for example ) :

  • gpg2 --keyserver --send-keys 0x9840A6F7
  • you have note that 9840A6F7 are the 4 last bytes of the fingerprint

you can import a public key from a key server ( for example ) :

  • gpg2 --keyserver --recv-key 0x9840A6F7
  • gpg2 --list-keys to verify the importation

step 4

to use gnupg with your MUA you have to follow this path :

step 5

Practice makes perfect …

man gpg
gpg --delete-keys 0x2CC455D9 (Cette commande supprime la clef 0x2CC455D9 du trousseau de clefs)
gpg --list-public-keys
gpg --keyserver --refresh-keys
gpg --keyserver --refresh-keys
gpg --keyserver --recv-keys 0x9840A6F7
gpg --keyserver --refresh-keys
gpg --keyserver --recv-keys 0x9840A6F7
gpg --finger 0x9840A6F7
gpg --sign-key 0x9840A6F7
gpg --edit-key 0x9840A6F7
gpg --keyserver --send-keys 0x9840A6F7
gpg --keyserver --send-keys (absolutely NO effect)
gpg --list-public-keys
gpg --list-sigs 0x9840A6F7
gpg --export -a 0x9840A6F7 > renepaul9840A6F7.key
gpg --import -a renepaul9840A6F7.key
gpg --import -a --import-options merge-only renepaul9840A6F7.key
cat renepaul9840A6F7.key
gpg -er rene test.txt
gpg --armor -er rene test.txt
gpg --clearsign message.txt > message.txt.asc
gpg --gen-revoke renepaul9840A6F7.key
gpg --verify message.txt
gpg --decrypt message.txt.asc > message.txt
gpg --local-user 0x5A17505A --decrypt message.txt.asc >message.txt
gpg -e MotsDePasse.txt > MotsdePasse.txt.gpg
gpg -d MotsDePasse.txt.gpg > MotsdePasse.txt


Miscellaneous Links

Unless otherwise stated, the content of this page is licensed under GNU Free Documentation License.