How to use GPG: A Quick-Reference Guide

Posted by Mohamed Amine Osmani

Once you understand the basic logic behind cryptography, you need functional tools to enforce data integrity locally on your machine. GnuPG (GPG) is the standard open-source utility used in Linux environments to run these configurations cleanly without bloated graphical overhead.

This tactical guide outlines the exact terminal commands required to run GPG pipelines efficiently:

  • Generating and managing key rings cleanly.
  • Exporting public cryptographic signatures for collaboration.
  • Executing both encryption and signature validation operations over plain data packets.

Step 1: Instantiating Your Cryptographic Keypair

To begin routing protected traffic, you must generate your local mathematically bound key structures. Avoid basic or default automated scripts; configure your settings explicitly using the full interactive allocation menu.

gpg --full-generate-key

When prompted by the configuration wizard, select these industry-standard parameters to keep your system optimized and secure:

  • Algorithm: Choose Option 1 (RSA and RSA).
  • Keysize: Input 4096 bits to maintain a high-entropy security profile.
  • Expiration: Set a defined lifespan (e.g., 1y for one year) rather than leaving it open indefinitely.
  • Passphrase: Provide a strong passphrase to lock down your private key block container locally.

Step 2: Inspecting and Managing the Local Keyring

Once generated, confirm that your keys are sitting correctly inside your local database directory using these quick listing commands:

To view all public keys stored on your system:

gpg --list-keys

To identify your strictly guarded private keys:

gpg --list-secret-keys
Look closely at the console output for the 8-character or 16-character alphanumeric identifier following the cipher configuration (e.g., rsa4096/ABC12345). This unique value represents your specific Key ID, which you'll use to execute target operations later.

Step 3: Exporting Your Public Key Blueprint

For collaborators to securely send you sensitive assets or inspect your data verification steps, they need a clear copy of your public variable. Export it cleanly into an ASCII-armored plain text file container:

gpg --armor --export Your_Key_ID > my_public_key.asc

You can share this my_public_key.asc file anywhere—send it over chat lines, upload it directly to public keyservers, or embed it cleanly into your own web root directories.

Step 4: Importing a Partner's Public Key

When a developer sends you their public cryptographic key signature, pull it straight into your local environment to start using it immediately:

gpg --import partner_public_key.asc

Step 5: File Operations: Secure Encryption and Verification

With your key database configured, you can process raw document assets using asymmetric validation routines.

Encrypting Content for a Target Recipient

To lock down an asset so only your intended recipient can unpack it, use the --encrypt flag bound directly to their registered identifier:

gpg --armor --recipient Partner_Key_ID --encrypt engineering_notes.txt

This command creates a secure, encrypted copy named engineering_notes.txt.asc that you can safely send over unprotected channels.

Decrypting Incoming File Payloads

When an encrypted file lands in your system inbox, unpack the data directly by invoking your local key configuration:

gpg --decrypt encrypted_payload.txt.asc > raw_source.txt

The system will prompt you for your local passphrase to unlock your private key, run the calculation, and instantly spit out clean data blocks.

Signing and Verifying Releases

If you distribute software utilities or text files, you can sign them using your private key to prove authenticity. This allows your users to verify that the file hasn't been altered or injected with malicious code.

gpg --clear-sign release_manifest.txt

Your users can then quickly check the signature integrity against your published public signature key:

gpg --verify release_manifest.txt.asc