PGP stands for Pretty Good Privacy and it was invented by a man named Phil Zimmermann.
For many reasons the whole PGP's source code was published and many variants have because of it. You may read more in the links provided
Today GnuPG or the GNU Privacy Guard is being its most popular de facto implementations, basing its line on OpenPGP.
This is mostly used when encrypting private emails and can even be used for scrambling files to hide its true meaning, but it is also used to authenticate said emails and files with the help of digital signatures
Steps to use PGP
- Download a PGP-related tool
Windows - gpg4win
MacOS - GPG Keychain
Android - OpenKeychain
Linux - Most Distros just get that outside the box once activated, but you can search for available packages available for compile on the GPG Website with files available on this link
Official GnuPG Website - gnupg.org
A command line interface(CLI) is mostly adviced to use, but for beginners the following links are just enough since they provide a little
simpler GUI feel to the environment
- Once you download the software Generate a key using the following commands or just clicking "New" or "Generate New Key Pair"
$ gpg --full-generate
Here you may chose what kind of key would it be based on the choices below if you are going to the CLI
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(14) Existing key from card
For beginners I suggest an RSA Key since this is the one most commonly used, from here you can tinker with the rest of the details
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
What is important however are that you list up information for your key like Name, Email Address, and a Comment(this part can be left blank)
After making those details clear, by default (in most of the GnuPG Tools I used) we need to use a password to protect the key just in case someone actually gets it...
WARNING: If you do not remember your key's password, then it means that you have already lost your key and all the data that uses your
key.
An example of generated keys
PGP Messages that you need to decrypt
Parts of a gpg generated key
C14E0E59767E57066A3967FAAA82ECD24B23FAB0
is the key ID
The rest
is just history
The Key is actually from the first example above
This is the command for importing a key
This are the following commands for listing keys
More help on GnuPG
Digital Signatures
From this part we will use a detached signature
You may add -a
before the following commands to make the signature a little better
This means the commands will look at this:
gpg -a --detach-sign -u [key name or key ID] [your_file]
More PGP Tutorials
For the meantime this tutorial only covers the Command Line Interface(CLI) side of PGP as of 2023, for more tutorials relating to the other PGP clients, please refer to the tutorial page
Known Neocities Sites for teaching the same thing
gameobservatory.neocities.org
thehackerwiki.neocities.org