GnuPG

GnuPG is a GNU Privacy Guard software aims to encrypt and to protect privacy for an entity such as business group or individual. They are the free and open source version of OpenPGP and PGP, defined under RFC4880. It is a direct competitor with the PGP software created by Symantec.

Software Version

Since GnuPG is a crypto software meant to handle security and encryption, we should always use the latest stable version. Hence, if you're using gpg1, you should upgrade to gpg2.1 and above at once. If there is any software that is integrating with the outdated gpg version, you can:

  1. Raise a ticket to their support channel, urging them to move up for security purpose
  2. Consider your intention of using that software

This guide will always be introducing the latest version of GnuPG, made available on Debian stable branch.

GnuPG Purpose

There are 3 main reasons:

Verify Entity Identity (Integrity)

Ever-since the existing of internet back in '90s, identifying a genuine person across the internet is very tough without face-to-face verification. With GnuPG key-pairs ownership, any entity (group or individual) can share one origin identity via a single cryptographic signature process. It does not identify the entity perfectly (you still need to verify the entity through some other ways like public announcement or face-to-face verification), but it's better than nothing.


Encryption and Decryption (Confidentiality)

With identification in place, you can perform private communications via encryption. GnuPG does this perfectly. It offers symmetric encryption using a public/private key pairs to encrypt/decrypt a message payload (can be string or file).


Digital Signature (Integrity)

With a way to verify identity, you can also use GnuPG to digitally sign a message payload (can be string or file), just like how we sign our physical letter. In open-source development, developers always use GnuPG to sign the origin and integrity of the contents, be it patch/software releases. This is for protecting the contents from being tempered with after it leaves the developer's hand and a way for the user/consumer to verify the contents integrity.

Best Practices

This section is all about the common practices of using GnuPG. They are a checklist of actions depending on audience.

Specifications Index

This section is about all the manual specifications for using GnuPG. They are arranged based on the purposes except "black magic", where the hacks and thinkering are grouped under a single sub-section.

Create

This section is all about creating something in GnuPG.


Certify & Revoke

This section is all about certifying or revoke a primary key in GnuPG


Backup and Distribute

This section is all about backup or distribute a primary key in GnuPG.


Encrypt and Decrypt

This section is all about encrypt and decrypt a primary key in GnuPG.


Sign and Verify

This section is all about sign and verify a primary key in GnuPG.


Export and Import

This section is all about export and import a primary key in GnuPG.


Delete

This section is all about delete a primary key in GnuPG.


Configure

This section is all about configuring a primary key in GnuPG.


Black Magic

This section is all about tinkering GnuPG. As the name implies, DO NOT ATTEMPT aside academic purposes.

That's all about GnuPG.