Learn how to use PGP

For example lets say that you are going on vacation for two weeks and you need your friend Bob to take care of your pets. The doors of the house have a key lock box that is pin protected. You need to give Bob the pin in a safe way. Both Bob and you can create a pair of PGP keys and encrypt the pin to the box using Bob’s public key. This way you can safety give Bob the pin without worrying of the pin being intercepted. Another user case is if you need to share your Hulu login information or credit card information with a family member by email but do not want it to send it in plain text due to the chance that if the email account is ever compromised the information could be abused. To prevent all that, Tom and you create a pair of PGP keys, encrypt the information with Tom’s public key and send the encrypted message via email to Tom.

To adhere to perfect forward secrecy, you should create a different key pair for each person you communicate with because if one of your keys get compromised then every communication with that key could be decrypted or intercepted. If one key pair gets compromised then only convestations with that key is compromised, all the other convestations with other people are safe.

Check file hash

sha256sum Michael_Scott_Paper_Company_secrets.txt

If one bit is changed in the file, the file will have a completely different hashsum. The command “sha256sum” will work on Linux systems. An example of the output can be seen below:

0c028927b34e962cf7825c468325eee26f0a400a39bee93d650f4a77eeef6ade  Michael_Scott_Paper_Company_secrets.txt

If the command does not work with CMD, open up a PowerShell terminal and run the command there.


If you are on a Windows system open a command line terminal and run the following command:

CertUtil -hashfile Michael_Scott_Paper_Company_secrets.txt

The output will look similar to this:

SHA1 hash of 18f891a3737bb53cd1ab451e2140654a376a43b2d75f6695f3133d47a41952b6.Michael_Scott_Paper_Company_secrets.txt:
7f254c42dca7499815916cc28173abdc0988b85f
CertUtil: -hashfile command completed successfully.

Encrypt a File

gpg -a --encrypt --recipient "MichaelScott" Michael_Scott_Paper_Company_secrets.txt


The “-a” flag will create ascii armored output. The flag “–encrypt” will encrypt the file “Michael_Scott_Paper_Company_secrets.txt”. Lastly the “–recipient” flag will use MichaelScott’s public key to encrypt the the file. This means only MichaelScott or someone with their private key can decrypt the file.


The output of the file, “Michael_Scott_Paper_Company_secrets.txt.gpg” looks like the text below.

-----BEGIN PGP MESSAGE-----

hQGMA7FJFObWQ6ozAQv/UjbtsKxWB0xj9z3+8y4sFCnKYNDEEpZ/FQFBpHFFwqKl
dC8Wm45pXgNxaXaDLmLrFcVR2g1wXUcdXTpI0iVcbfgACqzrb23F/2d+QsjxP/cL
o28HWe14oBvDjpJAkxxwALl8OzdGNhv53xJRLmzVKd7s4s16yvyQRnxAi1ypbwEy
R7YQqbiiF3E7K+oBwhPLKnar31trFHgAQ2R/VhjpzXB4rdR1NH2onPkhKNf/om6H
fHJlJu2BYgKFVsMaUPRskXX0gd7rsle71MobWu4uTJrmkVqYOBxnT0Ecq7uP1Guf
kXgV19hOPdwhppnFaRFchz1RlUzAuVFkZX06Mo+QzlfnqrDT//vg4UY/wESUEGsJ
4xKXuW4Xyw27jTHbGUqzYzFFTyUiGWafKAJXPnYqMusuDduj4gSEgatdIsAHGhPi
DlD5hIZQnNRrhNcmblmtjpBNJsWxE1fUVJu7YybYhcdq4yKFGLcuCoTJxfio3upx
H+eYKAHiIQV+0P6S4dQ60kABLaDRWqT8vGd+izrJ5XyNjxFZ940GBbnDA99vFth+
hCCq8skheH5jiThMgqyuPgT1/YVZjVXVzW6NH57ZM92x
=WqEk
-----END PGP MESSAGE-----

Sign a file with GPG

One again the “-b” flag will create a detached signature of the file. A person might want to sign a file to prove that the file came from someone who owns the private key. An example of the command can be seen below.

gpg -a -b Michael_Scott_Paper_Company_secrets.txt

To check to see if the signature is valid the following command can be used to check.

gpg -a -d Michael_Scott_Paper_Company_secrets.txt.asc

The “-d” flag will decrypt the file. When the command is ran the output will look like this:

gpg: assuming signed data in 'Michael_Scott_Paper_Company_secrets.txt'
gpg: Signature made Fri Apr 26 21:40:02 2024 EDT
gpg:                using RSA key 5FA151497C76C937D769264BB27E69B46E01F88D
gpg: Good signature from "foojay" [ultimate]

Clear Sign a message

Clear signing a message is useful when you want to prove that you created a message but not encrypt the message.

gpg  --clear-sign Michael_Scott_Paper_Company_secrets.txt

The flag “–clear-sign” will sign the message but not encrypt the text. The command will create a file named “Michael_Scott_Paper_Company_secrets.txt.asc“. An example of a a clear sign message looks like the text below.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I declare bankruptcy!!!
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEX6FRSXx2yTfXaSZLsn5ptG4B+I0FAmYtHbEACgkQsn5ptG4B
+I3fPQwAsZZ5dKclW9KLTeu5H7lgabpxUYsYz12BkRmOgl+tqnUuCdWIOw5w2mJP
FP1vTWP8MjpTheLLnW3qjlXUEPZshe9GBKdVscxupBLoyDjH/LWyw6eOWr8k2iRP
7XPIfkKOG3MqLxj93iZgeA+gNe64fyQYfpwTERc+D/1TIFMTYPVucN6ESM9efJCV
EUGsB6hs6/AZXa4I9eB8/vo0XcH8RFI8eDjOxD0dvNzsXS54b4No7u9+2/x+qgPi
zUoec/J65IIqKvny0vZ9ld9gPkllqh6rIGF6u27MPrhDVyKEIOXgz+fGBj2P0jW8
m89dNiftLsRJUYT5UZ2S3NYqqlls0C1TX4Kcs7a1xGBDcWpqAZ9CsUFuy5Q8JfM4
+C/QmlUlygo8aubi0li8YdOWIFDJe3qtxhjJpOR8635gVJmvvysNCjciILXEtinO
DEtC+lyL0Oz93q4DfJVOJHwbx65sor29iILjTlI/Yh32RVv1NBZ2pK3TCZtsELgv
odhdwa4G
=wthV
-----END PGP SIGNATURE-----

Decrypt a message

After receiving a encrypted message you have to decrypt the message so you can read the sensitive information. To decrypt the message use the command:

gpg -a -d Michael_Scott_Paper_Company_secrets.txt.asc

Note that to decrypt the file you will need to enter the key password. The output will look like the following:

gpg: encrypted with 3072-bit RSA key, ID D0ACB51B93A71BBC, created 2024-01-31
      "foojay"
I declare bankruptcy!!!

List Fingerprints

Every Public Key has something called a fingerprint. A fingerprint is an ID that represent the public key. This makes it easy to identify a certain key that belongs to a someone.

gpg --fingerprint

Leave a Reply

Your email address will not be published. Required fields are marked *