GNU Privacy Guard is an RFC-4480 compliant OpenPGP implementation. PGP was created in 1992 out of spite from what I gather by Phil Zimmerman. In 1991 Senate Bill 266 required manufacturers of secure communications equipment to insert special “trap doors” in their products, so that the government could read any encryped communications… (Sounds fairly similar to current events today).

What came from Phil Zimmerman’s head has changed history. PGP gave the world the access to an easy mechanism to keep messages confidental as well as authenticatible. Using asymetric-key cryptography as well as symetric-key, PGP can be used to encrypt and digitally sign data.

Keys Everywhere

As mentioned above, PGP uses asymetric-key cryptography. The specification mentions several different types of key algorithms you can choose from, including RSA, DSA, etc. What all these have in common is they all consist of two distinct keys that are linked together with our good friend math. Below is a very simplified example of asymetric-key cryptography.

    R = U * V
We can calculate phi(R) as shown below:
    phi(R) = (U - 1) * (V - 1)
We want R to be hard to factor, so:
    P * Q = 1 (mod phi(R))

P = Public Key
Q = Private Key

To encrypt a message all we do is:
    (Plaintext) ^ P mod(R)

To decrypt a message all we do is:
    (Ciphertext) ^ Q mod(R)

If you are following the above, you will notice that this is some pretty simple math. To encrypt we raise the plaintext version of what we want to encrypt with one key, and we raise the ciphertext to the other key to decrypt. This is very simple to perform, but EXTREMELY hard to figure out without the large primes P and Q because it is hard to find the common divisors.

This form of cryptography allows us to widely publish our public key, so that anyone can send us encrypted messages, and if we keep our private key completely secret, you will be the only one who can read the message. PGP uses asymetric-key encryption, but not for encrypting the message itself. PGP uses symetric key encryption for actually encrypting the message you are trying to hide, and is capable of using many different mechanisms to accomplish this, including blowfish, twofish, aes, etc. Symetric key encryption is where you share a key, such as a passphrase, and you encrypt and decrypt with the same key.

PGP is clever in that the algorithm first creates a really random session “password” which is used to encrypt the payload of the message. Then uses the recipient’s public key to asymetrically encrypt said random session password. The actual message encryption is very much stronger than the encryption of the random session password, which is a one time use password.

To start using GPG to encrypt and sign your documents install gpg. Then generate a keypair as shown below:

[husobee@localhost ~]$ gpg --gen-key
gpg (GnuPG) 2.1.3; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Note: Use "gpg2 --full-gen-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: somone real
Email address:
You selected this USER-ID:
    "somone real <>"

    Change (N)ame, (E)mail, or (O)kay/(Q)uit? o
    We need to generate a lot of random bytes. It is a good idea to perform
    some other action (type on the keyboard, move the mouse, utilize the
    disks) during the prime generation; this gives the random number
    generator a better chance to gain enough entropy.

Then sit and wait, for a while. In order to generate such a huge random prime, your computer has to create a ton of entropy. When this is done, you should have a keypair, and be ready to start encrypting messages or documents. Below is an example of encrypting a file with gpg.

[husobee@buzzard ~]$ gpg -a -e 2015-06-18-shhh-use-pgp.markdown 
You did not specify a user ID. (you may use "-r")

Current recipients:

Enter the user ID.  End with an empty line:
gpg: 53A7719F: There is no assurance this key belongs to the named user
pub  rsa2048/53A7719F 2015-06-03 <>
 Primary key fingerprint: 1FB4 128F 270E B14D 7556  4081 63E0 6DBC 53A7 719F

Enter the user ID.  End with an empty line: 
 [husobee@buzzard ~]$ ls \*.asc

Looking at that file that was created:

Version: GnuPG v2


After you are done encrypting files for yourself, you will likely want to start sharing with friends. PGP is based on a web of trust. So you trust someone, you sign their public key, and they become more trustworthy. You can also get keys from a keyserver, and import individual’s public keys as seen below:

[husobee@localhost ~]$ gpg --search-keys
gpg: data source:
(1)     (husobee) <>
          4096 bit RSA key DBB16047, created: 2015-06-05, expires: 2016-06-04
          Keys 1-1 of 1 for "".  Enter number(s), N)ext, or Q)uit > q
          gpg: error searching keyserver: Operation cancelled
          gpg: keyserver search failed: Operation cancelled

[husobee@localhost ~]$ gpg --recv-keys DBB16047
gpg: key DBB16047: public key "(husobee) <>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Always make sure to verify the fingerprint of keys from people you know. The fingerprint is a SHA hash of the public key and is used to make sure you have their proper key.