Creating your public and private key

Run the following command to generate a key-pair (public & private) if you don’t already have one (if you haven’t used GPG before then you most likely don’t):

gpg --full-generate-key

Sending your public key to others

Assuming you used the email address your-email@address while creating your keys:

gpg --export --armor your-email@address > your-name.pubkey

(Note that we “armor” the output, meaning “ascii-armor”, so that it’s in ascii text instead of the usual binary. This allows us dodge the weird behavior that sometimes happens with binary files when you do things like send them over email or cat them to stdout.)

Importing public keys that were sent to you

gpg --import their-name.pubkey

This puts their public key into your keyring, meaning that you can now encrypt messages for them and verify signatures from them.

Encrypting messages for others

gpg --encrypt --armor --recipient their-email@address file.txt

This will send the output to “file.txt.gpg”.

Multiple recipients can be added, just by using seperate “–recipient” flags.

gpg -e -a -r person-1-email@address -r person-2-email@address file.txt

(-e short for --encrypt, -a short for --armor, -r short for --recipient).

Note that this will also output only a single file (file.txt.gpg), which any of the recipients can decrypt.

Decrypting messages that were encrypted for you

gpg --decrypt --output file.txt file.txt.gpg

This will decrypt “file.txt.gpg” and write the output to “file.txt”.

Short flags:

gpg -d -o file.txt file.txt.gpg

Banner image: “Architecture Pittoresque ou Monuments des xveme. Et xvieme. Siecles: Chateaux De France des XV et XVI Siecles: Pl. 32, Château D’Azay-Le-Rideau (Indre et Loire)” by Victor Petit (French, 1817–1874) is in the public domain.