Published on

Using GPG to Encrypt Messages

Authors
  • avatar
    Name
    Tong
    Twitter

You might have been using GPG for years.
Do you often send encrypted messages to your friends?
Or maybe you don't even know your friend has a pub key.

If you are new.
There are high-quality documents written by GitHub. Start with this one for example: Generating a new GPG key

Sharing public keys with each other

Using key servers

Find a key on key servers

gpg --search-keys "HackingGate"

List keys

List GPG keys associated with [email protected]

gpg --list-keys [email protected]

Upload a key to a key server

If you want your key available on the key server. Just upload it.

gpg --send-key 85E38F69046B44C1EC9FB07B76D78F0500D026C4

But wait. Not everyone's pub key is available on key servers. You can't make sure keys on key servers are 100% real.
Someone could claim themselves as yourself.
What to do?

Keybase.io

Keybase.io came to solve that. They will use additional information such as a tweet, a DNS record, a gist to make sure you are yourself. But still, not everyone is using it. And I don't personally like Keybase.io. Because the setup process will upload your private key by default. It's NOT safe.

GitHub could be the best solution

Almost every developer has a GitHub account. And lots of them using GPG sign their git commits.

URL for GPG pub key

https://github.com/<username>.gpg

Example

Import a GPG pub key from GitHub user HackingGate (which is me)

curl https://github.com/HackingGate.gpg | gpg --import

Encrypt messages

gpg --encrypt --sign --armor --recipient [email protected] message.txt

Send the file (or copy text from) message.txt.asc to the owner of [email protected].
Only she/he can decrypt the encrypted message.

Decrypt messages

gpg message.txt.asc
View on GitHubThis article is licensed under a CC BY-SA 4.0 license.