Step 1.b Get your terminal ready and install GnuPG
+Step 1.b Install GnuPG
+ +If you are using a GNU/Linux machine, you should already have GnuPG installed, and you can skip to Section 2.
-If you are using a GNU/Linux machine, you should already have GnuPG installed, and you can skip to Step 2.
-If you are using a macOS or Windows machine, however, you need to first install the GnuPG program. Select your operating system below and follow the steps. For the rest of the steps in this guide, the steps are the same for all operating systems.
+If you are using a macOS or Windows machine, however, you need to first install the GnuPG program. Select your operating system below and follow the instructions. For the rest of this guide, the steps are the same for all operating systems.
MacOS
+macOS
- Use a third-party package manager to install GnuPG -
- Your macOS comes with a program called "Terminal" pre-installed, which we'll use to set up your encryption with GnuPG, using the command line. However, the default macOS package manager makes it difficult to install GnuPG and other pieces of free software (like Emacs, GIMP, or Inkscape).
-To make things easier, we recommend setting up the third-party package manager "Homebrew" to install GnuPG. Copy the link on the home page of Homebrew and paste it in Terminal. Click "Enter" and wait for it to finalize.
-When it is done, install the program by entering the following code in Terminal:
-
brew install gnupg gnupg2 . After installation is done, you can follow the steps of the rest of this guide.
+ -
+
The default macOS package manager makes it difficult to install GnuPG and other pieces of free software (like Emacs, GIMP, or Inkscape). To make things easier, we recommend setting up the third-party package manager "Homebrew" to install GnuPG. For this, we will use a program called "Terminal," which is pre-installed on macOS.
+ +# Copy the first command on the home page of Homebrew by clicking on the clipboard icon, and paste it in Terminal. Click "Enter" and wait for the installation to finalize.
+# Then install GnuPG by entering the following code in Terminal:
+
+brew install gnupg gnupg2
- Get GnuPG by downloading GPG4Win -
- GPG4Win is a email and file encryption software package that includes GnuPG. Download and install the latest version, choosing default options whenever asked. After it's installed, you can close any windows that it creates.
-
-
-
To follow the rest of the steps in this guide, you'll use the program called "PowerShell", which is a program you'll see elsewhere referred to as a "terminal." This allows you to operate your computer using the command line.
+GPG4Win is an email and file encryption software package that includes GnuPG. Download and install the latest version, choosing default options whenever asked. After it's installed, you can close any windows that it creates.
#2 Make your keys
- +To use the GnuPG system, you'll need a public key and a private key (known together as a keypair). Each is a long string of randomly generated numbers @@ -687,9 +680,8 @@ look up your public key.
Your private key is more like a physical key, because you keep it to yourself (on your computer). You use GnuPG and your private key together to -descramble encrypted emails other people send to you. You should never share your private key with anyone, under any -circumstances.
+descramble encrypted emails other people send to you. You should never share your private key with anyone, under any +circumstances.In addition to encryption and decryption, you can also use these keys to sign messages and check the authenticity of other people's signatures. We'll @@ -700,36 +692,42 @@ discuss this more in the next section.
Step 2.a Make a keypair
-Make your keypair
-Open a terminal using
We will use the command line in a terminal to create a keypair using the GnuPG program. A terminal should be installed on your GNU/Linux operating system, if you are using a macOS or Windows OS system, use the programs "Terminal" (macOS) or "PowerShell" (Windows) that were also used in section 1.
+Make your keypair
+ +We will use the command line in a terminal to create a keypair using the +GnuPG program.
-#
# To answer what kind of key you would like to create, select the default option
# Enter the following keysize:
# Choose the expiration date, we suggest
Whether on GNU/Linux, macOS or Windows, you can launch your +terminal ("Terminal" in macOS, "PowerShell" in Windows) from the Applications +menu (some GNU/Linux systems respond to the Ctrl + Alt + T +shortcut).
+ +# Enter gpg --full-generate-key
to start the process.
# To answer what kind of key you would like to create, select the default option: 1 RSA and RSA.
+# Enter the following keysize: 4096
for a strong key.
# Choose the expiration date; we suggest 2y
(2 years).
Follow the prompts to continue setting up with your personal details.
+ Depending on your version of GPG, you may need to use
+--gen-key
instead of --full-generate-key
.
-
Set your passphrase
-On the screen titled "Passphrase," pick a strong password! You can +
Set your passphrase
+On the screen titled "Passphrase," pick a strong passphrase! You can do it manually, or you can use the Diceware method. Doing it manually is faster but not as secure. Using Diceware takes longer and requires -dice, but creates a password that is much harder for attackers to figure +dice, but creates a passphrase that is much harder for attackers to figure out. To use it, read the section "Make a secure passphrase with Diceware" in this article by Micah Lee.
@@ -738,12 +736,10 @@ this article by Micah Lee.If you'd like to pick a passphrase manually, come up with something you can remember which is at least twelve characters long, and includes at least one lower case and upper case letter and at least one number or -punctuation symbol. Never pick a password you've used elsewhere. Don't use +punctuation symbol. Never pick a passphrase you've used elsewhere. Don't use any recognizable patterns, such as birthdays, telephone numbers, pets' names, song lyrics, quotes from books, and so on.
--
- GnuPG is not installed
-
-GPG is not installed. You can check if this is the case with the command
gpg --version . -If GnuPG is not installed, it would bring up the following result on most GNU/Linux operating systems, or something like it: -Command 'gpg' not found, but can be installed with: - sudo apt install gnupg . Follow that command and install the program.
+You can check if this is the case with the command - gpg --full-generate-key command not working +
- Some distributions use a different version of GPG. When you receive an error code that is something along the lines of: gpg: Invalid option "--full-generate-key", you can try the following commands:
+sudo apt update
+sudo apt install gnupg2
+gpg2 --full-generate-key
+If this resolved the issue, you need to continue to use the gpg2 identifier instead of gpg throughout the following steps of the guide. +Depending on your version of GPG, you may need to use +
+--gen-key
instead of--full-generate-key
. - I took too long to create my passphrase
- That's okay. It's important to think about your passphrase. When you're ready, just follow the steps from the beginning again to create your key.
- How can I see my key?
-
-Use the following command to see all keys
gpg --list-keys . Yours should be listed in there, and later, so will Edward's (section 3). If you want to see only your key, you can usegpg --list-key [your@email] . -You can also usegpg --list-secret-key to see your own private key.
+Use the following command to see all keys: - More resources
- For more information about this process, you can also refer to The GNU Privacy Handbook. Make sure you stick with "RSA and RSA" (the default), because it's newer and more secure than the algorithms the documentation -recommends. Also make sure your key is at least 4096 bits if you +recommends. Also make sure your key is at least 4096 bits if you want to be secure.
- Don't see a solution to your problem? @@ -794,6 +801,7 @@ secure and recover from a compromised key much more quickly. Alex Cabal and the Debian wiki provide good guides for setting up a secure subkey configuration. +
gpg --version
.
+If GnuPG is not installed, it will bring up the following result on most GNU/Linux operating systems, or something like it:
+Command 'gpg' not found, but can be installed with:
+ sudo apt install gnupg. Follow that command and install the program.
+
+gpg --list-keys
. Yours should be listed in there, and later, so will Edward's (Section 3).+If you want to see only your key, you can use
gpg --list-key [your@email]
.+You can also use
gpg --list-secret-key
to see your own private key.