From FdIwiki ELP
Jump to: navigation, search

GPG is a key´s manager multiplatform system and digital sign of messages and files. It is free software open by GPL license and it implements the OpenPGP standard.

GPG can communicate with current version of PGP and any system that implements PGP standard.

GPG is hybrid coded software that merges symmetric cryptography or private key and asymmetric cryptography o public key.


Develop begins by Werner Koch in 1997 with German´s government subsides but first productive version was release in 1999. It was born as a free software alternative to PGP, because of troubles around this system and the source code was closed.

In 1991 PGP (Pretty Good Privacy) came up ( from the hand of Phillip Zimmermann ( Zimmermann made a cryptography hybrid system with RSA asymmetric key algorithm to encrypt the key generated as a result of the symmetric sign with Bass-O-Matic algorithm. Zimmermann had a lot of troubles with NSA and the USA government, because export software to other countries was illegal, but export source code no. For this reason, international versions of PGP came up.

On the other hand, PGP was on open source in different business until 1999, because of EEUU government changed lays about the exportation of source code of software. NAI (Network Associates) bought PGP Inc and close their code.

Then GPG came up as a free software alternative to PGP.


  • Symmetric cryptography uses a public key, which only knows emitter and receiver, used to encrypt and decrypt.
  • Asymmetric cryptography uses a couple of keys, a public key and a private key. Private Key is only know and accessible by his owner. Public key is known by the rest of users. Also, the method of generating this couple of keys guarantees that only can generates one time. Many of algorithms are based of modular arithmetic and random prime numbers.


When keys are generated, we also can generate a revocation certificate to invalidate keys when we forget them, for example.

Public keys are uploaded to Keys Serves to be accessible for all users. Servers send keys information between them and users can search public keys independent key´s server they consult. We can search a user key by his email and other data.

To encrypt messages, emitter encrypt the content of the message using receiver public key and this message only could be decrypt by the receiver private key.

The method to sign messages generates a hash that contains emitter private key and the content. Receiver can verify that messages were writing by emitter because they have the emitter public key. Also, they can probe the integrity of the signed message.

There is a third variety: encrypted sign (when we only sign messages, they are sending as plane text). This merges cryptography with sign, privacy, authentication and integrity.

To make sure that public key is really own by a user, there are the confidence rings. A user can sign the public key of other users to certificate that the owner is really the person who affirms that.

GPG has many cipher symmetric and asymmetric algorithms, such as RSA (, IDEA (, SHA1 (, ELG (, DSA (, 3DES (, CAST5 ( 128), AES ( o BLOWFISH ( By default, GPG uses CAST5, but user can change it.

GPG has a command line interface but there are plugins, such as Enigmail for Thunderbird, to uses it with graphical UI.


  • Generate coupe of keys: gpg --gen-key

This command will solicit data to generate keys. It will be necessary generate entropy to bring a high computational level to the machine for generate random numbers used to obtain keys.

  • View key list: gpg -- list-keys

Shows all storage keys.

  • Generate ASCII output: gpg –a

Generate a binary file encrypted in ASSCI code. It can be added to message or content commands.

  • Symmetric cipher: gpg –c file

Generate a .gpg file with the same name of “file”. However, it is possible to change the name adding “-o new Name” option.

  • Decrypting: gpg file

After typing the command, we have to enter private key.

  • Upload key to server: gpg -- send-keys keyed

Uploads key to keys We can specify key server adding –keyserver nameServer

  • Export key: gpg --export id

Shows on screen the public key cipher associated to id (it could be key ID or email). We can use –a and –o option to save it on a file.

  • Import key: gpg -- import file

Import to own key list the public key stored in file with his data.

  • Search key on server: gpg –search-keys id

Search on key server the key associated to id (it could be key ID or email). We can specify key server with –keyserver option.

  • Asymmetric cipher: gpg –e –r idReceiver file

Creates a cipher using receiver public key (-r option). We can use –a and –o options

  • Signing a key: gpg –sign-key id

User signs public key specify by id using his private key. It generates a confidence ring.

  • Digital sign: gpg –se file

Sign and encrypt file. We can use –r option to specify destine and –a and –o option.

  • Modify algorithm: gpg –cipher-something algorithmName

This command changes the algorithm to encrypt and decrypt files and messages. By default, GPG uses low algorithms to grow compatibility.

All options can be displayed typing gpg –help on a shell or consulting the Linux manual.


Creating public key

Write next command on a unix command line with gpg installed and available on path.

$ gpg --gen-key

Encrypting first file

First, we have to create a file named archivowiki

$ touch archivowiki

Write a message into file

$ echo “Esto es un archivo de la wiki” > archivowiki

Decrypting a file

$ gpg –d archivowiki.gpg

Output: Esto es un archivo de la wiki