What This Page Explains

There really isn't much to this. After you have the gpg program you generate a public key that you can give to others. You then use a single command to decrypt a received confidential document.

GNU has people use a key name that they call a "fingerprint" to indirectly refer to a key. This is probably because keys can be very long.

Install gpg


After it is installed you may check that if it is working by going to a command prompt and asking gpg to tell you what version it is.

> gpg --version
gpg (GnuPG) <version number>
Generate Your Public Key

Use the command "gpg --gen-key" and then answer the questions. Note at the end they will ask if it is (O)kay. If all went well type capital letter O and hit enter. It will ask you for a password for protecting the private key access. Provide that, and do not lose it. gpg will then output a name for the public key which they call the "fingerprint". This command does not output any actual key.

> gpg --gen-key
gpg (GnuPG) 2.3.4; Copyright (C) 2021 Free Software Foundation

Real name: John Doe
Email address: JohnDoe@gmail.com
You selected this USER-ID:
    "John Doe "

Change (N)ame, (E)mail, or (O)kay/(Q)uit? O

pub   ed25519 2022-04-01 [SC] [expires: 2024-03-31]
      E517B8633C2E57EFA76099E54B7DAA3CE503D007  <- fingerprint
uid                      John Doe 
sub   cv25519 2022-04-01 [E] [expires: 2024-03-31]

That line starts with "pub" describes the public key. After "pub" it has "ed25519" which is the algorithm used here. Following is the date, a literal '[SC]', and then the expiration date for the key. The fingerprint appears on the next line. In this example the fingerprint is "E517B8633C2E57EFA76099E54B7DAA3CE503D007", but your fingerprint will be different. It will the same length, but it will be different.

Copy the fingerprint.
Publish Your Public Key

Replace the word "<fingerprint>" with the fingerprint you copied in the prior step.

> gpg --keyserver keys.openpgp.org --send-keys <fingerprint>

If you receive a confirmation email from opengpg.org follow up on that.

Decrypt A File

1. Say that someone sent you a confidential document via email while using the directions found on this website. For sake of discussion suppose that the email attachment is called d.gpg. Save it on your computer.

2. Run this command:

> gpg -o data.zip --decrypt d.gpg

3. Then unzip data.zip and you will have the document.


The gpg software is without warranty. If you are handling a document that carries liability, be sure to check the 'see also' links and to know what you are doing. I apologize, but I don't take any responsibility for what happens when you follow these directions.

Copyright © 2008 - 2022 Thomas Walker Lynch. All rights reserved.