All about GPG

Oct. 27, 2020

One guide to rule GPG all! In this noob friendly guide, we will learn how to generate, use and sign stuff with GNU Privacy Guard. After reading this guide, your private life will be much more private than ever.

GPG is one of the essential tools for your online privacy and security. It also verifies your digital identity using your public key with a public server.

Whether you use your key to encrypt your emails, sign your git commits or just verifying someone’s online identity. GPG is your tool to go!

So, open your favorite *sh up and let’s start generating a key for you 😄

Firstly, install pinentry package on your *nix system. This will provide a nice password entry interface. Read how to install packages.

Now append only one of the following line to your ~/.gnupg/gpg-agent.conf file, according to your user environment. Personally, I use pinentry-tty due to its minimalistic approach and compatiblity even when system is having its issues.

Do this by vi ~/.gnupg/gpg-agent.conf. Read my journal entry on intro to vim for quick refresher.

# Choose only one of the interface

# For installation environments (best for SSHing)
# If you are on basic TTYs with not much interface.
pinentry-program /usr/bin/pinentry-tty

# For terminal emulators
# If you are using Linux/Mac TUI to enter the passwords.
pinentry-program /usr/bin/pinentry-curses
# NOOOOO, Apple is best!! 😢
pinentry-program /usr/bin/pinentry-mac

# For X11/Wayland support
# If you love GTK2 for rest of your life (Mate/XFCE guys)
pinentry-program /usr/bin/pinentry-gtk-2
# If you love GNOME more than your GF (See notes below)
pinentry-program /usr/bin/pinentry-gnome3
# If you are on KDE and hate GTK soo much.
pinentry-program /usr/bin/pinentry-qt

After doing that, reload the gpg-connect-agent for configs to take effect

gpg-connect-agent reloadagent /bye
# It should output OK

Now here comes the fun part!

gpg --full-generate-key --expert

This command will open an interactive terminal menu asking for information of which key you need to generate. The --expert mode allows us to generate keys of new algorithms. In this case an ECC algorithm

Now, let’s discuss each scenario according to our needs.