PGP quick start
PGP quick start
PGP is a public key encryption program created by Philip
It allows users to perform several useful functions:
And once you're set up, other users will be able to do the same to
It is remarkably easy to use once you get over the initial learning
The purpose of this page is just to be a cookbook to get you over that
- Sign a plaintext message
so that someone will be sure it came from you.
- Encrypt a message
so that only one user (or a list of users) can decrypt it.
- Sign and encrypt a message
so that it can only have come from you and can only be decrypted one
user (or a list of users).
Key pair generation
The first thing you must do is generate your pgp key pair.
You will be asked for user ID which should usually be your full name
and email address, and a "pass phrase" which proves to PGP you are
allowed to use your secret key to sign or decrypt messages.
The next thing you need to do is to extract you public key so that you
can distribute it to others with whom you communicate.
You can mail the file you generate to those who will need it or
publicize it in other ways
It is adviable to
your own public PGP key before actually distributing it.
It prevents tampering with your key's user ID (which is a source of a
"denial of service" attack against PGP users).
Also, you will need to add other people's public keys to your own
public key file (called a "keyring") for anyone whose signature you
will need to validate, or to whom you will need to send an encrypted
Put their public key (much like the one you extracted above) into a
temporary text file, keyfile.
You can get their public key through email, from their
information or web page, through a public key server, or however they
wish to publicize it.
pgp -ka keyfile
Signing a plaintext message
You can certify that you alone sent a plain text message.
This is useful for news postings or email where secrecy isn't wanted.
pgp -sat filename
Sending an encrypted message
You can encrypt a message such that it can only be decrypted by a
single user (or a list of users).
pgp -eat filename userid [userid2 userid3]
More than one destination user key can be specified.
actually only needs to be a unique substring (case-insensitive) of the
full user ID associated with the key.
The example shows what happens if you try to use an uncertified public
Sending a signed, encrypted message
A signed, encrypted message can only be decrypted by the specified
user(s) and can only have been generated by you.
pgp -seat filename userid [userid2 userid3]
Reading PGP encrypted and/or signed messages
Reading PGP messages is actually the easiest part of all this.
Just dump the message to a file and run PGP over it.
You needn't bother editing the message.
PGP can find the PGP-relevant part by looking at the headers it puts in.
If you don't want to save the decrypted message to a file, you can
have it typed on your screen.
(PGP will offer to save it after you've seen it.)
pgp -m filename
Getting quick help
If you need a quick clue with PGP commands, it will give you a summary
of the most frequently used ones online.
PGP won't do you much good if the public keys you have on your keyring
don't belong to the people you think they do.
That's what key certification is all about.
You can either certify a key yourself when you add it, or do it later,
after validating it with the user via another channel.
The most straightforward way is to talk to the person on the phone
(if you recognize his or her voice) and verify the fingerprint they
get is the same as the one you get.
Then you can certify the public key yourself.
pgp -ks userid
At the same time, you will be asked to certify this person as an
"introducer" of other keys to you.
You should read
the PGP manual
to understand what that means.
It's probably better to err on the conservative side here until you
get a good feel for things.
Viewing a PGP key fingerprint
If someone else wants to certify your public key on their ring, you
can read the PGP fingerprint of your own key to them over the phone.
pgp -kvc your-userid
Key file security
PGP man page:
It is impossible to overemphasize the importance of protecting your
Anyone gaining access to it can forge messages from you or read mail
addressed to you.
Be very cautious in using PGP on any multi-user unix system.
That said, probably a good number of PGP users here will only have
access to it in a multi-user environment.
This does not mean that you should not bother with PGP.
If you're already storing the information online (perhaps with some
other form of encryption), PGP should only increase your security
The PGP manual,
should be read by all PGP users.
should be read by more serious users.
If your (or someone else's) life would be seriously disrupted by
public disclosure of the information you are using PGP to protect, you
should read both volumes of the manual, and you should be running it
on a single user machine you control yourself.
Some obvious caveats when using PGP in a multi-user environment:
directory should be protected so that no one but you can read/write
You should never use
Don't write your pass phrase down or store it online anywhere.
When you get the basic hang of it, you should then do some
on PGP, especially the
PGP Manual: Volume I,
for all responsible PGP users.
This page last updated December 19, 1996.