Setting up GPG for the first time
Before you can begin to use GPG for encryption, you should create a key pair. This step will create a secret key and a public key. As we noted above, you must keep the secret key protected, and publish the public key as widely as possible.
The key generation process is fairly involved, but you only have to do it one time (unless you set an expiration date on your key). To begin the key generation process, type the command:
gpg --gen-key
At this point, if you have never used GPG before, you will see something like this:
[orapshcm@ukvups-app01 UKSCRIPTS]$ gpg --gen-key
gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 5
This first question is prompting you for the type of encryption you want to use. You don't need to understand the difference between DSA and RSA encryption at this point. Unless you have some special situation (for example, if you live in a country where it is not legal to use encryption).
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
This question is asking you how large you want your key to be. The larger your key is, the more secure it is - but the longer it will take for GPG to generate your keys, and to encrypt and decrypt messages. If you intend to use GPG for keeping important secrets (for example, corporate trade secrets, or military secrets), then you should use the largest key size. If your security needs are more modest, then the default value should be sufficient. We would not recommend using anything smaller than the default size, even with a slow computer.
After answering this question, you will see this:
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
With GPG, you have the ability to set expiration dates on your key pair. This means that people are expected to stop using your public key after a certain period of time, presumably because you are going to make a larger (more secure) one as computers become faster. Unless you have special needs, the default value (your key will never expire) should be fine.
After this, GPG will ask you what name you want associated with your key. For most people, this will be their real name. Of course, if you wish to use an alias for some reason, you may do that instead.
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: UperikalaPRD
Email address: ukprd@uperikala.com
Comment: Testing purposes
You selected this USER-ID:
"WeisUAT (Testing purposes) <weisuat@weismarkets.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
You need a Passphrase to protect your secret key.
Enter passphrase: password
Enter passphrase: password
Re-enter passphrase: password
Because the secret key must be protected at all times, GPG does not store it in a readable form. Instead, it encrypts the secret key, using your passphrase as the key. Every time you use GPG to decrypt a message that was sent to you, or to digitally sign a message that you send, you will have to type your passphrase.
After typing your passphrase twice (to confirm it), you will see something like this:
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 280 more bytes)
+++++
.+++++
gpg: key 2187FD76 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 2048R/2187FD76 2014-11-26
Key fingerprint = 0F83 8ECC 3B03 47C1 E422 EC7E 258A 754A 2187 FD76
uid UKprd (Testing purposes) <ukprd@uperikala.com>
Note that this key cannot be used for encryption. You may want to use
the command "--edit-key" to generate a subkey for this purpose.
Now, the key generation is finished. If you wish, you can look around to see what GPG has done. (The rest of this section will contain simple exercises to help you learn how to use the software. If you already know how to use GPG, you can skip ahead.)
Creation of Public Key:
Access the link http://www.talx.com/pgp/ and click on “Download the Equifax Public Key”
Public Key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 6.5
mQGiBFN/dyoRBADJtFqn0P7nE8dWK+2HCkVT3TsJSdLbTyxVjTRZl2suyDjLl18n
ZIfa7XO9igJr5eqAt3ueSr81a3jQv9wnO0CpbNYdq5YQ9GJ6Q/x9t03q+8mcdI6L
hgaHsvvGvC0GwqNH+lEMXgmB/z5NxKA4DJk8/O8Yfk2/9hhn33wcDyvRkwCg/1/E
bHSp3cETG3Da4+jy9ly96asD/3I7Jqf0eV+ALPgnlnxGR0JivosAjxMVAxk1Ipf4
h2kaIr6UvxZRXQ+xLvyAlvwsd3zwh93WrpT7KcKlNjxiK3lhyWJChch6m4/cZORt
wsxHNOt9sE+Uw/lDQg6uDhUY7P1iA4lPm7mqYr7NN/eGlx+b/4GoFKeL8mjQurff
w+p3A/oDLwiTEDYbaohPbqFM85HM1Ogr6a06K8/n44wT3f6rLBUafXLjB35YRqZ6
NMF7CMJGbudnRGuNb55B2131z50fJgU+Wd5RSPFsg+9kHRq2XQdS/njHkEuACaf2
r5y19PykS9imsOghbb4CacOXggcnU1jFvGk+F+jGC/OE0NTcw7QsZXF1aWZheHdz
MDEyMTIwMTUgPGVxdWlmYXh3c3BncEBlcXVpZmF4LmNvbT6JAFQEEBECABQFAlN/
dyoFCQFAXIAECwMCAQIZAQAKCRAxxMqypSPrIL1EAJ9FFzlAmHXAUTPRBde01dqa
385MaACfUIx+7AfjdBSmIn9k+hefUYUz4p25Ag0EU393KhAIAPZCV7cIfwgXcqK6
1qlC8wXo+VMROU+28W65Szgg2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXp
F9Sh01D49Vlf3HZSTz09jdvOmeFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2R
XscBqtNbno2gpXI61Brwv0YAWCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMc
fFstjvbzySPAQ/ClWxiNjrtVjLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGN
fISnCnLWhsQDGcgHKXrKlQzZlp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7D
VekyCzsAAgIH+wRyx6gBP7Yh7SR5MEiVfvIyGbolthExNHX//b0N/ruMbeUk9tqT
KktJ3ofekmE9aTxrbPwmWNoOBcCfis0JjcQkDjUFTh/Imf93H/fwvNHsamButoZX
NKCaRM7kMhnZtmNMhqbRPuxeaR4CNqmepp7MRYvT9N7cvlvWVJiypzPvXlxm8F/l
awXBwQUXl2mMPcQnPTViPefgU0x3XhN4+pM3cx8MuviW82qS7fZrNStTFAK32vGG
1nxBnQzwgpRW9vNpQfk3o2hWxgIFDlx/2DSjqwv4gYtsIaoUX7SD7d2oKnMPPFO5
jxA+XCTgO4Vs60Hzs/N+u24dCVYq+XJJSz2JAEwEGBECAAwFAlN/dyoFCQFAXIAA
CgkQMcTKsqUj6yABrwCeOCxVfht2clsOwcBtuPFmxNxwzRUAn3rDrSrTsm1ELHyq
/lTqiUTgeDKg
=ot8N
-----END PGP PUBLIC KEY BLOCK------ Copy the Public Key in notepad with the name “equifaxws01212015Public.asc”
Importing the public Key:
[orapshcm@ukvups-app01 UKSCRIPTS]$ gpg --import equifaxws01212015Public.asc
gpg: key A523EB20: "equifaxws01212015 <equifaxwspgp@equifax.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
[orapshcm@ukvups-app01 UKSCRIPTS]$
If you want to see your public key ring, you can use this command: gpg --list-key
[orapshcm@ukvups-app01 UKSCRIPTS]$ gpg --list-key
/home/orapshcm/.gnupg/pubring.gpg
---------------------------------
pub 1024D/A523EB20 2014-05-23 [expires: 2015-01-21]
uid equifaxws01212015 <equifaxwspgp@equifax.com>
sub 2048g/17BBF0F5 2014-05-23 [expires: 2015-01-21]
If you want to see your secret key ring, you can use the command: gpg --list-secret-keys
[orapshcm@ukvups-app01 UKSCRIPTS]$ gpg --list-secret-keys
/home/orapshcm/.gnupg/secring.gpg
---------------------------------
sec 2048R/2187FD76 2014-11-26
uid UKprd (Testing purposes) <ukprd@uperikala.com>
[orapshcm@ukvups-app01 UKSCRIPTS]$
Signing the Public Key:
[orapshcm@ukvups-app01 UKSCRIPTS]$ gpg --edit-key A523EB20
gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
pub 1024D/A523EB20 created: 2014-05-23 expires: 2015-01-21 usage: SCA
trust: unknown validity: unknown
sub 2048g/17BBF0F5 created: 2014-05-23 expires: 2015-01-21 usage: E
[ unknown] (1). equifaxws01212015 <equifaxwspgp@equifax.com>
Command> fpr
pub 1024D/A523EB20 2014-05-23 equifaxws01212015 <equifaxwspgp@equifax.com>
Primary key fingerprint: DF24 6107 C856 8E6B 1DDD 882A 31C4 CAB2 A523 EB20
Command> sign
pub 1024D/A523EB20 created: 2014-05-23 expires: 2015-01-21 usage: SCA
trust: unknown validity: unknown
Primary key fingerprint: DF24 6107 C856 8E6B 1DDD 882A 31C4 CAB2 A523 EB20
equifaxws01212015 <equifaxwspgp@equifax.com>
This key is due to expire on 2015-01-21.
Are you sure that you want to sign this key with your
key "UKprd (Testing purposes) <ukprd@uperikala>" (2187FD76)
Really sign? (y/N) y
You need a passphrase to unlock the secret key for
user: "UKprd (Testing purposes) <ukprd@uperikala.com>"
2048-bit RSA key, ID 2187FD76, created 2014-11-26
Enter passphrase:password
Command> check
uid equifaxws01212015 <equifaxwspgp@equifax.com>
sig! A523EB20 2014-05-23 [self-signature]
sig! 2187FD76 2014-11-26 UKprd (Testing purposes) <ukprd@uperikala.com>
Command> quit
Save changes? (y/N) y
[orapshcm@ukvups-app01 UKSCRIPTS]$
