Home Guides Blog Tests Games Pathway Foss

GPG
MASTERY

// Encrypt. Sign. Verify.

ENCRYPTION IS LIBERTY.

In a world of surveillance and data breaches, encryption is your last line of defense. GPG (GNU Privacy Guard) gives you military-grade encryption for your files, emails, and communications.

YOUR KEYS, YOUR DATA.

With GPG, you control your encryption. No corporations, no backdoors. Only those with your private key can read your messages. That's real security.

BEGIN YOUR JOURNEY

// Your Training Path

Click a lesson to begin

LESSON 01

Introduction to GPG

What is GPG? Encryption basics and why it matters.

Beginner
LESSON 02

Generating Your Keys

Create your first key pair. Master key and subkeys.

Beginner
LESSON 03

Managing Keys

List, export, import, and revoke keys.

Beginner
LESSON 04

Encrypting Files

Encrypt files for yourself or others using public keys.

Beginner
LESSON 05

Decrypting Files

Decrypt files using your private key.

Beginner
LESSON 06

Digital Signatures

Sign files to prove authenticity and integrity.

Intermediate
LESSON 07

Verifying Signatures

Verify signatures from others. Trust models.

Intermediate
LESSON 08

Key Servers

Publish your public key. Find others' keys.

Intermediate
LESSON 09

Email Encryption

Set up email encryption with GPG. Thunderbird, mutt.

Intermediate
LESSON 10

Backing Up Keys

Secure backup of keys. Paper backups. Revocation certificates.

Advanced
LESSON 11

Subkeys & Expiration

Manage subkeys. Set expiration dates. Key rotation.

Advanced
LESSON 12

Advanced GPG

Smartcards, YubiKey, Tor, and best practices.

Advanced

// Lesson 01: Introduction to GPG

×

What is GPG?

GPG (GNU Privacy Guard) is a free implementation of the OpenPGP standard. It's used for encrypting data and communications, signing messages, and verifying signatures.

Why GPG Matters

  • Privacy: Encrypt files only you can read
  • Authentication: Prove you sent a message
  • Integrity: Verify messages weren't tampered
  • Decentralization: No central authority

Public Key Cryptography

GPG uses asymmetric encryption:

  • Public Key: Share freely. Others use it to encrypt messages for you.
  • Private Key: Keep secret. Only you can decrypt messages.

Quiz

1. What does GPG stand for?

Show Answers
  1. GNU Privacy Guard
← Back to Lessons

// Lesson 02: Generating Your Keys

×

Installing GPG

# Debian/Ubuntu
sudo apt install gnupg

# macOS
brew install gnupg

# Check version
gpg --version

Generate a Key Pair

# Interactive key generation
gpg --full-generate-key

# Or use batch mode for scripting
gpg --batch --gen-key <

                
Key Types

                
    
                    
  • RSA: Most compatible, up to 4096 bits
    • 
                    
  • ECC: Smaller keys, modern, gaining support
    • 
                


                
Quiz

                

                    

                        
1. What should you never share?

                        
                        
                        
                    

                    

                        Show Answers
                        

                            
  1. Your private key

                        

                    

                


                

                    ← Back to Lessons

// Lesson 03: Managing Keys

×

List Your Keys

# List secret keys
gpg --list-secret-keys

# List all keys
gpg --list-keys

# List keys with fingerprints
gpg --fingerprint

Export Your Public Key

# Export public key to file
gpg --armor --export your@email.com > public-key.asc

# Export secret key (backup!)
gpg --armor --export-secret-keys your@email.com > secret-key-backup.asc

Import Keys

# Import a public key
gpg --import keyfile.asc

# Import from keyserver
gpg --keyserver keyserver.ubuntu.com --search-keys user@email.com

Delete Keys

# Delete public key
gpg --delete-keys your@email.com

# Delete secret key
gpg --delete-secret-keys your@email.com

Quiz

1. What command lists your secret keys?

Show Answers
  1. gpg --list-secret-keys
← Back to Lessons

// Lesson 04: Encrypting Files

×

Encrypt for Yourself

# Encrypt a file (defaults to .gpg)
gpg --encrypt myfile.txt

# Encrypt with specific recipient
gpg --encrypt --recipient your@email.com myfile.txt

# Encrypt symmetrically (password only)
gpg --symmetric myfile.txt

# ASCII armored output (for email)
gpg --armor --encrypt --recipient your@email.com myfile.txt

Encrypt for Multiple Recipients

gpg --encrypt \
    --recipient alice@example.com \
    --recipient bob@example.com \
    myfile.txt

Quiz

1. Which flag specifies the recipient?

Show Answers
  1. --recipient or -r
← Back to Lessons

// Lesson 05: Decrypting Files

×

Decrypt a File

# Decrypt to stdout (view content)
gpg --decrypt secret.txt.gpg

# Decrypt and save to file
gpg --decrypt --output original.txt secret.txt.gpg

# Decrypt (gpg automatically finds your private key)

Decrypt Symmetric Files

# You'll be prompted for the passphrase
gpg --decrypt secret.txt.gpg

Batch Decryption

# Decrypt all files in a directory
for file in *.gpg; do
    gpg --decrypt "$file" --output "${file%.gpg}"
done

Quiz

1. What command decrypts a file?

Show Answers
  1. gpg --decrypt
← Back to Lessons

// Lesson 06: Digital Signatures

×

Why Sign?

Signing proves that:

  • The file came from you
  • The file wasn't modified
  • You genuinely sent a message

Sign a File

# Create detached signature
gpg --sign myfile.txt

# Detached signature (separate .sig file)
gpg --armor --detach-sign myfile.txt

# Clear signature (readable + signature)
gpg --clearsign message.txt

Sign Without Encrypting

# Sign (can be read, proves it's from you)
gpg --local-user your@email.com --sign document.pdf

Quiz

1. What does signing prove?

Show Answers
  1. That the file came from you / authenticity
← Back to Lessons

// Lesson 07: Verifying Signatures

×

Verify a Signature

# Verify a signed file
gpg --verify signed-file.gpg

# Verify and extract
gpg --decrypt signed-file.txt.gpg

# Verify detached signature
gpg --verify file.sig file

Trust Models

  • Web of Trust: You trust keys signed by people you trust
  • Trust Levels: Unknown, None, Marginal, Fully, Ultimate

Set Trust

# Edit key trust
gpg --edit-key user@email.com
trust
5  # Ultimate
quit

Quiz

1. What command verifies a signature?

Show Answers
  1. gpg --verify
← Back to Lessons

// Lesson 08: Key Servers

×

What are Key Servers?

Key servers store and share public keys, making it easy for others to find your key and encrypt messages for you.

Popular Key Servers

  • keys.openpgp.org
  • keyserver.ubuntu.com
  • pgp.mit.edu

Publish Your Key

# Upload to keyserver
gpg --keyserver keys.openpgp.org --send-keys your@email.com

# Search for a key
gpg --keyserver keys.openpgp.org --search-keys user@email.com

# Import found key
gpg --keyserver keys.openpgp.org --recv-keys KEYID

Quiz

1. What should you never upload to key servers?

Show Answers
  1. Your private key
← Back to Lessons

// Lesson 09: Email Encryption

×

Why Email Encryption?

Email is inherently insecure. GPG encrypts the content so only the recipient can read it.

Thunderbird Setup

  1. Install Thunderbird
  2. Go to Settings → Account Settings → End-to-End Encryption
  3. Add your GPG key
  4. Enable encryption by default

GPGTools for macOS

# Install GPGTools
brew install --cask gpgtools

# This adds GPG support to Mail.app

Command Line Email

# Encrypt email body
echo "Secret message" | gpg --armor --encrypt --recipient recipient@email.com

# Use mutt with GPG
# Add to ~/.muttrc:
set pgp_use_gpg = yes

Quiz

1. What does email GPG encryption protect?

Show Answers
  1. The email content (body)
← Back to Lessons

// Lesson 10: Backing Up Keys

×

Why Backup?

If you lose your private key, you can never decrypt your files. If someone gains your private key, they can impersonate you.

Export Keys for Backup

# Export public key (safe to share)
gpg --armor --export your@email.com > public-key.asc

# Export secret key (KEEP SECURE!)
gpg --armor --export-secret-keys your@email.com > secret-key.asc

# Export subkeys only
gpg --armor --export-secret-subkeys your@email.com > subkeys.asc

Paper Backup

# Print paper backup
gpg --armor --export-secret-keys your@email.com | paperkey | a2ps | ps2pdf - > key.pdf

# Or use QR codes
# apt install qrencode
gpg --armor --export your@email.com | qrencode -o key.png

Revocation Certificate

# Generate revocation certificate NOW
gpg --output revocation-certificate.asc --gen-revoke your@email.com

# Store this safely. Use it if key is compromised.

Quiz

1. When should you create a revocation certificate?

Show Answers
  1. Immediately after generating your key
← Back to Lessons

// Lesson 11: Subkeys & Expiration

×

Why Subkeys?

  • Separate signing and encryption
  • Revoke subkeys without replacing master key
  • Use subkeys on daily devices

Create a Subkey

# Edit your key
gpg --edit-key your@email.com

addkey
# Choose RSA (4096)
# Set expiration
# Save

save

Set Expiration

# Edit key
gpg --edit-key your@email.com

# List keys
list

# Select subkey
key 1

# Set expiration
expire

# Save
save

Key Rotation

Best practice: Create new encryption subkeys yearly. Keep your master key safe.

Quiz

1. What is the benefit of subkeys?

Show Answers
  1. Can revoke without replacing master key
← Back to Lessons

// Lesson 12: Advanced GPG

×

Hardware Keys (Smartcards)

Store your private key on a smartcard or YubiKey for maximum security.

  • Key never leaves the device
  • Protected by PIN
  • Works on any computer

YubiKey Setup

# Install yubikey-manager
brew install yubikey-manager

# Configure GPG on YubiKey
ykman openpgp keys import

GPG with Tor

# Use keyserver through Tor
gpg --keyserver hkps://keys.openpgp.org --search-keys user@email

# Configure in ~/.gnupg/gpg.conf
keyserver hkps://keys.openpgp.org

Best Practices

  • Use 4096-bit RSA keys
  • Set expiration (1-2 years)
  • Never share private key
  • Back up revocation certificate
  • Use unique passphrases
  • Consider hardware keys

Congratulations!

You've completed the GPG Mastery guide. You now understand:

  • GPG fundamentals and cryptography
  • Generating and managing keys
  • Encrypting and decrypting files
  • Digital signatures
  • Verifying signatures
  • Key servers and publishing
  • Email encryption
  • Backing up keys
  • Subkeys and key rotation
  • Hardware security
← Back to Lessons

// Why GPG

GPG is the gold standard for encryption. It's used by journalists, activists, developers, and anyone who values privacy.

Unlike proprietary encryption, GPG is open source and audited. Your keys are yours—there's no company that can hand them over to authorities.

Encrypt. Sign. Verify. Own your data.

// Tools & References

GPG Documentation

Official GPG Manual

gnupg.org

OpenPGP Standard

RFC 4880

RFC 4880

Keys OpenPGP

Key Server

keys.openpgp.org

GPGTools

macOS GPG

gpgtools.org

Gpg4win

Windows GPG

gpg4win.org

YubiKey

Hardware Key

yubico.com