1) Get GPG binary from www.gnupg.org -download gnupg-w32cli-1.4.3.exe (latest version of GPG as of 6/12/06)
2) Validate signature of downloaded file using “sha1sum.exe” program (“sha1sum.exe” is downloadable from the www.gnupg.org Web site as well; is command-line tool to show digital signatures of files)
run at Command Prompt: sha1sum.exe gnupg-w32cli-1.4.3.exe
provides digital signature which should match: abf49fa5dc71e291144780d47f2811d83ae5e1ba
(also see signature of file on www.gnupg.org Web site since this file could be corrupted, and the digital signature provided here is only for the specific v. 1.4.3 binary listed above)
3) Install GPG by double-clicking on it
Install using automatic installer
Once program is installed, update the PATH environment variable (from Windows Control Panel | System | Advanced | Environmental Variables | User Variables | Path so that it includes the “gpg.exe” binaries in the PATH. The program is installed by default to: C:\Program Files\GNU\GnuPG |
4) Some decent instructions can now by found in the GPG documents, particularly GnuPG.readme, and GnuPG.readme.Windows. You should read these documents.
5) Generate your own keys and keyring
gpg --gen-key`</code>`
At this time, you will be prompted to create a password for your use in encrypting and decrypting files. It will prompt you for a userid, comment, and email address...
6) Create a Public Key for sharing with others.
A person can readily share this public key by exporting it to an ASCII file--
`<code>`
gpg --export -a -o [[filename.asc]] [userid] `</code>`
(where userid might be your own userid, or in this case, typically your Windows account name. The output filename would be [[filename]].asc and is an ASCII format file that contains your public key). It is a good convention to use the filename extension of "asc" to indicate it is an ASCII (plain text) file.`<br>`
`<br>`
A public key in ASCII format (Which might be named "jones.asc" if your account name is "jones") looks something like this:
`<code>`
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.3 (MingW32)
3IP1ihLtj5WN1wyDYzEuXka2BmAAsxUdWD83rxryp6kWgMaeNl7LdwoCDdhG2mc4
j2HoF/tlK8HJm4NFJeKO1+szd26tNNrttrertetetewZ9AeqCxOMjA1Nqe+6oytwCgs9hM
ZJ7e3yaqpAUiq5Wobp1nevsD/3PbayZLswite79HYq44kca0KkSdu4xX3eidCVSMVD
klxixR9WgtO1BBht0iwJYJ9altKVpG5rte9esENFQcjUEGIIodrj+T4/CQb55wTA
pzbnIdkwQC4kXaGP0yESODMrJ+/yHetswtKVb3pPG7B/z62vPvYR1t56DmIvQUIHa
/hAA/95CkfskWQqp7HJPRnmZgEfertTixv62Mnpvj0WN1NhJ6wlTMACWAtW3H69Rdu
KyqlIsN9gf6KjFI6LK5c3sFZm/h0NrtVvfRzMhCXaXfwH2V7zG6774^%zAkTAglSJ/ROz
WLTvjFKhssUfFYi3BLTUNjvKUwE0mmyC4/lWpdqqvuXaDCA+yFfxvMWAKAuyW2hcK
OmR5110umgfds13AfUA4CqUlp0ofLAWQkZ/ayyPeNWByzcmJ97rbZBrwiFD3rlk6b/4O
kMZIY4hJBBgRAgAJBQJEjePdAhsMAAoJECyfSj2OwCxsbaAAn021bE16y0kyupnO
sUISZcZ6E4l1AdsgJ9l4/AU3NlUFvrWtjJfeuyaHU8yTA =====
# NzDLg
-----END PGP PUBLIC KEY BLOCK-----`</code>`
7) Import the keys of other people whom you trust. You must get their public-key (see step 6) for this.
Once someone has given you their GPG Public key, you must import it to your keyring:
`<code>`
gpg --import [[filename]]`</code>`
where [[filename]] might be something like "jones.asc"
8) Get general help with gpg options and usage
`<code>`
gpg --help`</code>`
9) Digitally sign a file
`<code>`
gpg -s [[filename]]`</code>`
Creates a GPG digitally-signed copy of that file, called [[filename]].gpg
* To encode the file in ASCII format for attachment to email, use
`<code>`
gpg -sa [[filename]]`</code>`
Which creates a GPG digitally-signed copy of that file in ASCII format, called [[Filename]].asc
10) Verifying a digitally signed file
If you get a GPG digitally-signed file, and want to verify who it is from--
`<code>`
gpg --verify [[filename]]`</code>`
11) Encrypt and sign a file
In order to both sign a file, and encrypt it so that only specified other users (for whom you have their public key) can decrypt it---
`<code>`
gpg -er [[recipients]] [filename]`</code>`
creates a file called [[filename]].gpg that is encrypted, and can be decrypted only by the person (recipient) whom you encrypted it for
`<code>`
gpg -ers [[recipient]] [filename]`</code>`
does the same as above, but also digitally signs it with your signature.
12) Decrypt a file
If someone sends you an encrypted file, intended for decryption by you--
`<code>`
gpg -o -d [[decrypted-filename]] [encrypted-filename]`</code>`
where the [[encrypted-filename]] typically has a ".gpg" extension
Long format:
`<code>`
gpg --output [[decrypted|-filename]] --decrypt [[encrypted-filename]] `</code>`
13. Seeing whose public keys are on your own keyring
`<code>`
gpg --list-keys (to see just the keys)`</code>`
14. How to assign levels of trust to keys in your keyring
TBD
15. Migrating your keys to another machine and/or operating system
TBD