Creating and Utilizing GNU-Privacy Guard (GPG) KEY

What is a GPG_KEY:

A GPG (GNU Privacy Guard) key is a type of encryption key used in public key cryptography. It consists of a pair of keys: a private key that is kept secret, and a public key that can be shared. The public key can be used by others to encrypt messages that can only be decrypted using the corresponding private key. This is often used for secure communication and data integrity verification.

How to create a GPG_KEY:

  1. Install the GnuPG tool. The method will be different across different operating systems.

  2. On your terminal run the command gpg --gen-key.

  3. Follow the prompts to set your name, email, and a passphrase.

Note: The above steps is the shorter and quicker approach, if you want to generate a gpg key with more options use the steps below.

Generating gpg key with more option:

The gpg --full-gen-key command is used to generate a new GPG key pair with more options than the basic gpg --gen-key command.

  1. Install the GnuPG tool. The method will be different across different operating systems.

  2. On your terminal run the command gpg --full-gen-key

  3. You'll be asked to choose the kind of key you want. Usually, you can choose the default (RSA and RSA).

  4. Next, you'll be asked for a key size. A larger key size is more secure, but also slower. 2048 bits is often good, but 4096 bits is more secure.

  5. Then, you'll be asked for an expiration date for your key. It's a good idea to set an expiration date, so that if you lose control of your key, it won't be usable forever.

  6. Finally, you'll be asked for user ID information (name, email) and a passphrase.

Remember to keep your private key secure and never share it with anyone.

What is a KEY Fingerprint:

A key fingerprint is a shorter version of a public key that is easier to handle. It's a kind of hash value that is unique for each key. It's used to confirm the authenticity of a public key, ensuring that it hasn't been tampered with. When you share your public key with someone, they can generate a fingerprint from it and compare it with your fingerprint to verify the key's integrity.

To get your GPG key fingerprint, you can use the command gpg --fingerprint [your-email], replacing [your-email] with the email address you used when creating the key.

To export your public key, you can use the command gpg --armor --export [your-email]. This will print your public key to the terminal, which you can then share with others. Remember, never share your private key.

What is a KEY_SERVER:

A key server is where you host/store your public key and anyone who wishes to use your public key to encrypt a message to you can access your public key easily (Remember it is shareable) with either your Email address Key ID or Key Fingerprint on the key server.

You can find a key server by searching on google.

Why is adding GPG_KEY to your git and github important:

Adding a GPG key to your git and github is important because whenever you make a commit to git and github your commit will be signed using your GPG key and when you push to github it will be tagged as a verified commit making your commit authentic and this is beneficial especially when contributing to an open source project and collaborations.

How to save your GPG_KEY on git and github:

On Github:

  1. Go to settings by clicking at the right profile picture icon on your github page.

  2. Go to ssh and gpg keys section

  3. Go to the GPG key section and click on add new GPG Key.

  4. Add your public key and submit.

NOTE: Github only allows a gpg key whose email is the same as their github email.

On Git:

On the terminal run these commands

  1. git config --global user.name [your name on github]

  2. git config --global user.email [your email on github]

  3. git config --global user.signingkey [your gpg key id] (visible on github where you added your gpg key)

  4. git config --global commit.gpgsign true

  5. git config --global tag.gpgsign true

  6. git config --global gpg.program [program path on your computer] (For example on linux it is "/usr/bin/gpg)

  7. git config --global --list (optional though, but it's useful for seeing your config list).

After following all these steps you can now make commits to git and github which will be signed and verified, when making your commit you will be asked to provide your gpg passphrase so remember that is useful for when making commits.

I hope with these steps and explanation you can understand what a GPG key is and its usefulness and also how to create your GPG key pair.

0
Subscribe to my newsletter

Read articles from Elebhose princewill directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Elebhose princewill
Elebhose princewill

I am a backend soft developer from Nigeria | I make technical and non-technical blogs and tweets.