Using GPG to encrypt messages (like email)

 _   _        _
| | | |  ___ (_)  _ _    __ _
| |_| | (_-< | | | ' \  / _` |
 \___/  /__/ |_| |_||_| \__, |
                        |___/

  ___   ___    ___
 / __| | _ \  / __|
| (_ | |  _/ | (_ |
 \___| |_|    \___|


 _
| |_   ___
|  _| / _ \
 \__| \___/


                                       _
 ___   _ _    __   _ _   _  _   _ __  | |_
/ -_) | ' \  / _| | '_| | || | | '_ \ |  _|
\___| |_||_| \__| |_|    \_, | | .__/  \__|
                         |__/  |_|


 _ __    ___   ___  ___  __ _   __ _   ___   ___
| '  \  / -_) (_-< (_-< / _` | / _` | / -_) (_-<
|_|_|_| \___| /__/ /__/ \__,_| \__, | \___| /__/
                               |___/

  __  _   _   _
 / / | | (_) | |__  ___
| |  | | | | | / / / -_)
| |  |_| |_| |_\_\ \___|
 \_\

                      _   _  __
 ___   _ __    __ _  (_) | | \ \
/ -_) | '  \  / _` | | | | |  | |
\___| |_|_|_| \__,_| |_| |_|  | |
                             /_/

╔─*──*──*──*──*──*──*──*──*──*──*──*──*──*──*──*─╗
║1   ........................................   1║
║2*  ........................................  *2║
║3   ........................................   3║
║1   ...........Posted: 2024-12-30...........   1║
║2*  ............Tags: security .............  *2║
║3   ........................................   3║
║1   ........................................   1║
╚────────────────────────────────────────────────╝

I wanted to email phrack, but their contact info specifies the use of a public
key/GPG. So I wanted to send them a GPG-encrypted/signed email message! Here's a
guide on encrypting/signing arbitrary text content with GPG.

I downloaded their public key as `phrack.asc`

https://phrack.org/contact

This is for staff(at)phrack[DOT]org

## encrypting a message for them

then i imported the public key: `gpg --import phrack.asc`

then make a message like `email.txt` and then:

```
gpg --encrypt --armor -r [email protected] email.txt
```

then copy its contents and paste into the body of email (or attach it). i just
pasted into claws mails as plaintext

don't forget to sign it! signing it is just letting them know it actually came
from you, they'll be able to view it without knowing your public key. like this:

```
gpg --encrypt --sign --armor --local-user [email protected] -r [email protected] email.txt
```

## keep your key updated!

if you need to update your key (you should keep it updated!) make a message
that's signed.

first create the new key with `gpg --full-generate-key` or whatever. then write
a message like this `key-update.txt`:

```
I, [email protected], am transitioning to a new PGP key. My new key fingerprint is:

[NEW_KEY_FINGERPRINT]

This message is signed with my old PGP key to prove my identity.
```

sign the statement with this:

```
gpg --sign --armor --local-user someidhere key-update.txt
```

This creates a signed file, key-update.txt.asc, that anyone can verify using
your old public key. then others can:

```
gpg --verify key-update.txt.asc
gpg --import new-public-key.asc
```

Don't forget to revoke the old key if not used:

```
gpg --output revoke.asc --gen-revoke <OldKeyID>
```

I'm not going to get into keyservers.

Set key expiration.

You may also want to add your key for decrypting the message you sent as well.

You are viewing proxied material from gopher.someodd.zip. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.