Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

3.5. GNU Privacy Guard (GPG)

GnuPG (GPG) is an open source version of PGP that allows you to sign and and also encrypt a file or an email message. This is useful to maintain integrity of the message or file and also protects the confidentiality of the information contained within the file or email. In the case of email, GPG provides dual protection. Not only can it provide Data at Rest protection but also Data in Motion protection once the message has been sent across the network. Refer to Section 3.1, “Data at Rest” and Section 3.2, “Data in Motion” for more information about these concepts.
GPG is used to identify yourself and authenticate your communications, including those with people you do not know. GPG allows anyone reading a GPG-signed email to verify its authenticity. In other words, GPG allows someone to be reasonably certain that communications signed by you actually are from you. GPG is useful because it helps prevent third parties from altering code or intercepting conversations and altering the message.

3.5.1. Creating GPG Keys in GNOME

To create a GPG Key in GNOME, follow these steps:
  1. Install the Seahorse utility, which makes GPG key management easier:
    ~]# yum install seahorse
  2. To create a key, from the ApplicationsAccessories menu select Passwords and Encryption Keys, which starts the application Seahorse.
  3. From the File menu select New and then PGP Key. Then click Continue.
  4. Type your full name, email address, and an optional comment describing who you are (for example: John C. Smith, jsmith@example.com, Software Engineer). Click Create. A dialog is displayed asking for a passphrase for the key. Choose a strong passphrase but also easy to remember. Click OK and the key is created.

Warning

If you forget your passphrase, you will not be able to decrypt the data.
To find your GPG key ID, look in the Key ID column next to the newly created key. In most cases, if you are asked for the key ID, prepend 0x to the key ID, as in 0x6789ABCD. You should make a backup of your private key and store it somewhere secure.