For both versions, the user guide is the same, but the installation differs a bit. Download WinGPG here. The installation has been completed, and a new icon appeared in Windows tray:. Click on tray icon, and import the key as described below:. This is the main WinGPG window. In case you already have used GPG-based software before, your keys will be imported automatically; otherwise, there will be an empty list. The GPG key will be imported into the system. Now you have your password protected private key and you need to make it default, as follows:.
Great, now you have everything configured. Do not forget to import all known public keys into WinGPG system, you might need as many keys as you have recipients. The last step you need to extract your public key from the system and send it to all your recipients or publish somewhere like the corporate portal, so everybody will able to get your public keys , as follows:. Every time you want to send encrypted data for somebody, select their public keys from the list multiple selections allowed.
Do not forget to add yourself if you want to read back your encrypted texts. Encryption does not need anything, decryption needs your private key and might ask for the password for your key.
Enlico Enlico 7 7 bronze badges. Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password. Post as a guest Name. Email Required, but never shown. The Overflow Blog. Stack Gives Back Safety in numbers: crowdsourcing data on nefarious IP addresses. Featured on Meta. New post summary designs on greatest hits now, everywhere else eventually.
Related Hot Network Questions. Question feed. These flags give additional information about each key signature. From left to right, they are the numbers for certificate check level see --ask-cert-level , "L" for a local or non-exportable signature see --lsign-key , "R" for a nonRevocable signature see the --edit-key command "nrsign" , "P" for a signature that contains a policy URL see --cert-policy-url , "N" for a signature that contains a notation see --cert-notation , "X" for an eXpired signature see --ask-cert-expire , and the numbers or "T" for 10 and above to indicate trust signature levels see the --edit-key command "tsign".
Locate the keys given as arguments. This command basically uses the same algorithm as used when locating keys for encryption and may thus be used to see what keys gpg might use. In particular external methods as defined by --auto-key-locate are used to locate a key if the arguments comain valid mail addresses.
Only public keys are listed. The variant --locate-external-keys does not consider a locally existing key and can thus be used to force the refresh of a key via the defined external methods. If a fingerprint is given and and the methods defined by —auto-key-locate define LDAP servers, the key is fetched from these resources; defined non-LDAP keyservers are skipped.
This commands takes OpenPGP keys as input and prints information about them in the same way the command --list-keys does for locally stored key. In addition the list options show-unusable-uids , show-unusable-subkeys , show-notations and show-policy-urls are also enabled.
As usual for automated processing, this command should be combined with the option --with-colons. List all keys or the specified ones along with their fingerprints. This is the same output as --list-keys but with the additional output of a line with the fingerprint. May also be combined with --check-signatures.
If this command is given twice, the fingerprints of all secondary keys are listed too. This command also forces pretty printing of fingerprints if the keyid format has been set to "none".
List only the sequence of packets. This command is only useful for debugging. When used with option --verbose the actual MPI values are dumped and not only their lengths. Note that the output of this command may change with new releases. Present a menu to work with a smartcard. The subcommand "help" provides an overview on available commands.
Present a menu to allow changing the PIN of a smartcard. This functionality is also available as the subcommand "passwd" with the --edit-card command. Remove key from the public keyring. In batch mode either --yes is required or the key must be specified by fingerprint. This is a safeguard against accidental deletion of multiple keys.
If the exclamation mark syntax is used with the fingerprint of a subkey only that subkey is deleted; if the exclamation mark is used with the fingerprint of the primary key the entire public key is deleted. Remove key from the secret keyring. In batch mode the key must be specified by fingerprint. The option --yes can be used to advise gpg-agent not to request a confirmation. If the exclamation mark syntax is used with the fingerprint of a subkey only the secret part of that subkey is deleted; if the exclamation mark is used with the fingerprint of the primary key only the secret part of the primary key is deleted.
Same as --delete-key , but if a secret key exists, it will be removed first. The public keys are intended to be just that, public, and there are many systems that broadcast these public keys for discovery purposes.
After installing GPG, if your OS did not come with it already installed, you will first need to generate your own key pair. While not necessary if only encrypting a file for another user, it will be necessary to receive encrypted data or to sign data.
To generate a key pair, run the following command:. After running the command, you will be given a few options to select from shown in the screenshot below. Unless you have a narrowly focused use case, for all intensive purposes go with the default option, RSA and RSA for both signing and encryption. Some modern systems prefer and some older hardware devices require , so it really depends on your situation.
For this example we will go with the default of Note that is no longer considered secure. It is always a best practice to not have key material laying around forgotten about or unprotected, so use wisdom in selecting an expiration for you key. Many times the pragmatic choice is to not have an expiration and to just revoke the key later if it will not be used any longer. You will then be prompted to provide identity data including a name, email address, and any comments.
Key generation will proceed using entropy requiring the use of the keyboard or mouse in order to gain enough entropy. In addition to the key being generated, a revocation certificate will be generated along with your public and private key.
You may specify a keyserver with an email address to discover a key. There are many different keyservers, and this example will use the commonly used MIT public key server located at pgp. Here is an example of searching the keyserver:. After discovering the keys, a list will be shown allowing you to select which key to import for later usage. Occasionally your local database of gpg keys may be out of date and need to be refreshed with a keyserver.
You can ask gpg to update your copy. To do so, run the following command:. In addition to importing a key from a keyserver, you can also export your newly generated public key to the keyserver for discovery by other users.
0コメント