Whenever using digital media to store any form of personal data (imagine writing a personal letter to a friend and sending it via e-mail to him or her) you have to be aware that everyone could be reading it. How can you protect your dreams, your thoughts and your knowledge ? One solution would be avoiding digital media but perhaps you like the comfort and the ease of working with computers ? Even written on plain paper your ideas are not well protected against attacks... An other solution is to use strong cryptography as GnuPG provides. With a little care about your behavior towards cryptography you can be quite sure that your secrets are very savely stored. Getting Started Generating A Key-Pair

To generate a pair of keys (public and secret key) you start GPG with the option --gen-key. After that you'll be prompted to choose your preferred combination of algorithms for signing and encrypting messages. You may either choose DSA and ElGamal (DSA for signing messages and ElGamal for encrypting them, this is the default, choose "1" if you want to generate such a key-pair), ElGamal for both (signing and encrypting messages, enter "2" if you want to choose this variant), ElGamal only for encrypting messages (choose "3") or just DSA (to only sign messages, choose "4"). The fifth possibility (ElGamal in a v3 packet) can be choosed for reasons of backward compatibility.

The next step is to choose the desired bit-length of one half of the key-pair. You may choose any bit-length you want (if it is greater that the minimum key size...) but keep in mind that the computations which are necessary to create really big keys are enormous and that it does not make much sense to choose key-lengths over 2048 bit (RSA Inc. says that ElGamal is as secure as RSA on comparable key-lengths. It takes years to even break a small 64-bit RSA key and every bit futher doubles the amount of time needed to break it...).

Now you are to choose whether your key should expire after some time or if it should be valid for all eternity. You should enter a value which makes sense to you and your usage of the key. You need a User-ID for your key, too. It is built up by your name, a comment and your e-mail address. If you would enter "Heinrich Heine" as your name, "(Der Dichter)" as the comment and "heinrichh@duesseldorf.de" as e-mail address the User-ID would be: Heinrich Heine (Der Dichter)

The last thing GPG wants to know is your personal pass-phrase. This pass-phrase is used to unlock your secret key (You can imagine of course that recalling thousands of bits or a long hexadecimal number would be very hard ...). You're asked twice to ensure that you haven't mistyped it. It should be clear that this pass-phrase should be quite long and should not be connected to yourself in any form (eg. your birthday or "coc-a-coola" are very bad ideas). Now GPG starts to calculate your personal secret and public key-pair. This may take a while (GPG prints neat little letters on your screen while doing so) and meanwhile you better do other things (GPG needs very strong random numbers, so you help it to get them by doing random things with your computer... No, hold it --- please do not fill coffee into the floppy-disk slot ! :) )After some time GPG should have created and signed your public and secret key. Now everything is prepared to use GPG. Signing And Verifying A Message

To sign a message you can pipe the message-body to GPG with the options -s -a -t or in short -sat. Encrypting And Decrypting A Message

... Generally Used Options

... Compatibility With PGP

... Additional Tools

... Options

...