First off, two questions: Why are you using GnuPG 1.4 by the way? It's generally only recommended for server deployments rather than end-users. For desktop use, 2.0 and 2.1 are often a better choice.
And are you sure GnuPG 1.4 is the only GnuPG on your system? 1.4 and 2.0 will happily work together, but 2.1 doesn't combine well with 1.4. If some of the tools you use actually use 2.1 and others use 1.4, confusion may arise. Often, GnuPG 1.4 will nonetheless be installed on your Linux system. For instance, the package manager might use it to verify the signatures on the package lists of your distribution. This is another use case for 1.4: not for the people with user accounts but for the system itself. On 30/01/17 04:04, Reid Vail wrote: > I have two email addresses. I'm to send an encrypted message from my gmail > address to my runbox address just to test and to make sure I understand the > steps, > and to be sure I have the right tools loaded. If you don't have anything worthwhile in your GnuPG installation, you could radically start anew by just $ cd ~ $ rm -r .gnupg >From the command line, you would create a key with $ gpg --gen-key and follow the prompts. In your setup, you would do it twice, once for both e-mail addresses. However, note that you could also create one key and associate both e-mail addresses with that one key. Many people have one key to rule them all, with as many associated identities as they like. A lot can be said on key expiry and revocation certificates. I'm going to be brief and without justification recommend a key expiry of 2 years and generating and keeping safe a revocation certificate with for example: $ gpg -o revoc.asc --gen-revoke [KEYID] Give no reason and no comment, since you don't know right now why you might use it in the future. If you generated a key, it will just be available on your keyring and already be valid. Trust needs to anchor somewhere, there has to be some initial step where you simply state "this is trusted". For OpenPGP, that's on your own keys. With GnuPG, this is done by assigning "ultimate" ownertrust to keys (here, your own keys). So you don't need to sign your own keys if it is just for your own consumption. You could still sign your own keys with your other own keys to indicate to other people that you are saying you are really you. (You have to love the sentences you get when talking about your multiple disjoint identities! :-) If however you need to spread your own keys to several of your own systems, you'd use $ gpg -o my_sec.gpg --export-secret-key [KEYID] then transfer my_sec.gpg to the second system and there: $ gpg --import my_sec.gpg followed by (this is important): $ gpg --edit-key [KEYID] trust and assigning ultimate trust to the imported key. GnuPG does this automatically for keys /created/, not for keys /imported/. In general, do this just for your own keys. If you will habitually use one key and only incidentally the other, you'd put the following in your gpg.conf: default-key [KEYID] This will tell GnuPG that of the several private keys, it should use that one to make signatures. If you have only one private key (even if it has multiple associated identities, one for GMail, one for Runbox), you do not need this. To encrypt to your GMail account from the command-line, do: $ echo Hi to myself >test.txt $ gpg -r rsv...@gmail.com -e test.txt You now have an encrypted file test.txt.gpg. You are not prompted for a passphrase since this is a public-key-only operation: it just needs the public key of rsv...@gmail.com, which is not encrypted data. However, if you also want to sign with rsv...@runbox.com, you'd do: $ gpg -u rsv...@runbox.com -r rsv...@gmail.com -se test.txt Now it will ask for a passphrase since you are signing it with the Runbox key. If you had the Runbox key as a default-key in gpg.conf, you could simply do: $ gpg -r rsv...@gmail.com -se test.txt If there is a default-key in gpg.conf but you wish to sign using the other this time, use the -u [KEYID] to choose which key to sign with. To decrypt this file, you'd do: $ gpg test.txt.gpg which will prompt for the GMail key passphrase because that is the key it was encrypted to. It will deliver a file called test.txt, and if it was signed, it'll say so in the output. Hopefully this helps you get started a bit. Note that if you decide you want one key with both e-mail accounts associated, you would add the second identity with: $ gpg --edit-key [KEYID] adduid You can just encrypt to yourself even with just one key, but if you want, you can also send me an encrypted mail off-list and I will tell you whether it could be decrypted or not. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
