This howto shows how to install the GNU Privacy Guard and create a PGP Key Pair.
Pretty Good Privacy (PGP) is a data encryption and decryption program that provides cryptographic privacy and authentication for data communication. It’s commonly used for securing emails, ensuring that only the intended recipient can read the message.
How to install Install PGP and generate a PGP Key Pair
Install PGP using apt.
Use gpg command line to generate a Key Pair
Use gpg command line –export and –export-secret-key to export the keys
Use gpg command line –delete-secret-key and –delete-key to export the keys
To install in Ubuntu, update the repository and install the package
sudo apt update sudo apt install gnupg
Check that the GnuPG package has been installed
gpg --version gpg (GnuPG) 2.2.27 libgcrypt 1.9.4 Copyright (C) 2021 Free Software Foundation, Inc. License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /root/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2
There are multiple ways to generate PGP Key Pairs depending on the needs. See How to Manage Your Keys for additional options.
Specify the Name of the user, its e-mail address (IT Wonder Lab [email protected]), type of key (default = rsa), key size (default = 3072), and expiration (never).
Parameters –quick-generate-key –passphrase ” –batch are used to avoid questions from gpg.
gpg --quick-generate-key --passphrase '' --batch "IT Wonder Lab <[email protected]>" default default never
For advance selection of algorithm use the interactive key generation
gpg --full-generate-key gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (14) Existing key from card Your selection? 1 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (3072) 4096 Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 0 Key does not expire at all Is this correct? (y/N) y GnuPG needs to construct a user ID to identify your key. Real name: IT Wonder Lab Email address: [email protected] Comment: IT Wonder Lab Tutorial 3 You selected this USER-ID: "IT Wonder Lab (IT Wonder Lab Tutorial 3) <[email protected]>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy
gpg -k for listing the generated keys
gpg -k /home/user/.gnupg/pubring.kbx ------------------------------ pub rsa3072 2023-11-14 [SC] 4FFFF70506DFFCA9AC9303B811E695F8A4A14CB4 uid [ultimate] IT Wonder Lab (IT Wonder Lab Tutorial) <d[email protected]> sub rsa3072 2023-11-14 [E]
Export the keys using
--export-secret-key with the email used for the key.
gpg --export [email protected] > ditwl_infradmin_gpg_public.key gpg --export [email protected] | base64 > ditwl_infradmin_gpg_b64_public.key gpg --export-secret-key -a ditwl[email protected] > ditwl_infradmin_gpg_private.key
Convert the public key to base64 for usage in Terraform:
cat ditwl_infradmin_gpg_public.key | base64 > ditwl_infradmin_gpg_b64_public.key
--delete-key with the email used for the key to delete the key pair.
$ gpg --delete-secret-key [email protected] $ gpg --delete-key [email protected]
IT Wonder Lab tutorials are based on the rich and diverse experience of Javier Ruiz, who founded and bootstrapped a SaaS company in the energy sector. His company, which was later acquired by a NASDAQ traded company, managed over €2 billion per year of electricity for prominent energy producers across Europe and America. Javier has more than 20 years of experience in building and managing IT companies, developing cloud infrastructure, leading cross-functional teams, and transitioning his own company from on-premises, consulting, and custom software development to a successful SaaS model that scaled globally.