Posted on

Pretty Good Privacy (PGP) is one of the most widely used encryption methods used in the world. It was created by Philip Zimmermann in 1991 who believed that the right to privacy is “as apple-pie as the constitution“. GnuPGP, or GPG for short, implements the OpenPGP standard.

Uses of PGP

Encrypt data in transit: while being transferred between two locations (over the local network, internet, etc.) data can be encrypted to prevent a third party from being able to read / open a message

Encrypt data at rest: files sitting on a hard drive can be kept in an encrypted format so that it cannot be opened without providing a correct key

Digital signature: whether it’s a simple text message or a GitHub commit, a PGP signature can help prove “I wrote this”.

How I use PGP

verified commits datalad

From a practical standpoint, I use PGP encryption and signatures for programming and research purposes. Git is a software used for “version control”. Datalad is a newer software which “wraps” around git and git-annex. I will describe this in a future post. For now, in short, datalad helps you keep track of research data, including what changes have been made to the data set, who made them, and when they were made.

My PGP Public Key

You can quickly add my public key by pasting the following code into your terminal. It will automatically create a new file in your home directory called pranav-mishra-public.key (GPG key ID: 509C9F1324C7FCA8) You can verify that this is the same key I am using to sign commits at GitHub (Tip: you can check the GPG public key of any user by visiting 

<div class="wp-block-codemirror-blocks-code-block alignwide code-block"><pre>cat >> ~/pranav-mishra-public.key<<EOF
Pranav Kumar Mishra
Public PGP Key

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGLz/7kBEADGntyMMgvcwH1mM4VImUuBIz3/WpJ6HdvmLZ6G/4dbvuiMPjk4
Q63dAmdTMXC9gYTFchmal7hS9aWWUvY+zkfL+kwuyG2IG1WCJ/XW45QwbPk2kB14
9MH6XD38beQWjWvG2pwudmRNAuS0hBVykq27jVRRd+RVFrkF3Y6UXvVJdaPO4ta/
5JMD6naauOmnWOw2tMzIWlaUnI6hBi4kh75DgMa9VyvT4L3ItJFCppVivZqD0XMb
4COwth2o+wiXcKmskakZZiMw5AEpQ6NTXqOKkWh6uHdEQ0xe/wMpRbTsP0t6aCZO
95KrQqpmh7giyRBdcG070XrpY+u/bLnCCusdRr0XmjJv1vBSdZpVf7T9Mczekfnw
qJnJd0SDjnEmDFkz37D3CDSBRRwDMxJEZbMMWGcmGGqRc5NseOvQdVjeKZFvwZMv
3r0c/fv44pfg9zniygcJmCnwTNwsKxfXPsDfBP/5c+Pkdf0qWila+t4/TaMWemyA
AQxW6sfTag80lcuH++fSzfkXUsBb0RMfuVZg41xxfQyGrBqWuwf2Hk9JJIIwr6Vt
nbyPb1ZlZ3SzOk4fIih9EGfSb86WaHh9laBby5BNXfoRXJMFrRcSxgH+PoEcRG6f
Bs5x482Y4974Zv+gSXHcKiBnwChye5HNJrcLtnNCISx8PIhdty7B1CYxUwARAQAB
tD5QcmFuYXYgS3VtYXIgTWlzaHJhIChQcm90b25NYWlsKSA8cHJhbmF2bWlzaHJh
QHByb3Rvbm1haWwuY29tPokCVAQTAQoAPhYhBDX+miNqyA8/+CmaFVCcnxMkx/yo
BQJi8/+5AhsDBQkB4TOABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEFCcnxMk
x/yodMQQALVVKK7+V9rS07KQRs3kHVPB5+RiS85c8tgHSSalHjQPJy52+qg6I6Ou
BefrvqrBgsR0GqqrugbJTiDWt+ms5bFrUMR/mT1oRXJTOfYbY4Mijj+CtJJEXT5O
8XpNs+xApf+OepUdhZlAUEquwg26Gi9jGAn+K2YegjqRZQ4XXIin9mQ3jEJDVG0h
lDpQiCsfG9fntqhl9XiJaHu9AKR+R/jJNPRnK8AC/qKnIQjnC32AcOuGImHKFLVi
MOHLW/BdcniK4BmyJU5PSUT4lXzSX3mBr0VbnVoCOGaAlo3fPNiN7ua5rhNOV+3d
niwNiri3LZ7EO9wa6LJ6eG6cYTTzkhjIyvcbQ0tpyFvZz/3q/IaCDMqYAjbGl3JB
oFnCxqNfmxQf/W5ZDOY+lhAtuuh57NfBJdS+QdqycERgKLS4tIyQChjwycVnMFmu
NZelCm46FbPpUVw93K/LWjQ+KOZQ7gbsLHdpZhBOKWz5OHIxk2Pb9p3r4Ij6yhQL
bR/lXeOZt9vTh71ZTVJRiyb0yK2pfAESud3jrFyn4mmMu9YUnCbrxHmvRAdtl9Nq
kiPH81VXsPId+FkWE2K/vtWZcr6nWrzy9/GFzolQHhEaJenHGu72j2wItxcEve6I
QouNHWU+q7pYCp5udyDf3dHiawsV1/VJn7e1RctOZHpmSMM+16CWtE9QcmFuYXYg
S3VtYXIgTWlzaHJhIChHaXRIdWIpIDw2MjU2MjcxMitwcmFuYXZtaXNocmE5MEB1
c2Vycy5ub3JlcGx5LmdpdGh1Yi5jb20+iQJUBBMBCgA+FiEENf6aI2rIDz/4KZoV
UJyfEyTH/KgFAmL031gCGwMFCQHhM4AFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA
CgkQUJyfEyTH/KhD8BAAm5MKDUrdtH+cf4JosD+zF11TQgs2+xCJBq5rwlyemLjj
Q57+lKhEE/jKXKkVJIkR4ClVNzS0KOTTZzY+rMJdkHoPRlz9cNaxTNn4G6g6oaHL
1lDp9qUYYZ5xrdwUTaasW/3d6E1IoCGjcykp+H7b8WwZUmDRdt92UcQ4aX9+zBsY
0SpaL0daOkW2uqVUNTwZvg1SDWLoxlFAg+6Xw3j5KzCpBfndVJyF08LeWHk4MEbs
uxWu7hIG5L9MsRJzgYfgfd6/lpyHWDjq9HVF3OyurDljLWXRCNa/kl3xsajTUnQn
Otgy6VseoD7V+Ygtz8qb0ucaqFSnu9i0DqIE6kkD4OqrKCvMpYf6DkXlh/YRgj2N
Ja3gu48UeZZso00MIf/K9DxBVkqS13RUyHvUtmUCjCLBBVnKkWoWbDrgev8iSQmU
OXGJ6z4t+tGwadz5SzHXDe5ZzQEoVvVL7cDmFbkq8GrlFHXCFUaMghzwErtMToGN
ic2LUmH/UhgggNJUQQxSXSshBwpK94tXR9SQFYMEQYG7YhHW/v6o1xsnm3NfrVmV
AQPodl19s+3IBLA4u/eLiDtYUVmYZCeD8FFlKj1Uts4jL2Q6HOCvpuAEwz7b8ac2
yCeJVaWAqAQyDBRSuQ/EFVfV+tMQSVPSGhv00l/DGTMcP6WTj7iberM9ZY8m/SO5
Ag0EYvP/uQEQALk5XnMSRu5qPCdsW8yi+I5t5k4MjWIqd5fYMboRY4gs1fBuX9tb
lw9dHql/IfQ19Lnr/F8/MQqFyK+phHxqypK30kJ2SD262dl03MWEmUhlwczETCCj
+9h0RNylfDqQsyh8n/Q+UpyrfH5+X96jfh1nAzmm2JqysLNc7dYmqI1IBdJxbSmg
QhzNbM+H113TPdJJXg+5yROWnJo6lq68xp+dm5zdNb8vod9qOWCyC3mujRr9E5t4
3xJf51AowbFPzP2wEm9mY1vb/EgNZDPITngHATd4TI6kQhnvEM7pChRXzSrlbSTs
ZkQpyuPXiPKZzDic/l/O7lkcRvdFs9+Zuh52ZxKwHdskqD6V+iNP89REWQxVCFi0
5l6hk0d9Kqi9oprrgcFRg0kE8pkX7+PNJZRCQDfhfMz8Uy8uFRnm9bdQu3Gs8XD5
a3LTTk4QXGcQauW9l4fFqVHxFZApQn7fn1U9etJMaPaNLBMWTPjQGCVtaVe8c0zS
Fu5GAZ9/YrH2Of8UyksNpKykXaFrm35YUjWXP+hMFysBDoyXwzuGkYt/oCXf7ujw
relcWwwyipZ3zTrSlM3iD4ZUF99ykh7qaGTLVMQ7dHYI9ZGCr8GFrP5Zz5y0k0nI
MgHV0q4ZsuARlYlRZG50+nR0ab+NH9GKwGO9rqtCxxuVJbKjmFYJm7SlABEBAAGJ
AjwEGAEKACYWIQQ1/pojasgPP/gpmhVQnJ8TJMf8qAUCYvP/uQIbDAUJAeEzgAAK
CRBQnJ8TJMf8qGtCEACOtDYC8GgtCxKAfM8rPaASfjni07zLCBSUzjVkv6jMhBq5
/r/AFy71bI/4xzVZgVwjzoYlcLs95yR9qoL2GskBCvNmGwWYLbvCeyfb98GY0vY5
W1LmCsivhOZyMP18A6tbs0g3VMrKgQcWC+oRvrPKcTpD0llrSlqA98jlLtrZ/HNd
/Ym4sbZODjzsYHLxjX9SkL+6c0Jz0EOYLpKcsq+gPg5uGrIQxS/6rw3OoLWflapW
N5hz11CZBpAg8IYzfpY5gM7oENn/ZPnPiNpXu60cYZtpHqNEecwxw+VckZI6w5VF
ZPp5ct4x0CncjXO5luuhFj6kiGkz/FHYOWe1RB3Za3gXCYegF8CttKFKQtYrK2y+
e1uMIYIjqpGJeiypiUvHVvl1p3gb+vhdvl8YWNnQ86UGx9t+NapumtoyNt7ISwxf
iVXeG1tqWD6OUfKLUg1L4staKxuaBQwTGjj0ETMdeOtkAPIip3ZVTMnunsEeM3+o
xg5YyNAPlk+RRz/T/sNOe/vrA/1H1BX05HIx6LoisWTaUsZu6LIENM6nevsMOUoO
NtG+tm/HTWTnP2mkz67K6fAzOOF+MiOHA2mNKxMdxvCtvV5WZiQc4nk1L7t69oPh
5GeZPBErpviXylkWL97g++Zsp89zOE/eI00tMgGZQBCU4pdEhIgZS1M3txrYwg==
=8Owb
-----END PGP PUBLIC KEY BLOCK-----

Setting up GPG Agent and Terminal

cat >> ~/.gnupg/gpg-agent.conf<<EOF
default-cache-ttl 28800
# 8 hours
pinentry-program /usr/bin/pinentry
allow-loopback-pinentry
EOF

gpg-connect-agent reloadagent /bye

First, we configure the GPG-agent to remember our GPG password for 28800 seconds (8 hours). Without caching the GPG authentication, you will be asked to enter your GPG key’s password at each use. We are also configuring the location of the pinentry program, along with a setting to allow loopback pinentry. These settings are saved to a file located inside your home directory, at ~/.gnupg/gpg-agent.conf (the path expected by the GnuPG program).

Import keys

gpg --import ~/pranav-mishra-public.key
gpg --allow-secret-key-import --import private.key

After importing the keys, you can increase the level of ‘trust’ on the key. 

gpg --edit-key 35FE9A236AC80F3FF8299A15509C9F1324C7FCA8

If you are importing a private key, you will be prompted to enter the password to unlock the private key. You should not have to enter any password for importing public keys.

Inside the GPG shell:

gpg > trust
gpg > 5
gpg > y
gpg > q

Testing my key

You can check to see that everything’s been done properly by trying to decrypt a message which was encrypted with my private key. You can also get an idea of what a fully encrypted PGP message looks like!

cat >> testing_gpg.txt.asc<< EOF

-----BEGIN PGP MESSAGE-----

hQIMAzR/IkG0kvK9AQ//S5YUHatHuDtSVZxHQf1USx6chTf1wGJVBPEZ8q+K44oW
RhMepMjQ6rcVW84AWHiR5whLvfMDcfyqtBLHh9+zJsLvpllZAZ0RaYw2k1oWIPka
QVYjcBK3KlMthhOcWS+i5Xwvl5BTVqC5lbnEqnVTsA/brBLHz423TOoRbjFfeCgO
H1ptdPsKSdfBxkaDLLELQ3MlwFZA9jgkUloBR3OnAK0NJKRS4z5Ct2ofyS+Iy5VM
WExz1QswhMAbwoYclvhuEB0Sms/A5p6KyJjbUsPyksMJ4UTQFCkvFWNtWtvjpofc
khlq6suCtNHmFgP0FsbY/KnELzKGhTBn00pEfL4zSsVHchD/f8MIoKFL+/skBqhy
IyW+M5wOKPdaDUCy9ahlxhka+wg3/SvyWvQY1LWYoD41gq4hYwGiR/cBBG0ddFkJ
Vt9gQP6bYBH560A3nlUQ+EWybaCOj+5mTtMTFh0uHvZglUkweorcxwVs8ECmXiE0
KoJ9uqL3RergsVQUHZeX8TFHX9BQ759nCRM/ARqovAtdu3cBXR7udb7BhabzNM6z
z8fTTYWvZLWm+hWTAZ9iAUAHxfrfS9xTOGBTswM3lyrKJqINorLBA1SNa5o9YcyS
b2KijneLmh9Ndo959VAY34JFbxeCtVJ0ibqutEqNyh1ytLNdwDml8DV7a+I92JPS
6QFVttfm3+XH4SS4NUWUo9TNSmfJlg3j4dC1olYmjOqcdxSU2IeUyUXxYqVjOZvy
OxbyTMBcof/4+O2FeBeUbUwmm5/d8CzCYL5ZyRHXWpz+YmoFi6goXlbDNoD9U74K
ee+Gc22fyIzLIo6zP+U0eIFI1bwptgvu0YRQfN/NZcX3ZQ/oI9pfow0sArqpKp6q
PiKXp+l3IhlAzbeqLnQUQK4VyDKTaDbhongHoaxOE+U3rX6PwnB7DyYPoAuvyX2d
vxGdX+QZUPaMpEa5H+vmVQ6t+mIA9MFBXy01hTciko6+7Q+ypKI4cehtkno5TdNB
wGX/Kbamw5Jrxx9gAZDgzTdbww8IGSWN+E+WvFT84UyMshaKNe53QE1LKB1w6fmi
weQf4vJbTHju+0f3lT+EiXVaW6rre8nG3q1NZd6QfguM/hzjoOQ5DAFV2b3ymzGP
L/L7ZcWreM40pGv10No/Nb6F3wnWJq0vkXdQsFhdXtUf5dJRwA2Jip6oYa0fR061
4M/JqxNlFTC/DbpMgngEyX3DQ6P3BeNGbLC/mj27y2OHOo16vKh4xdykqiTY8ZMP
bt7d5cb0lkAyNesmg7KXi/M2ifE1REf/afKPceBRaG77I88vPAsNyEYBwu3AIgR5
9wgx6HFuIWJr6mJiQ8k6fJNB6eKVOmOhrFWvbRDJZE9lwH9MIAb1eMoM0+6K8VH0
fUsASPGP7Iz/jUYDJoz/zEYaJEujCgKaca/WEfjzt1DEKeieKj5MZwURnE/fQodG
NZ+rHBRN0b8bwJTISAHx9qH57pNUWQggNJ9C3xFa967OXU0gl8OKf1v3PcqQPra6
q9TZoSwmKxXj7clHZ+2pkbvkzgdtTRVW0qAk8pXwHUrBSAADFi8fKd+hcxV7g0cg
xPvVzRI6KDla05gfOg7qFSpaoxrcTv7LsbqM7sRdm8DVLfPtQsDyMafwWislvtd4
0S/dO/kMY+QAKj2GMYB6qOVTaHuPfAgDekWlb5EC5P0+ZcVh8R8Y+fRdwQOzudwC
gj0B9P6tUjLVkuEacD4R+2aD3X8b8UlKxnTYXpcGe8PMahStR1CBPfLnTXABr3y+
KnMTCxS8Hmta/Ty9u0PsvIMO
=Bl1s
-----END PGP MESSAGE-----
EOF

Next, decrypt the file with

gpg -d -a testing_gpg.txt.asc

If you see the following message, everything went well:
gpg: encrypted with 4096-bit RSA key, ID 347F2241B492F2BD, created 2022-08-10
“Pranav Kumar Mishra (ProtonMail) [email protected]
If you are reading this message, you have successfully installed the GPG secret key for Pranav Mishra [email protected]
gpg: Signature made Fri Jan 6 03:07:19 2023 UTC
gpg: using RSA key 35FE9A236AC80F3FF8299A15509C9F1324C7FCA8
gpg: Good signature from “Pranav Kumar Mishra (ProtonMail) [email protected]” [ultimate]
gpg: aka “Pranav Kumar Mishra (GitHub) <[email protected]>” [ultimate]

Cleanup

You can securely delete the created / downloaded files with:

shred -u pranav-mishra-public.key testing_gpg.txt.asc private.key
ls