An encryption key such as GPG's may be used to sign and encrypt communication from and to a sender, the key owner. The key owner, the only one who's got the secret key and its passphrase, can sign and decrypt a message encrypted with such key. Another person who wanted to send me encrypted information could use my public key to encrypt a message and I, and only I, could be able to decrypt the message. That's just the basics and, if you're interested, you could read the GPG User Guide to dig into this subject.
There also exist software which can ease you life with these keys:
- Some desktop systems come with an integrated key manager that lets you create, sign, encrypt and decrypt files and mail with a bunch of clicks.
- Some mail client come with similar functionality built-in or via some plugins, such as Evolution or the Enigmail plugin for Thunderbird.
Setting up SolarisDepending on the Solaris version you're running, maybe you'll need some extra step to set up GPG:
- Solaris up to version 10: GPG isn't bundled with the OS nor is available in the Companion Software. To install GPG, follow Blastwave's instructions to set up your system and, optionally, follow my instructions to set up a special Blastwave zone. During the recommended Blastwave configuration you'll install GPG (CSWgnupg), too.
- Solaris Express Community Edition and OpenSolaris-based distros: GPG is (should be) bundled with the OS.
Creating your keyAs we said, the first thing you need is a key. You can make one with gpg:
$ gpg --gen-keyand after answering a bunch of questions you'll get your shiny little key
Distribute your keyUnless you're going to encrypt files for yourself, the next thing you've got to do to use your key at full power is distributing it (only the public part of it) to whoever may be interested in:
- Reading something you signed.
- Sending you encrypted information.
$ gpg --send-keys key-id --keyserver hkp://subkeys.pgp.net/Please note the following:
- Instead of your key-id you could use your name, which was provided to GPG during the key creation phase. If you prefer to know and learn your key-id, you can ask gpg with the --list-keys option.
- There are many keyserver out there, use the one you like most!