GPG (GNU Privacy Guard): Part 7

Wouldn’t hurt to know how to sign and verify a digital signature, bruh.

Previous

GPG (GNU Privacy Guard): Part 6

Sign a Message or Document

To sign a document or message with a digital signature using GPG, make sure you have GPG installed on your computer and have generated a GPG key pair. If you have not done this yet, you can follow along in the previous parts.

Create the document or message you want to sign. This can be a file or some text that you enter on the command line.

echo "Hello, this is secure and private message." > message.txt

Run the following command to create a digital signature:

gpg --sign message.txt

You may be prompted to enter your passphrase to unlock your private key.

If the signing process was successful, GPG will create a new file that contains the signed document or message. The file will have the same name as the original file, with the extension .gpg added. For example, if you signed a file called message.txt, the signature file will be called message.txt.gpg.

Note

You can also encrypt, sign, and include armor with your message that will save it as a .asc extension. The end user will need to run gpg --decrypt in order to see the sign message.

gpg --encrypt --recipient [email address] --sign --armor message.txt

Verify a Signature

To verify a digital signature, you will need the signed document or message, as well as the public key of the person who signed it.

Import the public key of the person who signed the document. You can do this by running the gpg --import command and specifying the file containing the public key.

Run the following command to verify the signature:

gpg --verify message.txt.gpg

GPG will verify the signature and report the results. If the signature is valid, it will indicate that the signature is good in the last line of the console output: gpg: Good signature from ...

GPG Series

GPG (GNU Privacy Guard)