Use GPG to send secret

Story: Troy needs to send a secret text file to Joe, here is how to do it with GPG.

GPG: GNU Privacy Guard.

Prerequisite for both sides:

• install homebrew: https://brew.sh/
• install gpg: brew install gnupg

Overview:

• Joe, the receiver, needs to generate gpg key pair, and give the public key to Troy, the sender.
• Troy uses Joe's GPG public key to encrypt the secret text file, and send the encrypted file to Joe
• Joe decrypt the file with his private GPG key, which only he knows and never sent to any one else.

Details:

Joe:

• generate gpg key: gpg --full-generate-key
• list existing keys: gpg --list-secret-keys --keyid-format=long
• The GPG key id is the part on line sec ed25519/<key-id>, run this in terminal or add to bashrc: export GPGKEY=<key-id>
• publish your public key: gpg --send-keys --keyserver keyserver.ubuntu.com $GPGKEY (optional)
• export public key: gpg --armor --export $GPGKEY > joe.asc
• send joe.asc to Troy

Troy:

• import Joe's public key: gpg --import joe.asc
• list imported keys: gpg --list-keys, the full key name will be something like Joe Guo (Graviton) <[email protected]>
• encrypt the secret with Joe's public key: gpg -e -r "Joe Guo (Graviton) <[email protected]>" secret.txt, this will generate a secret.txt.gpg file
• send the gpg file to Joe

Joe:

• ensure you have: export GPGKEY=<key-id>, gpg will use it by default
• decrypt the secret: gpg -d secrets.txt.gpg

refs:

• https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key
• https://help.ubuntu.com/community/GnuPrivacyGuardHowto