Using GnuPG keys (What/Why-TO)

Using GnuPG keys (What/Why-TO)

Most articles on the topic start off by showing you HowTo-CREATE keys, and this is usually followed by some examples on HowTo-USE keys. The result for those of us that ain’t so clever, is utter bewilderment.

Hopefully this short explanation will alleviate a little of that confusion.

This article will cover the basics of GnuPG WhatTo/WhyTo.
I have split out the HowTo-CREATE keys. I will also split out the HowTo-USE keys.


  1. To ENcrypt a message (to YOU), the sender needs to have a public key for the recipient (ie. YOU).
    • They could get your public key from you (OK), or from a keyserver (Better! – if you uploaded your public key)
    • Public keys can (simplistically) ONLY encrypt messages (ie. they can’t decrypt [except, in a “special case” discussed below])

    Plain_Message + Recipients_Public_KEY{YOUR pubKey} = Encrypted_Message (to/for YOU)


  2. To DEcrypt a message, you need to have the private key (for the recipient [ie. YOU]).
    • ONLY you (we hope) have your private key – and it’s obviously stored in a
      safe place/way as per the HowTo create keys
    • Private keys can (simplistically) ONLY decrypt messages (ie. they can’t encrypt [except, in a “special case” discussed below])

    Encrypted_Message{with YOUR pubKey} + Recipients_Private_KEY{ie. YOUR pvtKey} = Decrypted_Message


  3. “Special Case”
    • Your public key is normally used to ENcrypt – and since the public key is public, ANYone can encrypt a message TO a recipient with it. In such a case, it would be possible for someone to pretend to be the sender
      • You (and technically ONLY you) can still DEcrypt such messages using your private key, but you can’t be sure it was actually sent by the person that you think it was sent by


    However, you CAN actually
    ENcrypt a message {with your PRIVATE key}
    and the recipient CAN
    DEcrypt the message {with your PUBLIC key}

    So what does this achieve? Why bother?


    ONLY YOU have your private key (well, so we hope)

    • any message ENcrypted with your private key … MUST have been sent “by the person with the private key” (hopefully just YOU)
    • it is safe for the recipient to assume that YOU SENT IT.


Leave a Reply

Your email address will not be published. Required fields are marked *

10 − eight =