Public keys are like locks while secret keys are like real keys.
You can lock a file with your own lock (public key) so that only you, the owner of the key, can unlock that file.
By the same token, if someone wants to send you some files, to make sure that those files can reach you securely, you can just send the same lock to the sender in advance so that the sender can lock those files up before he or she sends it to you and only you can unlock the file with your key.
To forge a new pair, run gpg --gen-key
To see all the locks and keys you have available, run gpg --list-keys
To forge a duplicate lock (so that you can send somebody), run gpg --armor --export your@email.com > file.key
, where armor
asks gpg to fetch your public key (stored in binary) and turns it into ascii text that you can save to a new file (you can also use name instead of email to export a key, and if you want private key, use --export-private-key
instead)
If somebody sends you his or her lock, run gpg --import file.key
to put the lock in a safe place, and the key will then show up in your key list
If you think you are already done with someone and not going to send him anything anymore, you can remove his lock from your like, run gpg --delete-key his@email.com
or gpg --delete-key 'his name'
(if you want to delete your own lock, you must remove your own key first, that is, your private key, to do this, run gpg --delete-private-key 'your name'
To lock a file, run gpg --out file.encrypted --encrypt file
(if the file is for somebody else, you may want to add --recipient name or email
too)
To unlock a file, run gpg --out file --decrypt file.encrypted