Encryption and Digital Signatures using GPG (2024)

Jeroen Ooms

DISCLAIMER: Author is not an expert in cryptography(he is not an expert in anything really). Use this stuff at your ownrisk. If you find bugs or inaccuracies, please create an issue or PR onthe github repository.

GPG basics

The GNU Privacy Guard, also known as GnuPG orsimply GPG, is a popular open source OpenPGP (RFC4880)implementation. The system is widely trusted for securing integrity andconfidentiality of internet communications through various cryptographicmethods. GPG is used in Debian and Redhat to verifydownloads from package managers (apt, yum) and people like EdwardSnowden and GlennGreenwald use it to encrypt confidential emails.

Public key crypto

Like most modern crypto systems, GPG makes use of public key methods.You can easily generate a personal keypair which consists of a privatekey and corresponding public key.

Your private key is to be kept secret and needed tosign or decrypt messages. Thecorresponding public key should be made available toanyone that needs to verify your signature, orencrypt messages which can only be decrypted byyou.

Once we have someone’s public key, we can send them secure messagesand verify their signatures. However how do we find and authenticate thepublic key of a person or server if we have not talked to thembefore?

Web of trust

The complexity in public key systems derives from authenticatingpublic keys. If we can not trust our communication channel to be safe,we can only be sure that a public key belongs to given person if it hasbeen signed by someone that we do trust.

The major difference between GPG and PKI systems (such as HTTPS) ishow we authenticate public keys. HTTPS is based on a system withCertificate Authorities (CA). Anyone can create a keypair for anydomain/personal name, however we only trust public keys which have beensigned by an official CA. This CA is typically a commercial vendor whichverifies your identity (e.g.via a copy of your passport) and then usestheir own keypair to sign a certificate containing your public key andyour personal name / email / domain.

GPG uses a different system which does not distinguish between peersand authorities. In GPG, anyone can sign another persons key. The GPGuser determines which peers they choose to trust in their personalkeyring. For new peers, the GPG software helps you figure out which ofyour current peers has verified the identity of the new peer, perhapsindirectly via a third or fourth peer, and so on: a “web of trust”.

The easiest way to exchange public keys and key signatures is via akeyserver. GPG is compatible with existing PGP key servers. Theseservers mirror each other so most keys are available on either one. Thispackage automatically retrieves keys and signatures via thegpg_recv function.

GPG keyservers do not need HTTPS. One should only trust GPG keys onbasis of GPG signatures, regardless of how they were obtained. For thisreason it is also valid to share GPG public keys via e.g.a website oremail.

Your keyring

It is important to know which version of GPG you are running andwhere your home dir is. Your home directory contains your configurationand the keyrings. GPG defaults to your system keyring, which is the sameas the gpg command line utility and system package manageruse.

str(gpg_info())

List of 5 $ gpgconf: chr "/usr/local/bin/gpgconf" $ gpg : chr "/usr/local/Cellar/gnupg/2.3.6/bin/gpg" $ version:Class 'numeric_version' hidden list of 1 ..$ : int [1:3] 2 3 6 $ home : chr "/Users/jeroen/.gnupg" $ gpgme :Class 'numeric_version' hidden list of 1 ..$ : int [1:3] 1 16 0

Use gpg_restart to switch to another home directory,e.g.for a client which uses its own configuration and keyrings. Forthis example we store keys in a temporary directory.

gpg_restart(home = tempdir())

gpg (GnuPG) 2.3.6libgcrypt 1.10.1Copyright (C) 2021 Free Software Foundation, Inc.License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.Home: /Users/jeroen/.gnupgSupported algorithms:Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSACipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256AEAD: EAX, OCBHash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224Compression: Uncompressed, ZIP, ZLIB, BZIP2

Use gpg_list_keys() to see the current contents of yourkeyring. It is empty to start with:

gpg_list_keys()

[1] id name email<0 rows> (or 0-length row.names)

Generate keys

Use gpg_keygen() to generate a new public privatekeypair:

(mykey <- gpg_keygen(name = "Jerry", email = "[email protected]"))

[1] "4873903B49318AEE"

gpg_list_keys()

 id name email1 4873903B49318AEE Jerry [email protected]

Import from keyserver

Use the gpg_recv function to download a given key andall available signatures for this key from a keyserver. For examplelet’s import the public key from Michael Rutter which is used to sign the Ubuntur-base packages from CRAN:

gpg_recv(id ="51716619E084DAB9")

Searching: https://keyserver.ubuntu.com

 found imported secrets signatures revoked 1 1 0 0 0

(keyring <- gpg_list_keys())

 id name email1 4873903B49318AEE Jerry [email protected] 51716619E084DAB9 Michael Rutter [email protected]

Note that for imported keys, we do not have the private key:

(secring <- gpg_list_keys(secret = TRUE))

 id name email1 4873903B49318AEE Jerry [email protected]

Import from file

The gpg_import function reads an armored GPG key from afile or URL:

gpg_import("https://stallman.org/rms-pubkey.txt")

 found imported secrets signatures revoked 1 1 0 0 0

However this file does not contain any signatures for this key. If weimport it from a keyserver we also get the signatures:

(rms_id <- gpg_list_keys("rms")$id)

[1] "2C6464AF2A8E4C02"

gpg_recv(rms_id)

Searching: https://keyserver.ubuntu.com

 found imported secrets signatures revoked 1 0 0 213 0

gpg_list_signatures(rms_id)

 id timestamp name email success1 2C6464AF2A8E4C02 2013-07-20 18:32:38 Richard Stallman [email protected] TRUE2 624DC565135EA668 2013-07-20 18:37:45 FALSE3 F05DDAE40371FCE5 2013-09-15 23:18:46 FALSE4 231696C3EAE0078A 2013-09-24 23:15:58 FALSE5 7B585B30807C2A87 2013-09-28 22:59:04 FALSE6 7CEF29847562C516 2013-09-29 04:59:53 FALSE7 520E0C8369B003EF 2013-08-20 12:31:55 FALSE8 D56E1B4C135D47A1 2013-08-29 13:36:03 FALSE9 31CC32CEF78F3EE4 2013-08-29 13:37:52 FALSE10 9439E86389D0AF41 2013-08-29 13:55:01 FALSE11 C5CFD08B22247CDF 2013-09-24 15:00:05 FALSE12 20B7283AFE254C69 2013-09-28 22:44:02 FALSE13 A866D7CCAE087291 2013-09-29 17:59:25 FALSE14 6D33FBF5B5E4C71A 2013-09-30 15:52:36 FALSE15 8916CADF8ACD372A 2013-10-02 13:17:17 FALSE16 8E549D02234CC324 2013-10-03 09:36:24 FALSE17 D605848ED7E69871 2013-10-04 11:03:23 FALSE18 758EAEC123F62336 2013-10-13 00:53:08 FALSE19 7B585B30807C2A87 2013-10-18 21:27:08 FALSE20 E4A6D8A25310523C 2013-10-23 02:53:11 FALSE [ reached 'max' / getOption("max.print") -- omitted 199 rows ]

The signature only contains the key ID of the signer. You would needto download the corresponding pubkeys to actually verify thesesignatures.

Export a key

To export our newly created public key:

str <- gpg_export(id = mykey)cat(str)

If you also own the private key you can export this as well:

str <- gpg_export(id = mykey, secret = TRUE)cat(str)

Delete a key

Delete a key from its ID or fingerprint. Let’s delete the RMSkey:

Digital Signatures

A digital signature is a mathematical scheme for demonstrating theauthenticity of a digital message or document. If you sign a file usingyour personal secret key, anyone can verify that this file has not beenmodified (i.e.the hash matches the one in your signature) via yourpublic key.

GPG signatures are widely used by Linux package managers such asapt to verify the integrity of downloaded files. Typicallythe public key is shipped with the OS, and the private key is owned bythe repository maintainers. This way we can safely install software fromany mirror or network.

Sign a file

Let’s use the private key we generated earlier to sign a file:

myfile <- tempfile()writeLines("This is a signed message", con = myfile)sig <- gpg_sign(myfile)writeLines(sig, "sig.gpg")cat(sig)

You can also create a signed message which includes the data itselfby setting mode to normal orclear, which is useful for email:

clearsig <- gpg_sign(myfile, mode = "clear")writeLines(clearsig, "clearsig.gpg")cat(clearsig)

Verify a signature

The gpg_verify function will see if a signature is validfor any of the keys in the keyring:

gpg_verify("sig.gpg", data = myfile)

 fingerprint timestamp hash pubkey success1 F2F98BE3901288F4989FCC884873903B49318AEE 2022-05-24 12:05:30 SHA512 EdDSA TRUE

If the signature is in clear or normalmode, the signature file contains both the message and signature:

gpg_verify("clearsig.gpg")

 fingerprint timestamp hash pubkey success1 F2F98BE3901288F4989FCC884873903B49318AEE 2022-05-24 12:05:30 SHA512 EdDSA TRUE

Debian example

Let’s verify a Debian file. The Debian page onCRAN says the following:

Since 16th of November 2021, the buster40 and bullseye40repositories are signed with a new key with the key ID0xB8F25A8A73EACF41, fingerprint 95C0FAF38DB3CCAD0C080A7BDC78B2DDEABC47B7and user ID Johannes Ranke [email protected].

Let’s import his key so that we can verify the Releasefile, which contains checksums for all files in the repository:

# take out the spacesjohannes <- "0xB8F25A8A73EACF41"gpg_recv(johannes)

 found imported secrets signatures revoked 1 1 0 0 0

If you don’t trust the CRAN homepage, you could check who has signedthis key. You’d need to import the corresponding peer keys for moreinformation.

gpg_list_signatures(johannes)

 id timestamp name email success1 DC78B2DDEABC47B7 2021-11-16 11:17:18 Johannes Ranke [email protected] TRUE

Now lets verify the release files:

# Verify the filelibrary(curl)

Using libcurl 7.64.1 with LibreSSL/2.8.3

curl_download('https://cran.r-project.org/bin/linux/debian/bullseye-cran40/Release', 'Release')curl_download('https://cran.r-project.org/bin/linux/debian/bullseye-cran40/Release.gpg','Release.gpg')gpg_verify('Release.gpg', 'Release')

 fingerprint timestamp hash pubkey success1 7BA040A510E4E66ED3743EC1B8F25A8A73EACF41 2022-04-26 06:51:50 SHA512 RSA TRUE

Looking good! We can trust the checksums in the Releasefile to be legitimate.

Anonymous Encryption

GPG uses public key encryption. You can use someone’s public key toencrypt a message or document, in a way that only the owner of thecorresponding private key will be able to decrypt. This is a great wayto send somebody highly confidential data.

Encrypt a message

For example we want to send an email Jeroen containing top secretinformation that may not be snooped by our ISP or email provider. Firstwe import Jeroen’s public key using the ID as listed e.g.here:

jeroen <- '16C019F96112961CEB4F38B76094FC5BDA955A42'gpg_recv(jeroen)

 found imported secrets signatures revoked 1 1 0 0 0

writeLines("Pizza delivery is on it's way!", "secret.txt")msg <- gpg_encrypt("secret.txt", receiver = jeroen)writeLines(msg, "msg.gpg")unlink("secret.txt")cat(msg)

Now you can safely send this message over any channel (email,twitter, etc). Nobody in the world besides Jeroen will be able todecipher this message (not even you).

Decrypt a message

Decrypting a message is just as easy. GPG will automatically find thecorrect private key from your keyring, or raise an error if you don’thave it. For example we will not be able to decrypt the message wecreated above for Jeroen

# This will error, we do not have this private keygpg_decrypt("msg.gpg")

Error: GnuPG verify signatures and decrypt message error: No secret key

To demonstrate decryption, we encrypt a message using our own keypair(for which we own the private key).

writeLines("This is a test!", "secret.txt")msg <- gpg_encrypt("secret.txt", receiver = mykey)writeLines(msg, "msg.gpg")cat(msg)

Decryption is simple, given that we own the secret key for themessage:

gpg_decrypt("msg.gpg")

[1] "This is a test!\n"

Authenticated Encryption

So we showed how to encrypt a message so that it can only be read bythe receiver. But how does Jeroen verify the sender identity?

Sign and Encrypt

In signed encryption, also known as authenticated encryption, usescombined encryption and signing. The public key of the receiver is usedto encrypt the message, and the private key of the sender to sign themessage. This way the message is both confidential and the integrity ofthe sender can be checked and verified, only by the receiver.

msg <- gpg_encrypt("secret.txt", receiver = jeroen, signer = mykey)writeLines(msg, "msg.gpg")cat(msg)

Decrypt and Verify

If the encrypted message contains a signature, it will automaticallybe verified when the message is decrypted. The function raises an errorotherwise.

For purpose of illustrating authenticated decryption, we encrypt andsign using our own key (which usually does not make sense):

msg <- gpg_encrypt("secret.txt", receiver = mykey, signer = mykey)writeLines(msg, "msg.gpg")gpg_decrypt("msg.gpg")

[1] "This is a test!\n"attr(,"signer")[1] "F2F98BE3901288F4989FCC884873903B49318AEE"

The signer fingerprint (if any) will be added as an attribute to thedecrypted message.

FAQs

Encryption and Digital Signatures using GPG? ›

There are two types of digital signature that gpg can apply. A normal signature, where the raw binary data of the signature is included with the original data. And a clear sign signature where the signature is added as readable text (a base64 ascii-armor signature).

Read On ›

What does GPG use for encryption? ›

GPG uses public key encryption. You can use someone's public key to encrypt a message or document, in a way that only the owner of the corresponding private key will be able to decrypt. This is a great way to send somebody highly confidential data.

Discover More Details ›

Can you encrypt a digital signature? ›

Digital signatures do this by generating a unique hash of the message or document and encrypting it using the sender's private key. The hash generated is unique to the message or document, and changing any part of it will completely change the hash.

Is GPG encryption good? ›

These tools primarily secure email communications and transfer files. In the case of the latter, PGP and GPG can be particularly useful in providing data-in-motion security for unencrypted file transfer protocols like FTP and HTTP. They also provide data-at-rest encryption for files stored in a file transfer server.

See Details ›

Can PGP be used for digital signature? ›

PGP creates a digital signature for private and public keys to prove that a sender is the rightful owner of the message. PGP can also be used to confirm that a message reaches the intended recipient.

Find Out More ›

Do people still use GPG? ›

GPG is in use today by journalists, business leaders, universities, and others who wish to keep the transmission of messages and data secure. The primary issues with GPG continue to be user acceptance, key handling, and the lack of understanding surrounding the complexity of key creation and exchange.

Tell Me More ›

What is the most secure key for GPG? ›

The GnuPG developers recommend using 2k RSA keys for both encryption and signing. This will be definitely fine for currently used subkeys.

Show Me More ›

Is GPG encryption free? ›

Gpg4win (GNU Privacy Guard for Windows) is Free Software and can be installed with just a few mouse clicks.

Explore More ›

What is the strongest encryption system? ›

AES 256-bit encryption is the strongest and most robust encryption standard that is commercially available today. While it is theoretically true that AES 256-bit encryption is harder to crack than AES 128-bit encryption, AES 128-bit encryption has never been cracked.

What is the difference between PGP and GPG encryption? ›

PGP stand for Pretty Good Privacy. GPG stands for GNU privacy Guard. Both of these programs are used to encrypt and decrypt data, messages, and emails. The difference between the two is that GPG is open-sourced where PGP is not.

Show Me More ›

What is a GPG signature? ›

GPG, or GNU Privacy Guard, is a suite of cryptographic software. It can be used to encrypt or sign data and communications to ensure its authenticity. This type of cryptography is based on key pairs. A public key is hosted on a key server (e.g. keyserver.ubuntu.com) and the private key is kept secret.

Read The Full Story ›

What type of encryption is used in digital signature? ›

Digital signatures rely on asymmetric cryptography, also known as public key cryptography. An asymmetric key consists of a public/private key pair.

See Details ›

What is the difference between signature and encryption? ›

Encryption is used to encode sensitive information in an email or document. The signer uses his private key to sign the document. The private key is used by the receiver to decrypt the encrypted data in email or documents. The public key is used by the receiver to verify the signature with the sender.

Get More Info Here ›

Does PGP use AES-256? ›

At the time of writing, AES-256 is a commonly required symmetric encryption algorithm for securing inter-organisation data transfers via the OpenPGP Message Format (RFC 4880).

What type of keys does GPG use? ›

GPG stands for GNU Privacy Guard, an implementation of public key cryptography, which can be used both for the more standard operations of encryption keys (encrypt/decrypt), and for message verification via signature.

What algorithm does GPG recommend? ›

Taking public key and cipher together, for a decent balance between security and speed, AES (128 or 256) or CAST5 with RSA 2048 is your best bet (AES+RSA is recommended by NASA).

View Details ›

What type of encryption model does PGP use? ›

For this, PGP uses a hybrid cryptosystem by combining symmetric-key encryption and public-key encryption. The message is encrypted using a symmetric encryption algorithm, which requires a symmetric key generated by the sender. The symmetric key is used only once and is also called a session key.