3.9. Using GNU Privacy Guard (GnuPG)
GPG is used to identify yourself and authenticate your communications, including those with people you don't know. GPG allows anyone reading a GPG-signed email to verify its authenticity. In other words, GPG allows someone to be reasonably certain that communications signed by you actually are from you. GPG is useful because it helps prevent third parties from altering code or intercepting conversations and altering the message.
3.9.1. Creating GPG Keys in GNOME
Install the Seahorse utility, which makes GPG key management easier. From the main menu, select
System > Administration > Add/Remove Software and wait for PackageKit to start. Enter
Seahorse into the text box and select the Find. Select the checkbox next to the ''seahorse'' package and select ''Apply'' to add the software. You can also install
Seahorse at the command line with the command
su -c "yum install seahorse".
To create a key, from the ''Applications > Accessories'' menu select ''Passwords and Encryption Keys'', which starts the application
. From the ''File'' menu select ''New'' then ''PGP Key''. Then click ''Continue''. Type your full name, email address, and an optional comment describing who are you (e.g.: John C. Smith, [email protected]
, The Man). Click ''Create''. A dialog is displayed asking for a passphrase for the key. Choose a strong passphrase but also easy to remember. Click ''OK'' and the key is created.
If you forget your passphrase, the key cannot be used and any data encrypted using that key will be lost.
To find your GPG key ID, look in the ''Key ID'' column next to the newly created key. In most cases, if you are asked for the key ID, you should prepend "0x" to the key ID, as in "0x6789ABCD". You should make a backup of your private key and store it somewhere secure.