1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
# Basic Concepts
If you don't know GPG, or PGP, you may need to learn some basic concepts here
before using Gpg Frontend. This reduces the chance of you making mistakes, such
as distributing your private key to the world.
## The most basic concepts you must know
To begin using GPG, you must first generate a key pair, which can be thought of
as a key ring. Each key pair includes at least two keys: a public key and a
corresponding private key. Together, these keys form a key pair. It is possible
for a key pair to include multiple public keys and their corresponding private
keys, but this will be explained later.
The public key can be shared with others, allowing them to encrypt information
they wish to send to you. The private key must be kept secure, as its disclosure
would render your encryption ineffective.
It is important to understand that the public key is used for encryption and
that any ciphertext encrypted using your public key can only be decrypted using
the corresponding private key of your key pair. This process relies on
cryptographic principles and is trustworthy unless your private key is known to
someone else. The reverse process is also valid: you can encrypt a message using
your private key and someone else can decrypt it using your public key. This
process establishes a mechanism for signing and verifying information.
Information encrypted with the private key can be considered a signature, and
others can use the public key to verify that the signature is valid.
For most users, it is not necessary to understand the cryptography behind GPG,
but it is helpful to remember the basic principles described above. For those
interested in learning more, further reading is recommended.
## Multiple pairs of public and private keys in a key pair
In a key pair, there is always at least one public-private key pair, but there
is no limit to the maximum number of pairs. It is possible to generate
additional pairs of public and private subkeys and add them to the key pair.
However, it should be noted that the newly added subkeys are identical to the
original pair, as each pair consists of one public key and one private key,
which we refer to as the primary key pair.
Users can specify the purpose of each subkey pair. For instance, the first key
pair can be used for encryption and decryption, the second for signing and
verification, and the third for both encryption/decryption and
signing/verification. It is important to specify the intended usage when
generating subkeys.
The master key is automatically generated when the key pair is created, and
users can add subkeys as needed.
When generating the master key or subkeys, users can select algorithms such as
RSA or DSA. It is not necessary to understand the underlying principles of these
algorithms. However, it is important to note that subkeys generated by certain
algorithms may only perform specific processes, such as signing and
verification, and cannot perform others, such as encryption and decryption.
Additionally, for RSA, users can choose the key length when using the algorithm.
## The first pair of public and private keys in a key pair (primary key)
The initial public-private key pair (master key) in a key pair is crucial, as
all subsequent sub-keys are linked to it. If someone were to obtain the master
key (including both the public and private key information), they could generate
sub-keys based on that information and use them to impersonate the key owner and
communicate with others.
Therefore, it is essential that the private key of the master key is kept
confidential, while the public key can be shared with others. If the private key
of the master key is compromised, it renders the entire key pair vulnerable and
must be immediately discontinued.
|
