path: root/src/content/docs/guides/fundamental-concepts.md

---
title: Fundamental Concepts for Beginners
sidebar:
  label: Fundamental Concepts
  order: 1
---

If you're new to GPG (GNU Privacy Guard) or PGP (Pretty Good Privacy), it's
essential to understand some key concepts before diving in. This knowledge can
help you avoid common pitfalls, such as accidentally sharing your private key,
and ensure your communications remain secure.

## Key Concepts of GPG/PGP

### Key Pair Basics

In the world of GPG/PGP, everything starts with a key pair. Think of a key pair
like a set of two uniquely related keys on a key ring:

- **Public Key**: This is like your home address that you can share with anyone.
  Others will use it to send you encrypted messages or verify your digital
  signature.
- **Private Key**: This is akin to the key to your house. It must be kept secret
  because it can decrypt the messages sent to you or sign messages from you.

#### Why Both Keys?

The magic of this system lies in its use of cryptographic algorithms. Data
encrypted with your public key can only be decrypted by your private key, and
vice versa. This ensures that only the intended recipient can read the message,
and it can verify the sender's identity if a signature is used.

### Generating Your Key Pair

Before you can start encrypting or signing anything, you need to generate your
key pair. This process involves choosing a cryptographic algorithm (like RSA or
DSA) and often setting a key size (with larger sizes being more secure but
slower).

#### Safety First

When creating your key pair, you'll also be asked to enter a passphrase. This
adds an extra layer of security, as the passphrase will be needed to access your
private key. Choose a strong, memorable passphrase to protect your key.

### Understanding Subkeys

A GPG key pair doesn't have to be limited to just one public and one private
key. You can generate subkeys for specific purposes, such as:

- **Encryption Subkey**: Used solely for encrypting and decrypting messages.
- **Signing Subkey**: Used for creating and verifying digital signatures.

Subkeys are tied to your primary key pair but can be revoked or replaced
independently, which is useful if a subkey is compromised but your primary key
remains secure.

### The Role of the Primary Key

Your primary key pair is the foundation of your GPG identity. All subkeys are
associated with this primary pair. The primary key is typically used for
signing, to establish trust within the network, and to certify subkeys.

#### Protect Your Primary Key

If your primary private key is compromised, the entire security of your key ring
is at risk. Therefore, it's crucial to:

- Keep your primary private key in a secure location.
- Use subkeys for day-to-day encryption and signing tasks.
- Consider using hardware security modules (HSMs) or smart cards to store keys
  securely.

## Best Practices for Beginners

1. **Backup Your Keys**: Securely backup your private keys (especially the
   primary one) in case of hardware failure or loss.
2. **Use Strong Passphrases**: Your key's security is only as good as your
   passphrase. Use a long, complex passphrase that is difficult to guess.
3. **Regularly Update Your Keys**: Over time, cryptographic standards evolve.
   Regularly review and update your keys and algorithms to ensure they remain
   secure.
4. **Learn Key Management**: Practice importing, exporting, revoking, and
   verifying keys. Good key management habits are crucial for maintaining your
   security over time.
5. **Engage with the Community**: The GPG/PGP community is vast and supportive.
   Join forums, read blogs, and participate in discussions to learn from
   experienced users.

By understanding these fundamental concepts and adhering to best practices,
you'll be well on your way to securely using GPG/PGP. Remember, the goal is to
protect your communications and identity in the digital world, and a solid grasp
of these basics is the first step.