[i]disclaimer: I'm not a crypto/security expert, nor do I claim any info below is failproof. I'm merely demonstrating (what I believe are) safer ways of communicating.[/i]GPG/PGP is a fucking pain. Most people don't get why it's important or care to deepen their understanding of the topics I'm about to address. But I regularly communicate with a lot of new people and need something like this to reference. This will save me from constantly explaining things or walking people through secure(ish) exchanges.[size=small]# Keyservers / Key Hosting# Signing Messages (why)# Secure(ish) Key Exchanges# Generating Keys# Key Fingerprints# Exporting Your Key# Importing Someone's Key# Encrypting Messages# Verifying Someone's Signed Message# Deleting Keys[/size][color=#E82A1F]DON'T:- Trust a forum or social site to securely/safely deliver your public key!- Host your key on the forum/site where you primarily mean to communicate securely!- Share your public key in a PM![/color][color=#17B529]DO:- Upload your public key to multiple places for convenience. Pastebins, SKS keyservers, your onion blog...- Use onions if possible- Introduce yourself publicly to the forum/site and sign your post with off-site links to your key[/color]# Generating Keys[code]$ gpg2 --full-gen-key[/code][img]https://external-content.duckduckgo.com/iu/?u=https://i.imgur.com/0FMLQ5h.png[/img]# Key FingerprintsMake note of your Key Fingerprint, this is important to your future communications with others.Examine keys using the keyholder name (easy):[img]https://external-content.duckduckgo.com/iu/?u=https://i.imgur.com/aCPrn39.jpg[/img]Or with the last 16 digits of a specific key.[img]https://external-content.duckduckgo.com/iu/?u=https://i.imgur.com/9rLWlv7.jpg[/img]# Exporting Your KeyExport your public key and share it on keyservers:[code]gpg2 --export --armor --no-emit-version [/code]Always include "-----BEGIN PGP PUBLIC KEY BLOCK-----" and "-----END PGP PUBLIC KEY BLOCK-----" !! Too often do people omit this-- it's fucking annoying. GPG cannot import or decrypt messages without it. No one enjoys adding it manually.[code]-----BEGIN PGP PUBLIC KEY BLOCK-----mQINBGK6vmEBEADVADFNeTUqDmpEB6bsMjcTrD3t+3y6upWeiWri+hZtYhkzBvqufA9Xcml6/WENdOJQ+Z0Eo0VoTFuNGCaIqSN1R4e8zsT3IXoAP/K2vEzm8NxrG1RfOvyNIou0qiYyPFoH6DArS6v3q50RHF6XGoAUjfKmTUtoYjNFQdFG7TO4fdwPPkkHRwacflza5CRWeE9e0gItJVOR0AplxIwTSQSvQdWynyFOpHEP0imti0oJSji++BRvFKlJsMXQMO4ImiJrs6Y8ZsZDUgTyziLsX7GVvBAASFdNWKd5gbnqJG+suOMSGSsCTCpEiTUueV2e9O0FKGyTwlsItigc+08B248/pBij9OP/nl7in5GhvdKPwTwwQnkbrqq0cSkpa2FO7LwTtaE4AZXbDXsnBKahng14+Ug+GZbS7wBMY+kCpVTaCPu49zfegtZ02NZ9SrHXT2iOF6yFzk2WTD/kwFv1HG0rtCuoeHoHAiyxOHKX9d4fRdLAtQS+bG1JK+YRBVXzxA74k0HPVQCsRkVA+vBG957ozcjVtUAKAV1V+7zTNyo7sz9lgC91mvyZ6YVyCXR0GsrzhdFNMmH4aRv1EioOvhRxODf6d+VXg4Kh3vVmTTspduVMsp0SwHuraPjeXIpD2LZW9uZ05E0a9EnC+TohC36u2stUFbn3Drb64BSrucuCOwARAQABtD9CbG9vZCAoaSdsbCBoYWNrIHlvdSBpZiB5b3UgYnVnIG1lKSA8Qmxvb2RmYWtlbWFpbEBvbmlvbi5vbmlvbj6JAlQEEwEKAD4WIQQIcqxpgw/r75CwsHS2bYlKLNXbPwUCYrq+YQIbAwUJAO1OAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRC2bYlKLNXbP3KJEACTrnZuqfCcWlCO/51d7ZvibF0jSSuu5TO70iP0e9ulmwQfgDgEqs3tRs7beG1aaI9ufKTjAh7dZwAOeYN4hb5ukBpXqd1t5ktUGXo++AFkJYwpnyozNx0vOLA9vz1r0roa17jy2qxhMGaNqai2/7elN5ptgTOLNanvMI3IHvdeeOm3re0r0jgHO8vHQJ5zQ42mRjOjn9eT3gkmfjrIJm0VhG+xUfuGoLPm7IL8u6iSTj7idFW8QqMutlMLPFb/9DQqSYFe61ZuoDEwKBjR0xHuzYw250DwVLW9YPnS3DZVxiEeeqfNRZJnUA1O3BzIVBQhWMfhAKkpQiEGEMUaP6DsSatpB2DPp2kzTiDIZhqVsM1PNbLzfTrPhWAxXaOJ/RWF/4+7mJyq9UHhw90oIeBeBt3B1jPR8o3suuYhJPYlUvyewLOhzneAABDzAtfUTz1GziXlk4MJHDWycBbUCMIBGit3LD/HJmTBbsRpr/Crhjk6m9SlsNNkSmr58dG8AZwQ1I8Ttp1xTQCzrB4W2KboDb9yQVXKPQveqOXVvk/gKYRVZqoaTM8V/50ehogj+oojvo6FV2xozpxNSvA6examrP8GagtXxLBkc/vPAJNrVzW/+uHJFiwGq+kn3syzoN7yv4dacP24jgcqQQZIYtKzMr3zyX3xmdudlbdVp6R1MrkCDQRiur5hARAAz3fgxrRP9uodnxBfXvL/5XmjbD0ZAQU2KnLCFBWHib4+bdL2BZZ6skaCtKVidyIhcwcojb0F+Ir6+DTSnMe+7cGc+bjy59nHOxNkUPvVwQN5PRhvHEr+4uNBR5vjyDFk5cvrNetlsWHyUkpTSD43Tm3XfOdr+SzFJKK/IGQ3/0AKYN8sG51w2sM7Zzce+qrxPTalzpQM39F0tiHN74J1Qp11RrPunWZQ3rnx0SBPWIitajcSfJfU3IXW7iiCy8EOZvc5L6Vcp0ae4etgJXNakxN7NxaYqMz4fFGkj+yRvU7LW9R1hMHNSYmGEUUS8re86YOX5igH2Qdy4KCUpmDmbnmiVyOxavplz/rcoINxxishZedTcMAzT7y8mE0vJB0NsB8kNJeImhbUC1r9iyv4q4n8HSuXWwWGhM4ewO/ejbXHaeGWI20lf1QEAAk97W6ZmgvqhOGtx7V+F+0kcNEjT8zBTjQteL2sCQWjISmkn47V9dvgzVwt8jDXKCbVXWLSMqXdXNcTOC0/YIPcAKiLnTPMtczQNXycipkL8+Mxk69b1lew2zCLxp2htGryIN71WfVq9H6DvnQs3crZNEERCcsi3RNfjUW+gzmvW0Z/SnjzFR4WHpCDpWlDm8i1j8nTz1OPtXnntE0QxQGh0TDPItb37Y9mXou/lJYo3gCpYxkAEQEAAYkCPAQYAQoAJhYhBAhyrGmDD+vvkLCwdLZtiUos1ds/BQJiur5hAhsMBQkA7U4AAAoJELZtiUos1ds/vJcQAMMMTNPbZJ1NBiDSoCwgJdwUZSbxMrcanfr2fXilyaHUfYMYMDWXEfnPswNzRGE5OHIhuB05AovZlyVM8B/n9f9960un0Zx/RizMGqTEnBFSfVCTZ5iwBeTDf46CALI9vnbnLEgL2FQQ1KGjDgAACZAhzC1pEsuAbpbM511yGwVQFetK2abNJGyQpmmel6o9VoW6hSCGXqkotKbpZFsKvRfQYNNMA6dMAR9vpKXiQkNq+UW3n860lTOjTEDT+y9uzjIw2Ya0hvNYkqOz3Ah4UQeRfrMeGyZuaRPNGAmAeXWnedvJij+Wc1/VDebb8Uzjnz1nMblZW0WQIyzdbxWEN9qV2S+ogUA4cZ6KDM7e6jlT1Hpe4BItdT3RjOi0sXZqtCqP0WRwX+AqoCqBRQKUSvRdwzZ72Cg0+YaIpESyKIMmFaD2sFl0WKBqyuvazCQSZnHOh6VM5b02kgI2gwDJskooLlULS+Fa9Z6Wr8mwq0bN6Dt2+v2S9zD7Ayd/kEeJlMYxJBY8RSRQJwFZREMYlPuPUn6XPC6vntkZqlA20HH7hM6m+cDN2OMzWJqPioFd3RzS3xNHn6SezduvGC+0OfyvL+3Weep601Xct5hlWStRL5u9I0R1XGhmCSFQbTNTTfdcmbKbAdQ5AUkv6UlwLKlqyTYVT7L/vjLwJbYvnqHt=zg7k-----END PGP PUBLIC KEY BLOCK-----[/code]# Importing Someone's Key@pompompurin does an excellent job of hosting his key on his server, so I'll demonstrate with that:[img]https://external-content.duckduckgo.com/iu/?u=https://i.imgur.com/W0GX0IW.jpg[/img][code]$ torsocks curl -o username.txt$ cat username.txt$ gpg2 --import username.txt$ gpg2 --fingerprint [/code]# Encrypting MessagesSuper simple![img]https://external-content.duckduckgo.com/iu/?u=https://i.imgur.com/53mCM7O.jpg[/img][code]gpg2 --encrypt --armor --no-emit-version -r [/code]then press Ctrl+d twice to encrypt the message.# Verifying Someone's Signed MessageSomeone sent you a signed message? Save the signed message to .txt file.[code]gpg2 --verify signedMessage.txt[/code]If anyone changes a single character (byte) of that signed message, it won't work:# Deleting KeysDid someone change or update their key? Probably best to remove the old key before adding the new one -- to avoid confusion in the future:[code]gpg2 --delete-keys D18B1ADDDDF490A0[/code]Seriously, if anyone would like to challenge or improve any of the above, I'm happy to discuss secure alternatives and update this post.