“GnuPG is a tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
GnuPG is a complete and free replacement for PGP. Because it does
not use the patented IDEA algorithm, it can be used without any
restrictions. GnuPG uses public-key cryptography so that users
may communicate securely. In a public-key system, each user has a
pair of keys consisting of a private key and a public key. A user’s
private key is kept secret; it need never be revealed. The public
key may be given to anyone with whom the user wants to
communicate.”
“We must create a new key-pair (public and private) for the
first time. The command line option –gen-key is used to create a
new primary keypair. … GnuPG is capable of creating different
kind of keypairs. There are three options. A DSA keypair is the
primary keypair usable only for making signatures. An ElGamal
subordinate keypair is also created for encryption. Option 2 is
similar but creates only a DSA keypair. Option 4… creates a
single ElGamal keypair usable for both making signatures and
performing encryption. For most users the default option is
fine.”
“There is no limit on the length of a passphrase, and it should
be carefully chosen. From the perspective of security, the
passphrase to unlock the private key is one of the weakest points
in GnuPG (and other public-key encryption systems as well) since it
is the only protection you have if another individual gets your
private key. Ideally, the passphrase should not use words from a
dictionary and should mix the case of alphabetic characters as well
as use non-alphabetic characters. A good passphrase is crucial to
the secure use of GnuPG.”