This guide assumes that you're familiar with the background and have generated some keys.
- Insecure workstation
- Secure workstation
- Daily-use keyrings on the
keysUSB memory stick - The
unsafeUSB memory stick - The signed public key of your correspondent
- Mount the USB memory sticks
- Sign and encrypt your message
On the secure workstation, mount the keys and unsafe USB
memory sticks.
me@box:~$ export GNUPGHOME=/media/keys
me@box:~$ gpg --armor --output /media/unsafe/msg_for_C097AC75C097AC75.asc --recipient 0xC097AC75C097AC75 --sign --encrypt
You need a passphrase to unlock the secret key for
user: "My Full Name <me@domain.example.com>"
4096-bit RSA key, ID 0xFDB32668D55D0A12, created 2013-12-14
(subkey on main key ID 0xF1829BDBB6B64480)
Dear John,
By the time you read these lines I'll be gone.
Life goes on, right or wrong
Now the sun is dead and gone. Dear John.
Hit Ctrl+D when you've finished typing your message, et voilà! The contents
of the resulting ASCII armoured file can be pasted directly into the body of a
plain-text email message (e.g. in a Mozilla Thunderbird message compose window,
select Options > Delivery Format > Plain Text Only).
Alternatively you can encrypt a file:-
me@box:~$ gpg --armor --output /media/unsafe/msg_for_C097AC75C097AC75.asc --recipient 0xC097AC75C097AC75 --sign --encrypt some_file.txt