You want to start using GnuPG for more sophisticated operations, such as encrypting and signing files for other parties to decrypt.

Generate a GnuPG keypair:

$ gpg --gen-key

then set a default key if you like [Recipe 7.8] and you’re ready to use public-key encryption.

We strongly recommend you also create a revocation certificate at this time, in case you ever lose the key and need to tell the world to stop using it. [Recipe 7.22]

Public-key encryption lets you encrypt a file that only a designated recipient can decrypt, without sharing any secrets like an encryption password. This recipe discusses just the initial setup.

First you need to generate your very own GnuPG keypair, which consists of a secret (private) key and a public key. This is accomplished by:

$ gpg --gen-key

You’ll be asked various questions, such as the key size in bits, key expiration date if any, an ID for the key, and a passphrase to protect the key from snoopers.

First you’ll be asked to choose the type of key. For most purposes simply choose the default by pressing RETURN:

Please select what kind of key you want:
        (1) DSA and ElGamal (default)
        (2) DSA (sign only)
        (4) ElGamal (sign and encrypt)
Your selection? <return>

Next, choose how many bits long the key should be. Longer keys are less like to be cracked. They also slow down encryption and decryption performance, but on a fast processor you aren’t likely to notice. Choose at least 1024 ...