Welcome to final part (Part 6) of GPG/PGP Key series.
In this part we will review what we have seen so far in the previous parts and also will look at some of the important commands.
In Part 1, we saw how to generate your first keypair – A combination of Public and Private key. Also we saw how to send your public key to the keyservers so that your friends and use to send you encrypted messages and also to verify your identity.
In Part 2, we saw how to send and receive encrypted files to your friends. We also learned how to import your friends public key into your GPG keyring database so that you can send encrypted messages to him/her.
In Part 3, we saw how to verify files like ISO images which are signed by the person who uploaded ISO images. For example, when you download a Linux distro ISO images, usually there is a MD5SUM.sign file associated with the MD5SUM file which in turn is associated with ISO image. You basically use the MD5SUM.sign file to verify whether the file MD5SUM file is actually generated by the person who claim he/she is.
In Part 4, we saw how to sign a file so that the other can verify whether you are the actual person who uploaded the file. Basically this is the reverse of Part 3.
Part 5 was all amount key management – Backing up your keys, Restoring them, Revoking them and Deleting extra keys that might have got generated. Suppose you switch to your new laptop/computer and you need to transfer your private and public keys to the new one. This can be done by restoring your keys from the backup. Also suppose you forgot your passphrase for your key which makes your key useless. You then need to revoke your key and inform other over the Internet not to use your existing key to send you messages. This can be done using the revoke key certificate. Once you revoke your key you can create a new one send out the information.
I sincerely hope that this series on creating and using GPG keys in Debian has been useful to you. Please leave a comment/feedback if you have one.