What is GPG ?

GNU Privacy Guard (GPG, also GnuPG), the GNU project's free alternative to PGP,
is encryption software that's compliant with the OpenPGP (RFC4880) standard.
Using GPG you can encrypt (and decrypt) files that contain sensitive data, such
as electronic protected health information (ePHI) regulated by the Health
Insurance Portability and Accountability Act (HIPAA) privacy and security rules.
GnuPG may be used by itself as a command-line application (i.e., to be run at a
Terminal prompt or a Windows command prompt), or integrated into popular
email clients. Its also used by some instant messaging clients, such as Psi.
GnuPG uses public-key cryptography so that users may communicate securely. In
a public-key system, each user has a pair of keys consisting of a private key and
a public key. A user's private key is kept secret; it need never be revealed. The
public key may be given to anyone with whom the user wants to communicate.

GnuPG, GPG, PGP and OpenPGP

The terms "OpenPGP", "PGP", and "GnuPG / GPG" are often used
interchangeably. This is a common mistake, since they are distinctly
different.

OpenPGP is technically a proposed standard, although it is widely

used. OpenPGP is not a program, and shouldn't be referred to as
such.
o PGP and GnuPG are computer programs that implement the
OpenPGP standard.

PGP is an acronym for Pretty Good Privacy, a computer program

which provides cryptographic privacy and authentication.

GnuPG is an acronym for Gnu Privacy Guard, another computer

program which provides cryptographic privacy and authentication.

How It Works?
The basic requirement for encryption is that the user has a pair of
public/private key using which the data is encrypted/decrypted. The user
generates the key pair and distributes the public key to the general world.
The private key is retained by the user and is used to decrypt the data.
The public key is used by the rest of the world to encrypt and send data to
the user.
In brief, the steps involving encryption are below. Assume user B wants to
send a file to user A. The user B should encrypt the file with user As
public key. User A will receive the file in an encrypted form. The file can be
decrypted using only As private key. Since the file was exchanged in the
encrypted format, there is no way for an eavesdropper to read the

contents of the file. It is As responsibility to publish the public key for

everyone to see and to secure the private key from being misused. The
strength of this encryption lies in the keys. Hence the bigger the keys,
more secure is the encryption. The steps can be summarized as follows:

User A publishes the public key

User B encrypts the file using As public key

The file is shared

User A decrypts the file using the private key

User A now has the file (and its contents)

The only weakest link in the entire procedure is the possibility that user B
gets the wrong public key. It becomes Bs responsibility to confirm if the
public key belongs to user A or not. There are ways to do that too. In this
post, we will follow the basic encryption/decryption cycle from a
beginners perspective. The major steps we will focus on are below:
1. Generating key pair
2. Listing the keys
3. Sharing the public key
4. Importing the public key
5. Validating the public key
6. Encrypting the document
7. Decrypting the document
The following commands were executed on Linux.