Recently, I played around with PGP keys for mail, files, and in general data encryption/verification between a sender and a recipient.
The PGP standard (stand for Pretty Good Privacy) have an open source suite implementation: GPG (GnuPG). This is quite simple to use if you want to ensure that only the person you want can read your message, and on the other side be sure that you can trust message incoming.
This post is a short one to summarize what is a PGP keys pair, what's the point with it, and how to use it thanks to GnuPG.

What is PGP keys and why is it used for?

The Principle of PGP (Pretty Good Privacy) keys

The principle is that if one key encrypt something only the second key can decrypt the encrypted blob.
Starting from this fact if you share only one of your two keys (named the 'public' one) to every body, people will be able to be sure that a mail come from you(thanks to verification), and be sure that mail sent to you will only be readable by you(thanks to encryption). And simply, if they do the same (create a PGP key pair, and share only the public one) you will be able to verify that a mail come from them(thanks to verification), and ensure that a mail sent to them will only be readable by them(thanks to encryption).

Encrypt/Decrypt

Encrypt and decrypt process use the key pairs. This process insure that encrypted data cannot be decrypted if you don't own the the second key of the keys pair. So the sender will encrypt a mail with the recipient public key, ensuring that only recipient's private key can decrypt the message.

An encrypted mail will look like that(if using text/ascii encryption):

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (GNU/Linux)

hQEMA/JIKw0Q5wdUAQf/X5yVdUn6wmBNJ0AIAqBZOoYO8Y3ax3JMVQs7H25VDk0B
Ax2bpgIVpBDo8CmafskM80SSBqXFPH3mpafD4aibzv5++6/tU4aNOMWkGK+zEysk
nAn9AtmEe4c52V6DtNwHUHfpW0cFT00Ehg8Z2wXrejPTqYQ4FRiJE/pRqvRWKqki
jQa630t0x90yp+jbMBQ741RSZKCs4m1/NIt78Mm7LDLS1HRFyWrmJwjdlIJW0p5Z
+kInY7j+DRILMkJPwoc0aMX/ommj3GUfxrxxQVHFtgzZrMjnYMd+LKmuyDuxlIh9
8pnbmlth8htsEtGNfjpsZkzyMGSHpcEQGdZ9eyMEWNLAwAF4eVkbYxyA1hz/mX4J
YqNUpIH/n1Xo7iJ4s9b1rs9QIdJGfDP35K01K/6wRSGgxHU4nDdTI+kMe8j9Rx/5
UcHC05QRDeGHwIX/p6CcmECNxQNJ6G6dpfNSEMdzzGZpxSpnRDb0+y19OhsKs38Y
js2nXytBqQ/kG9EZ45mUvVoWvhdBcx+p5ee9QOwLqwau/a5TUJGj/FwvCQdiV2We
bUu7DPc8fM6UJthTa15QXgKYDzs1X9aRbr/3PTqqbQPimj0Iqn+r2Qe4YDziSQaJ
qv+nZ0/fAE6dCLCVPGLoUQoKRcUHN/iEec0GoQp6Pe1N2+gcTtqrpp0tC6NhtA60
02JfsCSCmg2Yp7lmub+zJnPjMoGQjaSVobq8dtHVhwdVhkyJHBL/7tUI0B7yAuL+
LivSD/ZWlcDqCBvNt8r1V5dr+dAKMhryBLSwtS4WtEkproA8RQp9SxNTCk0blNsI
hjXpsSXJ3UGTUAtZYosnfL7OcIBjpcio6PLmYC8zO70zBQ==
=k5dF
-----END PGP MESSAGE-----

Instead of that:

Hello world!!

Sign/Verify

This process is used in addition with encryption/decryption to inform that the message has been really written by somebody. The principle of signing is to add the encrypted data's hash or message digest after the data to trust. The recipient will then compute the hash of the message and compare with the decrypted signature data (the encrypted hash). If hashes are equals identity is verified.

A signed email body will look like:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello world!!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBAgAGBQJR2aMJAAoJEJiHS2C3UPmlK9UIAI8/StFsPuDvP0NCjoqe2ePl
zY3cX2I4ldvPjPJcSyFSSSJkoNfR2CM5k27MksGOxSsKuePPG1U3DorxJ1U3ZLzr
Al6jOffLTBT7VI7qr3pB4D4k9WwAvQGFokA+VWimJLY5Ldz9l1X3C6BJ/uBcX/iC
KBSeNLcbjpYWYDFiXXwsA53i2yOWhdH9aHt3hBPnVs97DWrUbYtW8nf8/Y44m4hr
ZJ2EOiwZLO8ZQnmFU21bu5JXsQsXNEvCCWEZRYtUboDWy68DibSEh7nQy/0QPo6U
evL6t1CjfChiBn9Ewt+eqp6tg4YeD9f3UByg/puD7zo5fXyMRHAyCxea/hsHlbI=
=W3JJ
-----END PGP SIGNATURE-----

Instead of that:

Hello world!!

Putting all together

So if you accumulate the two processes first you "sign" the message with your private key so the receiver can "verify" the origin of the mail, and second you "encrypt" the whole mail with the receiver public key so you ensure that only him will be able to "decrypt" the message. The whole process ensure a complete privacy, nobody can read the communication between sender/receiver and nobody can fake one other sender's identity.

Full process to send a private email

BASICs: How to use GPG(Gnu Pretty Good Privacy) to manage your PGP keys

The following section will be more practical, giving the basics command to know to start toying with GnuPG and encrypt your messages. Obviously you need first to get gnuPG:

apt-get install gnupg

This create a folder ~/.gnupg, that will contains all information for gnupg, public keys, private keys, private keyrings, public keyrings, etc...

Following link will jumps directly to each parts
Jump to Managing your keys
Jump to Sign / Verify
Jump to Encrypt / Decrypt
Jump to Encrypt+Sign / Decrypt+Verify

Managing your keys

Create your key pair

You will have to enter your identity, name and email to create this keys pairs. You will yours keys in ~./gnupg/. You will also need a password that is a first security to use your private key to sign something or decrypt something. Each time it will be requested.
The keys you generate get also an unique id (e.g. mine is B750F9A5), this id will be used to identify keys, due to multiple identities that can be added to it, you can add several names, nicknames, and several email addresses to a key pair.

gpg --gen-key

Revocation certificate

The first thing you should do is to create a revocation certificate. If your key is jeopardized the certificate is the only thing that can cancel your key for the rest of the world. The earlier you create it the better it is. You should also store it in a safe place separated from your private key.

gpg --output revoke.asc --gen-revoke pub_keyid

Share your key

Roughly your key is on a binary format, so as to easily share it you should create an text(or ascii) version of your key. Once done you will be able to share it by email, by copying it from an USB drive, or by printing it(but you it means you really don't like your recipient, and its keyboard skills),

gpg --armor --export sheda1805@gmail.com > sheda1805_publickey.txt

Another solution the most interesting one (and the most common) for padawan like us, is to send your key to a key server(e.g. The MIT's one).
The goal of those servers is to gather keys from every ones and allows users to query keys from name, email, or key_id researches.(e.g. mine is B750F9A5)

gpg --send-keys key_id

Obtain recipient keys

You must be aware/understand that the PGP principle states from the fact that the public key you think are somebody's key are really theirs. So ensure three times that the key really belongs to them before sending critical information to somebody's email address.
The most paranoids of privacy send their key by airmail, in several shreds...
But if you don't work for the government as a secret agent you should only ask the receiver its public key by mails, USB drive, or you can get it from key server if he uploaded it...
The key trusting is the critical point of the PGP system, that's why keys servers(we will see next what is it) have a system of certificates so as to allows users to trust each others, the more users get "trust" the more their keys are reliable.

Get keys your keys by hand

gpg --import recipient_pubkey_file

Get keys from servers by command line
If you want quickly to obtain a key to write to somebody, you can get the key from a key server.

gpg --search-keys sheda

Get keys from servers by web UI
You can copy/paste in a file the text/ascii version from web/html key server interface, and next import it(useful if port are blocked except 80).
For example get mine on MIT's server

List all key available in your key ring

gpg --list-keys
/home/sheda/.gnupg/pubring.gpg
------------------------------
pub   2048R/B750F9A5 2013-06-28
uid                  Sheda 
sub   2048R/10E70754 2013-06-28

pub   2048R/2911EE59 2012-04-20
uid                  Philippe LUC 
uid                  Philippe LUC 
sub   2048R/1B91C66D 2012-04-20

Sign/Verify an email

Sign an email

gpg --clearsign << EOF
> hello world!
> EOF

And you will get your message + signature:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hello world!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBAgAGBQJR2fs1AAoJEJiHS2C3UPmlAQMH/3T7O6pwb3cIyg1QTpP+Lv81
y7Tu/yH7pvJ8nSDa/vPgQkkl5S/XfZxmih/jtbN8xkf3HWgsr6dT4fGi6FhHL7oh
SX4UTRs7VvXWwZYCpTG7dQzwBrWjGHGfYkYWeKukjXlt0nleBkrarXbyXHlJrasx
G06Snee1S9NTtsug+R7uOkxtW6h8AidfDCmReKYsAtCu3KehLYlco18U+f2YEFDA
yY+2z7RBIicf2FXXZ16vHEtNga4t3cwU1nS3A6C/VTTFtBEsnJ1iun8I88ov3t+z
XLszOibSm15u8C2T40bCZaXsjmzV8cpD0r/E61un0ucflzAKCkGqRCGUdqdZY1M=
=T802
-----END PGP SIGNATURE-----

Verify an email

cat << EOF | gpg --verify
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> hello world!
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> 
> iQEcBAEBAgAGBQJR2fs1AAoJEJiHS2C3UPmlAQMH/3T7O6pwb3cIyg1QTpP+Lv81
> y7Tu/yH7pvJ8nSDa/vPgQkkl5S/XfZxmih/jtbN8xkf3HWgsr6dT4fGi6FhHL7oh
> SX4UTRs7VvXWwZYCpTG7dQzwBrWjGHGfYkYWeKukjXlt0nleBkrarXbyXHlJrasx
> G06Snee1S9NTtsug+R7uOkxtW6h8AidfDCmReKYsAtCu3KehLYlco18U+f2YEFDA
> yY+2z7RBIicf2FXXZ16vHEtNga4t3cwU1nS3A6C/VTTFtBEsnJ1iun8I88ov3t+z
> XLszOibSm15u8C2T40bCZaXsjmzV8cpD0r/E61un0ucflzAKCkGqRCGUdqdZY1M=
> =T802
> -----END PGP SIGNATURE-----
> EOF

And you will get the verification:

gpg: Signature made Mon 08 Jul 2013 01:35:17 AM CEST using RSA key ID B750F9A5
gpg: Good signature from "Sheda "

Encrypt/Decrypt an email

Encrypt

gpg -ea -r sheda << EOF
> hello world!
> EOF

And you will get the encrypted mail:

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (GNU/Linux)

hQEMA/JIKw0Q5wdUAQf/a0rcfBaui2eoJC2fTITgzNuFE24cBO6AcEbw23NHtcjb
epPGp7pUgNQt6IUGJBsC5PXaykJ9yWxs4rXeRRA8Y+19npQOpXrokVaZP8wLqUUi
+JrJ1ojCyuxUA25nYXUnrFU4lHKQEiDHolvRDc8I8Ws7RQuhQ98Yxn6TEoVm1VVl
L4dcKOohaa4MaBPnbsEaCakR/nnwIuwv+WKyDs/6A+0K+PZebyyNIeCCT0thgSul
qnOy2VnUSZYmCj/KJuwTMgqe0Po1KplLM+49ZaNLtH63GTpLXnvOWfeZuLWf/TEc
rNqrTJBd5staYYncnx7uViZLczqp5FMyxPH7O8EgCNJIAb2FiieoTDZ4HmD+bF36
gYug/2OusZr6BlYhREIUW5fwWOneK3jpnWq3Z2OU1+OK2G24/7piWINGcXyuk50n
AFHDieZ/L+GO
=JN9i
-----END PGP MESSAGE-----

Decrypt an email

gpg --decrypt << EOF
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (GNU/Linux)

hQEMA/JIKw0Q5wdUAQf/a0rcfBaui2eoJC2fTITgzNuFE24cBO6AcEbw23NHtcjb
epPGp7pUgNQt6IUGJBsC5PXaykJ9yWxs4rXeRRA8Y+19npQOpXrokVaZP8wLqUUi
+JrJ1ojCyuxUA25nYXUnrFU4lHKQEiDHolvRDc8I8Ws7RQuhQ98Yxn6TEoVm1VVl
L4dcKOohaa4MaBPnbsEaCakR/nnwIuwv+WKyDs/6A+0K+PZebyyNIeCCT0thgSul
qnOy2VnUSZYmCj/KJuwTMgqe0Po1KplLM+49ZaNLtH63GTpLXnvOWfeZuLWf/TEc
rNqrTJBd5staYYncnx7uViZLczqp5FMyxPH7O8EgCNJIAb2FiieoTDZ4HmD+bF36
gYug/2OusZr6BlYhREIUW5fwWOneK3jpnWq3Z2OU1+OK2G24/7piWINGcXyuk50n
AFHDieZ/L+GO
=JN9i
-----END PGP MESSAGE-----

And you will get the clear mail:

gpg: encrypted with 2048-bit RSA key, ID 10E70754, created 2013-06-28
      "Sheda "
hello world!

Encrypt/Decrypt and sign an email

Encrypt and sign

gpg -esa -r sheda << EOF
> hello world!
> EOF