Gnu has a rather decent FAQ docuemnt. Use your favorite browser and
search engine to find, "GnuPG FAQ."
The following tutorial may also clear up a lot of questions:
http://linuxgazette.net/issue60/sharma.html
GnuPG is rather like handing somebody a box with RAM and a CPU and
saying, "You can build a computer with this." Great, but where to
start? If you control both end points, then you can use mostly
defaults and everything will probably work. If you are corresponding
with somebody else, you need to find out things such as:
The cipher algorithms they will accept
The key length they'll accept
Whether or not the transmission needs ascii aromor
Whether or not you need to have your key signed
Wether or not you should sign the transmission with your key, etc.
Some general helpful hints:
If somebody sends you a key to import, if the key isn't signed, you
should import the key, then use GPG in interactive mode gpg --edit-key
to set the trust level of the key. If you don't edit the trust level
(I use 5 - ultimate), then GPG will prompt you on Stdin of your
controlling TTY to allow use of the unsigned key. That's a nuissance
if there isn't a controlling TTY such as, for example, when you want
to use GPG in a shell program. Hence, the need to edit the trust.
If you need to decrypt something that somebody is sending to you and
need to do it in a shell program, GPG is going to prompt you for your
private key passowrd every time on the Stdin of the controlling TTY.
You can supply the password on a file descriptor using the --no-tty
option. Of course, you need to consider whether or not you should
store a password in your shell program, but sometimes you have no
other choice. Just set your ACL accordingly to prevent unauthorized
viewing. It would be something like this:
echo MySecetPassphrase | gpg --no-tty --passphrase-fd=0
inputfilename.gpg
By default, the output file will be the same name as the
inputfilename, but without .gpg
Each user of the system gets a separate .gpg hidden directory in the
user's home directory. It is a good idea to back this folder up on
some sort of removable medim. If may also be a good idea to do an
ascii armor hard copy dump of your keys and store them in a safe
deposit box or some other secure location. If worst comes to worst,
you can OCR the hard copy back into a file or type the data in
manually.
The best way to master GPG is to start experimenting. Since any user
can use GPG, and everybody maintains a separte .gpg folder, it is
pretty safe to experiment without fear of breaking anything other than
your own GPG settings. Worst comes to worst, you can rm -rf .gpg and
start over.