Securing Your Communications: GNU/Linux and Encryption

Encryption on GNU/Linux keeps your messages and files private. You can start with tools already in most distros and add a couple more when needed.

Generate your GPG key

Most people use GnuPG for email and file signing. Run this in a terminal:

gpg --full-generate-key

1. Choose RSA and RSA (default).
2. Set key size to 4096.
3. Pick an expiration date you can manage, such as two years.
4. Enter your real name and email exactly as you use them.
5. Set a strong passphrase and store it in a password manager.

Encrypt email with Thunderbird

Thunderbird handles GPG out of the box once you install the Enigmail extension or use the built-in OpenPGP support in recent versions.

• Import your key: Account Settings → End-to-End Encryption → Add Key.
• Send an encrypted test message to yourself first.
• Ask a contact for their public key and add it to your keyring with gpg --import.

Replies stay encrypted only if both sides have each other’s keys.

Encrypt files before sending

Use age for simple file encryption when you do not need the full GPG feature set.

age -r [email protected] -o file.txt.age file.txt

The recipient decrypts with their private key:

age -d -i ~/.ssh/id_ed25519 -o file.txt file.txt.age

age works well for sharing documents over email or cloud storage that you do not fully trust.

Choose chat apps with real encryption

Signal Desktop runs cleanly on GNU/Linux and uses the same protocol as the phone app.

Install from your package manager or Flatpak to keep the app updated automatically.

Back up and protect your keys

Copy your private key to an offline USB drive you keep in a safe place:

gpg --export-secret-keys --armor [email protected] > backup.asc

Never store the backup on any machine connected to the internet. Test restore once a year so you know the passphrase still works.