The GNU Privacy Guard (GPG) is very easy to use, more people should know how. So here is a very short HOWTO for the command line program. You may not need to use the command line: some mail clients have GPG support (e.g. mutt, KMail, Evolution), and dedicated GUIs for file encryption and key management are becoming available. For more information, visit www.gnupg.org (there is a more complete Mini HOWTO in several languages there), or try man gpg.
First: if you haven't run gpg before, just execute
This makes the .gnupg directory and .gnupg/options file. Then follow a recipe below.
GPG will ask for confirmation at step 2, because no trust has yet been given to my key. Later on, if you believe the key you added is really mine, you could sign it with your own key. One way to be sure is to check key fingerprints. Mine are shown below. (But if you downloaded the key data and these fingerprints from the same place, there is always the risk that both may be imposters...)
Again, GPG will warn that you haven't yet assigned trust to my key to say that it is really mine.
Primary UID: David R. Aspinall <David.Aspinall@ed.ac.uk> Signing (1024 bit DSA, id 32CAF9A9): 0D2B 49CB A37C 145E EC2C 8654 8DFD 20AF 32CA F9A9 Encryption (1024 bit ElGamal, id CA7F6912): 5B3A 44DB E87B 68AC 61FB 7B0D FA41 8929 CA7F 6912
(Usually you only need to check the signing key since that's used to sign the encryption key).
NB: This is the fingerprint for a new key generated on 2005-05-02.
My previous key has been revoked.
If you imported my previous key, please delete it with: gpg --delete-key firstname.lastname@example.org