... but without any guarantees
We will not address this concept today, but I would like to make clear that in this model does have a central authority that can verify to you that a key is valid and belongs to someone. So people need check for themselves or trust who's already been signed by someone you know.
|Windows||Lets forget about the CLI||Gpg4win|
$ gpg --gen-key
$ gpg --list-keys
$ gpg --output revoke.asc --gen-revoke your_key_id
To send your key to the key server so others can retrieve it and sign it you must execute the following command:
$ gpg --keyserver pgp.mit.edu --send-key your_key_id
gpg --output key_file.gpg --export your_key_id
gpg --import key_file.gpg
gpg --output doc.gpg --encrypt --recipient dest_key doc
gpg --output doc --decrypt doc.gpg
For any reason if you lose you private key or forget the paraphrase. Use your revocation file:
gpg --import revoke.asc
gpg --send-key --keyserver pgp.mit.edu key_id
There are several plugins and apps that support GPG and can automate all this work.