Make sure you (and/or your database server) are in a country where encryption is not illegal-it still is in some countries.
In order to create and manage PGP keys, you also need the well-known GnuPG command-line utility, which is available on practically all distributions.
pgcrypto is part of the contrib collection. Starting from version 10, on Debian and Ubuntu is part of the main postgresql-10 server package, while in previous versions there was a separate package, for example, postgresql-contrib-9.6.
Install it on the database in which you want to use it, following the Adding an external module to PostgreSQL recipe from Chapter 3, Configuration.
You also need to have PGP keys set up:
pguser@laptop:~$ gpg --gen-key
Answer some questions here (the defaults are OK, unless you are an expert), select the key type as DSA and Elgamal, and enter an empty password.
Now, export the keys:
pguser@laptop:~$ gpg -a --export “PostgreSQL User (test key for PG Cookbook) <pguser@somewhere.net>“ > public.key
pguser@laptop:~$ gpg -a --export-secret-keys “PostgreSQL User (test key for PG Cookbook) <pguser@somewhere.net>“ > secret.key
Make sure only you and the postgres database user have access to the secret key:
pguser@laptop:~$ sudo chgrp postgres secret.key
pguser@laptop:~$ chmod 440 secret.key
pguser@laptop:~$ ls -l *.key
-rw-r--r-- 1 pguser pguser 1718 2016-03-26 13:53 public.key
-r--r----- 1 pguser postgres 1818 2016-03-26 13:54 secret.key
Last, but not least, make a copy of the public and the secret key; if you lose them, you'll lose the ability to encrypt/decrypt.