gpg cmd

a short intro to gpg

GnuPG is a free implementation of OpenPGP. GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP).GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories.

Tip: Read Manpages under /usr/share/doc/gnupg/*

# list secret keys
> gpg --list-secret-keys
> gpg -K

# list public keys
> gpg --list-keys
> gpg -k

# generate key
> gpg --full-generate-key # > 1 > 4096 > 1y > ... > strongpassword

# show fingerprint
> gpg --fingerprint <KEY_ID>

# export public key in file
> gpg -a --output gpg-key.asc --export <KEY_ID>

# create revoke certificate
> gpg --output revoke_ident.asc --gen-revoke <KEY_ID>

# revoke certificate
> gpg --gen-revoke <KEY_ID> > {1,2,3}

# import public keyfile
> gpg --import /path/to/gpg-key.asc

# sign imported public key
> gpg --sign-key <KEY_ID>

# edit key
> gpg --edit-key <KEY_ID>
  # to add email alias:
  # gpg> adduid
  # Real Name: <name>
  # Email address: <email>
  # Comment: <comment or Return to none>
  # Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
  # Enter passphrase: <password>
  # gpg> uid <uid>
  # gpg> trust
  # Your decision? 5
  # Do you really want to set this key to ultimate trust? (y/N) y
  # gpg> save

# delete private key
> gpg --delete-secret-keys <KEY_ID>

# delete public key
> gpg --delete-keys <KEY_ID>

# encrypt files
> gpg --encrypt --sign --armor -r XXXXXXXXXXXXXXXXXXXXXXXXXXX /foo/bar

# upload public key to openpgp keyserver
> gpg --export your_address@example.net \
  | curl -T - https://keys.openpgp.org