Finding your way around GPG

GPG is pretty fiddly to work with in the command line (you’re generally better off using something like Enigmail in Thunderbird), so here’s an overview of the various functions.

-a == --armor
-r == --recipient
-u == --local-user
-o == --output
-e == --encrypt
-s == --sign
-b == --detach-sign
-d == --decrypt
-c == --symmetric (encryption)

List keys

gpg --list-keys

or

gpg --list-secret-keys

Export keys

gpg --armor --export user@doma.in

or to file:

gpg --armor --output file.name --export user@doma.in

(secret keys):

gpg --armor --export-secret-keys user@doma.in
gpg --armor --output file.name --export-secret-keys user@doma.in

to encrypt the output file with symmetric crypto:

gpg --armor --export-secret-keys user@doma.in | gpg --armor --symmetric --output file.name

Generate a Revocation Certificate

gpg --armor --output revcert.asc --gen-revoke XXXXXX

Uploading Keys

gpg (--keyserver serverurl) --send-keys XXXXXX

Downloading Keys

gpg (--keyserver serverurl) --recv-key XXXXX

or

gpg (--keyserver serverurl) --search-keys user@doma.in

Importing Keys

gpg --import public.key
gpg --allow-secret-key-import --import secret.key

Deleting Keys

gpg --delete-key "keyname"
gpg --delete-secret-key "keyname"

Decrypt

gpg --decrypt encrypted_file.ext

Encrypt

gpg --encrypt (--local-user "sending key") --recipient "rec key" file_to_encrypt.ext

The –edit-key menu
Remember to ‘save’ when finished here.
* denotes only available for secret keys.

fpr - show fingerprint
list - list key and user IDs
uid - select a UID N
key - select subkey N
check - check signatures
sign - sign a key
  prefix with l for local sign
  prefix with t for trust sign
  prefix with nr for nonrevocable sign
adduid*
addphoto*
deluid - delete user ID
addkey*
addcardkey*
keytocard*
bkuptocard*
delkey - delete selected key
addrevoker*
delsig - delete signature
expire*
primary* - set selected UID as primary
toggle* - toggle between secret and public key listings
showpref - show preferences
setpref*
keyserver*
notation*
passwd* - set passphrase
trust - change ownertrust
revsig - revoke signature on the selected UIDs
revuid* - revoke uid
revkey* - revoke key
showphoto - show selected photo IDs

(for keytocard, see this post)

Leave a Reply