Skip to content

gnupg

Add below in .bashrc before you doing anything else

export GPG_TTY=$(tty)
gpg --version

Test Clearsign

echo "test" | gpg --clearsign
gpg --list-keys --with-colons <keyid>  | awk -F: '/^pub:/ { print $5 }'   

Easier way to get keyid

gpg --list-signatures               

Short key behind sub

gpg --list-keys --keyid-format SHORT 

Long key

gpg --list-keys --keyid-format LONG       

Generate a new key

gpg --full-generate-key               

List keys

gpg -k 

List keys

gpg --list-keys      

List the keys in your secret key ring:

gpg --list-secret-keys

Export gpg key

gpg -o key.gpg --export <KEY ID>   
gpg -o key.asc --armor --export <KEY ID>       

Import keys

gpg --import key.gpg
gpg --import key.asc  

This will produce an encrypted file, secret.txt. gpg, that can only be decrypted by the recipient

gpg -e -o secret.txt.gpg -r <RECIPIENT> secret.txt    

Decrypting a file

gpg -d -o secret.txt secret.txt.gpg     

Create a tarball and encrypt it

tar czvpf - foo.txt| gpg --symmetric --cipher-algo TWOFISH -o foo.txt.tar.gz

Decrypt and untar

gpg -d foo.txt.tar.gz.gpg | tar xzvf -
```sh
#### Encrypt file using a shared key. You will be prompted for a passphrase.       

```sh
gpg -c secret.txt 

Sign a file

gpg -o signed-file.txt.gpg -s file.txt

Import keys from keyserver

gpg --receive-keys <KEY IDS>

Upload keys to keyserver

gpg --send-keys <KEY IDS>   

Request updates from keyserver for keys already in your keyring

gpg --refresh-keys         

Search keys from keyserver:

gpg --search-keys "<SEARCH STRING>"     

Override keyserver from ~/.gnupg/ to gpg.conf

gpg --keyserver <URL> ...                  

Only merge updates for keys already in key-ring:

gpg --import key.asc --merge-options merge-only                                            

Trusting a key

gpg --edit-key <KEY ID>                                                                  
gpg> sign                                                                                
gpg> save                                                                                   

Create a text file with the your messagage, save it to test.txt. Now we want to manual sign it

gpg --clearsign test.txt

After entering password, we will get a new file named text.txt.asc, its signed, now we also want to verify this

gpg --verify test.txt.asc

For encrypt our file

gpg --encrypt --armor test.txt

For decrypt our file

gpg --decrypt encrypted.file

Send key to key servers

gpg --export-options export-minimal --export  <KEY IDS> | curl -T - https://keys.openpgp.org

Backup Key

gpg -o wuseman.gpg --export-options backup --export-secret-keys wuseman@nr1.nu

Restore Backup

gpg --import-options restore --import wuseman.gpg

Get some more info then keyid

gpg --list-packets backups/gnupg/<KEY IDS>.asc 

Get keyid

gpg --list-packets ~/backups/gnupg/<KEY IDS>.asc  | awk '$1=="keyid:"{print$2}'

Delete key

gpg --delete-secret-keys <KEY IDS>

Last update: August 10, 2022
Created: August 10, 2022