gnupg¶

Add below in .bashrc before you doing anything else¶

export GPG_TTY=$(tty)

Print Version¶

gpg --version

Test Clearsign¶

echo "test" | gpg --clearsign

Print keyID (we need for mutt)¶

gpg --list-keys --with-colons <keyid>  | awk -F: '/^pub:/ { print $5 }'

Easier way to get keyid¶

gpg --list-signatures

Short key behind sub¶

gpg --list-keys --keyid-format SHORT

Long key¶

gpg --list-keys --keyid-format LONG

Generate a new key¶

gpg --full-generate-key

List keys¶

gpg -k

List keys¶

gpg --list-keys

List the keys in your secret key ring:¶

gpg --list-secret-keys

Export gpg key¶

gpg -o key.gpg --export <KEY ID>   
gpg -o key.asc --armor --export <KEY ID>

Import keys¶

gpg --import key.gpg
gpg --import key.asc

This will produce an encrypted file, secret.txt. gpg, that can only be decrypted by the recipient¶

gpg -e -o secret.txt.gpg -r <RECIPIENT> secret.txt

Decrypting a file¶

gpg -d -o secret.txt secret.txt.gpg

Create a tarball and encrypt it¶

tar czvpf - foo.txt| gpg --symmetric --cipher-algo TWOFISH -o foo.txt.tar.gz

Decrypt and untar¶

gpg -d foo.txt.tar.gz.gpg | tar xzvf -
```sh
#### Encrypt file using a shared key. You will be prompted for a passphrase.       

```sh
gpg -c secret.txt

Sign a file¶

gpg -o signed-file.txt.gpg -s file.txt

Import keys from keyserver¶

gpg --receive-keys <KEY IDS>

Upload keys to keyserver¶

gpg --send-keys <KEY IDS>

Request updates from keyserver for keys already in your keyring¶

gpg --refresh-keys

Search keys from keyserver:¶

gpg --search-keys "<SEARCH STRING>"

Override keyserver from `~/.gnupg/` to `gpg.conf`¶

gpg --keyserver <URL> ...

Only merge updates for keys already in key-ring:¶

gpg --import key.asc --merge-options merge-only

Trusting a key¶

gpg --edit-key <KEY ID>                                                                  
gpg> sign                                                                                
gpg> save

Create a text file with the your messagage, save it to test.txt. Now we want to manual sign it¶

gpg --clearsign test.txt

After entering password, we will get a new file named text.txt.asc, its signed, now we also want to verify this¶

gpg --verify test.txt.asc

For encrypt our file¶

gpg --encrypt --armor test.txt

For decrypt our file¶

gpg --decrypt encrypted.file

Send key to key servers¶

gpg --export-options export-minimal --export  <KEY IDS> | curl -T - https://keys.openpgp.org

Backup Key¶

gpg -o wuseman.gpg --export-options backup --export-secret-keys wuseman@nr1.nu

Restore Backup¶

gpg --import-options restore --import wuseman.gpg

Get some more info then keyid¶

gpg --list-packets backups/gnupg/<KEY IDS>.asc

Get keyid¶

gpg --list-packets ~/backups/gnupg/<KEY IDS>.asc  | awk '$1=="keyid:"{print$2}'

Delete key¶

gpg --delete-secret-keys <KEY IDS>

Last update: August 10, 2022
Created: August 10, 2022

gnupg¶

Add below in .bashrc before you doing anything else¶

Print Version¶

Test Clearsign¶

Print keyID (we need for mutt)¶

Easier way to get keyid¶

Short key behind sub¶

Long key¶

Generate a new key¶

List keys¶

List keys¶

List the keys in your secret key ring:¶

Export gpg key¶

Import keys¶

This will produce an encrypted file, secret.txt. gpg, that can only be decrypted by the recipient¶

Decrypting a file¶

Create a tarball and encrypt it¶

Decrypt and untar¶

Sign a file¶

Import keys from keyserver¶

Upload keys to keyserver¶

Request updates from keyserver for keys already in your keyring¶

Search keys from keyserver:¶

Override keyserver from ~/.gnupg/ to gpg.conf¶

Only merge updates for keys already in key-ring:¶

Trusting a key¶

Create a text file with the your messagage, save it to test.txt. Now we want to manual sign it¶

After entering password, we will get a new file named text.txt.asc, its signed, now we also want to verify this¶

For encrypt our file¶

For decrypt our file¶

Send key to key servers¶

Backup Key¶

Restore Backup¶

Get some more info then keyid¶

Get keyid¶

Delete key¶

Override keyserver from `~/.gnupg/` to `gpg.conf`¶