gpg
GPG or Gnu Privacy Guard is an open source implementation of PGP (RFC4880)
Posted October 15, 2021 by Adrian Wyssmann
Generate GPG Keys#
Command
Description
gpg --gen-key
Create a public/private keypair using a minimal dialog using defaults, only asking for key identifiers See official docu
gpg --full-gen-key
gpg --full-generate-key
Create a public/private keypair using a full featured key generation dialogkey type (RSA, DSA) Key size (1024-4096 bits) Key expiring Key identifiers like name, etc See official docu
List Keys and Export#
In order not to loose access to your encrypted data, you eventually would like to export your keys. Per default a key is exported in binary OpenPGP format, but you also can export as ASCII armored output.
Command
Description
gpg --list-keys
List Public Keys
gpg --list-secret-keys
List Secret Keys
gpg --output public.pgp --armor --export [KEYID]
Export Public Key as armored ASCII
gpg --output public.pgp --export-secret-key --export [KEYID]
Export Secret Key
gpg --list-secret-keys --with-colons | awk -F: '$1 == "sec" {print $5}'
1
Delete Keys#
Command
Description
gpg --delete-key [KEYID]
Delete public key
gpg --delete-secret-key [KEYID]
Delete private key
Import and use other keys#
Command
Description
gpg --import public.key
Add the certificate to your collection of public keys, usually you’ll download a correspondent’s certificate from a keyserver
gpg --allow-secret-key-import --import private.key
Import a private key
gpg --keyserver pool.sks-keyservers.net --recv-key [fingerprint]
retrieve a certificate if I already know its fingerprint
gpg --keyserver pool.sks-keyservers.net --search [email address, name, key ID, etc.
Search for other user’s certificates on the public keyserevers - accessible under the collective hostname pool.sks-keyservers.net
Other useful commands#
Command
Description
gpg --fingerprint
List all keys with their fingerprints
gpg -e -u [KEYID Sender] -r [KEYID receiver] [file-to-encrypt]
Encrypts a file for a particular list of recipients. The encrypted file will have the ending .gpg
gpg -d [file-to-decrypt]
Decrypt an encrypted file using your secret key
Git#
Command
Description
git config --global user.signingkey 0A46826A
The GPG key used for signing your commits
git tag -s v1.5 -m 'my signed 1.5 tag'
Sign new tags
git commit -a -S -m 'Signed commit'
Sign a commit
git log --pretty="format:%h %G? %aN %s"
check any signatures it finds and list them in its output
git config user.signingkey [KEYID]
Defined the key to use for signing commits
git config --global commit.gpgsign true
Set signing of commits globally
Edit this page