GPG or Gnu Privacy Guard is an open source implementation of PGP (RFC4880)

Posted April 4, 2021 by Adrian Wyssmann

Generate GPG Keys

Command Description
gpg --gen-key Create a public/private keypair using a minimal dialog using defaults, only asking for key identifiers
See official docu
gpg --full-gen-key
gpg --full-generate-key
Create a public/private keypair using a full featured key generation dialog
  • key type (RSA, DSA)
  • Key size (1024-4096 bits)
  • Key expiring
  • Key identifiers like name, etc

See official docu

List Keys and Export

In order not to loose access to your encrypted data, you eventually would like to export your keys. Per default a key is exported in binary OpenPGP format, but you also can export as ASCII armored output.

Command Description
gpg --list-keys List Public Keys
gpg --list-secret-keys List Secret Keys
gpg --output public.pgp --armor --export [KEYID] Export Public Key as armored ASCII
gpg --output public.pgp --export-secret-key --export [KEYID] Export Secret Key
gpg --list-secret-keys --with-colons | awk -F: '$1 == "sec" {print $5}'1

Delete Keys

Command Description
gpg --delete-key [KEYID] Delete public key
gpg --delete-secret-key [KEYID] Delete private key

Import and use other keys

Command Description
gpg --import public.key Add the certificate to your collection of public keys, usually you’ll download a correspondent’s certificate from a keyserver
gpg --allow-secret-key-import --import private.key Import a private key
gpg --keyserver --recv-key [fingerprint] retrieve a certificate if I already know its fingerprint
gpg --keyserver --search [email address, name, key ID, etc. Search for other user’s certificates on the public keyserevers - accessible under the collective hostname

Other useful commands

Command Description
gpg --fingerprint List all keys with their fingerprints
gpg -e -u [KEYID Sender] -r [KEYID receiver] [file-to-encrypt] Encrypts a file for a particular list of recipients. The encrypted file will have the ending .gpg
gpg -d [file-to-decrypt] Decrypt an encrypted file using your secret key


Command Description
git config --global user.signingkey 0A46826A The GPG key used for signing your commits
git tag -s v1.5 -m 'my signed 1.5 tag' Sign new tags
git commit -a -S -m 'Signed commit' Sign a commit
git log --pretty="format:%h %G? %aN %s" check any signatures it finds and list them in its output
git config user.signingkey [KEYID] Defined the key to use for signing commits
git config --global commit.gpgsign true Set signing of commits globally

Edit this page