From b7f4aee7a60b03db06475f2a017706494d9a2d44 Mon Sep 17 00:00:00 2001
From: johannst <johannes.stoelp@gmail.com>
Date: Sat, 19 Dec 2020 00:42:07 +0100
Subject: added gpg cheatsheet

---
 src/tools/gpg.md | 114 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 114 insertions(+)
 create mode 100644 src/tools/gpg.md

(limited to 'src/tools/gpg.md')

diff --git a/src/tools/gpg.md b/src/tools/gpg.md
new file mode 100644
index 0000000..4e7c73a
--- /dev/null
+++ b/src/tools/gpg.md
@@ -0,0 +1,114 @@
+# gpg(1)
+
+```
+gpg
+  -o|--output                 Specify output file
+  -a|--armor                  Create ascii output
+  -u|--local-user <name>      Specify key for signing
+  -r|--recipient              Encrypt for user
+```
+
+## Generate new keypair
+```bash
+gpg --full-generate-key
+```
+
+## List keys
+```
+gpg -k / --list-key               # public keys
+gpg -K / --list-secret-keys       # secret keys
+```
+
+## Edit keys
+```bash
+gpg --edit-key <KEY ID>
+```
+Gives prompt to modify `KEY ID`, common commands:
+```bash
+help         show help
+save         save & quit
+
+list         list keys and user IDs
+key <N>      select subkey <N>
+uid <N>      select user ID <N>
+
+expire       change expiration of selected key
+
+adduid       add user ID
+deluid       delete selected user ID
+
+addkey       add subkey
+delkey       delete selected subkey
+```
+
+## Export & Import Keys
+```bash
+gpg --export --armor --output <KEY.PUB> <KEY ID>
+gpg --import <FILE>
+```
+
+## Search & Send keys
+```bash
+gpg --keyserver <SERVER> --send-keys <KEY ID>
+gpg --keyserver <SERVER> --search-keys <KEY ID>
+```
+
+## Encrypt (passphrase)
+Encrypt file using `passphrase` and write encrypted data to `<file>.gpg`.
+```bash
+gpg --symmetric <file>
+
+# Decrypt using passphrase
+gpg -o <file> --decrypt <file>.gpg
+```
+
+## Encrypt (public key)
+Encrypt file with `public key` of specified `recipient` and write encrypted
+data to `<file>.gpg`.
+```bash
+gpg --encrypt -r foo@bar.de <file>
+
+# Decrypt at foos side (private key required)
+gpg -o <file> --decrypt <file>.gpg
+```
+
+## Signing
+Generate a signed file and write to `<file>.gpg`.
+```bash
+gpg --sign -u foor@bar.de <file>
+
+# Verify
+gpg --verify <file>
+
+# Extract content from signed file
+gpg -o <file> --decrypt <file>.gpg
+```
+> Without `-u` use first private key in list `gpg -K` for signing.
+
+Files can also be `signed` and `encrypted` at once, gpg will first sign the
+file and then encrypt it.
+```bash
+gpg --sign --encrypt <file>
+```
+
+## Signing (detached)
+Generate a `detached` signature and write to `<file>.asc`.
+Send `<file>.asc` along with `<file>` when distributing.
+```bash
+gpg --detach-sign --armor -u foor@bar.de <file>
+
+# Verify
+gpg --verify <file>.asc <file>
+```
+> Without `-u` use first private key in list `gpg -K` for signing.
+
+## Abbreviations
+- `sec` secret key
+- `ssb` secret subkey
+- `pub` public key
+- `sub` public subkey
+
+## Keyservers
+- http://pgp.mit.edu
+- http://keyserver.ubuntu.com
+- hkps://pgp.mailbox.org
-- 
cgit v1.2.3