# gpg(1) ``` gpg -o|--output Specify output file -a|--armor Create ascii output -u|--local-user Specify key for signing -r|--recipient Encrypt for user ``` ## Generate new keypair ```bash gpg --full-generate-key ``` ## List keys ``` gpg -k / --list-key # public keys gpg -K / --list-secret-keys # secret keys ``` ## Edit keys ```bash gpg --edit-key ``` Gives prompt to modify `KEY ID`, common commands: ```bash help show help save save & quit list list keys and user IDs key select subkey uid select user ID expire change expiration of selected key adduid add user ID deluid delete selected user ID addkey add subkey delkey delete selected subkey ``` ## Export & Import Keys ```bash gpg --export --armor --output gpg --export-secret-key --armor --output gpg --import ``` ## Search & Send keys ```bash gpg --keyserver --send-keys gpg --keyserver --search-keys ``` ## Encrypt (passphrase) Encrypt file using `passphrase` and write encrypted data to `.gpg`. ```bash gpg --symmetric # Decrypt using passphrase gpg -o --decrypt .gpg ``` ## Encrypt (public key) Encrypt file with `public key` of specified `recipient` and write encrypted data to `.gpg`. ```bash gpg --encrypt -r foo@bar.de # Decrypt at foos side (private key required) gpg -o --decrypt .gpg ``` ## Signing Generate a signed file and write to `.gpg`. ```bash # Sign with private key of foo@bar.de gpg --sign -u foor@bar.de # Verify with public key of foo@bar.de gpg --verify # Extract content from signed file gpg -o --decrypt .gpg ``` > Without `-u` use first private key in list `gpg -K` for signing. Files can also be `signed` and `encrypted` at once, gpg will first sign the file and then encrypt it. ```bash gpg --sign --encrypt -r ``` ## Signing (detached) Generate a `detached` signature and write to `.asc`. Send `.asc` along with `` when distributing. ```bash gpg --detach-sign --armor -u foor@bar.de # Verify gpg --verify .asc ``` > Without `-u` use first private key in list `gpg -K` for signing. ## Abbreviations - `sec` secret key - `ssb` secret subkey - `pub` public key - `sub` public subkey ## Keyservers - http://pgp.mit.edu - http://keyserver.ubuntu.com - hkps://pgp.mailbox.org