blob: f79265bd02ff15da74aa27f86e38529fcf6caca0 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
# gpg(1)
```
gpg
-o|--output Specify output file
-a|--armor Create ascii output
-u|--local-user <name> Specify key for signing
-r|--recipient Encrypt for user
```
## Generate new keypair
```bash
gpg --full-generate-key
```
## List keys
```
gpg -k / --list-key # public keys
gpg -K / --list-secret-keys # secret keys
```
## Edit keys
```bash
gpg --edit-key <KEY ID>
```
Gives prompt to modify `KEY ID`, common commands:
```bash
help show help
save save & quit
list list keys and user IDs
key <N> select subkey <N>
uid <N> select user ID <N>
expire change expiration of selected key
adduid add user ID
deluid delete selected user ID
addkey add subkey
delkey delete selected subkey
```
## Export & Import Keys
```bash
gpg --export --armor --output <KEY.PUB> <KEY ID>
gpg --export-secret-key --armor --output <KEY.PUB> <KEY ID>
gpg --import <FILE>
```
## Search & Send keys
```bash
gpg --keyserver <SERVER> --send-keys <KEY ID>
gpg --keyserver <SERVER> --search-keys <KEY ID>
```
## Encrypt (passphrase)
Encrypt file using `passphrase` and write encrypted data to `<file>.gpg`.
```bash
gpg --symmetric <file>
# Decrypt using passphrase
gpg -o <file> --decrypt <file>.gpg
```
## Encrypt (public key)
Encrypt file with `public key` of specified `recipient` and write encrypted
data to `<file>.gpg`.
```bash
gpg --encrypt -r foo@bar.de <file>
# Decrypt at foos side (private key required)
gpg -o <file> --decrypt <file>.gpg
```
## Signing
Generate a signed file and write to `<file>.gpg`.
```bash
# Sign with private key of foo@bar.de
gpg --sign -u foor@bar.de <file>
# Verify with public key of foo@bar.de
gpg --verify <file>
# Extract content from signed file
gpg -o <file> --decrypt <file>.gpg
```
> Without `-u` use first private key in list `gpg -K` for signing.
Files can also be `signed` and `encrypted` at once, gpg will first sign the
file and then encrypt it.
```bash
gpg --sign --encrypt -r <recipient> <file>
```
## Signing (detached)
Generate a `detached` signature and write to `<file>.asc`.
Send `<file>.asc` along with `<file>` when distributing.
```bash
gpg --detach-sign --armor -u foor@bar.de <file>
# Verify
gpg --verify <file>.asc <file>
```
> Without `-u` use first private key in list `gpg -K` for signing.
## Abbreviations
- `sec` secret key
- `ssb` secret subkey
- `pub` public key
- `sub` public subkey
## Keyservers
- http://pgp.mit.edu
- http://keyserver.ubuntu.com
- hkps://pgp.mailbox.org
|
