$ gpg --full-gen-keyThat command will run you through a series of interactive options on the command line:
- Select what kind of key you want: choose
(1) RSA and RSA - What key size do you want?:
4096 - Specify how long the key should be valid:
3m - Real name:
alice - Email Address:
alice@cyb.org - Comment:
my-gpg - Password:
pass
$ gpg --list-keys$ gpg --delete-key alice@cyb.orgExporting as binary format
$ gpg --output alice.gpg --export alice@cyb.orgExporting in ASCII format
$ gpg --armor --output mypubkey.asc --export alice@cyb.org$ gpg --import blake.gpgEncrypting a file called doc
$ gpg --output doc.gpg --encrypt --recipient alice@cyb.org docDecrypting a file called doc.gpg in a file called doc
$ gpg --output doc --decrypt doc.gpgThe command-line option --sign is used to make a digital signature.
The document to sign is input, and the signed document is output.
$ gpg --output doc.sig --sign docThe document is compressed before signed, and the output is in binary format.
Given a signed document, you can either check the signature or check the signature and recover the original document.
To check the signature use the --verify option. To verify the signature and extract the document use the --decrypt
option. The signed document to verify and recover is input and the recovered document is output.
$ gpg --output doc --decrypt doc.sigA signed document has limited usefulness. Other users must recover the original document from the signed version,
and even with clearsigned documents, the signed document must be edited to recover the original. Therefore, there is
a third method for signing a document that creates a detached signature.
A detached signature is created using the --detach-sig option.
$ gpg --output doc.sig --detach-sig docBoth the document and detached signature are needed to verify the signature. The --verify option can be to check the signature.
$ gpg --verify doc.sig doc