$ gpg --full-gen-key
That command will run you through a series of interactive options on the command line:
- Select what kind of key you want: choose
(1) RSA and RSA
- What key size do you want?:
4096
- Specify how long the key should be valid:
3m
- Real name:
alice
- Email Address:
alice@cyb.org
- Comment:
my-gpg
- Password:
pass
$ gpg --list-keys
$ gpg --delete-key alice@cyb.org
Exporting as binary format
$ gpg --output alice.gpg --export alice@cyb.org
Exporting in ASCII format
$ gpg --armor --output mypubkey.asc --export alice@cyb.org
$ gpg --import blake.gpg
Encrypting a file called doc
$ gpg --output doc.gpg --encrypt --recipient alice@cyb.org doc
Decrypting a file called doc.gpg
in a file called doc
$ gpg --output doc --decrypt doc.gpg
The command-line option --sign
is used to make a digital signature.
The document to sign is input, and the signed document is output.
$ gpg --output doc.sig --sign doc
The document is compressed before signed, and the output is in binary format.
Given a signed document, you can either check the signature or check the signature and recover the original document.
To check the signature use the --verify
option. To verify the signature and extract the document use the --decrypt
option. The signed document to verify and recover is input and the recovered document is output.
$ gpg --output doc --decrypt doc.sig
A signed document has limited usefulness. Other users must recover the original document from the signed version,
and even with clearsigned documents, the signed document must be edited to recover the original. Therefore, there is
a third method for signing a document that creates a detached signature.
A detached signature is created using the --detach-sig
option.
$ gpg --output doc.sig --detach-sig doc
Both the document and detached signature are needed to verify the signature. The --verify
option can be to check the signature.
$ gpg --verify doc.sig doc