GPG Quick Reference

gpg-reference.md

Quick Reference

Help text:

gilani@ava$ gpg --version
gpg (GnuPG) 2.0.22
libgcrypt 1.5.3
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ?, ?
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

gilani@ava$ gpg --help
Syntax: gpg [options] [files]


Commands:

 -s, --sign [file]             make a signature
     --clearsign [file]        make a clear text signature
 -b, --detach-sign             make a detached signature
 -e, --encrypt                 encrypt data
 -c, --symmetric               encryption only with symmetric cipher
 -d, --decrypt                 decrypt data (default)
     --verify                  verify a signature
     --list-keys               list keys
     --list-sigs               list keys and signatures
     --check-sigs              list and check key signatures
     --fingerprint             list keys and fingerprints
 -K, --list-secret-keys        list secret keys
     --gen-key                 generate a new key pair
     --delete-keys             remove keys from the public keyring
     --delete-secret-keys      remove keys from the secret keyring
     --sign-key                sign a key
     --lsign-key               sign a key locally
     --edit-key                sign or edit a key
     --gen-revoke              generate a revocation certificate
     --export                  export keys
     --send-keys               export keys to a key server
     --recv-keys               import keys from a key server
     --search-keys             search for keys on a key server
     --refresh-keys            update all keys from a keyserver
     --import                  import/merge keys
     --card-status             print the card status
     --card-edit               change data on a card
     --change-pin              change a card's PIN
     --update-trustdb          update the trust database
     --print-md algo [files]   print message digests

Options:

 -a, --armor                   create ascii armored output
 -r, --recipient NAME          encrypt for NAME
 -u, --local-user              use this user-id to sign or decrypt
 -z N                          set compress level N (0 disables)
     --textmode                use canonical text mode
 -o, --output                  use as output file
 -v, --verbose                 verbose
 -n, --dry-run                 do not make any changes
 -i, --interactive             prompt before overwriting
     --openpgp                 use strict OpenPGP behavior
     --pgp2                    generate PGP 2.x compatible messages

(See the man page for a complete listing of all commands and options)

Examples:

 -se -r Bob [file]          sign and encrypt for user Bob
 --clearsign [file]         make a clear text signature
 --detach-sign [file]       make a detached signature
 --list-keys [names]        show keys
 --fingerprint [names]      show fingerprints

Key Management

Create a key pair

gpg --gen-key

Create a Revocation Certificate

gpg --gen-revoke your_email@address.com

Exporting your public key

gpg --armor --export your_email@address.com

Import Public Key

gpg --import name_of_pub_key_file

Search a key server from within GPG

gpg --keyserver pgp.mit.edu  --search-keys search_parameters

There are a number of procedures that you may need to use on a regular basis to manage your key database.

List available GPG keys

gpg --list-keys

Your key information can become outdated if you are relying on information pulled from public key servers. You do not want to be relying on revoked keys, because that would mean you are trusting potentially compromised keys. You can update the key information by issuing:

gpg --refresh-keys

This will fetch new information from the key servers.

You can pull information from a specific key server by using:

gpg --keyserver key_server --refresh-keys

Look up key ID by typing:

gpg --list-keys your_email@address.com

To upload your key to a certain key server, you can then use this syntax:

gpg --send-keys --keyserver pgp.mit.edu key_id

How To Verify and Sign Keys

Verify the Other Person's Identity via Key Fingerprint:

gpg --fingerprint your_email@address.com

Signing a key

gpg --sign-key email@example.com`
 # You should allow the person whose key you are signing the advantages of your
 # trusted relationship by sending them back the signed key. You can do this by
 # typing:
gpg --export --armor email@example.com
 # When they receive this new, signed key, they can import it, adding on the
 # signing information you've generated, into their GPG database. They can do
 # this by typing:
 # gpg --import file_name

Encrypt and Decrypt Messages with GPG

Encrypt Messages

gpg --encrypt --sign --armor -r person@email.com name_of_file

The parameters basically encrypt the email, sign it with your private key to guarantee that it is coming from you, and generates the message in a text format instead of raw bytes.

You should also include a second "-r" recipient with your own email address if you want to be able to read the message ever. This is because the message will be encrypted with each person's public key, and will only be able to be decrypted with the associated private key.

So, if only encrypted with the other party's public key, you would not be able to view the message again, unless you somehow obtained their private key. Adding yourself as a second recipient encrypts the message two separate times, one for each recipient.

Decrypt Messages

gpg file_name

# or

gpg # Raw text, end with CTRL-D