Help text:
gilani@ava$ gpg --version
gpg (GnuPG) 2.0.22
libgcrypt 1.5.3
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ?, ?
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
gilani@ava$ gpg --help
Syntax: gpg [options] [files]
Commands:
-s, --sign [file] make a signature
--clearsign [file] make a clear text signature
-b, --detach-sign make a detached signature
-e, --encrypt encrypt data
-c, --symmetric encryption only with symmetric cipher
-d, --decrypt decrypt data (default)
--verify verify a signature
--list-keys list keys
--list-sigs list keys and signatures
--check-sigs list and check key signatures
--fingerprint list keys and fingerprints
-K, --list-secret-keys list secret keys
--gen-key generate a new key pair
--delete-keys remove keys from the public keyring
--delete-secret-keys remove keys from the secret keyring
--sign-key sign a key
--lsign-key sign a key locally
--edit-key sign or edit a key
--gen-revoke generate a revocation certificate
--export export keys
--send-keys export keys to a key server
--recv-keys import keys from a key server
--search-keys search for keys on a key server
--refresh-keys update all keys from a keyserver
--import import/merge keys
--card-status print the card status
--card-edit change data on a card
--change-pin change a card's PIN
--update-trustdb update the trust database
--print-md algo [files] print message digests
Options:
-a, --armor create ascii armored output
-r, --recipient NAME encrypt for NAME
-u, --local-user use this user-id to sign or decrypt
-z N set compress level N (0 disables)
--textmode use canonical text mode
-o, --output use as output file
-v, --verbose verbose
-n, --dry-run do not make any changes
-i, --interactive prompt before overwriting
--openpgp use strict OpenPGP behavior
--pgp2 generate PGP 2.x compatible messages
(See the man page for a complete listing of all commands and options)
Examples:
-se -r Bob [file] sign and encrypt for user Bob
--clearsign [file] make a clear text signature
--detach-sign [file] make a detached signature
--list-keys [names] show keys
--fingerprint [names] show fingerprints
Create a key pair
gpg --gen-key
Create a Revocation Certificate
gpg --gen-revoke your_email@address.com
Exporting your public key
gpg --armor --export your_email@address.com
Import Public Key
gpg --import name_of_pub_key_file
Search a key server from within GPG
gpg --keyserver pgp.mit.edu --search-keys search_parameters
There are a number of procedures that you may need to use on a regular basis to manage your key database.
List available GPG keys
gpg --list-keys
Your key information can become outdated if you are relying on information pulled from public key servers. You do not want to be relying on revoked keys, because that would mean you are trusting potentially compromised keys. You can update the key information by issuing:
gpg --refresh-keys
This will fetch new information from the key servers.
You can pull information from a specific key server by using:
gpg --keyserver key_server --refresh-keys
Look up key ID by typing:
gpg --list-keys your_email@address.com
To upload your key to a certain key server, you can then use this syntax:
gpg --send-keys --keyserver pgp.mit.edu key_id
Verify the Other Person's Identity via Key Fingerprint:
gpg --fingerprint your_email@address.com
Signing a key
gpg --sign-key email@example.com`
# You should allow the person whose key you are signing the advantages of your
# trusted relationship by sending them back the signed key. You can do this by
# typing:
gpg --export --armor email@example.com
# When they receive this new, signed key, they can import it, adding on the
# signing information you've generated, into their GPG database. They can do
# this by typing:
# gpg --import file_name
Encrypt Messages
gpg --encrypt --sign --armor -r person@email.com name_of_file
The parameters basically encrypt the email, sign it with your private key to guarantee that it is coming from you, and generates the message in a text format instead of raw bytes.
You should also include a second "-r" recipient with your own email address if you want to be able to read the message ever. This is because the message will be encrypted with each person's public key, and will only be able to be decrypted with the associated private key.
So, if only encrypted with the other party's public key, you would not be able to view the message again, unless you somehow obtained their private key. Adding yourself as a second recipient encrypts the message two separate times, one for each recipient.
Decrypt Messages
gpg file_name
# or
gpg # Raw text, end with CTRL-D