gpg --gen-key # Generate a keypair
gpg --output my_key_revoke.asc --gen-revoke mykey # Generate a revocation certificate
gpg --output my_key.gpg --export mykey
gpg --import their_key.gpg
gpg --search-key "query"
gpg --send-key myKeyID
gpg --recv-key otherKeyID
gpg --edit-key their_key
sign # add your signature
check # list signatures
trust # set trust level
gpg --refresh-keys # Update local keys from a keyserver
gpg --edit-key my_key
uid n # Select a uid by number (* = all, 0 = none)
key n # Select a key by number (* = all, 0 = none)
expire # Add or change expiration date, if it wasn't set when the key was created
addkey # Create a new subkey to replace an expiring one
adduid # Add another id (email address) to a key
revkey # Revoke a subkey
revsig # Revoke a signature (useful for revoking the self-sig on a user id)
gpg --recipient user@example.com --output doc.txt.gpg --encrypt --sign doc.txt # Encrypt/sign with keys
gpg --output doc.txt.gpg --symetric doc.txt # Encrypt with a password
gpg --output doc.txt --decrypt doc.txt.gpg # Decrypt
gpg --output doc-signed.txt --clearsign doc.txt # ASCII sign, but don't encrypt
gpg --output doc.txt.sig --detach-sig doc.txt # Create a signature for the document
gpg --verify doc.txt.sig doc.txt
-
Trust levels:
- Unknown: initial state
- None: owner is NOT trusted
- Marginal: owner understands key signing
- Full: As good as your own signature.
-
A Key is valid if it is within five degrees of separation from you AND
- You have signed it,
- A fully trusted key has signed it or
- Three marginal keys have signed it.