gpg --list-keys --with-subkey-fingerprint
gpg --list-secret-keys
gpg --full-gen-key
Remember to save the key password somewhere safe!
If your keychain has both private & public keys, delete the private key first:
gpg --delete-secret-keys <key-id>
Then delete the public key:
gpg --delete-keys <key-id>
For encrypting & signing:
gpg --recipient <recipient-key-id> --recipient <your-key-id> --local-user <your-key-id> --sign --encrypt --armor --output encrypted.txt file-to-encrypt.txt
For encrypting:
gpg --recipient <recipient-key-id> --recipient <your-key-id> --encrypt --armor --output encrypted.txt file-to-encrypt.txt
Which produces a file encrypted.txt
. Per man gpg
, note that --local-user
specifies what key to use for signing. You add yourself as a recipient as well, optionally, in order to also be able to decrypt the encrypted message; got this idea from here. Think of the use case where you want to be able to read the encrypted emails you've sent.
gpg --decrypt encrypted.txt
gpg --export --armor <key-id> > my-public-key.txt
gpg --export-secret-key --armor <key-id> > my-private-key.txt
Warning Take care in saving this file safely.
gpg --import some-key.asc