Skip to content

Instantly share code, notes, and snippets.

Last active November 18, 2023 19:11
Show Gist options
  • Save sepehr/5a2a8949afa7e74d0118 to your computer and use it in GitHub Desktop.
Save sepehr/5a2a8949afa7e74d0118 to your computer and use it in GitHub Desktop.
PGP Guide

PGP Guide


PGP can refer to two things:

The Pretty Good Privacy software originally written by Phil Zimmermann, and now owned by Symantec. The formats for keys, encrypted messages and message signatures defined by that software. These have now been formalised as the OpenPGP standard. The GPG software is an independent implementation of the OpenPGP standards, so you can use it to exchange encrypted messages with people using other OpenPGP implementations (e.g. Symantec's PGP).

Due to its popularity on Linux systems, it is also fairly common for people to incorrectly use the term "GPG" to refer to the whole OpenPGP cryptography system (e.g. "GPG keys" or "GPG signatures"). It is usually pretty clear what they mean from the context though.

File extensions

  • .gpg and .pgp extensions are for binaries.
  • .txt and .asc are for ASCII files (armored).


brew install gnupg

# Ubuntu
apt-get install gnupg 

# RedHat/Fedora/CentOS
yum install gnupg


Generating new keys

gpg --gen-key

The first key is your private (or secret) key. You must keep this private key safe at all times, and you must not share it with anyone. The private key is protected with a password. The second key is your public key, which you can safely share with other people. Anything that is encrypted using the public key can only be decrypted with the related private key.

Listing keys

# List private keys 
gpg --list-secret-keys

# List public keys
gpg --list-keys

# Outputs:  
#  pub   4096R/F9C3014D 2014-09-18  
#  uid   Sep Lasemi <>  
#  sub   4096R/57B451B8 2014-09-18  
# Which translates to:
# - pub:                  Public key  
# - 4096R:                 The number of bits in the key, and the type (RSA)  
# - F9C3014D:              The key ID  
# - 2014-09-18:            The date of key creation  
# - Sep Lasemi:            Real name  
# - <>: And the email 

Deleting keys

gpg --delete-keys

Trusting keys

gpg --edit-key

trust (invoke trust subcommand on the key)
5 (ultimate trust)
y (if prompted)


Others keys

# 1. Import
# When you import a public key, you are placing it into what is commonly referred to as the "GPG keyring"
gpg --import someone.asc

# 2. Export someone's key
gpg --export --armor > someone.asc

Keyrings Backup/Restore

Method 1

## 1. Export
cp ~/.gnupg/pubring.gpg /path/to/backups/
cp ~/.gnupg/secring.gpg /path/to/backups/
cp ~/.gnupg/trustdb.gpg /path/to/backups/

# Or, instead of backing up the trustdb
gpg --export-ownertrust > ownertrust.txt

## 2. Import
cp /path/to/backups/*.gpg ~/.gnupg/

# or, if you exported the ownertrust
gpg --import-ownertrust ownertrust.txt

Method 2

This only really works if you don't mind losing any other keys (than your own).

# 1. Export
gpg --export --armor > public.asc
gpg --export-secret-keys --armor > private.asc
gpg --export-ownertrust > ownertrust.txt

# 2. Import
# Imports the public as well
gpg --import --armor private.asc
gpg --import-ownertrust ownertrust.txt


# Encrypts a file to lasemi@nogmail without signing it, author will be unknown.
gpg --encrypt --recipient file.txt

# Encrypts and signs the message with author private key
gpg --encrypt --sign --recipient file.txt

# Decrypt 
gpg --decrypt file.gpg

Exporting public key to keyserver

gpg --send-key [--keyserver]

Generating revoke certificates

Revoke certificates are required when we need to remove our key from keyservers and literally revoking the certificate.

gpg --gen-revoke

Here's a sample revoke certificate:

Revocation certificate created.

Please move it to a medium which you can hide away; if Mallory gets
access to this certificate he can use it to make your key unusable.
It is smart to print this certificate and store it away, just in case
your media become unreadable.  But have some caution:  The print system of
your machine might store the data and make it available to others!
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: A revocation certificate should follow



Difference between PGP and GPG

Instructions for exporting/importing (backup/restore) GPG keys

How To Use GPG to Encrypt and Sign Messages

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment