Generate key pair
gpg --full-generate-key
------------------------
gpg (GnuPG) 2.2.17; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: Yuri Alek
Email address:
Comment: Example keys
You selected this USER-ID:
"Yuri Alek (Example keys)"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
[...]
gpg: key AA21250888469FBC marked as ultimately trusted
gpg: directory '/home/yu/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/yu/.gnupg/openpgp-revocs.d/69215DC44E8303C83090F2F1AA21250888469FBC.rev'
public and secret key created and signed.
pub rsa4096 2019-08-15 [SC]
69215DC44E8303C83090F2F1AA21250888469FBC
uid Yuri Alek (Example keys)
sub rsa4096 2019-08-15 [E]
Other ways
Edit key
List key IDs
List secret keys. Your keys.
gpg --list-secret-keys --keyid-format LONG
------------------------------------------
sec rsa4096/AA21250888469FBC 2019-08-15 [SC]
69215DC44E8303C83090F2F1AA21250888469FBC
uid [ultimate] Yuri Alek (Example keys)
ssb rsa4096/118727056C98BE57 2019-08-15 [E]
gpg -K
---
sec rsa4096 2019-08-15 [SC]
69215DC44E8303C83090F2F1AA21250888469FBC
uid [ultimate] Yuri Alek (Example keys) <yurialek@localhost>
ssb rsa4096 2019-08-15 [E]
List all keys
List specific key by ID. You can use the three IDs to identify the key.
gpg --list-key AA21250888469FBC
gpg --list-key 69215DC44E8303C83090F2F1AA21250888469FBC
gpg --list-key 118727056C98BE57
The key ID is AA21250888469FBC.
Key flags:
- [C] Key Certification (0x01)
- [S] Sign Data (0x02)
- [E] Encrypt Communications (0x04)
- [E] Encrypt Storage (0x08)
- Split key (0x10)
- [A] Authentication (0x20)
- Held by more than one person (0x80)
secSecret KeyssbSecret SubkeypubPublic keysubPublic Subkey#the secret key or subkey is currently not usable.>the key is stored on a smartcard.
Encrypt a file
gpg --output filename.gpg --encrypt --recipient user@example.com filename.ext
gpg --output filename.gpg --encrypt --recipient AA21250888469FBC filename.ext
Encrypt with symmetrical encryption (using a password).
Use --armor to generate an ASCII based text.
Decrypt a file
Sign a file
gpg --sign filename.ext
gpg --sign --default-key email@address filename.ext
gpg --sign --default-key AA21250888469FBC filename.ext
Check the signature.
Export keys
List the IDs
gpg --list-secret-keys --keyid-format LONG
------------------------------------------
sec rsa4096/AA21250888469FBC 2019-08-15 [SC]
69215DC44E8303C83090F2F1AA21250888469FBC
uid [ultimate] Yuri Alek (Example keys)
ssb rsa4096/118727056C98BE57 2019-08-15 [E]
Export public key
gpg --output gpg_pub.gpg --armor --export AA21250888469FBC
gpg --output gpg_pub.gpg --armor --export 118727056C98BE57
gpg --output gpg_pub.gpg --armor --export 69215DC44E8303C83090F2F1AA21250888469FBC
Export private key
Import keys
Edit keys
Will pop an interactive shell; use help.
Revoke key
Generate a revoke cert.
Import a revoke certificate.
Upload the now revoked key.
A revoked key still works.
Remove key
Public keys
Private keys
Pinentry program
It can be changed in ~/.gnupg/gpg-agent.conf
Or in /bin/pinentry
#!/bin/sh
test -e /usr/lib/libgtk-x11-2.0.so.0 &&
exec /usr/bin/pinentry-curses "$@"
exec /usr/bin/pinentry-gtk-2 "$@"
Verify a download
You have two files file.ext and file.ext.asc.
Good signature.
Bad signature.