GPG Quickstart

GPG (GNU Privacy Guard) Quick Start

Installation and Setup:

• Install GnuPG on Archlinux

  sudo pacman -S gnupg
  

• Adjust Permissions for GPG Home Directory:

  chmod 0700 ~/.gnupg/
  

• Customize GPG Home Directory (Optional):

  export GNUPGHOME=/tmp/gnupg
  

Key Management

• Check Existing Keys:

  gpg --list-keys
  

• Generate New Key Pair:

  gpg --full-generate-key
  

• Generating a Key Pair with Specific Expiry Date:

  gpg --full-generate-key --expire-date YYYY-MM-DD
  

• Generating a Key Pair with Specific Parameters:

  gpg --full-generate-key --default-key-algo rsa4096
  

• Managing Subkeys:

  • List subkeys:

    gpg --list-secret-keys --with-subkey-fingerprints
    

  • Add subkey:

    gpg --edit-key [email protected]
    addkey
    

• Update Key Expiration Date:

  • Changing Expiry Date:

    gpg --edit-key [email protected]
    expire
    

• Adding or Changing Passphrase:

  gpg --edit-key [email protected]
  passwd
  

• Create Revoke Certificate (GnuPG < 2.1):

  gpg --output [email protected] --gen-revoke [email protected]
  
  # Revoke the key with this revoke certificate generated above
  gpg --import [email protected]
  

• Revoking a Key:

  gpg --edit-key [email protected]
  revkey
  

• Setting Key Trust Level:

  gpg --edit-key [email protected]
  trust
  

• Removing a key from the public keyring

  gpg --delete-keys [email protected]
  

• Removing a key from the secret keyring

  !! UNSAFE, BE CAREFUL !!

  gpg --delete-secret-keys [email protected]
  

Searching, Importing and Exporting GPG Keys

• Searching for a GPG Key on a Keyserver:

  gpg --search-keys [email protected]
  

• Importing a GPG Key from a Keyserver:

  gpg --recv-keys KEY_ID
  

• Export Public Key to file:

  gpg --export --armor [email protected] > public_key.gpg
  gpg --export --armor --output [email protected] [email protected]
  

• Exporting Your Public GPG Key to Send to Another User:

  gpg --export --armor --output your_public_key.gpg YOUR_EMAIL
  

• Sending Your Public GPG Key to a Keyserver:

  gpg --list-keys --keyid-format LONG YOUR_GPG_EMAIL
  gpg --send-keys YOUR_KEY_ID_FROM_ABOVE
  

• Importing Another User’s Public GPG Key from a File:

  gpg --import their_public_key.gpg
  

• Exporting Private Key to file:

  gpg --export-secret-keys --armor [email protected] > private_key.asc
  

• Importing Private Key from file:

  gpg --import private_key.asc
  

Encrypting and Decrypting Files

• Encrypting a File:

  gpg --encrypt --recipient [email protected] file.txt
  

• Decrypting a File:

  gpg --decrypt file.txt.gpg > decrypted_file.txt
  

• Encrypting and Decrypting Files with Symmetric Encryption:

  • Encrypting:

    gpg --symmetric file.txt
    

  • Decrypting:

    gpg --decrypt file.txt.gpg
    

• Encrypting for Multiple Recipients:

  gpg --encrypt --recipient [email protected] --recipient [email protected] file.txt
  

• Encrypting a File with Multiple Passphrases:

  gpg --symmetric --cipher-algo AES256 --recipient [email protected] --recipient [email protected] file.txt
  

• Encrypting and Signing Messages:

  gpg --sign --encrypt --armor --recipient [email protected] file.txt
  

• Decrypting a File and Verifying Signature:

  gpg --decrypt file.txt.gpg | gpg --verify file.txt.sig
  

• Generating a Random Password with GPG:

  gpg --gen-random --armor 1 12
  

Signing and Verifying

• Signing a File:

  gpg --sign file.txt
  

• Verifying a Signature:

  gpg --verify file.txt.sig
  

Configuration

• Setting Preferences for Keyserver:

  nano ~/.gnupg/gpg.conf
  # Add/edit the line:
  # keyserver hkps://keys.openpgp.org
  

Key Backups :

• Regularly back up both public and private keys to prevent loss.
• Backup entire directory: cp -r ~/.gnupg/ /path/to/backup/location
• Backup private key only: gpg --export-secret-keys --output [email protected] --armor [email protected]