GnuPG (GPG) Common Commands

This guide references the common commands  of the GPG tool, used for encrypting or signing your content, being messages, documents, or packages.

Create a GPG Key

The following command will guide you through the steps to create a GPG key.

$ gpg --gen-key

If you wish to create a GPG key without a passphrase, for automation of build script for example, use the following command instead.

$ gpg --expert --gen-key

During the creating of the GPG key itself, the program will require your operating system to create some entropy, randomness, to ensure uniqueness of this key. Generally, you are required to navigate few other programs and move your mouse around randomly, but if you are on server, you can run the following commands either in the background or in another shell session.

# Generate entropy with:

$ find /dev/disk/by-uuid/ -type l | xargs md5sum
$ rngd -r /dev/urandom

Export GPG Keys

To export a GPG Key to store on a offsite backup, to add to automation, or to import on another server, use  the following command.

  • GPG Public Key
# Retrieve the ID of your Public Key (second column)
$ gpg --list-keys

# Export you GPG Public Key
$ gpg --armor --export-keys <GPG_PUBLIC_KEY_ID> > <exported_gpg_public_key.asc>
  • GPG Private Key
# Retrieve the ID of your Private Key (second column)
$ gpg --list-secret-keys

# Export you GPG Private Key
$ gpg --armor --export-secret-keys <GPG_PRIVATE_KEY_ID> > <exported_gpg_private_key.asc>
Import GPG Keys

Use the following commands to import a GPG Key on another server/workstation and check it works properly.

  • GPG Private Key
# Import GPG Private Key
$ gpg --import --allow-secret-key-import <exported_gpg_private_key.asc>
$ gpg --list-keys
$ gpg -s -a --batch --passphrase "<password>" message.txt   # test GPG signing
  • GPG Public Key
# Import GPG Public Key
$ gpg --import <exported_gpg_public_key.asc>
$ gpg --list-keys

Use the following command to edit a GPG Key (Public or Private). referenced by its ID.

$ gpg --edit-key <GPG_KEY_ID>

The below command will delete a GPG Public Key from the public key ring.

$ gpg --delete-key <GPG_PUBLIC_KEY_ID>

This command will delete a GPG Private Key from the private key ring

$ gpg --delete-secret-key <GPG_PRIVATE_KEY_ID>
$ gpg --list-secret-keys
sec   2048R/<GPGKEYID> 2015-05-15
uid                  <Full Name> (<Description>) <>
ssb   2048R/<GPGPUBID> 2015-05-15

$ gpg --keyserver --send-keys <GPGKEYID>
gpg: sending key <GPGKEYID> to hkp server
gpg --debug-all -vvv --decrypt message.gpg