This guide references the common commands of the GPG tool, used for encrypting or signing your content, being messages, documents, or packages.
Create a GPG Key
The following command will guide you through the steps to create a GPG key.
$ gpg --gen-key
If you wish to create a GPG key without a passphrase, for automation of build script for example, use the following command instead.
$ gpg --expert --gen-key
During the creating of the GPG key itself, the program will require your operating system to create some entropy, randomness, to ensure uniqueness of this key. Generally, you are required to navigate few other programs and move your mouse around randomly, but if you are on server, you can run the following commands either in the background or in another shell session.
# Generate entropy with: $ find /dev/disk/by-uuid/ -type l | xargs md5sum $ rngd -r /dev/urandom
Export GPG Keys
To export a GPG Key to store on a offsite backup, to add to automation, or to import on another server, use the following command.
- GPG Public Key
# Retrieve the ID of your Public Key (second column) $ gpg --list-keys # Export you GPG Public Key $ gpg --armor --export-keys <GPG_PUBLIC_KEY_ID> > <exported_gpg_public_key.asc>
- GPG Private Key
# Retrieve the ID of your Private Key (second column) $ gpg --list-secret-keys # Export you GPG Private Key $ gpg --armor --export-secret-keys <GPG_PRIVATE_KEY_ID> > <exported_gpg_private_key.asc>
Import GPG Keys
Use the following commands to import a GPG Key on another server/workstation and check it works properly.
- GPG Private Key
# Import GPG Private Key $ gpg --import --allow-secret-key-import <exported_gpg_private_key.asc> $ gpg --list-keys $ gpg -s -a --batch --passphrase "<password>" message.txt # test GPG signing
- GPG Public Key
# Import GPG Public Key $ gpg --import <exported_gpg_public_key.asc> $ gpg --list-keys
Modify
Use the following command to edit a GPG Key (Public or Private). referenced by its ID.
$ gpg --edit-key <GPG_KEY_ID>
Delete
The below command will delete a GPG Public Key from the public key ring.
$ gpg --delete-key <GPG_PUBLIC_KEY_ID>
This command will delete a GPG Private Key from the private key ring
$ gpg --delete-secret-key <GPG_PRIVATE_KEY_ID>
Publish
$ gpg --list-secret-keys /home/username/.gnupg/secring.gpg ------------------------------- sec 2048R/<GPGKEYID> 2015-05-15 uid <Full Name> (<Description>) <email@example.com> ssb 2048R/<GPGPUBID> 2015-05-15 $ gpg --keyserver keyserver.ubuntu.com --send-keys <GPGKEYID> gpg: sending key <GPGKEYID> to hkp server keyserver.ubuntu.com
Troubleshooting
gpg --debug-all -vvv --decrypt message.gpg