GnuPG (gpg)

 

---

Overview

GnuPG (gpg) uses public-key cryptography to encrypt files.

In public key cryptography, each user has a private key and a public key. The private key is kept secret. The public key is distributed to the public.

GnuPG has the ability to generate zero or more additional subordinate keypairs.

 

Useful Commands

1. Create a key:

   gpg --gen-key

   Key files are written to $HOME/.gpg

   $ ls -ltra $HOME/.gnupg
   total 32
   -rw-------   1 map      map          7695 Mar  1 12:04 gpg.conf
   -rw-------   1 map      map             0 Mar  1 12:04 pubring.gpg~
   drwx------   2 map      map          4096 Mar  1 12:06 .
   -rw-------   1 map      map           904 Mar  1 12:06 pubring.gpg
   -rw-------   1 map      map          1042 Mar  1 12:06 secring.gpg
   -rw-------   1 map      map          1240 Mar  1 12:06 trustdb.gpg
   -rw-------   1 map      map           600 Mar  1 12:06 random_seed
   drwxr-xr-x  22 map      map          4096 Mar  1 12:07 ..
   

2. Generate a revoke certificate, revoke.asc, for use if the key is ever compromised:

   gpg --output revoke.asc --gen-revoke your@email.address

   Certificate is written to the current directory:

   $ ls -ltr
   total 4
   -rw-rw-r--   1 map      map           263 Mar  1 12:10 revoke.asc
   

3. Generate a binary public key:

   gpg --output yourname.gpg --export your@email.address

   $ cd $HOME/.gnupg
   [map@amsterdam .gnupg]$ gpg --output MichaelPareene.gpg --export yourname@yourcompany.com
   [map@amsterdam .gnupg]$ ls -l MichaelPareene.gpg
   Total 1
   -rw-rw-r--   1 map      map           896 Mar  1 12:16 yourname.gpg
   

4. Generate an ASCII-armored public key, for use on web pages and in email sigs:

   gpg --armor --export your@email.address

   $ gpg --armor --export yourname@yourcompany.com
   -----BEGIN PGP PUBLIC KEY BLOCK-----
   Version: GnuPG v1.2.1 (GNU/Linux)
   
   mQGiBEQF4r8RBACW8xVD4P/Scqjsu9DK4Yr5SBW29s2RcNZZ8U7OD8eJruLgS/9m
   uUS2F6kzkpezttv6Z3KLMo72y9VksngV9PGG9E5x+OxwlN1Mbp7IxwSrLH2C2IM6
   UMQeYD2cgAF1gZL2lrwPPgYaaYx+6pxqufd3ELlBzX/sYgprz/RfVFpTSwCgmvha
   9FbF7f0pCwbFT4AvMWHn83MD/0Aeg7QcdXWxuaIYscUIE6+qr7pE4YuHrX+Z5Xg9
   f+AcABzdUfxGho/f6vMahRxTv6avdixevny0claMtsXxT+0AlVg/2MumUnQy72Cv
   5Xu5wpL9NPL5V+JIQ0xJ5JOpr7/EBrUi3zhapXMzGRIgzln/YFtgqIBJywDc5LT5
   FuMAnj8f/AxesaBpydkh6hWXSii3x0+6uQENBEQF4sEQBACLq0PY13Z8qJB/Ri/z
   EF1JPG+l45sDEmaeCQrUXT7mOpjbpIG6FbC2CJ0Pr3NOAktnL3bOg61x/qPz/4Hw
   zk2ImNLkeGkTp2VygsFY0UhUI0LdEcmcuMIN18LkS+sIBKWB/KjKIPAjh2L8ERVz
   e4+MlPnvRpmGJxJokd+TJ7k3BwADBQP/YedhAUCfYD1pwYQe+xfhXdr5o+MDZZzx
   gQWn2JgT0h/4s6Ph8X355AEUWFVh0w1Nuqu1/Q2zBgzmvDbKVkUZMpLZbNxBhpOc
   VUKZvpk2ZrYPKZMy2Si93UvF68V+jBao0wAbGGYJEZnzBCDIbbSX7PiDfjW/mH7M
   Nhtz+2yVR7KIRgQYEQIABgUCRAXiwQAKCRC7wBMH+dxS0DNBAJ9YZbtTHU/oXXE9
   0mL8cJi6e0rtnQCdFSQtUgHWHL+Iolznx8FbcycdxyE=
   =eEFx
   -----END PGP PUBLIC KEY BLOCK-----
   

5. Add a public key to your keyring

   gpg --import blake.gpg

6. List the public keys on your keyring

   gpg --list-keys

7. Validate a public key

   gpg --edit-key blake@cyb.org
   Command> fpr
   Command> sign
   Command> check
   

 

Encrypting/Decrypting documents

To encrypt a document:

cat filename.suffix | gpg --output filename.gpg --encrypt --recipient mpareene@msiinet.com

To encrypt a document for your own personal use, use your email address for the recipient value.

To decrypt a document:

gpg --output outputfile.suffix --decrypt filename.gpg

If you get the message...

gpg: conflicting commands

...you might have forgotten to add a double-dash (--) to one of the options...

$ gpg --output test1 -decrypt test.gpg

---