GnuPG Quickstart
In my opinion this is an evolved version of my old Swedish post GnuPG för nybörjare.
Generate your personal key
$ gpg2 --gen-key
Maybe generate a revocation cert
These days GnuPG2 does this automatically on Fedora and places the revocation cert in ~/.gnupg/openpgp-revocs.d/<key id>.rev
, but in case yours didn't you can generate one like this.
$ gpg2 --armor --output .gnupg/file.rev --gen-revoke <key id>
Set your default private key if you have more than one
Edit ~/.gnupg/gpg.conf
and set default-key
to your key ID. You can list the key IDs like this.
$ gpg2 --list-secret-keys --keyid-format long
-------------------------------
sec rsa2048/XXXXKEYIDXXXX 2013-08-15 [SC]
The first line of each key will be the ID.
If you don't do this the first key in your key ring is automatically used to sign and encrypt things. You can also specify a key ID to use at each command with --default-key <key id>
.
Key ID can also be parts of the human readable name
Only the first part is enough, or the e-mail address.
Public key exchange
Export your public key in a readable format and publish it for people to use.
$ gpg2 --export --armor <key id>
Display your key fingerprint which should be verified with your contacts before they sign your key.
$ gpg2 --list-public-keys --with-fingerprint 'Stefan Midjich'
pub rsa2048 2013-08-15 [SC]
95D2 6D99 54BA 33C4 CA33 0219 253F 1616 AE9A 6599
The second line of each key is the fingerprint.
Someone can import your public key to their key ring like this.
$ gpg2 --show-keys --with-fingerprint StefanMidjich.pubkey
pub rsa2048 2013-08-15 [SC]
95D2 6D99 54BA 33C4 CA33 0219 253F 1616 AE9A 6599
$ gpg2 --import StefanMidjich.pubkey
$ gpg2 --list-keys
Trust someones public key by signing it with your own
$ gpg2 --sign-key 'Stefan Midjich'
How someone encrypts a message for you
$ gpg2 --output encrypted.gpg --encrypt -r 'Stefan Midjich' cleartext.file
Encrypt without first trusting the recipients key
This is not recommended but you can still encrypt a message for someone in your keyring without trusting their key.
$ gpg2 --output encrypted.gpg --encrypt -r 'Stefan Midjich' --trust-model always cleartext.file
How you decrypt their message
$ gpg2 --decrypt encrypted.gpg
Signing a message from stdin
Signing requires a private key
$ gpg2 --sign --output signed_message.txt --recipient 'Stefan Midjich' my message Ctrl+d to end