GNU PG2 stuff

Cheat Sheet

[Ref: Cheat Sheet, GPG Commands, GPG Howto, OpenPGP for Complete Beginners ]

Key Management

Key Generation

$ gpg2 --gen-key

Delete the Key

$ gpg2 --delete-key "User Name"
$ gpg2 --delete-secret-key "User Name"

List Keys

$ gpg2 --list-keys
/path-to/.gnupg/pubring.gpg
---------------------------------------------------

$ gpg2 --list-secret-keys
/path-to/.gnupg/secring.gpg
---------------------------------------------------

Change Passphrase

[Ref: OpenPGP Key Management]

Use the Key Management command-option "--passwd" to change the passphrase.

$ gpg2 --passwd KEY_ID

Similarly, the "--edit-key" can be used for changing. The following sample for 'removes' a passphrase (or making passphrase a "null" string)

$ gpg2 --edit-key KEY_ID
Secret key is available

pub key-size/key-id1 created: date expires: date usage: xyz
                     trust: ultimate  validity: ultimate
sub key-size/key-id2 created: date expires: date usage: xyz
[ultimate] (1). KEY_ID (comment) <email>

gpg> password
Please enter the passphrase to unlock the secret key for the OpenPGP certificate:
"KEY_ID (Comment) <e-mail>"
xyz-bit RSA key, ID xyz,

Passphrase _________________________
******
Enter the new passphrase for this secret key.

Passphrase _________________________
((no-passphrase))
You have not entered a passphrase - this is in general a bad idea!

<Yes, protection is not needed>   <Enter a new passphrase>
Please re-enter this passphrase

Passphrase _________________________

    <OK>    <Cancel>
You don't want a passphrase - this is probably a *bad* idea!
Do you really want to do this (y/N)
gpg> save

Export

Public Key
$ gpg2 -v --export --armor "User Name" > public.asc
$ gpg2 -v --export -a "User Name" > public.asc
gpg: writing to stdout
$ gpg2 -v --export "User Name" > public.gpg
gpg: writing to stdout

or

$ gpg2 -v --export --armor --output public.asc "User Name"
$ gpg2 -v --export -a -o public.asc "User Name"
gpg: writing to public.asc
$ gpg2 -v --export --output public.gpg "User Name"
$ gpg2 -v --export -o public.gpg "User Name"
gpg: writing to public.gpg
Secret Key
$ gpg2 -v --export-secret-key --armor "User Name" > private.asc
$ gpg2 -v --export-secret-key -a "User Name" > private.asc
$ gpg2 -v --export-secret-key "User Name" > private.gpg

or

$ gpg2 -v --export-secret-key --armor --output private.asc "User Name"
$ gpg2 -v --export-secret-key -a -o private.asc "User Name"
$ gpg2 -v --export-secret-key --output private.gpg "User Name"
$ gpg2 -v --export-secret-key -o private.gpg "User Name"

Import

Public Key
$ gpg2 -v --import public.gpg
Secret Key
$ gpg2 -v --allow-secret-key-import --import private.gpg

Encrypt

$ gpg2 -v --encrypt --local-user "Sender User Name" --recipient "Receiver User Name" file-to-encrypt
$ gpg2 -v -e -u "Sender User Name" -r "Receiver User Name" file-to-encrypt
$ gpg2 -v -e -u Key-ID -r Key-ID2 file-to-encrypt

The above generates a file

  • file-to-encrypt.gpg
$ gpg2 -v --encrypt --armor --local-user "Sender User Name" --recipient "Receiver User Name" file-to-encrypt
$ gpg2 -v -e -a -u "Sender User Name" -r "Receiver User Name" file-to-encrypt
$ gpg2 -v -e -a -u Key-ID -r Key-ID2 file-to-encrypt

The above generates a file

  • file-to-encrypt.asc
Signing
$ gpg2 -v --detach-signed --armor --local-user "Sender User Name" file-to-encrypt
$ gpg2 -v -b -a -u "Sender User Name" file-to-encrypt
$ gpg2 -v --detach-signed --local-user "Sender User Name" --output file-to-encrypt.asc file-to-encrypt
$ gpg2 -v -b -u "Sender User Name" -o file-to-encrypt.asc file-to-encrypt

The above generates the file

  • file-to-encrypt.asc
$ gpg2 -v --detach-signed --local-user "Sender User Name" file-to-encrypt
$ gpg2 -v -b -u "Sender User Name" file-to-encrypt
$ gpg2 -v --detach-signed --armor --local-user "Sender User Name" --output file-to-encrypt.sig file-to-encrypt
$ gpg2 -v -b -a -u "Sender User Name" -o file-to-encrypt.sig file-to-encrypt

The above generates the file

  • file-to-encrypt.sig
Verify
$ gpg2 --verify signature-file unencrypted-file
$ gpg2 --verify file-to-encrypt.sig file-to-encrypt