Skip to content

Working With GPG

Jump to bottom Edit New page
Bartosz Firyn edited this page Mar 10, 2021 · 3 revisions

Generate GPG Keys

gpg --gen-key

List GPG Keys

gpg --list-secret-keys --keyid-format LONG

Example:

/home/username/.gnupg/secring.gpg
-------------------------------
sec   xxxA/ABABABABABABABAB 2012-07-10
uid                          John Doe (bobek) <bobek@bobek.com>
ssb   xxxG/CDCDCDCDCDCDCDCD 2012-07-10

Distribute Public Key

Send example from above to the keyserver:

gpg --keyserver hkp://pool.sks-keyservers.net --send-keys ABABABABABABABAB

Note:

  • The key ID is after the / (slash) character in the sec.

Update Email

To update email one needs to add new uid first:

gpg --edit-key ABABABABABABABAB

Then in gpg command line (example):

gpg> adduid
Real name: <name>
Email address: <email>
Comment: <comment>
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a passphrase to unlock the secret key for
user: "foo <foo@bar.com>"

This will result in (example):

pub  1024D/OBOBOBOB  created: 2012-07-10  expires: never       usage: SCA 
                     trust: full          validity: unknown
sub  1024g/ABABABABABABABAB  created: 2012-07-10  expires: never       usage: E   
[ unknown] (1). John Doe (bobek) <bobek@bobek.com>
[ unknown] (2)  John Doe (bobek) <bobekmeister@bobek.com>

Change the trust level:

gpg> uid 1
gpg> trust

This will display trust level selector. Use trust level ultimate.

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5

Do it again for next uid:

gpg> uid 2
gpg> trust

After this is done, save:

gpg> save

And finally distribute updated key to the keyserver:

gpg --keyserver hkp://pool.sks-keyservers.net --send-keys ABABABABABABABAB

Revoke Old Uid

gpg --edit-key ABABABABABABABAB

In gpg command line:

gpg> uid <old uid number>
gpg> revuid
Really revoke this user ID? (y/N) y
Your decision? 4
Enter an optional description; end it with an empty line: <description>
Is this okay? (y/N) y

Then save:

gpg> save

And distribute updated key to keyserver:

gpg --keyserver hkp://pool.sks-keyservers.net --send-keys ABABABABABABABAB

Export GPG Keys

Export private key:

gpg -a --export-secret-keys ABABABABABABABAB > file.name.gpg

Where:

  • -a option is to save it in BASE64-encoded form.

Export public key:

gpg -a --export ABABABABABABABAB > file.name.asc

Import GPG Keys

gpg --import file.name.gpg
Add a custom footer
Add a custom sidebar
Clone this wiki locally