-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Working With GPG
Bartosz Firyn edited this page Mar 10, 2021
·
3 revisions
gpg --gen-key
gpg --list-secret-keys --keyid-format LONG
Example:
/home/username/.gnupg/secring.gpg
-------------------------------
sec xxxA/ABABABABABABABAB 2012-07-10
uid John Doe (bobek) <bobek@bobek.com>
ssb xxxG/CDCDCDCDCDCDCDCD 2012-07-10
Send example from above to the keyserver:
gpg --keyserver hkp://pool.sks-keyservers.net --send-keys ABABABABABABABAB
Note:
- The key ID is after the
/
(slash) character in thesec
.
To update email one needs to add new uid first:
gpg --edit-key ABABABABABABABAB
Then in gpg command line (example):
gpg> adduid
Real name: <name>
Email address: <email>
Comment: <comment>
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a passphrase to unlock the secret key for
user: "foo <foo@bar.com>"
This will result in (example):
pub 1024D/OBOBOBOB created: 2012-07-10 expires: never usage: SCA
trust: full validity: unknown
sub 1024g/ABABABABABABABAB created: 2012-07-10 expires: never usage: E
[ unknown] (1). John Doe (bobek) <bobek@bobek.com>
[ unknown] (2) John Doe (bobek) <bobekmeister@bobek.com>
Change the trust level:
gpg> uid 1
gpg> trust
This will display trust level selector. Use trust level ultimate.
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
Do it again for next uid:
gpg> uid 2
gpg> trust
After this is done, save:
gpg> save
And finally distribute updated key to the keyserver:
gpg --keyserver hkp://pool.sks-keyservers.net --send-keys ABABABABABABABAB
gpg --edit-key ABABABABABABABAB
In gpg command line:
gpg> uid <old uid number>
gpg> revuid
Really revoke this user ID? (y/N) y
Your decision? 4
Enter an optional description; end it with an empty line: <description>
Is this okay? (y/N) y
Then save:
gpg> save
And distribute updated key to keyserver:
gpg --keyserver hkp://pool.sks-keyservers.net --send-keys ABABABABABABABAB
Export private key:
gpg -a --export-secret-keys ABABABABABABABAB > file.name.gpg
Where:
-
-a
option is to save it in BASE64-encoded form.
Export public key:
gpg -a --export ABABABABABABABAB > file.name.asc
gpg --import file.name.gpg