You can’t have enough cheat sheets on the net. Well you probably can, but I still wanted to add my own to the mix. I use the GnuPG command line for almost everything, bar actually sending email so this is a nice little reminder to myself what I’m doing
Creating a new Key First steps
gpg --gen-key
Browsing your keyring What have you got
- List all public keys
gpg --list-public-keys - List all private keys
gpg --list-secret-keys - List everyone who has signed a key
gpg --list-sig (0xKEYID) - Get the full fingerprint
gpg --fingerprint (0xKEYID)
Exporting
- Export your public key to a file
gpg --armor --export (0xKEYID) - Upload a key to the keyserver. Good for new keys, or after signing someone else’s
- Using the default Key server
gpg --send-keys (0xKEYID) - Specifying a Key server
gpg --keyserver sks.research.nxfifteen.me.uk --send-keys (0xKEYID)
- Using the default Key server
- Export/Backup you private key `gpg –armor –export-secret-keys (0xKEYID)
Searching for a key
- Finding someones key
- Using the default Key server
gpg --search-keys user@email.example.com - Specifying a Key server
gpg --keyserver sks.research.nxfifteen.me.uk --search-keys user@email.example.com
- Using the default Key server
Encrypting/Decrypting
- Encrypt a file for someone, by their email
gpg --encrypt filename.txt --recipient user@email.example.com - Encrypt a file for multiplie people, by their email addresses – It’s usually a good idea to encyrpt to your own key as well or you will not be able to decrypt the file later
gpg --encrypt filename.txt --recipient user1@email.example.com --recipient user2@email.example.com - Encrypt a file for transmission over text – email, IRC, Jabber etc.
gpg --armour --encrypt filename.txt --recipient user1@email.example.com --recipient user2@email.example.com - Decrypting a file
gpg --output filename.txt --decrypt filename.txt.asc
Import keys You need to get them somewhere
- Importing from a text file
gpg --import publickey.asc - Restore a backup of a private key
gpg --allow-secret-key-import --import privatekey.asc
Keys Maintenance Revoking
- Creating a revocation certificate. You must has the private key to do this, if you have lost your private key, well thats when problems kick in
gpg --output revoke.asc --gen-revoke 0xKEYID - To revoke a the key all you need do is import the revoke.asc into your keyring
gpg --import revoke.asc - To make sure everyone knows your keys been revoked you need to publish the updated public key
gpg --keyserver sks.research.nxfifteen.me.uk --send-keys (0xKEYID)
Keys Maintenance Key Signing
- You need to edit the key
gpg --edit-key 0xKEYID
From here ‘help’ will give you a list of your options, but to sign a key you can ether type ‘sign’ or ‘tsign’. The man pages give a better indication of what the difference is ‘man gpg’ but ‘sign’ is usually sufficent. After they key is signed type ‘save’ and ‘quit’ then you can ether send the key to a keyserver for download by its owner of export the public key and send it by other means, this usually means encrypted email.
Signing and Verifying files
- To sign a file with your default key use this
gpg --detach-sign --armour filename.txt - To verify a signed file but put the output from above filename.txt.asc
gpg --verify filename.txt.asc
Advertisements
Leave a Reply