GNU PGP Stuff

GNU PG2 stuff

Cheat Sheet

[Ref: Cheat Sheet, GPG Commands, GPG Howto, OpenPGP for Complete Beginners ]

Key Management

Key Generation

$ gpg2 –gen-key

Delete the Key

$ gpg2 –delete-key “User Name”

$ gpg2 –delete-secret-key “User Name”

List Keys

$ gpg2 –list-keys

/path-to/.gnupg/pubring.gpg

$ gpg2 –list-secret-keys

/path-to/.gnupg/secring.gpg

Change Passphrase

[Ref: OpenPGP Key Management]

Use the Key Management command-option “–passwd” to change the passphrase.

$ gpg2 –passwd KEY_ID

Similarly, the “–edit-key” can be used for changing. The following sample for ‘removes’ a passphrase (or making passphrase a “null” string)

$ gpg2 –edit-key KEY_ID

Secret key is available

pub key-size/key-id1 created: date expires: date usage: xyz trust: ultimate validity: ultimate sub key-size/key-id2 created: date expires: date usage: xyz ultimate. KEY_ID (comment) <email>

gpg> password
Please enter the passphrase to unlock the secret key for the OpenPGP certificate:
“KEY_ID (Comment) <e-mail>”
xyz-bit RSA key, ID xyz,

Passphrase _________________________


Enter the new passphrase for this secret key.

Passphrase _________________________
((no-passphrase))
You have not entered a passphrase - this is in general a bad idea!

<Yes, protection is not needed>   <Enter a new passphrase>
Please re-enter this passphrase

Passphrase _________________________

    <OK>    <Cancel>
You don't want a passphrase - this is probably a *bad* idea!
Do you really want to do this (y/N)
gpg> save #### Export ##### Public Key $ gpg2 -v --export --armor "User Name" > public.asc $ gpg2 -v --export -a "User Name" > public.asc
gpg: writing to stdout

$ gpg2 -v –export “User Name” > public.gpg

gpg: writing to stdout

or

$ gpg2 -v –export –armor –output public.asc “User Name” $ gpg2 -v –export -a -o public.asc “User Name”

gpg: writing to public.asc

$ gpg2 -v –export –output public.gpg “User Name” $ gpg2 -v –export -o public.gpg “User Name”

gpg: writing to public.gpg

Secret Key

$ gpg2 -v –export-secret-key –armor “User Name” > private.asc $ gpg2 -v –export-secret-key -a “User Name” > private.asc $ gpg2 -v –export-secret-key “User Name” > private.gpg

or

$ gpg2 -v –export-secret-key –armor –output private.asc “User Name” $ gpg2 -v –export-secret-key -a -o private.asc “User Name” $ gpg2 -v –export-secret-key –output private.gpg “User Name” $ gpg2 -v –export-secret-key -o private.gpg “User Name”

Import

Public Key

$ gpg2 -v –import public.gpg

Secret Key

$ gpg2 -v –allow-secret-key-import –import private.gpg

Encrypt

$ gpg2 -v –encrypt –local-user “Sender User Name” –recipient “Receiver User Name” file-to-encrypt $ gpg2 -v -e -u “Sender User Name” -r “Receiver User Name” file-to-encrypt $ gpg2 -v -e -u Key-ID -r Key-ID2 file-to-encrypt

The above generates a file

$ gpg2 -v –encrypt –armor –local-user “Sender User Name” –recipient “Receiver User Name” file-to-encrypt $ gpg2 -v -e -a -u “Sender User Name” -r “Receiver User Name” file-to-encrypt $ gpg2 -v -e -a -u Key-ID -r Key-ID2 file-to-encrypt

The above generates a file

Signing

$ gpg2 -v –detach-signed –armor –local-user “Sender User Name” file-to-encrypt $ gpg2 -v -b -a -u “Sender User Name” file-to-encrypt $ gpg2 -v –detach-signed –local-user “Sender User Name” –output file-to-encrypt.asc file-to-encrypt $ gpg2 -v -b -u “Sender User Name” -o file-to-encrypt.asc file-to-encrypt

The above generates the file

$ gpg2 -v –detach-signed –local-user “Sender User Name” file-to-encrypt $ gpg2 -v -b -u “Sender User Name” file-to-encrypt $ gpg2 -v –detach-signed –armor –local-user “Sender User Name” –output file-to-encrypt.sig file-to-encrypt $ gpg2 -v -b -a -u “Sender User Name” -o file-to-encrypt.sig file-to-encrypt

The above generates the file

Verify

$ gpg2 –verify signature-file unencrypted-file $ gpg2 –verify file-to-encrypt.sig file-to-encrypt