From c790dc23267fc6e426a7b67e92cad2054d1ecd7f Mon Sep 17 00:00:00 2001
From: Bez Hermoso <bezalelhermoso@gmail.com>
Date: Wed, 18 Oct 2017 17:22:27 -0700
Subject: [PATCH] Add GnuPG cheatsheet

---
 gnupg.md | 230 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 230 insertions(+)
 create mode 100644 gnupg.md

diff --git a/gnupg.md b/gnupg.md
new file mode 100644
index 000000000..3d23b1102
--- /dev/null
+++ b/gnupg.md
@@ -0,0 +1,230 @@
+---
+title: GnuPG
+category: CLI
+layout: 2017/sheet
+tags: []
+updated: 2017-10-18
+weight: 0
+intro: |
+  [GnuPG](https://gnupg.org/) is a complete and free implementation of the OpenPGP standard.
+---
+
+Basics
+---------------
+
+### Exporting keys
+
+```bash
+gpg -o key.gpg --export <KEY ID>
+```
+
+#### __Export key in ASCII:__
+
+```bash
+gpg -o key.asc --armor --export <KEY ID>
+```
+
+__Note:__ Omitting the `-o|--output` option will print the key to `stdout`.
+
+### Importing keys
+
+```bash
+gpg --import key.gpg
+gpg --import key.asc
+```
+
+#### Only merge updates for keys already in key-ring:
+
+```bash
+gpg --import key.asc --merge-options merge-only
+```
+
+### Managing your keyring
+
+#### Generate a new key:
+```bash
+gpg --gen-key
+# or, generate a new key with dialogs for all options
+gpg --full-gen-key
+```
+
+#### List public keys:
+
+```bash
+gpg -k
+gpg --list-keys
+```
+
+#### List secret keys:
+
+```bash
+gpg -K
+gpg --list-secret-keys
+```
+
+
+### Using a keyserver
+
+#### Import keys from keyserver:
+```bash
+gpg --receive-keys <KEY IDS>
+```
+
+#### Upload keys to keyserver:
+```bash
+gpg --send-keys <KEY IDS>
+```
+
+#### Request updates from keyserver for keys already in your keyring:
+```bash
+gpg --refresh-keys
+```
+
+#### Search keys from keyserver:
+```bash
+gpg --search-keys "<SEARCH STRING>"
+```
+
+#### Override keyserver from `~/.gnupg/gpg.conf`
+```bash
+gpg --keyserver <URL> ...
+```
+
+
+Encrypting
+---------
+{: .-two-column}
+
+### Public key encryption
+This will produce an encrypted file, `secret.txt.gpg`, that can only be decrypted by the recipient:
+
+```bash
+gpg -e -o secret.txt.gpg -r <RECIPIENT> secret.txt
+```
+
+For `<RECIPIENT>` you can use their key ID, their email, or their name (or part thereof).
+
+```bash
+gpg -e -r <KEY ID> ...
+gpg -e -r "Bez" ...
+gpg -e -r "bezalelhermoso@gmail.com" ...
+```
+
+#### Specifying multiple recipients
+
+```bash
+gpg -e -r <RECIPIENT> -r <ANOTHER RECIPIENT> ... secret.txt
+```
+
+__NOTE__: Omitting `-o|--output` will produce an encrypted file named `<ORIGINAL FILENAME>.gpg` by default.
+
+### Symmetric encryption
+
+Encrypt file using a shared key. You will be prompted for a passphrase.
+
+```bash
+gpg --symmetric secret.txt
+# or
+gpg -c secret.txt
+```
+
+Decrypting
+---------
+{: .-one-column}
+
+### Decrypting a file
+
+```bash
+gpg -d -o secret.txt secret.txt.gpg
+```
+
+If the file is encrypted via symmetric encryption, you will be prompted for the passphrase.
+
+__NOTE__: Omitting `-o|--output` will print the unencrypted contents to `stdout`
+
+Signing & Verifying
+---------
+{: .-two-column}
+
+### Signing
+
+```bash
+gpg -o signed-file.txt.gpg -s file.txt
+```
+
+#### This can be used during encryption to also sign encrypted files:
+
+```bash
+gpg -s -o secret.txt.gpg \
+  -r <RECIPIENT> secret.txt
+```
+
+### Verifying a signature
+
+```bash
+gpg --verify file.txt.gpg
+```
+
+### Viewing content of signed file
+
+```bash
+gpg -d signed-file.txt.gpg
+```
+
+Miscellaneous
+----------
+{: .-two-column}
+
+### Components
+
+List all components:
+{: .-setup}
+
+```bash
+gpgconf --list-components
+```
+
+Kill a component:
+
+```bash
+gpgconf --kill <COMPONENT> # i.e. gpgconf --kill dirmngr
+```
+
+Kill all components:
+```bash
+gpgconf --kill all
+```
+
+### Parsing keyring data
+
+Use `--with-colons` to produce an output that can easily be parsed i.e. with `awk`, `grep`, etc:
+
+```bash
+gpg -k --with-colons
+```
+
+Field Quick Reference:
+
+| Field | Description |
+| 1     | Record type |
+| 2     | Validity |
+| 3     | Key length in bits |
+| 4     | Public key algoritm |
+| 5     | Key ID |
+| 6     | Creation date |
+| 7     | Expiry date |
+| 8     | Certifcate S/N, UID hash, trust signature info |
+| 9     | Ownertrust |
+| 10    | User ID |
+| 11    | Signature class |
+| 12    | Key capabilities |
+| 13    | Issuer fingerprint |
+| 14    | Flag field |
+| 15    | S/N of token |
+| 16    | Hash algorithm |
+| 17    | Curve name |
+| 18    | Compliance flags |
+| 19    | Last update timestamp |
+| 20    | Origin |
+
+