ThirdMirrors
/
cheatsheets
mirror of https://gitee.com/Hawkin99/cheatsheets.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add GnuPG cheatsheet

This commit is contained in:
Bez Hermoso 2017-10-18 17:22:27 -07:00
parent 10a9f3cda6
commit c790dc2326
No known key found for this signature in database
GPG Key ID: 55BDEC097B885413
1 changed files with 230 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

230
gnupg.md Normal file
View File

@ -0,0 +1,230 @@
---
title: GnuPG
category: CLI
layout: 2017/sheet
tags: []
updated: 2017-10-18
weight: 0
intro: |
[GnuPG](https://gnupg.org/) is a complete and free implementation of the OpenPGP standard.
---
Basics
---------------
### Exporting keys
```bash
gpg -o key.gpg --export <KEY ID>
```
#### __Export key in ASCII:__
```bash
gpg -o key.asc --armor --export <KEY ID>
```
__Note:__ Omitting the `-o|--output` option will print the key to `stdout`.
### Importing keys
```bash
gpg --import key.gpg
gpg --import key.asc
```
#### Only merge updates for keys already in key-ring:
```bash
gpg --import key.asc --merge-options merge-only
```
### Managing your keyring
#### Generate a new key:
```bash
gpg --gen-key
# or, generate a new key with dialogs for all options
gpg --full-gen-key
```
#### List public keys:
```bash
gpg -k
gpg --list-keys
```
#### List secret keys:
```bash
gpg -K
gpg --list-secret-keys
```
### Using a keyserver
#### Import keys from keyserver:
```bash
gpg --receive-keys <KEY IDS>
```
#### Upload keys to keyserver:
```bash
gpg --send-keys <KEY IDS>
```
#### Request updates from keyserver for keys already in your keyring:
```bash
gpg --refresh-keys
```
#### Search keys from keyserver:
```bash
gpg --search-keys "<SEARCH STRING>"
```
#### Override keyserver from `~/.gnupg/gpg.conf`
```bash
gpg --keyserver <URL> ...
```
Encrypting
---------
{: .-two-column}
### Public key encryption
This will produce an encrypted file, `secret.txt.gpg`, that can only be decrypted by the recipient:
```bash
gpg -e -o secret.txt.gpg -r <RECIPIENT> secret.txt
```
For `<RECIPIENT>` you can use their key ID, their email, or their name (or part thereof).
```bash
gpg -e -r <KEY ID> ...
gpg -e -r "Bez" ...
gpg -e -r "bezalelhermoso@gmail.com" ...
```
#### Specifying multiple recipients
```bash
gpg -e -r <RECIPIENT> -r <ANOTHER RECIPIENT> ... secret.txt
```
__NOTE__: Omitting `-o|--output` will produce an encrypted file named `<ORIGINAL FILENAME>.gpg` by default.
### Symmetric encryption
Encrypt file using a shared key. You will be prompted for a passphrase.
```bash
gpg --symmetric secret.txt
# or
gpg -c secret.txt
```
Decrypting
---------
{: .-one-column}
### Decrypting a file
```bash
gpg -d -o secret.txt secret.txt.gpg
```
If the file is encrypted via symmetric encryption, you will be prompted for the passphrase.
__NOTE__: Omitting `-o|--output` will print the unencrypted contents to `stdout`
Signing & Verifying
---------
{: .-two-column}
### Signing
```bash
gpg -o signed-file.txt.gpg -s file.txt
```
#### This can be used during encryption to also sign encrypted files:
```bash
gpg -s -o secret.txt.gpg \
-r <RECIPIENT> secret.txt
```
### Verifying a signature
```bash
gpg --verify file.txt.gpg
```
### Viewing content of signed file
```bash
gpg -d signed-file.txt.gpg
```
Miscellaneous
----------
{: .-two-column}
### Components
List all components:
{: .-setup}
```bash
gpgconf --list-components
```
Kill a component:
```bash
gpgconf --kill <COMPONENT> # i.e. gpgconf --kill dirmngr
```
Kill all components:
```bash
gpgconf --kill all
```
### Parsing keyring data
Use `--with-colons` to produce an output that can easily be parsed i.e. with `awk`, `grep`, etc:
```bash
gpg -k --with-colons
```
Field Quick Reference:
| Field | Description |
| 1 | Record type |
| 2 | Validity |
| 3 | Key length in bits |
| 4 | Public key algoritm |
| 5 | Key ID |
| 6 | Creation date |
| 7 | Expiry date |
| 8 | Certifcate S/N, UID hash, trust signature info |
| 9 | Ownertrust |
| 10 | User ID |
| 11 | Signature class |
| 12 | Key capabilities |
| 13 | Issuer fingerprint |
| 14 | Flag field |
| 15 | S/N of token |
| 16 | Hash algorithm |
| 17 | Curve name |
| 18 | Compliance flags |
| 19 | Last update timestamp |
| 20 | Origin |