--- title: GnuPG category: CLI layout: 2017/sheet tags: [] updated: 2017-10-18 weight: 0 intro: | [GnuPG](https://gnupg.org/) is a complete and free implementation of the OpenPGP standard. --- Basics --------------- ### Exporting keys ```bash gpg -o key.gpg --export ``` #### __Export key in ASCII:__ ```bash gpg -o key.asc --armor --export ``` __Note:__ Omitting the `-o|--output` option will print the key to `stdout`. ### Importing keys ```bash gpg --import key.gpg gpg --import key.asc ``` #### Only merge updates for keys already in key-ring: ```bash gpg --import key.asc --merge-options merge-only ``` ### Managing your keyring #### Generate a new key: ```bash gpg --gen-key # or, generate a new key with dialogs for all options gpg --full-gen-key ``` #### List public keys: ```bash gpg -k gpg --list-keys ``` #### List secret keys: ```bash gpg -K gpg --list-secret-keys ``` ### Using a keyserver #### Import keys from keyserver: ```bash gpg --receive-keys ``` #### Upload keys to keyserver: ```bash gpg --send-keys ``` #### Request updates from keyserver for keys already in your keyring: ```bash gpg --refresh-keys ``` #### Search keys from keyserver: ```bash gpg --search-keys "" ``` #### Override keyserver from `~/.gnupg/gpg.conf` ```bash gpg --keyserver ... ``` Encrypting --------- {: .-two-column} ### Public key encryption This will produce an encrypted file, `secret.txt.gpg`, that can only be decrypted by the recipient: ```bash gpg -e -o secret.txt.gpg -r secret.txt ``` For `` you can use their key ID, their email, or their name (or part thereof). ```bash gpg -e -r ... gpg -e -r "Bez" ... gpg -e -r "bezalelhermoso@gmail.com" ... ``` #### Specifying multiple recipients ```bash gpg -e -r -r ... secret.txt ``` __NOTE__: Omitting `-o|--output` will produce an encrypted file named `.gpg` by default. ### Symmetric encryption Encrypt file using a shared key. You will be prompted for a passphrase. ```bash gpg --symmetric secret.txt # or gpg -c secret.txt ``` Decrypting --------- {: .-one-column} ### Decrypting a file ```bash gpg -d -o secret.txt secret.txt.gpg ``` If the file is encrypted via symmetric encryption, you will be prompted for the passphrase. __NOTE__: Omitting `-o|--output` will print the unencrypted contents to `stdout` Signing & Verifying --------- {: .-two-column} ### Signing ```bash gpg -o signed-file.txt.gpg -s file.txt ``` #### This can be used during encryption to also sign encrypted files: ```bash gpg -s -o secret.txt.gpg \ -r secret.txt ``` ### Verifying a signature ```bash gpg --verify file.txt.gpg ``` ### Viewing content of signed file ```bash gpg -d signed-file.txt.gpg ``` Miscellaneous ---------- {: .-two-column} ### Components List all components: {: .-setup} ```bash gpgconf --list-components ``` Kill a component: ```bash gpgconf --kill # i.e. gpgconf --kill dirmngr ``` Kill all components: ```bash gpgconf --kill all ``` ### Parsing keyring data Use `--with-colons` to produce an output that can easily be parsed i.e. with `awk`, `grep`, etc: ```bash gpg -k --with-colons ``` Field Quick Reference: | Field | Description | | 1 | Record type | | 2 | Validity | | 3 | Key length in bits | | 4 | Public key algoritm | | 5 | Key ID | | 6 | Creation date | | 7 | Expiry date | | 8 | Certifcate S/N, UID hash, trust signature info | | 9 | Ownertrust | | 10 | User ID | | 11 | Signature class | | 12 | Key capabilities | | 13 | Issuer fingerprint | | 14 | Flag field | | 15 | S/N of token | | 16 | Hash algorithm | | 17 | Curve name | | 18 | Compliance flags | | 19 | Last update timestamp | | 20 | Origin |