Introduction to OpenPGP¶

1. Generate a GPG key¶

gpg --expert --full-gen-key

--expert: expert mode.

--full-gen-key: generate a key.

2. Generate a revocation certificate¶

gpg --gen-revoke -so revoke.gpg USERID

3. List GPG keys¶

gpg --list-secret-keys or the short form gpg -K

--keyid-format long: output long key IDs.

--fingerprint: output fingerprint information.

4. Import a GPG key¶

Import from a file:

gpg --import [file]

5. Export GPG keys¶

(1). Export a public key¶

gpg -ao public-key.txt --export USERID

(2). Export a private key¶

Export the primary private key:

gpg -ao secret-key --export-secret-key 99F583599B7E31F1!

Export a subkey:

gpg -ao sign-subkey --export-secret-subkeys FDB960B857D397F6!

! means only that key is exported.

6. Delete GPG keys¶

Delete a private key:

gpg --delete-secret-keys USERID

Delete a public key:

gpg --delete-keys USERID

7. Sign and verify¶

(1). Sign¶

Generate a binary signature file:

gpg --sign input.txt

Generate an ASCII armored signature:

gpg --clearsign input.txt

Generate a detached signature:

gpg --armor --detach-sign input.txt

Add --output to write the result to a file.

(2). Verify¶

Verify a signature file:

gpg --verify demo.txt.asc demo.txt

8. Encrypt and decrypt¶

(1). Encrypt¶

gpg --recipient {keyid/uid} --output encrypt.txt --encrypt input.txt

gpg -se -o encrypt.txt -r {keyid/uid} input.txt

(2). Decrypt¶

gpg --decrypt encrypt.txt --output decrypt.txt

gpg -d encrypt.txt

REF¶

[1]. SSH-Authentication-with-GPG-Keys-on-Linux

[2]. GnuPG-Home-Configuration-on-Winodws