Code Review In Seconds

Self-Hosted AI Code Reviewer

LiveReview
LiveReview
AI-Powered Code Review

gpg

Master GPG commands for secure encryption, decryption, signing, and key management. Learn to generate, export, import, and revoke GPG keys effectively.

GPG Command Line Guide

This guide provides essential GPG (GNU Privacy Guard) commands for managing cryptographic keys and performing secure operations like encryption, decryption, and signing. GPG is a powerful tool for ensuring data confidentiality and integrity.

GPG Key Management

Effectively managing your GPG keys is crucial for secure communication. This section covers generating, listing, exporting, and importing keys.

# Create a new GPG key pair
 gpg --gen-key

# List all keys (public and secret)
 gpg --list-keys
 gpg -k

# List only secret keys
 gpg --list-secret-keys
 gpg -K

# Show your public key in ASCII armor format
 gpg --armor --export

# Show the fingerprint for a specific key
 gpg --fingerprint KEY_ID

# Search for keys on public key servers
 gpg --search-keys 'user@emailaddress.com'

File Encryption and Decryption

Learn how to encrypt files for specific recipients and decrypt files that have been encrypted using GPG.

# Encrypt a file for a specific recipient
 gpg --encrypt --recipient 'user@emailaddress.com' example.txt

# Decrypt a file
 gpg --output example.txt --decrypt example.txt.gpg

Exporting and Importing Keys

Securely export your public and private keys for backup or sharing, and import keys from others.

# Export your public key
 gpg --output ~/public_key.txt --armor --export KEY_ID

# Export your secret key (handle with extreme care)
 gpg --output ~/private_key.txt --armor --export-secret-key KEY_ID

# Securely delete the private key file after export
 shred -zu ~/private_key.txt

# Import a public key
 gpg --import ~/public_key.txt

# Import a secret key (requires special flag)
 gpg --allow-secret-key-import --import ~/private_key.txt

# Securely delete the imported private key file after import
 shred -zu ~/private_key.txt

Revoking a GPG Key

If your private key is compromised or you no longer wish to use a key, you should revoke it.

# Create a revocation certificate
 gpg --output ~/revoke.asc --gen-revoke KEY_ID

# Import the revocation certificate
 gpg --import ~/revoke.asc

# Send the revocation to key servers
 gpg --send-keys KEY_ID

Signing and Verifying Files

GPG can be used to digitally sign files to verify their authenticity and integrity.

# Sign a file (creates a .asc signature file)
 gpg -ba filename

# Sign a file with a specific default key
 gpg --default-key <key ID> -ba filename

# Verify a downloaded file using its signature
 gpg --verify filename.asc

Signing Public Keys

Contribute to the web of trust by signing the public keys of others.

# Retrieve a public key from a keyserver
 gpg --keyserver <keyserver> --recv-keys <Key_ID>

# Check the key's fingerprint
 gpg --fingerprint <Key_ID>

# Sign the key
 gpg --sign-key <Key_ID>

# Upload the signed key to a keyserver
 gpg --keyserver <keyserver> --send-key <Key_ID>

Managing GPG Key UIDs (User IDs)

Modify the email addresses and names associated with your GPG keys.

# Edit a key
 gpg --edit-key <key ID>

# Add a new User ID (name and email)
 adduid

# List current UIDs
 list

# Select a UID to delete
 uid <list number>

# Delete the selected UID
 deluid

# Save changes
 save

# Publish the updated key to a server
 gpg --send-keys <key ID>

Creating and Managing Subkeys

Subkeys offer flexibility by allowing you to keep your master key secure while using subkeys for specific purposes or machines.

# Edit a key to add subkeys
 gpg --edit-key <key ID>

# Add a signing-only subkey
 addkey
 # Choose RSA, 4096 bits, and set an expiry period.

# Add an encryption-only subkey (repeat addkey process)

# Save changes
 save

# Export secret subkeys
 gpg --export-secret-subkeys <subkey ID> > subkeys
 gpg --export <key ID> > pubkeys

# Delete the master secret key
 gpg --delete-secret-key <key ID>

# Import the master public key and secret subkeys
 gpg --import pubkeys subkeys

# Verify that subkeys are now present (should show sec#)
 gpg -K

High-Quality Symmetric Encryption Options

For enhanced security in symmetric encryption, consider these advanced GPG options.

# Encrypt a file using high-quality symmetric options
 gpg \
    --symmetric \
    --cipher-algo aes256 \
    --digest-algo sha512 \
    --cert-digest-algo sha512 \
    --compress-algo none -z 0 \
    --s2k-mode 3 \
    --s2k-digest-algo sha512 \
    --s2k-count 65011712 \
    --force-mdc \
    --pinentry-mode loopback \
    --armor \
    --no-symkey-cache \
    --output somefile.gpg \
    somefile # file to encrypt

# Decrypt a file using high-quality symmetric options
 gpg \
    --decrypt \
    --pinentry-mode loopback \
    --armor \
    --output somefile.decrypted \
    somefile.gpg # file to decrypt

External Resources

← Back to cmd cheatsheets All cheatsheets