[ About | Licence | Contacts ]
Written by Oleksandr Gavenko (AKA gavenkoa), compiled on 2024-04-01 from rev 052223c22317.

PGP/GPG.

Documentation

https://wiki.archlinux.org/index.php/GnuPG
ArchLinux wiki.
http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html
The Keysigning Party HOWTO.

What preffered client?

GNU gpg.

Which key server to use?

There is SKS Keyserver Pool:

gpg --keyserver pool.sks-keyservers.net

Popular pgp.mit.edu joined SKS.

Another alternatives:

Define server in ~/.gnupg/gpg.conf to avoid specifying --keyserver each time:

keyserver hkp://keys.gnupg.net
# keyserver pool.sks-keyservers.net
https://sks-keyservers.net/overview-of-pools.php
Overview of the pools.

How import keys from key-server?

To import key with signatures:

$  gpg --keyserver pgp.mit.edu --recv-keys $KEYID

To check revocation statuses and receive new signatures:

$  gpg --keyserver pgp.mit.edu --refresh-keys $KEYID

To find key by names:

gpg --keyserver keyserver.ubuntu.com --search-keys president

List trust model

To dump current trust model:

gpg --export-ownertrust

Above output can be used for import:

gpg --export-ownertrust | gpg --import-ownertrust

How mark a key as trusted?

$ gpg --edit-key $KEYID trust

How always trust all imported keys?

Add to ~/.gnupg/gpg.conf:

trust-model always

or temporarily:

gpg -v --verify --trust-model always file.zip.asc

How export key?

Export public key in binary (OpenGPG) form:

$ gpg --export $KEYID >$PUBKEY.asc
$ gpg --output $PUBKEY.asc --export $KEYID

Export public key in text form:

$ gpg -a --export $KEYID >$PUBKEY.asc
$ gpg --armor --export $KEYID >$PUBKEY.asc

Export private key (it still encrypted by pass-phrase):

$ gpg --output $PRIVKEY.gpg --export-secret-key $KEYID

How create own PGP key?

$ gpg --gen-key   # answer the question
...
$ gpg -o $keyfile --export-secret-keys $NAME

How import keys from file?

$ gpg --import $keyfile

How to get public key from private without importing to local storage?

tmp=$(mktemp -d)
gpg --homedir $tmp --import $SECKEY
gpg --homedir $tmp --export $ID > $PUBKEY
rm -rf $tmp

How submit public key to key server?

$ gpg --keyserver pgp.mit.edu --send-key $KEYID

What keys in local db?

$ gpg --list-keys
$ gpg --list-keys $KEYID
$ gpg --list-keys $EMAIL

$ gpg --list-secret-keys

Making revocation certificate.

$ gpg --armor --output $KEYID.rev --gen-revoke $KEYID

How delete key?

$ gpg --delete-key $KEYID
$ gpg --delete-key $USER
$ gpg --delete-key $EMAIL

$ gpg --delete-secret-key $KEYID

Dump content of key or signature

$ gpg --show-keys $FILE.key
$ gpg --show-keys --with-subkey-fingerprint $FILE.key

$ gpg --list-packets $FILE.sig
$ gpg --list-packets $FILE.key

$ sudo apt-get install pgpdump
$ pgpdump $FILE.sig
$ pgpdump $FILE.key

How sign file?

To sign with first key:

$ gpg -o $file.sig --sign $file
$ gpg --default-key $NAME -o $file.sig --sign $file
$ gpg -u ${USER_NAME} -o $file.sig --sign $file

How verify signature?

$ gpg --verify $file.sig

How to backup private key?

Make a copy:

$ gpg --export-secret-keys --armor $KEYID > privkey.asc

Restore from copy:

$ gpg --allow-secret-key-import --import privkey.asc