Last Update: Jun 10, 2015

-----[ GnuPG Cheatsheet ]-----

This document is intended to be a quick note about some GnuPG commands. I hope this will be useful as writing it was for me. DEADBEEF is used as an example key ID, note any part of the user ID can be used as key specifier to identify a key. The --output option can always be omitted. Any output, keys, encrypted documents, and signatures, can be ASCII-armored by adding the --armor option. GENERATE A KEYPAIR ------------------ # gpg --full-gen-key GENERATE A REVOKE CERTIFICATE ----------------------------- # gpg --output revoke.gpg --gen-revoke DEADBEEF LIST KEYS ON THE KEYRING ------------------------ # gpg --list-keys EXPORT A PUBLIC KEY ------------------- # gpg --output coffee.gpg --export DEADBEEF # gpg --armor --export DEADBEEF EXPORT A PRIVATE KEY -------------------- # gpg --export-secret-keys DEADBEEF IMPORT A KEY ------------ # gpg --import key.gpg VALIDATE A PUBLIC KEY --------------------- A key is validated by verifying the key's fingerprint and then signing the key, to certify that it is a valid key, and belongs to the correct user. Edit the key with # gpg --edit-key DEADBEEF then you can view the fingerprint with # fpr Now verify the fingerprint with the key owner, you must guarantee that you are communicating with the key's true owner. After checking the fingerprint, you may sign the key to validate it # sign You can list the signatures on the key with # check DELETE A PUBLIC KEY ------------------- # gpg --delete-key DEADBEEF DELETE A PRIVATE KEY -------------------- # gpg --delete-secret-key DEADBEEF ASYMMETRIC ENCRYPTION AND DECRYPTION ------------------------------------ # gpg --output enc_doc.gpg --encrypt --recipient doc # gpg --output doc --decrypt enc_doc.gpg SYMMETRIC ENCRYPTION -------------------- With a passphrase. # gpg --output doc.gpg --symmetric doc.gpg SIGN A DOCUMENT --------------- A signature is created using the private key of the signer. Compress the doc before sign, output in binary format. # gpg --sign doc CLEARSIGN A DOCUMENT -------------------- Wrapped in an ASCII-armored signature but otherwise human readable. # gpg --clearsign doc DETACHED SIGNATURE ------------------ Creates a detached signature, in a separate file. # gpg [--armor] --detach-sig doc EXTRACT A SIGNED DOCUMENT ------------------------- # gpg --decrypt doc.sig VERIFY A SIGNED DOCUMET ----------------------- # gpg --verify doc.sig