diff --git a/cheatsheets/gpg b/cheatsheets/gpg index 53acf3c..4b2bc80 100644 --- a/cheatsheets/gpg +++ b/cheatsheets/gpg @@ -1,173 +1,11 @@ -# Create a key +# generate key +gpg --gen-key - gpg --gen-key +# encrypt file +gpg -e file +# sign file +gpg -s file -# Show keys - - To list a summary of all keys - - gpg --list-keys - - To show your public key - - gpg --armor --export - - To show the fingerprint for a key - - gpg --fingerprint KEY_ID - -# Search for keys - - gpg --search-keys 'user@emailaddress.com' - - -# To Encrypt a File - - gpg --encrypt --recipient 'user@emailaddress.com' example.txt - - -# To Decrypt a File - - gpg --output example.txt --decrypt example.txt.gpg - - -# Export keys - - gpg --output ~/public_key.txt --armor --export KEY_ID - gpg --output ~/private_key.txt --armor --export-secret-key KEY_ID - - Where KEY_ID is the 8 character GPG key ID. - - Store these files to a safe location, such as a USB drive, then - remove the private key file. - - shred -zu ~/private_key.txt - -# Import keys - - Retrieve the key files which you previously exported. - - gpg --import ~/public_key.txt - gpg --allow-secret-key-import --import ~/private_key.txt - - Then delete the private key file. - - shred -zu ~/private_key.txt - -# Revoke a key - - Create a revocation certificate. - - gpg --output ~/revoke.asc --gen-revoke KEY_ID - - Where KEY_ID is the 8 character GPG key ID. - - After creating the certificate import it. - - gpg --import ~/revoke.asc - - Then ensure that key servers know about the revokation. - - gpg --send-keys KEY_ID - -# Signing and Verifying files - - If you're uploading files to launchpad you may also want to include - a GPG signature file. - - gpg -ba filename - - or if you need to specify a particular key: - - gpg --default-key -ba filename - - This then produces a file with a .asc extension which can be uploaded. - If you need to set the default key more permanently then edit the - file ~/.gnupg/gpg.conf and set the default-key parameter. - - To verify a downloaded file using its signature file. - - gpg --verify filename.asc - -# Signing Public Keys - - Import the public key or retrieve it from a server. - - gpg --keyserver --recv-keys - - Check its fingerprint against any previously stated value. - - gpg --fingerprint - - Sign the key. - - gpg --sign-key - - Upload the signed key to a server. - - gpg --keyserver --send-key - -# Change the email address associated with a GPG key - - gpg --edit-key - adduid - - Enter the new name and email address. You can then list the addresses with: - - list - - If you want to delete a previous email address first select it: - - uid - - Then delete it with: - - deluid - - To finish type: - - save - - Publish the key to a server: - - gpg --send-keys - -# Creating Subkeys - - Subkeys can be useful if you don't wish to have your main GPG key - installed on multiple machines. In this way you can keep your - master key safe and have subkeys with expiry periods or which may be - separately revoked installed on various machines. This avoids - generating entirely separate keys and so breaking any web of trust - which has been established. - - gpg --edit-key - - At the prompt type: - - addkey - - Choose RSA (sign only), 4096 bits and select an expiry period. - Entropy will be gathered. - - At the prompt type: - - save - - You can also repeat the procedure, but selecting RSA (encrypt only). - To remove the master key, leaving only the subkey/s in place: - - gpg --export-secret-subkeys > subkeys - gpg --export > pubkeys - gpg --delete-secret-key - - Import the keys back. - - gpg --import pubkeys subkeys - - Verify the import. - - gpg -K - - Should show sec# instead of just sec. +# encrypt and sign file +gpg -es file