Skip to content

Home

GPG Cheatsheet

GPG stands for GNU Privacy Guard and it is vital tool for everyone who wants to protect the email and files. Like it's inspiration PGP, GPG uses public-key cryptography where each user owns two keys: for decryption (public key) and for encryption (private key).

This cheatsheet is for quick reference and gives a brief description of that could be done with this security tool.

Keys management

GPG has several switches that allows to generate a public-private keypar, revoke and delete keys. The viewing public and private keys are also supported.

Generate key pair

To generate a public-private key pair in the GPG keyring use the –gen-key switch. The below command will prompt for some details such the key-type, key-size, user ID to identify the key and the time period over which the generated key will be valid:

gpg --gen-key

Revoke keys

In case if the secret key has been stolen, an existing key could be revoked with –gen-revoke switch. To be able to do this, is is needed for a secret key:

gpg --gen-revoke

Delete keys

The below commands are used to delete public and private keys from GPG keyring:

gpg --delete-key KeyID
gpg --delete-secret-key KeyID
gpg --delete-secret-and-public-key KeyID

View keys

To view all types of keys, issue the command:

gpg --list-key
gpg --list-public-keys
gpg --list-secret-keys

Keys manipulations

GPG allows several key manipulation functions such importing and exporting the keys. Sending and receiving keys from server are also supported.

Export a private key to a file

gpg --export-secret-key -a > file.out

Export a public key in a file

gpg --export --armor KeyID > file.out

Import a private key from a file

gpg --import --allow-secret-key-import file.in

Import a public key from a file

gpg --import file.in

Send a public key to a server

gpg --keyserver dbma.keyserver.ca --send-key KeyID

Get a Key from a server

gpg --keyserver dbma.keyserver.ca --recv-keys KeyID

Cryptographic options

GPG allows file encryption and decryption. Another option is support for file signing that makes this program an alternative to PGP.

Encrypt, decrypt and sign

gpg -r KeyID -e -a -o file.out file.in

Decrypt file

gpg -r KeyID -d -o file.out file.in

Create signature of a file

gpg -b -a KeyID -o file.out file.in
Also, you might check the GUI frontends for GnuPG for easy GPG management