Skip to main content

GPG Cheat Sheet

GnuPG(GNU Privacy Guard): GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. GnuPG also provides support for S/MIME and Secure Shell (ssh).

GnuPG 是完整实现了 RFC4880(即 PGP)所定义的 OpenPGP 标准的自由软件。GnuPG 可以加密和签名你的数据和通讯信息,包含一个通用的密钥管理系统以及用于各种公钥目录的访问模块。GnuPG,简称 GPG,是一个易于与其它程序整合的命令行工具,拥有很多前端程序和函数库。GnuPG 还支持 S/MIME 和 Secure Shell (ssh)。

Install GnuPG

scoop install gpg4win

Generate a GPG key pair

# version >= 2.1.17
gpg --full-generate-key
# Keypair                 The default is RSA and RSA. This means there will be one master key for signing and one subkey for encryption.
# Keysize                 A keysize of 4096 is usually enough.
# Expiration date         A period of a year is enough most of the time. See Editing keys on how to change it afterwards.
# Name and email address
# Comment                 Add a comment for the key's purpose.
# Passphrase

# version < 2.1.17
gpg --default-new-key-algo rsa4096 --gen-key

List GPG keys

# list all public keys
gpg --list-keys
gpg --list-sigs     # list signatures
gpg --fingerprint   # list fingerprints

# list all private keys
gpg --list-secret-keys
gpg --list-secret-keys --keyid-format LONG # list the long form of the GPG keys

# get the key ID([key-id] 是和 sec 同一行的十六进制散列值)
gpg --list-secret-keys --with-colons --fingerprint | grep "^fpr" | cut -d: -f10

Backup GPG keys

# export public key
gpg --armor --output "[key-id]_public.asc" --export [key-id]

# export private key
gpg --armor --output "[key-id]_secret.asc" --export-secret-keys [key-id]

Import GPG keys

# import public key
gpg --import [key-id]_public.asc

# import private key
gpg --allow-secret-key-import --import [key-id]_secret.asc

# allow the import of keys with user IDs which are not self-signed
gpg --allow-non-selfsigned-uid --import [key-id]_secret.asc

Edit GPG keys

gpg --edit-key [key-id]

# Useful commands:
# help     display all commands
# passwd   change passphrase
# clean    compact any user ID that is no longer usable (revoked or expired)
# revkey   revoke a key
# addkey   add a subkey to this key
# expire   change expiration date of key
# adduid   add email addresses to this key

# add uid
gpg> adduid
Real name: Example
Email address: Example@example.com
... insert passphrase to unlock secret key ...
gpg> save

# set primary uid
gpg> uid 2
gpg> promary
... insert passphrase to unlock secret key ...
gpg> save

# del uid
gpg> uid 1
gpg> deluid
gpg> save

# update sub-key
gpg> key 1
gpg> expire
... insert passphrase to unlock secret key ...
gpg> save

Delete GPG keys

# delete public key
gpg --delete-key [key-id]

# delete private key
gpg --delete-secret-key [key-id]

# delete without confirmation
gpg --batch --yes --delete-keys [key-id]
gpg --batch --yes --delete-secret-keys [key-id]

References