GnuPG

GnuPG is the GNU project’s complete and free implementation of the OpenPGP standard as defined by RFC4880.

Keyserver

WEB Interface	Keyserver
MIT	x-hkp://pgp.mit.edu
PGP	x-hkp://keyserver.pgp.com

Key-Management

Create key

gpg --gen-key

Upload key

gpg --send-keys [key-ID]

Example

tan@pelion:~$ gpg --keyserver x-hkp://gpg-keyserver.de --send-keys EF6283B9
gpg: sending key EF6283B9 to hkp server gpg-keyserver.de

Import key

Syntax

gpg --import [filename]

Import public key

tan@pelion:~/gpgkeys$ gpg --import tanpub.asc 

gpg: key 05B3AA4A: public key "Tan-Vinh Nguyen <tan@xxx.de>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Import private key

tan@pelion:~/gpgkeys$ gpg --import tan.asc 

gpg: key 05B3AA4A: secret key imported
gpg: key 05B3AA4A: "Tan-Vinh Nguyen <tan@xxx.de>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1

Import public key from keyserver

tan@pelion:~$ gpg --keyserver x-hkp://gpg-keyserver.de --recv-keys EF6283B9

Export key

Export public key to tan-gpg-key.asc

gpg -a --output tan-gpg-key.asc --export EF6283B9

Export private key to tan-gpg-secret-key.asc

gpg -a --output tan-gpg-secret-key.asc --export-secret-keys EF6283B9

List keys

List public and private keys

gpg --list-keys
gpg --list-secret-keys

List signatures

gpg --list-sigs

Show fingerprint

gpg --fingerprint [key-ID]

Sign key

gpg --sign-key [key-ID]

Revoke key

Keys are not deleted.
Create a certificate for revoke.

gpg --gen-revoke [key-ID]
#gpg -a --output tan-gpg-key-revoke.asc --gen-revoke EF6283B9

Revoke the public key by importing the revoke certificate

gpg --import [filename.revoke]

tan@pelion:~/gpgkeys$ gpg --import tan.revoke 
gpg: key 05B3AA4A: "Tan-Vinh Nguyen <tan@xxx.de>" revocation certificate imported
gpg: Total number processed: 1
gpg:    new key revocations: 1
gpg: no ultimately trusted keys found

Update public key to keyserver in order to spread the revocation

tan@pelion:~/gpgkeys$ gpg --keyserver gpg-keyserver.de --send-key 05B3AA4A
gpg: sending key 05B3AA4A to hkp server gpg-keyserver.de

Delete key

Deletion order

private key
public key

gpg --delete-secret-keys <key-ID>
gpg --delete-key <key-ID>

tan@pelion:~/gpgkeys$ gpg --delete-secret-keys 05B3AA4A
gpg (GnuPG) 1.4.6; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.


sec  1024D/05B3AA4A 2007-12-09 Tan-Vinh Nguyen <tan@xxx.de>

Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y

tan@pelion:~/gpgkeys$ gpg --delete-key 05B3AA4A
gpg (GnuPG) 1.4.6; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.


pub  1024D/05B3AA4A 2007-12-09 Tan-Vinh Nguyen <tan@xxx.de>

Delete this key from the keyring? (y/N) y

Encryption

Encrypt file contents

gpg --armor --encrypt --recipient [key-ID] [filename]

gpg --armor --encrypt --recipient 655685AC --recipient 5E396988 passwd

gpg --armor --encrypt -r 655685AC -r 5E396988 -r A8723536 file

Decryption

Decrypt file contents

gpg --decrypt --output secret-revealed.txt test.txt.asc

Sign file with key

gpg --armor --detach-sign [key-ID] [filename]

Verify file with key

gpg --verify [filename]

UID Management

A Key may have many emails (uids).

Add User Id

Edit key to add the new uid

gpg --edit-key <Schlüssel-ID oder Name>
Befehl> adduid

Save the changes

Befehl> save

Remove User Id

tan@crunchbang:~$ gpg --edit-key 5E396988

gpg> uid 2

gpg> deluid

gpg> save

Update key on public keyserver

gpg --keyserver x-hkp://pgp.mit.edu --send-keys 5E396988