Skip to content

🔑 GPG

Generate Key

gpg --full-generate-key

Import

lpass show gpg --attach=8017296795546256342-55097 -q | gpg --import

gpg --import secret.asc

Trust Own Key

# https://unix.stackexchange.com/a/407070/93726
gpg --edit-key [email protected]

gpg> trust

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5
gpg> save

🖋 Sign Others' Keys

wget http://example.com/pgp-public-key -O- | gpg --import
gpg --list-keys
gpg --sign-key [email protected]

List

# Secret keys
gpg --list-secret-keys --keyid-format LONG
# All keys
gpg --list-keys --keyid-format LONG

Submit to Keyserver

gpg --keyid-format LONG --list-keys [email protected]
pub   rsa4096/ABCDEF0123456789 2018-01-01 [SCEA] [expires: 2021-01-01]
      ABCDEF0123456789ABCDEF0123456789
uid              [ ultimate ] John Doe
gpg --keyserver keyserver.ubuntu.com --send-keys ABCDEF0123456789

Revokation Certificate

gpg --output revoke.asc --gen-revoke [email protected]

Export

gpg --export-secret-keys --armor $EMAIL > /path/to/secret-key-backup.asc
gpg --export --armor $EMAIL > /path/to/public-key-backup.asc

Keygrip to match *.key filenames in ~/.gnupg/private-keys-v1.d directory

gpg --list-secret-keys --with-keygrip
gpg --list-keys --with-keygrip

Get Key ID

key=$(gpg --list-keys | sed -n '/^\s/s/\s*//p') && echo "0x"${key:(-8)}
# 0x08B7D7A3

Restart Agent on Windows

gpg-connect-agent reloadagent /bye

Refresh Keys

gpg --refresh-keys --keyserver keyserver.ubuntu.com

Pinentry Mode

gpg --pinentry-mode loopback --import <file>.asc

Validity Unknown

gpg --check-trustdb
gpg --update-trustdb

Show Subkey Fingerprints

gpg -K --with-subkey-fingerprints

References