GPG¶
Generate Key¶
gpg --full-generate-key
Import¶
lpass show gpg --attach=8017296795546256342-55097 -q | gpg --import
gpg --import secret.asc
Trust Own Key¶
# https://unix.stackexchange.com/a/407070/93726
gpg --edit-key [email protected]
gpg> trust
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
gpg> save
Sign Others' Keys¶
wget http://example.com/pgp-public-key -O- | gpg --import
gpg --list-keys
gpg --sign-key [email protected]
List¶
# Secret keys
gpg --list-secret-keys --keyid-format LONG
# All keys
gpg --list-keys --keyid-format LONG
Submit to Keyserver¶
gpg --keyid-format LONG --list-keys [email protected]
pub rsa4096/ABCDEF0123456789 2018-01-01 [SCEA] [expires: 2021-01-01]
ABCDEF0123456789ABCDEF0123456789
uid [ ultimate ] John Doe
gpg --keyserver keyserver.ubuntu.com --send-keys ABCDEF0123456789
Revokation Certificate¶
gpg --output revoke.asc --gen-revoke [email protected]
Export¶
gpg --export-secret-keys --armor $EMAIL > /path/to/secret-key-backup.asc
gpg --export --armor $EMAIL > /path/to/public-key-backup.asc
Keygrip to match *.key filenames in ~/.gnupg/private-keys-v1.d directory¶
gpg --list-secret-keys --with-keygrip
gpg --list-keys --with-keygrip
Get Key ID¶
key=$(gpg --list-keys | sed -n '/^\s/s/\s*//p') && echo "0x"${key:(-8)}
# 0x08B7D7A3
Restart Agent on Windows¶
gpg-connect-agent reloadagent /bye
Refresh Keys¶
gpg --refresh-keys --keyserver keyserver.ubuntu.com
Pinentry Mode¶
gpg --pinentry-mode loopback --import <file>.asc
Validity Unknown¶
gpg --check-trustdb
gpg --update-trustdb
Show Subkey Fingerprints¶
gpg -K --with-subkey-fingerprints
Unlock Key¶
To manually force a passphrase prompt and "unlock" the key, you can run a simple GPG command that requires it, such as:
gpg -s
This command initiates a signature process on standard input. It will prompt you to type some text and then ask for your passphrase to sign it. Once you've entered the passphrase, you can press Ctrl+D twice to exit the command. Your key will then be unlocked and cached by gpg-agent.
Type something.