Skip to content

GPG¶

Generate Key¶

gpg --full-generate-key

Import¶

lpass show gpg --attach=8017296795546256342-55097 -q | gpg --import

gpg --import secret.asc

Trust Own Key¶

# https://unix.stackexchange.com/a/407070/93726
gpg --edit-key [email protected]

gpg> trust

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5
gpg> save

Sign Others' Keys¶

wget http://example.com/pgp-public-key -O- | gpg --import
gpg --list-keys
gpg --sign-key [email protected]

List¶

# Secret keys
gpg --list-secret-keys --keyid-format LONG
# All keys
gpg --list-keys --keyid-format LONG

Submit to Keyserver¶

gpg --keyid-format LONG --list-keys [email protected]
pub   rsa4096/ABCDEF0123456789 2018-01-01 [SCEA] [expires: 2021-01-01]
      ABCDEF0123456789ABCDEF0123456789
uid              [ ultimate ] John Doe
gpg --keyserver keyserver.ubuntu.com --send-keys ABCDEF0123456789

Revokation Certificate¶

gpg --output revoke.asc --gen-revoke [email protected]

Export¶

gpg --export-secret-keys --armor [email protected] > /path/to/secret-key-backup.asc

Keygrip to match `*.key` filenames in `~/.gnupg/private-keys-v1.d` directory¶

gpg --list-secret-keys --with-keygrip
gpg --list-keys --with-keygrip

Get Key ID¶

key=$(gpg --list-keys | sed -n '/^\s/s/\s*//p') && echo "0x"${key:(-8)}
# 0x08B7D7A3

Restart Agent on Windows ¶

gpg-connect-agent reloadagent /bye

Refresh Keys¶

gpg --refresh-keys --keyserver keyserver.ubuntu.com

References¶