GPG cheatsheet

Published:

What is GPG

GPG stands for GNU Privacy Guard, a free open source software compatible with the OpenPGP standard for data encryption and digital signature. It’s a tool capable of creating and managing cryptographic keys, encrypting/decrypting data and above all verifying the authenticity of messages through digital signature.

Command line

Create a key

gpg --gen-key
# E.g.
# gpg --gen-key

# To customize the key creation
gpg --full-gen-key
# E.g.
# gpg --full-gen-key

List keys

gpg --list-secret-keys
# E.g.
# gpg --list-secret-keys

List key fingerprints

gpg --fingerprint
# E.g.
# gpg --fingerprint

Remove a key

gpg --delete-secret-key <key id or email>
# E.g.
# gpg --delete-secret-key 7663E3B7

Export the private key in ASCII format

gpg --output <out file> --armor --export-secret-key <key id or email>
# E.g.
# gpg --output private_key.pgp --armor --export-secret-key 7663E3B7

Caution

The private key is sensitive data and must be carefully protected. Never share the private key with anyone.

Export the public key in ASCII format

gpg --output <out file> --armor --export <key id or email>
# E.g.
# gpg --output public_key.pgp --armor --export 7663E3B7

Import a key

gpg --import <in file>
# E.g.
# gpg --import private_key.pgp

Send a key to a key server

gpg --keyserver <key server> --send-keys <key id>
# E.g.
# gpg --keyserver keyserver.ubuntu.com --send-keys 7663E3B7

Cipher a message

gpg --output <encrypted file> --encrypt --recipient <key id or email> <file>
# E.g.
# gpg --output message.gpg --encrypt --recipient 7663E3B7 message.txt

Decipher a message

gpg --output <decrypted file> --decrypt <encrypted file>
# E.g.
# gpg --output message.txt --decrypt message.gpg

Sign a message

gpg --output <signed file> --sign <file>
# E.g.
# gpg --output message.sig --sign message.txt

Verify a signed message

gpg --verify <signed file>
# E.g.
# gpg --verify message.sig

Ensure that the .gnupg folder has the correct permissions

# The .gnupg folder must be owned by the current user
chown -R $(whoami) ~/.gnupg/
# File inside .gnupg must have 600 permissions
# (read and write only for the current user)
find ~/.gnupg -type f -exec chmod 600 {} \;
# Folders under .gnupg must have 700 permissions
# (accessible only by the current user)
find ~/.gnupg -type d -exec chmod 700 {} \;