Tuesday, February 15, 2011

11 GPG Commands One Should NEVER Forget

GnuPG is the GNU project's complete and free implementation of the OpenPGP standard as defined by RFC4880 . GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories.

1. Create GPG Keys
$ gpg --gen-key
2. List the available keys in your keyring
$ gpg --list-keys
3. Exporting the public key - by user id
$ gpg --armor --export <uid>

Example :
$ gpg --armor --export prabath@wso2.com
4. Importing a public key of a trusted user to your keyring
$ gpg --import wso2.gpg
5. Encrypting a document - you need to import the public key corresponding to the uid-of-recipient first in to your keyring as per step - 4.
$ gpg --output <output-file>  --encrypt --recipient <uid-of-recipient>  <input-file>

Example :
$ gpg --output test.txt.gpg  --encrypt --recipient prabath@wso2.com  test.txt
6. Decrypting
$ gpg --output <output-file> --decrypt <input-file>

Example :
$ gpg --output text.txt --decrypt test.txt.gpg
7. Signing a document [detached signature]
$ gpg --armor --output <signature> --detach-sig <file-to-sign>
8. Verifying a signature [detached signature] - you need to have the public key of the person who signed it in your keyring - see step-4.
$ gpg --verify <signature> <original-file>
9. Exporting private keys
$ gpg --armor --output <key-file-name> --export-secret-keys <uid>

Example : 
$ gpg --armor --output prabath.asc --export-secret-keys prabath@wso2.com
10. Uploading your public key to a key server.
$ gpg --keyserver certserver.pgp.com --send-key <uid>
11. Download a key from a key server.
$ gpg --keyserver certserver.pgp.com --recv-key <key_id>