4,348
edits
add keyservers |
→Troubleshooting: gpg-connect-agent RESET /bye |
||
(10 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
= Cookbook = | = Cookbook = | ||
== Create a new key == | |||
<source lang="console"> | <source lang="console"> | ||
Line 29: | Line 29: | ||
== Useful commands == | |||
<source lang="console"> | <source lang="console"> | ||
$ | // list the keys in the public ring | ||
$ gpg --list-keys | |||
// generate a revocation certificate | |||
$ gpg --output revoke.asc --gen-revoke mykey | |||
// generate a binary file (public key) | |||
$ gpg --output mhankey.gpg --export mhan | |||
// generate in ASCII-armored format | |||
$ gpg --armor --export mhan | |||
// add a key to public key ring | |||
$ gpg --import didi.gpg | |||
// validate | |||
$ gpg --edit-key didi | |||
Command> fpr | |||
// after verifying fingerprint w/ owner | |||
Command> sign | |||
// check signature | |||
Command> check | |||
// change passphrase | |||
$ gpg --edit-key didi | |||
Command> passwd | |||
// save | |||
Command> save | |||
// encrypt [and compress] a document | |||
$ gpg --output filename.gpg --encrypt --recipient didi filename.doc | |||
// decrypt a file | |||
$ gpg --output filename.doc --decrypt filename.gpg | |||
// symmetric cipher to encrypt | |||
$ gpg --output filename.gpg --symmetric filename.doc | |||
// create a signature for a document | |||
$ gpg --output doc.sig --sign doc | |||
// verify & extract doc | |||
$ gpg --output doc --decrypt doc.sig | |||
// clearsign document | |||
$ gpg --clearsign doc | |||
// create a deteached signature for a doc | |||
$ gpg --output doc.sig --detach-sig doc | |||
// verify the signature against the doc | |||
$ gpg --verify doc.sig doc | |||
</source> | |||
== Key management == | |||
; adduid | |||
: add new user ID | |||
; uid, key | |||
: select UID or a key | |||
; deluid, delkey | |||
: delete UID or a key | |||
; revuid, revkey | |||
: revoke UID or a key | |||
; expire | |||
: update expiration time | |||
in order to import a private key on a different machine. | |||
<source lang="console"> | |||
// export the key using an ASCII-armored format | |||
$ gpg --export-secret-keys -a mhan@mhan.net > pkey.asc | |||
// copy to a target machine, and then on the target machine | |||
$ gpg --import pkey.asc | |||
</source> | |||
Note: if key already existed, you may need to delete 'em via '''--delete-keys''' or '''--delete-secret-keys''' | |||
== Key distribution == | |||
<source lang="console"> | |||
// retrieve a key | |||
$ gpg --keyserver certserver.pgp.com --recv-key 0xBB7576AC | |||
// send a key | |||
$ gpg --keyserver certserver.pgp.com --send-key mhan | |||
</source> | |||
= Configuration = | |||
Change default cipher by adding the following to <span>~/.gnupg/gpg.conf</span class="package"> | |||
<source lang="console"> | |||
cipher-algo AES256 | |||
</source> | </source> | ||
= Troubleshooting = | |||
Kill any running agents | |||
<source lang="console"> | |||
$ gpgconf --kill gpg-agent | |||
</source> | |||
Reset agent as a user | |||
<source lang="console"> | |||
$ gpg-connect-agent RESET /bye | |||
</source> | |||
If you get ''Inappropriate ioctl for device'' you can add '''export GPG_TTY=$(tty)''' to either ~/.bashrc or ~/.profile (or ~/.bash_profile). | |||
= Keyservers = | = Keyservers = | ||
Line 47: | Line 161: | ||
* http://irtfweb.ifa.hawaii.edu/~lockhart/gpg/ | * http://irtfweb.ifa.hawaii.edu/~lockhart/gpg/ | ||
* [https://eligible.com/blog/commit-signing-with-git-hub-keybase-and-gpg/ Commit Signing With Git, Hub, Keybase, and GPG] |