Han Wiki

GnuPG: Difference between revisions

Page Discussion

GnuPG (view source)

Revision as of 15:21, 18 September 2020

2,545 bytes added ,  18 September 2020
→‎Troubleshooting: gpg-connect-agent RESET /bye
← Older edit
add keyservers
→‎Troubleshooting: gpg-connect-agent RESET /bye
 
(10 intermediate revisions by the same user not shown)
Line 3: Line 3:
= Cookbook =
= Cookbook =


CREATE a new key:
== Create a new key ==


<source lang="console">
<source lang="console">
Line 29: Line 29:




LIST the keys in the *public key ring*:
== Useful commands ==


<source lang="console">
<source lang="console">
$ gpg2 --list-keys
// list the keys in the public ring
$ gpg --list-keys
 
// generate a revocation certificate
$ gpg --output revoke.asc --gen-revoke mykey
 
// generate a binary file (public key)
$ gpg --output mhankey.gpg --export mhan
 
// generate in ASCII-armored format
$ gpg --armor --export mhan
 
 
// add a key to public key ring
$ gpg --import didi.gpg
 
// validate
$ gpg --edit-key didi
Command> fpr
// after verifying fingerprint w/ owner
Command> sign
// check signature
Command> check
 
// change passphrase
$ gpg --edit-key didi
Command> passwd
// save
Command> save
 
// encrypt [and compress] a document
$ gpg --output filename.gpg --encrypt --recipient didi filename.doc
 
// decrypt a file
$ gpg --output filename.doc --decrypt filename.gpg
 
// symmetric cipher to encrypt
$ gpg --output filename.gpg --symmetric filename.doc
 
 
// create a signature for a document
$ gpg --output doc.sig --sign doc
 
// verify & extract doc
$ gpg --output doc --decrypt doc.sig
 
// clearsign document
$ gpg --clearsign doc
 
// create a deteached signature for a doc
$ gpg --output doc.sig --detach-sig doc
 
// verify the signature against the doc
$ gpg --verify doc.sig doc
</source>
 
== Key management ==
 
; adduid
: add new user ID
; uid, key
: select UID or a key
; deluid, delkey
: delete UID or a key
; revuid, revkey
: revoke UID or a key
; expire
: update expiration time
 
 
in order to import a private key on a different machine.
 
<source lang="console">
// export the key using an ASCII-armored format
$ gpg --export-secret-keys -a mhan@mhan.net > pkey.asc
 
// copy to a target machine, and then on the target machine
$ gpg --import pkey.asc
</source>
 
Note: if key already existed, you may need to delete 'em via '''--delete-keys''' or '''--delete-secret-keys'''
 
== Key distribution ==
 
<source lang="console">
// retrieve a key
$ gpg --keyserver certserver.pgp.com --recv-key 0xBB7576AC
 
// send a key
$ gpg --keyserver certserver.pgp.com --send-key mhan
</source>
 
= Configuration =
 
Change default cipher by adding the following to <span>~/.gnupg/gpg.conf</span class="package">
 
<source lang="console">
cipher-algo AES256
</source>
</source>


= Troubleshooting =
Kill any running agents
<source lang="console">
$ gpgconf --kill gpg-agent
</source>
Reset agent as a user
<source lang="console">
$ gpg-connect-agent RESET /bye
</source>
If you get ''Inappropriate ioctl for device'' you can add '''export GPG_TTY=$(tty)''' to either ~/.bashrc or ~/.profile (or ~/.bash_profile).


= Keyservers =
= Keyservers =
Line 47: Line 161:


* http://irtfweb.ifa.hawaii.edu/~lockhart/gpg/
* http://irtfweb.ifa.hawaii.edu/~lockhart/gpg/
* [https://eligible.com/blog/commit-signing-with-git-hub-keybase-and-gpg/ Commit Signing With Git, Hub, Keybase, and GPG]
Retrieved from "https://wiki.michaelhan.net/Special:MobileDiff/3042...3434"