/notebook/ssh/gpg-reference

GPG Reference

by Dan Aukes

Introduction

GPG is a great tool for encrypting files and handling the keys to do so. The following commands are incredibly useful if you want to work with gpg from the command-line

Commands

Install and Setup

  1. Install gnupg, nautilus integration (seahorse), and restart nautilus

    bash sudo apt install -y gnupg

  2. Install kleopatra

    bash apt install -y kleopatra

Import Keys

Configuration files can include sensitive information such as passwords, contact information, or other personal information you don't wish to share, even though you may wish to store it in the cloud for easy retrieval. In that case it's a good idea to encrypt those files with a personal key. Here is how you load your previously generated key so you can unencrypt them.

gpg --import "my/remote/filesystem/keys/file.asc"

Generate

  1. Run the generation script

    bash gpg --expert --full-gen-key

    1. Select option 9
    2. set expiration
    3. provide user info
    4. create passphrase

or use the quick version:

 gpg --quick-generate-key "test2 <test@test>" "default" "default" "never"

Export

gpg --export-secret-keys <filename>.gpg

adding --armor ensures the key is saved in ASCII format:

gpg --armor --export-secret-keys <filename>.gpg

List gpg keys

gpg --list-keys
gpg --list-secret-keys

prints out ids

delete gpg secret keys

gpg --delete-secret-keys KEYIDFROMABOVE
gpg --delete-keys KEYIDFROMABOVE

decrypt

gpg --output /my/path/to/output_file.ext --decrypt /my/encrypted/source/file.gpg

encrypt a file without passphrase dialog

gpg --encrypt --passphrase-file --sign -r

Export

gpg --export-secret-keys --armor user-id > privkey.asc

importing and trusting keys

gpg --list-keys
#or
gpg -K

copy the 

gpg --edit-key <KEY_ID>

an interface will open:

gpg> trust

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu
  1. select 5, yes
  2. type q to exit

Update passphrase

gpg --edit-key <key id>

gpg> passwd

enter the password

save

q to exit

encrypt without passphrase dialog

gpg --encrypt --passphrase-file </path/to/passphrase> --sign -r <who_to_sign_for> </path/to/file/to/encrypt>

External references

Contents

Tags

About

I am an engineer and educator, having spent ten years as a professor. My goal is to help you build your knowledge of design and technology, get your hardware working, and propel your startup or small business. Get in touch!

Archives

  1. 2026-January
  2. 2025-December
  3. 2025-June
  4. 2024-May
  5. 2024-March
  6. 2024-February
  7. 2024-January
  8. 2023-December
  9. 2023-November
  10. 2023-October
  11. 2023-September
  12. 2023-August
  13. 2023-July
  14. 2023-June
  15. 2019-October

Elsewhere

  1. GitHub - danaukes
  2. GitHub - danb0b
  3. LinkedIn