OverView
Todo
setpref, or elsehow at key generation
! suffix to exclude subkeys
trust key
sign file
sign key
encrypt for [hidden-]recipient
delete secret key
import secret key
refresh keys
List
gpg --list-keys
gpg --list-signatures
Modify
gpg --expert --edit-key "KEY ID"
[…]
save
add a subkey to a master key
addkey
8 → RSA (set your own capabilities)
[…]
q → finished
4096
1y → key expires in 1 year
y → this is correct
y → really create
sign
e → toggle the encrypt capability
gpg --quick-add-key FFIINNGGEERRPPRRIINNTT rsa4096 auth 1y
gpg --quick-add-key FFIINNGGEERRPPRRIINNTT rsa4096 encr 1y
gpg --quick-add-key FFIINNGGEERRPPRRIINNTT rsa4096 sign 1y
encrypt
s → toggle the sign capability
authenticate
s → toggle the sign capability
e → toggle the encrypt capability
a → toggle the authenticate capability
set expiration date
expire
1y
y
add another UserID
adduid
First Last
user@domain.tld
comment
o
set primary UserID
uid 1
primary
Export
private key
gpg --armor --export-secret-keys FFIINNGGEERRPPRRIINNTT > key.gpg
private subkeys
gpg --armor --export-secret-subkeys FFIINNGGEERRPPRRIINNTT > subkeys.gpg
public key
gpg --armor --export "Key ID" > id.asc
public SSH key
gpg --armor --export-ssh-key "Key ID" > id.pub
Dump
gpg --list-packets
pgpdump pub.asc
Secure
hide the master key in an encrypted container
~/.gnupg/private-keys-v1.d/KKEEYYGGRRIIPP.key
Sign
gpg --armor --detach-sign file
Revoke
gpg --import "FFIINNGGEERRPPRRIINNTT.rev"
gpg --send-keys "KEY ID"
Verify
gpg --verify file.asc file