diff options
Diffstat (limited to '.cheat/gpg')
| -rw-r--r-- | .cheat/gpg | 173 |
1 files changed, 173 insertions, 0 deletions
diff --git a/.cheat/gpg b/.cheat/gpg new file mode 100644 index 0000000..8bc5b42 --- /dev/null +++ b/.cheat/gpg @@ -0,0 +1,173 @@ +# Create a key + + gpg --gen-key + + +# Show keys + + To list a summary of all keys + + gpg --list-keys + + To show your public key + + gpg --armor --export + + To show the fingerprint for a key + + gpg --fingerprint KEY_ID + +# Search for keys + + gpg --search-keys 'user@emailaddress.com' + + +# To Encrypt a File + + gpg --encrypt --recipient 'user@emailaddress.com' example.txt + + +# To Decrypt a File + + gpg --output example.txt --decrypt example.txt.gpg + + +# Export keys + + gpg --output ~/public_key.txt --armor --export KEY_ID + gpg --output ~/private_key.txt --armor --export-secret-key KEY_ID + + Where KEY_ID is the 8 character GPG key ID. + + Store these files to a safe location, such as a USB drive, then + remove the private key file. + + shred -zu ~/private_key.txt + +# Import keys + + Retrieve the key files which you previously exported. + + gpg --import ~/public_key.txt + gpg --allow-secret-key-import --import ~/private_key.txt + + Then delete the private key file. + + shred -zu ~/private_key.txt + +# Revoke a key + + Create a revocation certificate. + + gpg --output ~/revoke.asc --gen-revoke KEY_ID + + Where KEY_ID is the 8 character GPG key ID. + + After creating the certificate import it. + + gpg --import ~/revoke.asc + + Then ensure that key servers know about the revokation. + + gpg --send-keys KEY_ID + +# Signing and Verifying files + + If youre uploading files to launchpad you may also want to include + a GPG signature file. + + gpg -ba filename + + or if you need to specify a particular key: + + gpg --default-key <key ID> -ba filename + + This then produces a file with a .asc extension which can be uploaded. + If you need to set the default key more permanently then edit the + file ~/.gnupg/gpg.conf and set the default-key parameter. + + To verify a downloaded file using its signature file. + + gpg --verify filename.asc + +# Signing Public Keys + + Import the public key or retrieve it from a server. + + gpg --keyserver <keyserver> --recv-keys <Key_ID> + + Check its fingerprint against any previously stated value. + + gpg --fingerprint <Key_ID> + + Sign the key. + + gpg --sign-key <Key_ID> + + Upload the signed key to a server. + + gpg --keyserver <keyserver> --send-key <Key_ID> + +# Change the email address associated with a GPG key + + gpg --edit-key <key ID> + adduid + + Enter the new name and email address. You can then list the addresses with: + + list + + If you want to delete a previous email address first select it: + + uid <list number> + + Then delete it with: + + deluid + + To finish type: + + save + + Publish the key to a server: + + gpg --send-keys <key ID> + +# Creating Subkeys + + Subkeys can be useful if you don't wish to have your main GPG key + installed on multiple machines. In this way you can keep your + master key safe and have subkeys with expiry periods or which may be + separately revoked installed on various machines. This avoids + generating entirely separate keys and so breaking any web of trust + which has been established. + + gpg --edit-key <key ID> + + At the prompt type: + + addkey + + Choose RSA (sign only), 4096 bits and select an expiry period. + Entropy will be gathered. + + At the prompt type: + + save + + You can also repeat the procedure, but selecting RSA (encrypt only). + To remove the master key, leaving only the subkey/s in place: + + gpg --export-secret-subkeys <subkey ID> > subkeys + gpg --export <key ID> > pubkeys + gpg --delete-secret-key <key ID> + + Import the keys back. + + gpg --import pubkeys subkeys + + Verify the import. + + gpg -K + + Should show sec# instead of just sec. |