m-chrzan.xyz
aboutsummaryrefslogtreecommitdiff
path: root/gpg.md
blob: b76bba3c2fcbbb12723dd201c3571dc7767f21d5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# GPG Crypto

## General options

* `--armor` or `-a`: ASCII armor, output is printable ASCII
* `--local-user` or `-u`: specify which ID to use

## Symmetric encryption

### Encrypt file with passphrase

    gpg --symmetric <file>

Add `--armor` to make it readable-ASCII encoded.

### Decrypt

    gpg --output <out-file> --decrypt <in-file>

## Export private key

    gpg --armor --export-secret-keys <ID>

## Export public key

    gpg --armor --export <ID> [--output <file>]

## Import key

    gpg --import <key file>

## Asymmetric crypto

    gpg --encrypt [--sign] [-u <signer>] [--recipient <receipient>] file

## Key management

Add new email to key:

    gpg --edit-key <key>
    # This gives an interactive shell
    > adduid
    # interactive form to provide name, email, comment
    > save
    # saves and quits

Sign a key (changes trust from `unknown` to `full`), apparently necessary for
use in mutt:

    gpg --edit-key <key>
    > sign
    > save

    # specify the signing key (by default it's your first one)
    gpg --local-user <signing key> --edit-key <key to sign>

## gpg-agent

`gpg-agent` is a daemon that e.g. provides a passphrase cache for GPG. Running
enters an interactive shell. Commands can be also be passed on the command line
as individual arguments.

Configuration in `~/.gnupg/gpg-agent.conf`

* `/bye`: closes connection and shell
* `keyinfo --list`: lists some information about keys

    S KEYINFO FE40F504838C6FEDF80C0A592AE43EA8BFFC619E D - - - P - - -
    S KEYINFO 8E6D7DD22EA6A76CB7CB4E52315D4F372F67A23C D - - 1 P - - -

  The long identifier is a "keygrip", use `gpg --list-keys --with-keygrip` to
  match key with keygrip. The 6th column indicates if the passphrase is currently
  cached.
* `reloadagent`: restarts the agent.