gpg cheatsheet

gpg-cheatsheet.sh

# -------------
# -- Create ---
# -------------

# Generate a key
gpg --gen-key

# Generate a key with full wizard
gpg --full-generate-key

# -------------
# --- Read ----
# -------------

# List private keys (useful for getting key ID)
gpg --list-secret-keys

# List public keys
gpg --list-keys

# -------------
# -- Export --
# -------------

# Export Public Key (armored, human readable, good for distribution)
gpg --armor --export '<key-id>' > ./public-armor.pgp

# Export public key
gpg --export '<key-id>' > ./public.asc

# Export private key
gpg --export-secret-key '<key-id>' > ./private.asc

# Export all keys
key_id='<key-id>' \
  && gpg --armor --export "$key_id" > ./public-armor.pgp \
  && gpg --export-secret-key "$key_id" > ./private.asc \
  && gpg --export -a "$key_id" > ./public.asc

# -------------
# -- Verify ---
# -------------

gpg --verify '<file-name>'

# 💡 No need to specify key, it scans all keys

# -------------
# -- Decrypt --
# -------------

# Decrypt file
gpg -d '<file-name>'

# Decrypt text
echo "Cipher Text" | gpg -d	

# 💡 No need to specify key, it scans all keys


# -------------
# --- Sign ----
# -------------

gpg --sign '<file-name>'

# Clear sign (to e.g. use in postings/e-mails)
gpg --clearsign '<file-name>'

# By using a specific key
gpg --sign --default-key '<key-id>' '<file-name>'


# -------------
# -- Encrypt --
# -------------

# Encrypt using others' public key
#   1. Import others' public key
gpg --import '<file-name>' # Note recipient name from it
#   2. Encrypt file with data using recipient from previous step
gpg --encrypt \
    --armor \
    --output '<file-to-export>' \
    --recipient '<recipient-name>' \
    '<file-to-encrypt>'
  # To specify key add --default-key '<key-id>'

# -------------
# -- Delete ---
# -------------

# Delete key
#   1. Delete private key
gpg --delete-secret-key '<key-id>'
#   2. Delete public key
gpg --delete-key '<key-id>'

# -------------
# -- Repair ---
# -------------

# When it hangs:
pkill -9 gpg-agent