Skip to content

Instantly share code, notes, and snippets.

@wuriyanto48

wuriyanto48/gpg.md

Last active March 19, 2022 08:40
Show Gist options
  • Save wuriyanto48/2cf93c5d290e613de6ef7f04720f6b16 to your computer and use it in GitHub Desktop.
Save wuriyanto48/2cf93c5d290e613de6ef7f04720f6b16 to your computer and use it in GitHub Desktop.
Download ZIP
How to Manage, Create, and Use The GNU Privacy Guard (also known as PGP)
Raw
gpg.md

What is a GPG key?

The GPG key (means: Gnu Privacy Guard, aka GnuPG) is a free software which provides cryptographic privacy and authentication.

It allow users to communicate securely using public-key cryptography.

How Does the GPG key work on Repository?

All packages are signed with a pair of keys consisting of a private key and a public key, by the package maintainer.

A user’s private key is kept secret and the public key may be given to anyone the user wants to communicate.

Whenever you add a new repository to your system, you must also add a repository key so that the APT Package Manager trusts the newly added repository.

Once you’ve added the repository keys, you can make sure you get the packages from the correct source.

What Are Digital Signatures?

Digital signatures can be compared to your written signature. Unlike traditional correspondence, in which it might be possible to tamper with your written signature, digital signatures can not be forged. That is because the signature is created with your unique secret key and can be verified by your recipient using your public key.

A digital signature timestamps a document; essentially, that means that the time you signed the document is part of that signature. So if anyone tries to modify the document, the verification of the signature fails. Some email applications, such as Exmh or KDE's KMail, include the ability to sign documents with GnuPG within the application's interface.

Two useful types of digital signatures are clearsigned documents and detached signatures. Both types of signatures incorporate the same security of authenticity, without requiring your recipient to decrypt your entire message.

In a clearsigned message, your signature appears as a text block within the context of your letter; a detached signature is sent as a separate file with your correspondence.

Generating a Keypair with minor feature

$ gpg --gen-key

Generating a Keypair with full feature (recommended)

$ gpg --full-generate-key

Show all Public Keys

$ gpg --list-keys --keyid-format LONG

Show all Private Keys

$ gpg --list-secret-keys --keyid-format LONG

Export gpg Private Key (do not publish your private key to public)

$ gpg --output mygpg_priv.key --armor --export-secret-key [email protected]

Export gpg Public Key (publish your private key to existing keyserver or to your own website)

$ gpg --output mygpg.key --armor --export [email protected]

Encrypt data with our or others gpg public key

$ gpg --output hello.gpg --encrypt --recipient [email protected] hello.txt

Decrypt data with our gpg private key

$ gpg --output hello_dec.txt --decrypt hello.gpg

Sign data with our gpg private key

$ gpg --output hello.sig --sign hello.txt

Verify Signature data

$ gpg --verify hello.sig

Verify Signature data with specific gpg public key

$ gpg --keyring /Users/john/myfolder/to/mygpg_or_other_public.key --verify hello.sig

Verify Signature data and decrypt data at the same time with specific gpg public key

$ gpg --keyring /Users/john/myfolder/to/mygpg_or_other_public.key --output hello_sig_dec.txt --decrypt hello.sig

In Case you forgot your gpg password, Change the passpharse

$ gpg --passwd [email protected]

Delete gpg private key

$ gpg --delete-secret-key XXXKEYID

Delete gpg public key

$ gpg --delete-key XXXKEYID

Further reading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment