Saturday, January 17, 2015

GnuPG Cheat Sheet (command line)

Create a PGP Key Pair

trotman@glt:~$ gpg --list-keys

Output:
gpg (GnuPG) 1.4.16; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection?1

Select 1 if you want to enable both encryption and signing.

RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (4096)
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: Garth Trotman
Email address: garth.trotman@example.com
Comment: Sample Key
You selected this USER-ID:
    "Garth Trotman (Sample Key) <garth.trotman@example.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 150 more bytes)
...+++++
gpg: key 30F394FB marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
pub   4096R/30F394FB 2015-01-07
      Key fingerprint = 0CC6 6C07 FDA9 2724 2690  054F 8AD8 84A4 30F3 94FB
uid                  Garth Trotman (Sample Key) <garth.trotman@example.com>
sub   4096R/0779F606 2015-01-07

Create a Revocation Certificate

gpg --output filename.asc --gen-revoke key_id

trotman@glt:~$ gpg --output revoke.asc --gen-revoke 30F394FB

Output:
sec  4096R/30F394FB 2015-01-07 Garth Trotman (Sample Key) <garth.trotman@example.com>

Create a revocation certificate for this key? (y/N)y
Please select the reason for the revocation:
  0 = No reason specified
  1 = Key has been compromised
  2 = Key is superseded
  3 = Key is no longer used
  Q = Cancel
(Probably you want to select 1 here)
Your decision? 0
Enter an optional description; end it with an empty line:
> 
Reason for revocation: No reason specified
(No description given)
Is this okay? (y/N) y

You need a passphrase to unlock the secret key for
user: "Garth Trotman (Sample Key) <garth.trotman@example.com>"
4096-bit RSA key, ID 30F394FB, created 2015-01-07

ASCII armored output forced.
Revocation certificate created.

Please move it to a medium which you can hide away; if Mallory gets
access to this certificate he can use it to make your key unusable.
It is smart to print this certificate and store it away, just in case
your media become unreadable.  But have some caution:  The print system of
your machine might store the data and make it available to others!

List PGP Public Keys

trotman@glt:~$ gpg --list-keys

Output:
/home/trotman/.gnupg/pubring.gpg
--------------------------------
pub   4096R/30F394FB 2015-01-07
uid                  Garth Trotman (Sample Key) <garth.trotman@example.com>
sub   4096R/0779F606 2015-01-07

List PGP Secret Keys

trotman@glt:~$ gpg --list-secret-keys

Output:
/home/trotman/.gnupg/secring.gpg
--------------------------------
sec   4096R/30F394FB 2015-01-07
uid                  Garth Trotman (Sample Key) <garth.trotman@example.com>
ssb   4096R/0779F606 2015-01-07

Export/Backup a Public key

gpg -ao filename.key --export key_id

trotman@glt:~$ gpg -ao public.key --export 30F394FB

Export/Backup a Private key

gpg -ao filename.key --export-secret-key key_id

trotman@glt:~$ gpg -ao private.key --export-secret-key 30F394FB

Import/Restore a Public key

gpg --import filename.key

trotman@glt:~$ gpg --import public.key

Import/Restore a Private key

gpg --import filename.key

trotman@glt:~$ gpg --import private.key

Delete a Private key

gpg --delete-secret-key key_id

trotman@glt:~$ gpg --delete-secret-key 30F394FB

Delete a Public key

gpg --delete-key key_id

trotman@glt:~$ gpg --delete-key 30F394FB

Create ASCII Armored Version of Public Key

trotman@glt:~$ gpg --output mykey.asc --export -a 30F394FB