Author

Christopher Marshall (christopherlmarshall@yahoo.com)

Raw Notes on GNUPG

# the general form of a command is
   gpg [options] [command] [args]

   # for example in this command
   gpg -r someuser --output file.out -e file.in 

   # we have
   #   options: -r someuser --output file.out
   #   command: -e
   #   arguments: file.in
   #
   # notice how options generally take arguments

# key management
   gpg --gen-key
   gpg --list-keys
   gpg --edit-key

   # this imports a public key to my ring
   gpg --import blake.key
   # writes public key to a file for export
   gpg --export chris > chris.key
   # this exports my public key in a text format
   gpg -ao chris.gpg.txt --export chris
   # import a key from a keyserver
   gpg --keyserver wwwkeys.pgp.net --recv-key 0xbb7576ac
   # export a key to a keyserver
   gpg --keyserver wwwkeys.pgp.net --send-key 0xbb7576ac

# encrypting and decrypting
   # encrypt with a symmetric key generated from a prompted passphrase
   gpg --output file.out -c file.in 
   # a way to automate the whole thing including getting the passphrase
   echo "passphrase" | gpg --passphrase-fd 0 --output file.out -c file.in
   # encrypt file1 -> file1.gpg
   gpg -e file1 -r chris
   # decrypt the same file1.gpg -> stdout
   gpg -d file1.gpg
   # decrypt file1.gpg -> file1
   gpg -o file1 -d file1.gpg
   gpg -d file1.gpg > file1.gpg
   # encrypt in ascii armor, file1 -> file1.asc
   gpg -r chris -ae file1
   # decrypt of ascii armor
   gpg -d file1.asc > file1

# signing
   # signing file1 creates file1.gpg which appears to be encrypted
   # with the default private key, which means anyone can decrypt it.
   # that makes sense
   gpg -s file1
   # this recovers the text of file1, which anyone can do
   gpg -d file1

   # this command encrypts to chris and signs with our private key
   # file1 -> file1.gpg
   gpg -es file1 -r chris
   # you can't do this to verify the signature
   gpg --verify file1.gpg
   # you should do this, which decrypts and validates the signature
   gpg -d file1.gpg > file1

   # detached signatures
   # file1 -> file1.sig
   gpg -b file1
   # this verifies the signature
   gpg --verify file.sig
   # detached ascii signature, file1 -> file1.asc
   gpg -ab file1
   # this is not the same as the above, because file1.asc includes the
   # original document and signature.  It is not detached, in other
   # words.
   # file1 -> file1.asc
   gpg --clearsign file1

   # the long version -aes = armor, sign, encrypt, -r = recipient
   # this ascii armors, encrypts, and signs a file in one fell swoop.
   # doc.txt -> doc.txt.asc
   gpg -aes -r jim doc.txt

# option aliases
-a --armor
-r --recipient
-o --output
-e --encrypt
-d --decrypt
-s --sign

# more examples
gpg -aes -o doc.gpg.txt -r chris doc.txt

hopeless_linux: RawNotes/gnupg (last modified 2007-07-01 16:01:00)