References:
gpg(1)
.
/usr/share/doc/gnupg/README.gz
/usr/share/doc/gnupg-doc/GNU_Privacy_Handbook/
(install
gnupg-doc
package)
# gpg --gen-key # generate a new key # gpg --gen-revoke my_user_ID # generate revoke key for my_user_ID # host -l pgp.net | grep www|less # figure out pgp keyservers
A good default keyserver set up in $HOME/.gnupg/gpg.conf
(or old
location $HOME/.gnupg/options
) contains:
keyserver hkp://subkeys.pgp.net
Here one must be careful not to create more than 2 sub-keys.
If you do, keyservers on pgp.net will corrupt your key. Use
the newer gnupg
(>1.2.1-2) to handle these corrupted subkeys.
See http://fortytwo.ch/gpg/subkeys
.
File handling:
$ gpg [options] command [args] $ gpg {--armor|-a} {--sign|-s} file # sign file into a text file.asc $ gpg --clearsign file # clear-sign message $ gpg --clearsign --not-dash-escaped patchfile # clear-sign patchfile $ gpg --verify file # verify clear-signed file $ gpg -o file.sig {-b|--detach-sig} file # create detached signature $ gpg --verify file.sig file # verify file with file.sig $ gpg -o crypt_file {--recipient|-r} name {--encrypt|-e} file # public-key encryption intended for name $ gpg -o crypt_file {--symmetric|-c} file # symmetric encryption $ gpg -o file --decrypt crypt_file # decryption
Key management:
$ gpg --edit-key user_ID # "help" for help, interactive $ gpg -o file --exports # export all keys to file $ gpg --imports file # import all keys from file $ gpg --send-keys user_ID # send key of user_ID to keyserver $ gpg --recv-keys user_ID # recv. key of user_ID from keyserver $ gpg --list-keys user_ID # list keys of user_ID $ gpg --list-sigs user_ID # list sig. of user_ID $ gpg --check-sigs user_ID # check sig. of user_ID $ gpg --fingerprint user_ID # check fingerprint of user_ID $ gpg --list-sigs | grep '^sig' | grep '[User id not found]' \ | awk '{print $2}' | sort -u | xargs gpg --recv-keys # get unknown keys # update keys for all unknown sigs. $ gpg --refresh-keys # update local keyring
Trust code:
- No ownertrust assigned / not yet calculated. e Trust calculation has failed. q Not enough information for calculation. n Never trust this key. m Marginally trusted. f Fully trusted. u Ultimately trusted.
The following will upload my key "A8061F32" to the popular keyserver hkp://subkeys.pgp.net:
$ gpg --keyserver hkp://subkeys.pgp.net --send-keys A8061F32
Add the following to ~/.muttrc
to keep a slow GnuPG from
automatically starting, while allowing it to be used by typing `S'
at the index menu.
macro index S ":toggle pgp_verify_sig\n" set pgp_verify_sig=no
Add the contents of _vimrc
obtained from the examples subdirectory
into ~/.vimrc
to
run GnuPG transparently.
Debian Reference
CVS, Mon Apr 3 22:57:03 UTC 2005osamu@debian.org
dsewell@virginia.edu