====== GPG ======

  * [[http://www.madboa.com/geek/gpg-quickstart/|GPG Quick Start]]

=== Create a GPG key ===

<code>gpg --gen-key</code>

Running this will call pinentry in ncurses mode (if used on a remote connection), but will die if in a ''screen'' session.

=== Export your public key ===

You need to give your public key to others so that they can use GPG to encrypt files that only you can decrypt.  Here's how to get your public key:

<code>gpg --armor --output pubkey.txt --export 'Your Name'</code>

=== Import a public key ===

You will want to import someone else's public key before you can encrypt a file with them as the recipient.  Once you have the public key file, you can import it:

<code>gpg --import pubkey.txt</code>

=== Encrypt a file ===

<code>gpg -e -r steve@beandog.org foo.txt</code>

The file created will be ''foo.txt.gpg''  Optionally, you can use ''-o'' to output to a specific filename.

You can also encrypt a file for multiple recipients, including yourself.

<code>gpg -e -r steve@beandog.org -r dev@beandog.org foo.txt</code>

== Signing Keys ==

If the recipient is someone other than yourself, then you will get a message that says "There is no assurance this key belongs to the named user ..." and it will ask you to verify the key.

If you want to always be able to sign for that recipient without verifying it, you can sign the key:

<code>gpg --sign-key <recipient email or key ID></code>

== Listing Keys ==

You can get the recipient email and key IDs by listing the keys:

<code>gpg --list-keys</code>

Note that if you start to list a key with a partial address, it will still accept that input and list the key.

Fex, ''gpg --list-keys @beandog.org'' will list all keys with that string in the email address.

For scripting, display keys:

<code>
gpg -k | grep ^uid | sed -e 's/uid\ *//g'
</code>

Also, use --keyid-format to display it one of the (many) possible formats

<code>
--keyid-format none|short|0xshort|long|0xlong
</code>

=== Decrypt a file ===

<code>gpg -o foo.txt -d foo.txt.gpg</code>

GPG will output some text while decrypting. It may ask you for your passphrase as well.  Again, make sure you are not running in screen.

=== Batch Mode ===

GPG, by default, will ask if you want to overwrite a file.  This can wreak havoc on scripts or pipes.

You can overwite a file with these commands:

<code>
gpg --yes --batch -r foo@bar.com -e -o foo.txt.gpg
</code>

=== Generate Entropy ===

<code>
rngd -r /dev/urandom
</code>