gpg --gen-key
Running this will call pinentry in ncurses mode (if used on a remote connection), but will die if in a screen
session.
You need to give your public key to others so that they can use GPG to encrypt files that only you can decrypt. Here's how to get your public key:
gpg --armor --output pubkey.txt --export 'Your Name'
You will want to import someone else's public key before you can encrypt a file with them as the recipient. Once you have the public key file, you can import it:
gpg --import pubkey.txt
gpg -e -r [email protected] foo.txt
The file created will be foo.txt.gpg
Optionally, you can use -o
to output to a specific filename.
You can also encrypt a file for multiple recipients, including yourself.
gpg -e -r [email protected] -r [email protected] foo.txt
If the recipient is someone other than yourself, then you will get a message that says “There is no assurance this key belongs to the named user …” and it will ask you to verify the key.
If you want to always be able to sign for that recipient without verifying it, you can sign the key:
gpg --sign-key <recipient email or key ID>
You can get the recipient email and key IDs by listing the keys:
gpg --list-keys
Note that if you start to list a key with a partial address, it will still accept that input and list the key.
Fex, gpg –list-keys @beandog.org
will list all keys with that string in the email address.
For scripting, display keys:
gpg -k | grep ^uid | sed -e 's/uid\ *//g'
Also, use –keyid-format to display it one of the (many) possible formats
--keyid-format none|short|0xshort|long|0xlong
gpg -o foo.txt -d foo.txt.gpg
GPG will output some text while decrypting. It may ask you for your passphrase as well. Again, make sure you are not running in screen.
GPG, by default, will ask if you want to overwrite a file. This can wreak havoc on scripts or pipes.
You can overwite a file with these commands:
gpg --yes --batch -r [email protected] -e -o foo.txt.gpg
rngd -r /dev/urandom