GPG

Create a GPG key

gpg --gen-key

Running this will call pinentry in ncurses mode (if used on a remote connection), but will die if in a screen session.

Export your public key

You need to give your public key to others so that they can use GPG to encrypt files that only you can decrypt. Here's how to get your public key:

gpg --armor --output pubkey.txt --export 'Your Name'

Import a public key

You will want to import someone else's public key before you can encrypt a file with them as the recipient. Once you have the public key file, you can import it:

gpg --import pubkey.txt

Encrypt a file

gpg -e -r [email protected] foo.txt

The file created will be foo.txt.gpg Optionally, you can use -o to output to a specific filename.

You can also encrypt a file for multiple recipients, including yourself.

gpg -e -r [email protected] -r [email protected] foo.txt
Signing Keys

If the recipient is someone other than yourself, then you will get a message that says “There is no assurance this key belongs to the named user …” and it will ask you to verify the key.

If you want to always be able to sign for that recipient without verifying it, you can sign the key:

gpg --sign-key <recipient email or key ID>
Listing Keys

You can get the recipient email and key IDs by listing the keys:

gpg --list-keys

Note that if you start to list a key with a partial address, it will still accept that input and list the key.

Fex, gpg –list-keys @beandog.org will list all keys with that string in the email address.

For scripting, display keys:

gpg -k | grep ^uid | sed -e 's/uid\ *//g'

Also, use –keyid-format to display it one of the (many) possible formats

--keyid-format none|short|0xshort|long|0xlong

Decrypt a file

gpg -o foo.txt -d foo.txt.gpg

GPG will output some text while decrypting. It may ask you for your passphrase as well. Again, make sure you are not running in screen.

Batch Mode

GPG, by default, will ask if you want to overwrite a file. This can wreak havoc on scripts or pipes.

You can overwite a file with these commands:

gpg --yes --batch -r [email protected] -e -o foo.txt.gpg

Generate Entropy

rngd -r /dev/urandom