A list of common GPG commands.
brew install gnupg
gpg --gen-key
gpg --export --armor [optional email or name?] > publickey.asc
gpg --import theirpublickey.asc
gpg --list-keys
gpg --list-secret-keys
gpg --edit-key [email or username]
trust (invoke trust command on the key)
5 (ultimate trust)
y (if prompted)
quit
gpg --encrypt --recipient [email or username] [filename.txt]
If you want to encrypt a file so that only you can decrypt it, then specify yourself as the email or username:
gpg --encrypt --recipient [your username or email] [filename.txt]
If you want to encrypt a file so that only a group can decrypt it, define the group in your gpg.conf file (see below) and then specify that group in the recipient parameter:
gpg --encrypt --recipient [group name] [filename.txt]
And the shortened version of these commands:
gpg -e -r [recipient] [filename.txt]
gpg --decrypt [filename.txt]
Omit --decrypt if the file is a binary file.
gpg [filename.txt.gpg]
gpg --output output.txt --sign doc.txt
gpg --clearsign doc.txt
gpg --output output.txt --detach-sig doc.txt
gpg --output output.txt --decrypt signed.sig
gpg --verify signed.txt
gpg --verify doc.sig doc.txt
The GPG agent will act as a cache for your private key. It's a daemon that runs on your machine in the background. Should be started as a system service during boot.
To interact with the agent there is the command gpg-connect-agent. That opens a command line interface like Telnet to the agent where you can issue commands and the agent will answer.
gpg-connect-agent 'keyinfo --list' /bye
GPG software configuration is stored in your home directory at ~/.gnupg/gpg.conf.
You list the members of a group by some attribute of their public key found in your GPG keyring; this is typically a person's name or email address (or partials of either of these).
group spies = nick, steve, chris
http://blog.ghostinthemachines.com/2015/03/01/how-to-use-gpg-command-line/ https://www.gnupg.org/gph/en/manual/x135.html