Getting Started

Install gpg software and generate a keypair.

sudo apt install gpg -y
gpg --full-generate-key

To list the long form of the PGP keys for which you have both a public and private key:

gpg --list-secret-keys --keyid-format=long

/home/netadmin/.pgp/pubring.kbx
-------------------------------
sec   4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
uid                          Hubot <hubot@example.com>
ssb   4096R/4BB6D45482678BE3 2016-03-10

Back up the keypair and store it in a safe place.

gpg --export --armor <fingerprint> --output pubkey.asc
gpg --export-secret-keys --armor <fingerprint> --output privkey.asc

A fingerprint is either the long form of the PGP key ID (in this example, the PGP key ID is 3AA5C34371567BD2) or the associated email address (hubot@example.com).

Backup Your PGP Keys

Archive the private keys

tar zcvf private-keys.tgz privkey.asc

Encrypt the private-keys.tgz archive with a 'master' password

openssl aes-256-cbc -salt -pbkdf2 -in private-keys.tgz -out private-keys.tgz.enc

private-keys.tgz.enc can be made publicly available, as it is encrypted with the master supplied password.

Restore the PGP Keys

wget -P ~/.pgp https://github.com/tanducmai/pgp-keys/raw/master/doc/private-keys.tgz.enc && openssl aes-256-cbc -salt -pbkdf2 -in ~/.pgp/private-keys.tgz.enc -out ~/.pgp/private-keys.tgz -d && tar zxvf ~/.pgp/private-keys.tgz -C ~/.pgp && rm ~/.pgp/private-keys.tgz*

Import Your Keypair

gpg --import pubkey.asc
gpg --allow-secret-key-import --import privkey.asc

Trust them if necessary.

gpg --edit-key <fingerprint>

Encrypt Message with GPG

gpg --armor --sign --encrypt --recipient <name> path/to/file
gpg -a -s -e -r <name> path/to/file

The output filename will be the same as the input filename, but with .asc extension.

Decrypt Message with GPG

gpg --decrypt path/to/file.asc
gpg -d path/to/file.asc

Import Another User PGP Key

gpg --recv-keys <keyID>

gpg --search-keys <name>

tanducmai/pgp-keys