- Getting Started
- Backup Your PGP Keys
- Restore the PGP Keys
- Import Your Keypair
- Encrypt Message with GPG
- Decrypt Message with GPG
- Import Another User PGP Key
Install gpg
software and generate a keypair.
sudo apt install gpg -y
gpg --full-generate-key
To list the long form of the PGP keys for which you have both a public and private key:
gpg --list-secret-keys --keyid-format=long
/home/netadmin/.pgp/pubring.kbx
-------------------------------
sec 4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
uid Hubot <hubot@example.com>
ssb 4096R/4BB6D45482678BE3 2016-03-10
Back up the keypair and store it in a safe place.
gpg --export --armor <fingerprint> --output pubkey.asc
gpg --export-secret-keys --armor <fingerprint> --output privkey.asc
A fingerprint is either the long form of the PGP key ID (in this example, the PGP key ID is 3AA5C34371567BD2) or the associated email address (hubot@example.com).
Archive the private keys
tar zcvf private-keys.tgz privkey.asc
Encrypt the private-keys.tgz archive with a 'master' password
openssl aes-256-cbc -salt -pbkdf2 -in private-keys.tgz -out private-keys.tgz.enc
private-keys.tgz.enc
can be made publicly available, as it is encrypted with
the master supplied password.
wget -P ~/.pgp https://github.com/tanducmai/pgp-keys/raw/master/doc/private-keys.tgz.enc && openssl aes-256-cbc -salt -pbkdf2 -in ~/.pgp/private-keys.tgz.enc -out ~/.pgp/private-keys.tgz -d && tar zxvf ~/.pgp/private-keys.tgz -C ~/.pgp && rm ~/.pgp/private-keys.tgz*
gpg --import pubkey.asc
gpg --allow-secret-key-import --import privkey.asc
Trust them if necessary.
gpg --edit-key <fingerprint>
gpg --armor --sign --encrypt --recipient <name> path/to/file
gpg -a -s -e -r <name> path/to/file
The output filename will be the same as the input filename, but with .asc
extension.
gpg --decrypt path/to/file.asc
gpg -d path/to/file.asc
gpg --recv-keys <keyID>
or
gpg --search-keys <name>