pgp.rst
author Oleksandr Gavenko <gavenkoa@gmail.com>
Mon, 30 Nov 2015 23:05:32 +0200
changeset 1797 912e278e4896
parent 1796 c15cf5f1132c
child 1905 fba288d59662
permissions -rw-r--r--
Making revocation certificate.

.. -*- coding: utf-8; -*-
.. include:: HEADER.rst

==========
 PGP/GPG.
==========
.. contents::

What preffered client?
======================

GNU gpg.

How import keys from key-server?
================================
::

  $  gpg --keyserver pgp.mit.edu --recv-keys $KEYID

How mark key as trusted?
========================
::

  $ gpg --edit-key $KEYID trust

How export key?
===============

Export public key in binary (OpenGPG) form::

  $ gpg --export $KEYID >$PUBKEY.asc
  $ gpg --output $PUBKEY.asc --export $KEYID

Export public key in text form::

  $ gpg -a --export $KEYID >$PUBKEY.asc
  $ gpg --armor --export $KEYID >$PUBKEY.asc

Export private key (it still encrypted by pass-phrase)::

  $ gpg --output $PRIVKEY.gpg --export-secret-key $KEYID

How create own PGP key?
=======================
::

  $ gpg --gen-key   # answer the question
  ...
  $ gpg -o $keyfile --export-secret-keys $NAME

How import keys from file?
==========================
::

  $ gpg --import $keyfile

How to get public key from private without importing to local storage?
======================================================================
::

  tmp=$(mktemp -d)
  gpg --homedir $tmp --import $SECKEY
  gpg --homedir $tmp --export $ID > $PUBKEY
  rm -rf $tmp

..

  http://stackoverflow.com/questions/7661500/how-to-get-public-key-from-private-in-gpg-without-using-local-storage-under

How submit public key to key server?
====================================
::

  $ gpg --keyserver pgp.mit.edu --send-key $KEYID

What keys in local db?
======================
::

  $ gpg --list-keys
  $ gpg --list-keys $KEYID
  $ gpg --list-keys $EMAIL

  $ gpg --list-secret-keys

Making revocation certificate.
==============================
::

  $ gpg --armor --output $KEYID.rev --gen-revoke $KEYID

How delete key?
===============
::

  $ gpg --delete-key $KEYID
  $ gpg --delete-key $USER
  $ gpg --delete-key $EMAIL

  $ gpg --delete-secret-key $KEYID

Dump content of key or signture.
================================
::

  $ gpg --list-packets $FILE.sig
  $ gpg --list-packets $FILE.key

  $ sudo apt-get install pgpdump
  $ pgpdump $FILE.sig
  $ pgpdump $FILE.key

How sign file?
==============

To sign with first key::

  $ gpg -o $file.sig --sign $file
  $ gpg --default-key $NAME -o $file.sig --sign $file
  $ gpg -u ${USER_NAME} -o $file.sig --sign $file

How verify signature?
=====================
::

  $ gpg --verify $file.sig