====== Asymmetric (Public/Private key pairs) ======

===== Create a key pair =====
<code bash>
gpg --gen-key
</code>

===== Things to do after a key pair is created =====
**Create a revocation certificate**
<code bash>
gpg --output revoke.asc --gen-revoke key
# store revoke.asc somewhere safe!
</code>

**Upload the public key to a keyserver**

After you have created a key pair, you should export your public key and put it on keyserver:
<code bash>
gpg --export --armor name-of-key
</code>

Then put key on a keyserver. eg. : 
  * https://keyserver.pgp.com
  * http://keys.gnupg.net/
  * http://keyserver.ubuntu.com:11371/


===== Import a public key =====
**Step 1**: Import the key to your keychain
<code bash>
wget http://someserver.com/key.asc
gpg --import key.asc 
</code>

**Step 2**: Validate the key

If the key is already signed by an entity you trust, this can be skipped. Otherwise

<code bash>
gpg --edit key
fpr  # validate fingerprint with owner
sign # certify it as a valid key
</code>

**Step 3**: Trust the key-owner

<code bash>
gpg --edit key
trust # select trust level 
</code>


**Step 4**: Export the signed key to a keyserver
<code bash>
gpg --keyserver keys.gnupg.net --send-key key
</code>
===== Encrypt a message =====
A neat trick is to write the message in the texteditor, then copy it to clipboard and in the commandline do
<code bash>
xsel -b | gpg --encrypt --armor -r recipient@mail.com | xsel -b
# now you have the encrypted message in your clipboard.
</code>

To directly send the encrypted text by mail (also showing a shorter version of the above gpg command):

<code bash>
xsel -b | gpg -ear recipient | mail -s"Subject" recipient@mail.com

# or send message directly from commandline

echo "The cake is a lie" | gpg -ear reciever | mail -s "Subject" receiver@cia.com  
</code>

===== Decrypt a message =====

<code bash>
gpg -d message

# or copy encrypted message to clipboard then do 

xsel -b | gpg -d
</code>


===== Backup =====
A simple way is to backup your ~/.gnupgp directory : 

<code bash>
# create encrypted backup archive
tar cfvz - ~/.gnupg/  | gpg -c > gnupgp.tgz.pgp  

# decrypt and unpack
gpg -d gnupgp.tgz.pgp  | tar xvz  
</code>

===== Useful Bash Functions =====
==== Encrypt Clipboard (verbose) ====
Put in bashrc
<code bash>
# gpg encrypt clipboard for recipient
encclip() {
    echo "Encrypting for $1"
    echo "---------------"
    echo
    xsel -b
    echo
    echo "---------------"
    echo
    xsel -b | gpg -ear $1 | xsel -b
    echo 
    echo "Done. Encrypted contents are in clipboard."
}
</code>

Use:
<code bash>
# first copy text to clipboard, then do
encclip recipient
</code>

====== Symmetric ======

==== Encrypt====
<code bash>
gpg -c doc.txt # enter a secure passphrase
# the file doc.txt.gpg now contains the encrypted contents
</code>

==== Decrypt====
<code bash>
gpg -d doc.txt.gpg  > doc.txt
</code>