====== Asymmetric (Public/Private key pairs) ======
===== Create a key pair =====
gpg --gen-key
===== Things to do after a key pair is created =====
**Create a revocation certificate**
gpg --output revoke.asc --gen-revoke key
# store revoke.asc somewhere safe!
**Upload the public key to a keyserver**
After you have created a key pair, you should export your public key and put it on keyserver:
gpg --export --armor name-of-key
Then put key on a keyserver. eg. :
* https://keyserver.pgp.com
* http://keys.gnupg.net/
* http://keyserver.ubuntu.com:11371/
===== Import a public key =====
**Step 1**: Import the key to your keychain
wget http://someserver.com/key.asc
gpg --import key.asc
**Step 2**: Validate the key
If the key is already signed by an entity you trust, this can be skipped. Otherwise
gpg --edit key
fpr # validate fingerprint with owner
sign # certify it as a valid key
**Step 3**: Trust the key-owner
gpg --edit key
trust # select trust level
**Step 4**: Export the signed key to a keyserver
gpg --keyserver keys.gnupg.net --send-key key
===== Encrypt a message =====
A neat trick is to write the message in the texteditor, then copy it to clipboard and in the commandline do
xsel -b | gpg --encrypt --armor -r recipient@mail.com | xsel -b
# now you have the encrypted message in your clipboard.
To directly send the encrypted text by mail (also showing a shorter version of the above gpg command):
xsel -b | gpg -ear recipient | mail -s"Subject" recipient@mail.com
# or send message directly from commandline
echo "The cake is a lie" | gpg -ear reciever | mail -s "Subject" receiver@cia.com
===== Decrypt a message =====
gpg -d message
# or copy encrypted message to clipboard then do
xsel -b | gpg -d
===== Backup =====
A simple way is to backup your ~/.gnupgp directory :
# create encrypted backup archive
tar cfvz - ~/.gnupg/ | gpg -c > gnupgp.tgz.pgp
# decrypt and unpack
gpg -d gnupgp.tgz.pgp | tar xvz
===== Useful Bash Functions =====
==== Encrypt Clipboard (verbose) ====
Put in bashrc
# gpg encrypt clipboard for recipient
encclip() {
echo "Encrypting for $1"
echo "---------------"
echo
xsel -b
echo
echo "---------------"
echo
xsel -b | gpg -ear $1 | xsel -b
echo
echo "Done. Encrypted contents are in clipboard."
}
Use:
# first copy text to clipboard, then do
encclip recipient
====== Symmetric ======
==== Encrypt====
gpg -c doc.txt # enter a secure passphrase
# the file doc.txt.gpg now contains the encrypted contents
==== Decrypt====
gpg -d doc.txt.gpg > doc.txt