User Tools

Site Tools


Asymmetric (Public/Private key pairs)

Create a key pair

gpg --gen-key

Things to do after a key pair is created

Create a revocation certificate

gpg --output revoke.asc --gen-revoke key
# store revoke.asc somewhere safe!

Upload the public key to a keyserver

After you have created a key pair, you should export your public key and put it on keyserver:

gpg --export --armor name-of-key

Then put key on a keyserver. eg. :

Import a public key

Step 1: Import the key to your keychain

gpg --import key.asc 

Step 2: Validate the key

If the key is already signed by an entity you trust, this can be skipped. Otherwise

gpg --edit key
fpr  # validate fingerprint with owner
sign # certify it as a valid key

Step 3: Trust the key-owner

gpg --edit key
trust # select trust level 

Step 4: Export the signed key to a keyserver

gpg --keyserver --send-key key

Encrypt a message

A neat trick is to write the message in the texteditor, then copy it to clipboard and in the commandline do

xsel -b | gpg --encrypt --armor -r | xsel -b
# now you have the encrypted message in your clipboard.

To directly send the encrypted text by mail (also showing a shorter version of the above gpg command):

xsel -b | gpg -ear recipient | mail -s"Subject"
# or send message directly from commandline
echo "The cake is a lie" | gpg -ear reciever | mail -s "Subject"  

Decrypt a message

gpg -d message
# or copy encrypted message to clipboard then do 
xsel -b | gpg -d


A simple way is to backup your ~/.gnupgp directory :

# create encrypted backup archive
tar cfvz - ~/.gnupg/  | gpg -c > gnupgp.tgz.pgp  
# decrypt and unpack
gpg -d gnupgp.tgz.pgp  | tar xvz  

Useful Bash Functions

Encrypt Clipboard (verbose)

Put in bashrc

# gpg encrypt clipboard for recipient
encclip() {
    echo "Encrypting for $1"
    echo "---------------"
    xsel -b
    echo "---------------"
    xsel -b | gpg -ear $1 | xsel -b
    echo "Done. Encrypted contents are in clipboard."


# first copy text to clipboard, then do
encclip recipient



gpg -c doc.txt # enter a secure passphrase
# the file doc.txt.gpg now contains the encrypted contents


gpg -d doc.txt.gpg  > doc.txt
gpg.txt · Last modified: 2013/06/19 19:57 by hkoller