What are some useful GPG commands?

Encryption/decryption commands

  • To encrypt a plaintext file with the recipient's public key:
      gpg -e -r recipient_userid textfile
  • To sign a plaintext file with your secret key:
      gpg -s textfile
  • To sign a plaintext file with your secret key and have the output readable to people without running GPG first:
      gpg --clearsign textfile
  • To sign a plaintext file with your secret key, and then encrypt it with the recipient's public key:
      gpg -se -r recipient_userid
  • To decrypt an encrypted file, or to check the signature integrity of a signed file:
      gpg [-o outputfile] ciphertextfile

Key management commands

  • To generate your own unique public/secret key pair:
      gpg --gen-key
  • To add a public or secret key file's contents to your public or secret key ring:
      gpg --import keyfile
  • To extract (copy) a key from your public or secret key ring:
      gpg -ao keyfile --export userid

    or

      gpg -ao keyfile --export-secret-key
  • To view the contents of your public key ring:
      gpg --list-keys
  • To view the "fingerprint" of a public key, to help verify it over the telephone with its owner:
      gpg --fingerprint userid
  • To view the contents and check the certifying signatures of your public key ring:
      gpg --check-sigs
  • To edit a key:
      gpg --edit-key userid
  • To remove a key or just a userid from your public key ring:
      gpg --delete-key userid
  • To permanently revoke your own key, issuing a key compromise certificate:
      gpg --gen-revoke userid
  • To disable or re-enable a public key on your own public key ring:
      gpg --batch --edit-key userid disable

    or

      gpg --batch -edit-key userid enable

Esoteric commands

  • To create a signature certificate that is detached from the document:
      gpg -sb textfile
  • To detach a signature certificate from a signed message
      gpg -b ciphertextfile

Command options that can be used in combination with other command options

  • To produce a ciphertext file in ASCII format, just add the -a option when encrypting or signing a message or extracting a key:
      gpg -sea textfile
  • To specify a recipient, add the -r option followed by a user id:
      gpg -se -r recipient textfile
  • To specify an output file, add the -o option followed by a filename:
      gpg -d -o outputfile textfile

This is document awiu in the Knowledge Base.
Last modified on 2017-01-23 12:39:39.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.