Useful GPG commands

On this page:


Encryption/decryption commands

  • To encrypt a plaintext file with the recipient's public key:
    gpg -e -r recipient_userid textfile
  • To sign a plaintext file with your secret key:
    gpg -s textfile
  • To sign a plaintext file with your secret key and have the output readable to people without running GPG first:
    gpg --clearsign textfile
  • To sign a plaintext file with your secret key, and then encrypt it with the recipient's public key:
    gpg -se -r recipient_userid
  • To decrypt an encrypted file, or to check the signature integrity of a signed file:
    gpg [-o outputfile] ciphertextfile

Key management commands

  • To generate your own unique public/secret key pair:
    gpg --gen-key
  • To add a public or secret key file's contents to your public or secret key ring:
    gpg --import keyfile
  • To extract (copy) a key from your public or secret key ring:
    gpg -ao keyfile --export userid

    or

    gpg -ao keyfile --export-secret-key
  • To view the contents of your public key ring:
    gpg --list-keys
  • To view the "fingerprint" of a public key, to help verify it over the telephone with its owner:
    gpg --fingerprint userid
  • To view the contents and check the certifying signatures of your public key ring:
    gpg --check-sigs
  • To edit a key:
    gpg --edit-key userid
  • To remove a key or just a userid from your public key ring:
    gpg --delete-key userid
  • To permanently revoke your own key, issuing a key compromise certificate:
    gpg --gen-revoke userid
  • To disable or re-enable a public key on your own public key ring:
    gpg --batch --edit-key userid disable

    or

    gpg --batch -edit-key userid enable

Esoteric commands

  • To create a signature certificate that is detached from the document:
    gpg -sb textfile
  • To detach a signature certificate from a signed message:
    gpg -b ciphertextfile

Command options that can be used in combination with other command options

  • To produce a ciphertext file in ASCII format, add the -a option when encrypting or signing a message or extracting a key:
    gpg -sea textfile
  • To specify a recipient, add the -r option followed by a user id:
    gpg -se -r recipient textfile
  • To specify an output file, add the -o option followed by a filename:
    gpg -d -o outputfile textfile

This is document awiu in the Knowledge Base.
Last modified on 2023-07-12 14:42:17.