Skip to main content
  1. Posts/

PGP Cheat Sheet

·429 words·3 mins·
cheat sheet pgp snippets tutorial security privacy
At first>

At first #

  • You need to have your own PGP keys (tutorial how to create them is not included here - please refer PGP manual)
  • --armor will give you base64 encoded data (readable format) on output.
Import keys>

Import keys #

To import keys from previous backup you can use folloing commands.

# Same command is for import private and public keys
gpg --import private-keys.asc
gpg --import pgp-public-keys.asc
gpg --import-ownertrust pgp-ownertrust.asc
Import keys from keyserver>

Import keys from keyserver #

People can share PGP keys on keyservers, to import these keys you can use following command:

gpg --keyserver keys.openpgp.org --receive-keys <FINGERPRINT>
Edit keys>

Edit keys #

To edit key use:

gpg --edit-key <FINGERPRIN>

Please refer PGP manual on how and what you can edit.

Exporting keys>

Exporting keys #

To backup keys use:

gpg --armor --export > pgp-public-keys.asc
gpg --armor --export-secret-keys > pgp-private-keys.asc
gpg --export-ownertrust > pgp-ownertrust.asc
Export public keys to keyserver>

Export public keys to keyserver #

If you want to publish your key on internet you can put in on one of keyservers. Here is an example for keys.openpgp.org keyserver.

gpg --keyserver keys.openpgp.org --send-keys <FINGERPRING>
Digital Signatures>

Digital Signatures #

Digital signatures are used to:

  • verify authenticity - you know who is sender of data
  • integrity - this ensures that the data wasn’t altered in transfer
  • non-repudiation - when you sign data, you cannot succesfully dispute their validity or authorship

Here is an example how you can create digital signature with PGP

gpg --local-user <your-email> --detach-sign test.txt.sig test.txt

# readable signature
gpg --armor --local-user <your-email> --detach-sign test.txt

# Verify signature
gpg --verify text.txt.sig
Encrypt and sign files>

Encrypt and sign files #

Encryption is used to

  • protect data confidentiality - make sure, only recipient can read data.

Here is an example how to encrypt data

gpg --encrypt --sign --armor -r person@email.com name_of_file

# or with fingerprint
gpg --armor --local-user <fingerprint> --encrypt --sign --recipient <mail@server.tld> test.md

You can also encrypt data without signing them, just remove --sign from commands above.

Decrypt>

Decrypt #

to decrypt data use:

gpg file_name.asc
Using your keys with Keybase>

Using your keys with Keybase #

To import your pgp keys to keybase run command as follows:

gpg --armor --export-secret-keys <fingerprint> | keybase pgp import

Command above will import only your publick key to keybase, if you want to host your private key on keybase add --push-secret right after import so command will looks as follows, however I recommend to keep your key private to you and don’t share it anywhere on internet.

gpg --armor --export-secret-keys <fingerprint> | keybase pgp import --push-secret