- Getting Started
- Backup Your PGP Keys
- Restore the PGP Keys
- Import Your Keypair
- Encrypt Message with GPG
- Decrypt Message with GPG
- Import Another User PGP Key
Install gpg software and generate a keypair.
sudo apt install gpg -y
gpg --full-generate-keyTo list the long form of the PGP keys for which you have both a public and private key:
gpg --list-secret-keys --keyid-format=long/home/netadmin/.pgp/pubring.kbx
-------------------------------
sec 4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
uid Hubot <hubot@example.com>
ssb 4096R/4BB6D45482678BE3 2016-03-10
Back up the keypair and store it in a safe place.
gpg --export --armor <fingerprint> --output pubkey.asc
gpg --export-secret-keys --armor <fingerprint> --output privkey.ascA fingerprint is either the long form of the PGP key ID (in this example, the PGP key ID is 3AA5C34371567BD2) or the associated email address (hubot@example.com).
Archive the private keys
tar zcvf private-keys.tgz privkey.ascEncrypt the private-keys.tgz archive with a 'master' password
openssl aes-256-cbc -salt -pbkdf2 -in private-keys.tgz -out private-keys.tgz.encprivate-keys.tgz.enc can be made publicly available, as it is encrypted with
the master supplied password.
wget -P ~/.pgp https://github.com/duc-mt/pgp-keys/raw/refs/heads/master/private-keys.tgz.enc && openssl aes-256-cbc -salt -pbkdf2 -in ~/.pgp/private-keys.tgz.enc -out ~/.pgp/private-keys.tgz -d && tar zxvf ~/.pgp/private-keys.tgz -C ~/.pgp && rm ~/.pgp/private-keys.tgz*gpg --import pubkey.asc
gpg --allow-secret-key-import --import privkey.ascTrust them if necessary.
gpg --edit-key <fingerprint>gpg --armor --sign --encrypt --recipient <name> path/to/file
gpg -a -s -e -r <name> path/to/fileThe output filename will be the same as the input filename, but with .asc
extension.
gpg --decrypt path/to/file.asc
gpg -d path/to/file.ascgpg --recv-keys <keyID>or
gpg --search-keys <name>