Generating Your Private & Public Key Pair:
When executing the command above, use the defaults as they are the best options. Be sure to use a strong password phrase for your key. ( use a sentence that only you know – more than 15 letters )
Listing Your Keys:
gpg2 --fingerprint firstname.lastname@example.org gpg2 --list-keys
Here is how to encrypt a file and send it to john. The file is called urbdb.txt.
The –encrypt option tells gpg to encrypt the file, and the –sign option tells it to sign the file with your details. The –armor option tells gpg to create an ASCII file. The -r (recipient) option must be followed by the email address of the person you’re sending the file to.
gpg2 --encrypt --sign --armor -r email@example.com urbdb.txt
John has sent a reply. It is in an encrypted file called encrypted.asc. We can decrypt it very easily using the –decrypt option. We are going to redirect the output into another file called plain.txt.
Note that we don’t have to tell gpg who the file is from. It can work that out from the encrypted contents of the file.
gpg2 --decrypt encrypted.asc > plain.txt
Making Your Public Key Available To Others:
When you make your public key available to others, they can verify communications you sign, or send you encrypted communications if necessary. This procedure is also known as exporting.
gpg2 --export --armor firstname.lastname@example.org > jdoe-pubkey.asc
Send or email the jdoe-pubkey.asc to anyone that needs to send you encrypted communications. They can also verify messages were indeed sent by you using this public key. You can post this key on websites for persons to find you or use it in your signatures. Another alternative is to use one of the many public key services online that make your public key available for the world to use.
( hkp://pgp.mit.edu | keyserver.pgp.com | hkp://subkeys.pgp.net:11371 )
Sending your public key to a public key server:
gpg2 --keyserver hkp://pgp.mit.edu --send-key KEYNAME
For KEYNAME, substitute either the key ID of your primary keypair or any part of a user ID that identifies your keypair.
Receiving Someone’s Public Key & Importing It To Your Local Computer’s Key Ring:
gpg2 --recv-keys D172X836
gpg: requesting key D172X836 from hkp server keys.gnupg.net
gpg: key D172X836: "John Q Public email@example.com" 26 new signatures
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2016-11-09
gpg: Total number processed: 1
gpg: new signatures: 1
To list all keys on your local computer.
To delete someone’s public key from your keyring using command line, use the following command.
gpg2 --delete-keys D172X836
pub 4096R/D172X836 2014-09-24 John Public Jpublic@example.com
Delete this key from the keyring? (y/N) y
To delete your private and public key from your local machine:
gpg2 --delete-secret-keys firstname.lastname@example.org
gpg2 --delete-keys email@example.com
You can confirm that the key is no longer available by using the
command. This will list all of your saved keys. If you have a long list of keys, you may want to use
gpg2 --list-keys | grep D172X836
to filter the results down to the key you are looking for.
Making a Private/Public Key Backup, Using the Command Line:
gpg2 --export-secret-keys --armor firstname.lastname@example.org > jdoe-privkey.asc
Use the following command to make the backup of your private key and your public key, which you can then copy to a destination of your choice:
The Seahorse application can be used if you are looking for a graphical front end to all of the commands above.