[ previous ] [ Contents ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ A ] [ next ]

Debian Reference
Chapter 14 - GnuPG

References:

gpg(1).
file:///usr/share/doc/gnupg/README.gz
GNU privacy handbook in file:///usr/share/doc/gnupg-doc/GNU_Privacy_Handbook/ (install gnupg-doc package)

14.1 Installing GnuPG


     # gpg --gen-key                   # generate a new key
     # gpg --gen-revoke my_user_ID     # generate revoke key for my_user_ID
     # host -l pgp.net | grep www|less # figure out pgp keyservers

A good default keyserver set up in $HOME/.gnupg/gpg.conf (or old location $HOME/.gnupg/options) contains:


     keyserver hkp://subkeys.pgp.net

Here one must be careful not to create more than 2 sub-keys. If you do, keyservers on pgp.net will corrupt your key. Use the newer gnupg (>1.2.1-2) to handle these corrupted subkeys. See http://fortytwo.ch/gpg/subkeys.

14.2 Using GnuPG

File handling:


     $ gpg  [options]  command  [args]
     $ gpg {--armor|-a} {--sign|-s} file # sign file into a text file.asc
     $ gpg --clearsign file              # clear-sign message
     $ gpg --clearsign --not-dash-escaped patchfile  # clear-sign patchfile
     $ gpg --verify file                 # verify clear-signed file
     $ gpg -o file.sig {-b|--detach-sig} file # create detached signature
     $ gpg --verify file.sig file        # verify file with file.sig
     $ gpg -o crypt_file {--recipient|-r} name {--encrypt|-e} file 
             # public-key encryption intended for name
     $ gpg -o crypt_file {--symmetric|-c} file # symmetric encryption
     $ gpg -o file --decrypt crypt_file  # decryption

14.3 Managing GnuPG

Key management:


     $ gpg --edit-key user_ID               # "help" for help, interactive
     $ gpg -o file --exports                # export all keys to file 
     $ gpg --imports file                   # import all keys from file
     $ gpg --send-keys user_ID              # send key of user_ID to keyserver
     $ gpg --recv-keys user_ID              # recv. key of user_ID from keyserver
     $ gpg --list-keys user_ID              # list keys of user_ID
     $ gpg --list-sigs user_ID              # list sig. of user_ID
     $ gpg --check-sigs user_ID             # check sig. of user_ID
     $ gpg --fingerprint user_ID            # check fingerprint of user_ID
     $ gpg --list-sigs | grep '^sig' | grep '[User id not found]' \
       | awk '{print $2}' | sort -u | xargs gpg --recv-keys # get unknown keys
       # update keys for all unknown sigs.
     $ gpg --refresh-keys                   # update local keyring

Trust code:


     -         No ownertrust assigned / not yet calculated.
     e         Trust calculation has failed.
     q         Not enough information for calculation.
     n         Never trust this key.
     m         Marginally trusted.
     f         Fully trusted.
     u         Ultimately trusted.

The following will upload my key "A8061F32" to the popular keyserver hkp://subkeys.pgp.net:


     $ gpg --keyserver hkp://subkeys.pgp.net --send-keys A8061F32

14.4 Using GnuPG with applications

14.4.1 Using GnuPG with Mutt

Add the following to ~/.muttrc to keep a slow GnuPG from automatically starting, while allowing it to be used by typing `S' at the index menu.


     macro index S ":toggle pgp_verify_sig\n"
     set pgp_verify_sig=no

14.4.2 Using GnuPG with Vim

Add the contents of _vimrc obtained from the examples subdirectory into ~/.vimrc to run GnuPG transparently.