[ previous ] [ Contents ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ A ] [ next ]
References:
gpg(1)
.
file:///usr/share/doc/gnupg/README.gz
GNU privacy handbook in
file:///usr/share/doc/gnupg-doc/GNU_Privacy_Handbook/
(install
gnupg-doc
package)
# gpg --gen-key # generate a new key
# gpg --gen-revoke my_user_ID # generate revoke key for my_user_ID
# host -l pgp.net | grep www|less # figure out pgp keyservers
A good default keyserver set up in $HOME/.gnupg/gpg.conf
(or old
location $HOME/.gnupg/options
) contains:
keyserver hkp://subkeys.pgp.net
Here one must be careful not to create more than 2 sub-keys.
If you do, keyservers on pgp.net will corrupt your key. Use
the newer gnupg
(>1.2.1-2) to handle these corrupted subkeys.
See http://fortytwo.ch/gpg/subkeys
.
File handling:
$ gpg [options] command [args]
$ gpg {--armor|-a} {--sign|-s} file # sign file into a text file.asc
$ gpg --clearsign file # clear-sign message
$ gpg --clearsign --not-dash-escaped patchfile # clear-sign patchfile
$ gpg --verify file # verify clear-signed file
$ gpg -o file.sig {-b|--detach-sig} file # create detached signature
$ gpg --verify file.sig file # verify file with file.sig
$ gpg -o crypt_file {--recipient|-r} name {--encrypt|-e} file
# public-key encryption intended for name
$ gpg -o crypt_file {--symmetric|-c} file # symmetric encryption
$ gpg -o file --decrypt crypt_file # decryption
Key management:
$ gpg --edit-key user_ID # "help" for help, interactive
$ gpg -o file --exports # export all keys to file
$ gpg --imports file # import all keys from file
$ gpg --send-keys user_ID # send key of user_ID to keyserver
$ gpg --recv-keys user_ID # recv. key of user_ID from keyserver
$ gpg --list-keys user_ID # list keys of user_ID
$ gpg --list-sigs user_ID # list sig. of user_ID
$ gpg --check-sigs user_ID # check sig. of user_ID
$ gpg --fingerprint user_ID # check fingerprint of user_ID
$ gpg --list-sigs | grep '^sig' | grep '[User id not found]' \
| awk '{print $2}' | sort -u | xargs gpg --recv-keys # get unknown keys
# update keys for all unknown sigs.
$ gpg --refresh-keys # update local keyring
Trust code:
- No ownertrust assigned / not yet calculated.
e Trust calculation has failed.
q Not enough information for calculation.
n Never trust this key.
m Marginally trusted.
f Fully trusted.
u Ultimately trusted.
The following will upload my key "A8061F32" to the popular keyserver hkp://subkeys.pgp.net:
$ gpg --keyserver hkp://subkeys.pgp.net --send-keys A8061F32
Add the following to ~/.muttrc
to keep a slow GnuPG from
automatically starting, while allowing it to be used by typing `S'
at the index menu.
macro index S ":toggle pgp_verify_sig\n"
set pgp_verify_sig=no
Add the contents of _vimrc
obtained from the examples subdirectory
into ~/.vimrc
to
run GnuPG transparently.
[ previous ] [ Contents ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ A ] [ next ]
Debian Reference
CVS, Mon Jun 16 21:20:26 UTC 2008osamu#at#debian.org