Friday, 9 May 2008

Gnu Privacy Guard Commands

GNU Privacy Guard (GPG) commands

This blog lists a load of gpg commands which are really useful!

Useful commands

What follows is a list of useful commands

Help (listing all available commands and options)

gpg --help

We get a full list of commands. Note all gpg commands take the format:

gpg [option1, option2, .. option n] [command] [Filename or user to work with]

Listing keys on keyrings

gpg -k (gpg --list-keys)

lists all public keys on the current users public keyring

gpg --list-secret-keys

lists all secret keys on the current users secret keyring

Generating a new private-public key

gpg --gen-key

Select the kind of key, size of encryption, and other details and give the key pair a name.

Importing a public key onto the keyring

Note you can import private keys this way as well.

gpg –import

Removing a key from the keyring

The following commands remove keys from the respective keyrings. Note if you try and remove a public key which has the same private pair then you will need to remove the private (secret) key first.

Public: gpg --delete-keys [Keyname]
Secret: gpg --delete-secret-keys [Keyname]

Exporting Public Key
To make key available for other users to decrypt with you can export the public key by using the command:

gpg -a -u [Local user with private key] --passphrase [Local user pass phrase] --export >[Name of file for exported public key]

Encrypting data

You can encrypt data with a private key using the following command

gpg -e -o [outputfilename] -u [Local Private Key User] [inputFilename]
gpg -e --output [outputfilename] -u [Local Private Key User] [inputFilename]

You can also armour the output with ascii with the following command:

gpg -ea -o [outputfilename] -u [Local Private Key User] [inputFilename]

Armouring makes the encrypted file more readable in text viewers.

If you omit the -o then it will save the file with an appended extension of .gpg

Decrypting data

The following commands can decrypt data encrypted by a specific public key. Note you need the public key of the pair which the private key was used to encrypt the data with.

eg. gpg -da -r [Public Key] [EncryptedFileName] >[NewFileName]

Note if you omit the pipe to the new file name then the decrypted output will be displayed to the screen.

You need to provide a pass phrase to decipher the encrypted file. You will either be prompted for this or you can use the –passphrase switch

eg. gpg -da --passphrase [PassPhrase] -r [Public Key] [EncryptedFileName] >[NewFileName]
Signing keys

When importing in public keys from the client to your public keyring you must sign the key. This can be done by

gpg -u [Local User with Private Key] --passphrase [Local user passphrase] --edit-key [Remote user with Public Key] sign

You will then need to hit yes and then quit to exit

Very Verbose messages :)

Always useful to get as much information returned back when having problems, Use the -vv (very verbose) option.

For example when you listing key information using the -vv option highlights if the public key has been signed.

Very useful resouces:

Justin Millers Guide
Click here to view

No comments: