# Creating a key
gpg --gen-key
# Exporting keys
gpg -o file.gpg --armor --export [UID]
# Importing keys ==> when u received someone's pub key,u have to add them
# to your key database in order to be able to ues them.. ~/.gnupg/
gpg --import [filename]
# Revoke a key
gpg --gen-revoke
# Key administration
gpg --list-keys
gpg --list-sigs
gpg --fingerprint
gpg --list-secret-keys
gpg --delete-key [UID]
gpg --delete-secret-key
# '?' to listing help
gpg --edit-key [UID]
Command> ?
Command> revkey
Do you really want to revoke this key? y
Command> revsig
Command> check
# Signing and checking signatures
gpg -o file.sig --sign file.txt
gpg -o file.sig --clearsign file.txt
gpg -o file.sig -ab file.txt
gpg --verify file.sig file.txt
# use '--version' to listing supported algorithms
[root@ns1 ~]# gpg --version
gpg (GnuPG) 1.4.5
Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
# Encrypt and Decrypt
gpg -o file.gpg -e -r jacky file.txt # use jacky's pubkey to encrypt 'file.txt'
gpg -o file.txt -d file.gpg
gpg -o file.asc -e --armor -r jacky file.txt
gpg -o file.txt -d file.asc
# symmetric encryption
gpg -o file.gpg --cipher-algo 3des -c file.txt
gpg -o file.txt -d file.gpg
gpg -o file.asc --cipher-algo 3des --armor -c file.txt
gpg -o file.txt -d file.asc
# TIPS: (in E-mail transmission always select 'ASCII' file ~!Ooops..)
# ASCII file always use suffix '.asc'
# and Binary file always use '.gpg'
# Sample here:
[root@ns1 home]# gpg --gen-key
gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
#Your selection?
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
#What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
#Key is valid for? (0) 1
Key expires at Sun 11 Apr 2010
04:22:30 AM CST
#Is this correct? (y/N) y
You need a user ID to identify your
key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) "
#Real name: jacky
#Email address: jacky@gmail.com
#Comment: AK is a famous gun..
You selected this USER-ID: "jacky (AK is a famous gun..) "
#Change (N)ame, (C)omment,(E)mail or (O)kay/(Q)uit? O
#You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform some
other action (type on the keyboard, move the mouse, utilize the disks) during
the prime generation; this gives the random number generator a better chance to
gain enough entropy.
+++++.++++++++++.++++++++++.++++++++++++++++++++.++++++++++++
++++++++++++++++++.+++++.+++++++++++++++.+++++..++++++++++++++
+.+++++.+++++++++++++++......................+++++
We need to generate a lot of random bytes. It is a good idea to perform some
other action (type on the keyboard, move the mouse, utilize the disks) during
the prime generation; this gives the random number generator a better chance to
gain enough entropy.
+++++..+++++++++++++++.+++++++++++++++..++++++++++.+++++..+++++++
+++.+++++++++++++++.++++++++++++++++++++.++++++++++++++++++++
++++++++++.+++++++++++++++++++++++++.+++++.+++++.+++++>+++++++
++++++++.+++++++++++++++.+++++.++++++++++......+++++>.+++++>...++++
+>+++++..>.+++++...................................................>+++++............<.+++++......
...........................................................................+++++^^^
gpg: key 58B2DE67 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1
complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2
signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2010-04-10
#pub 1024D/58B2DE67 2010-04-09 [expires:2010-04-10]
# Key fingerprint = 59B5 0536 ACC1 94ED DA48 EE2E 9B98 D1C0 58B2 DE67
# uid jacky (AK is a famous gun)
#sub 4096g/B41492A8 2010-04-09 [expires: 2010-04-10]