tiyn/wiki
1
0
Fork 0
mirror of https://github.com/tiyn/wiki.git synced 2025-11-26 21:29:46 +01:00
Code Issues Projects Releases Wiki Activity
Files
f5bae3580d52601bb9f3dad1a9db67bbef6546e9
wiki/wiki/linux/gpg.md
tiyn f5bae3580d added openpgp and linked it
2025-11-22 08:45:19 +01:00

4.7 KiB
Raw Blame History

GPG

GNU Privacy Guard - short GnuPG or just GPG - is a free and open-source implementation of OpenPGP. It is used to savely encrypt and decrypt messages or files using assymetric encryption.

Setup

On most linux distributions GPG can be installed with the gnupg package. Sometimes it is also called gnupg2.

Usage

This section addresses the usage of the Open GPG.

List or Find a Key

To find a key use the following command. <query> is a search string and is optional.

gpg --list-keys <query>

Generating a Key Pair

A fast way to generate a key pair is by running the following command.

gpg --generate-key

Backing Up and Exporting Keys

A total backup or the export of all private, public and subkeys can be achieved by running the following commands. Replace <id> with the identifier of the key that should be backed up.

gpg --export --armor <id> > <id>.pub
gpg --export-secret-keys --armor <id> > <id>.prv
gpg --export-secret-subkeys --armor <id> > <id>_priv.asc
gpg --export-ownertrust > ownertrust.txt

Especially the first command can be run in individually to export public keys without owning the private key.

Import Keys

Keys that have been imported in the way described in the previous section can be imported by the following commands. Replace <id> with the identifier of the key that should be imported.

gpg --import <id>.pub
gpg --import <id>.priv
gpg --import <id>_priv.asc
gpg --import-ownertrust ownertrust.txt

Again the first command can be run individually to import single public keys that are not owned.

Afterwards the following commands can be run to set the ultimate trust level to the key pair. Caution is advised.

gpg --edit-key [email protected]
gpg> trust
Your decision? 5

Encrypting Files and Other Messages

A file - in this case named message.txt - can be encrypted using the a specific key with the following command. Replace <id> with the identifier of the key that should encrypt the message.

gpg -e -r <id> message.txt

This command will create a file with the same name as the input file but with an added .gpg - in this case its called message.txt.gpg.

Decrypt Files and Other Messages

A file - in this case named message.txt.gpg - can be decrypted with the following command.

gpg --decrypt message.txt.gpg

This command will output the content of the file.

Restart the GPG Server

The GPG server can be restarted by simply running the following command.

gpgconf --kill all

Receive a Key and Trust It

If importing a key does not properly work it can be useful to manually receive and trust a key. This is done by running the following lines: Caution is advised. Replace <id> with the identifier of the key that should be received and trusted.

gpg --recv-key <id>
gpg --lsign <id>

Managing Multiple Users and E-Mails of an Existing Secret Key

A secret key can have more than one e-mail assigned to it. After generating the key however only a single user is added by default.

To add another one use the following command where <key-id> is the id of the key to add the e-mail to.

gpg --edit-key <key-id>

Afterwards a console will open. Using adduid another user can be added by following the on-screen instructions. Afterwards save will save the progress and exit from the console.

To delete an existing user and e-mail also open the edit-console. Then list the existing users using the command uid and select the user id of the key to delete with uid <id> where <id> is the key to delete. Then delete it with deluid and save with save.

Troubleshooting

This section will focus on errors and the fixing of errors of GPG.

keyblock resource '.../pubring.kbx': No such file or directory

This error mostly occurs when updating packages via various package managers. It can easily be fixed by running the following command. Which will (re-)generate the needed files and directories for GPG.

dirmngr

gpg: keyserver receive failed: No data

This error mostly occurs when updating packages via various package managers. It prevents specific packages from installing after the PGP key is not imported correctly. This can be fixed by importing the PGP key manually by the following command. In this command <key-id> is the id for the PGP key given by the package manager before the error occurs. hkp://pgp.rediris.es is a key server that can be used but other possibilities are available and can and should be used depending on the location.

gpg --keyserver hkp://pgp.rediris.es --recv-key <key-id>