Purpose of this guide is to provide a step-by-step guide on how to install and setup GPG key on Ubuntu Server.
GPG Installation
- Install
gnupg
:1 2
sudo apt update sudo apt install gnupg
- If
.gnugpg
directory empty then configuregpg
using following command:1
gpgconf --kill gpg-agent
GPG Key Management
- Generate a new key pair. (if you don’t have one)
1
gpg --full-generate-key
- Set
ownertrust
:1 2 3 4
gpg --edit-key <key-id> gpg> trust # Input: 5 for ultimate trust # "q" for save and quit
- Renew
gpg
expire:1 2 3 4
gpg --edit-key <key-id> gpg> expire # Input: 1y # "q" for save and q
- List Secret Keys:
1
gpg --list-secret-keys
- List Long Secret Keys:
1
gpg --list-secret-keys --keyid-format LONG
- Export public key:
1
gpg --armor --export <key-id>
- Delete
gpg
key:1
gpg --delete-keys <key-id>
- Delete
gpg
secret key:1
gpg --delete-secret-keys <key-id>
Backup & Restore
- Backup
public key
key:1
gpg -a --export <email-id> > public-key.asc
- Backup
secret key
key:1
gpg -a --export-secret-keys <email-id> > secret-key.asc
- Backup
owner trust
:1
gpg --export-ownertrust > ownertrust-gpg.txt
- Restore
public key
key:1
gpg --import public-key.asc
- Restore
secret key
key:1
gpg --import secret-key.asc
- Restore
owner trust
:1
gpg --import-ownertrust ownertrust-gpg.txt
Encryption & Decryption
1. Encryption & Decryption with key pairs
- Encrypt file using public key:
1
gpg --encrypt --recipient <email-id> <file>
- Decrypt file using secret key:
1
gpg --decrypt <file>.gpg
1. Encryption, Decryption & Sign with key pairs
- Encrypt file using public key and sign with secret key:
1
gpg --encrypt --recipient <email-id> --sign <file>
- Decrypt file using secret key and verify signature:
1
gpg --decrypt <file>.gpg
1. Encryption & Decryption with password
- Encrypt with password:
1 2 3
gpg --symmetric <file> # or gpg -c <file>
- Decrypt with password:
1
gpg --decrypt <file>.gpg
2. Signing & Verification
- Sign file using secret key:
1
gpg --sign <file>
- Verify file using public key and verify signature:
1
gpg --verify <file>.asc
Bonus Tips:
1. Configure gpg
signing in git
- Set signing key.
1
git config --global user.signingkey "<secret_id>"
- Enable GPG signing.
1
git config --global commit.gpgsign true
- Export
GPG_TTY
variable.1
export GPG_TTY=$(tty)
2. Share gpg
public key:
- Share public key using key server:
1 2
gpg --keyserver hkps://keys.openpgp.org --send-keys <key-id> gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys <key-id>
3. Search & Import gpg
public key:
- Search public key using key server:
1 2
gpg --keyserver hkps://keys.openpgp.org --search-keys <email-id> gpg --keyserver hkps://keyserver.ubuntu.com --search-keys <email-id>
- Import public key:
1 2
gpg --keyserver hkps://keys.openpgp.org --recv-keys <key-id> gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys <key-id>
- Verify public key using key server:
1 2
gpg --keyserver hkps://keys.openpgp.org --verify <key-id> gpg --keyserver hkps://keyserver.ubuntu.com --verify <key-id>
4. Save to SmartCard:
- See SmartCard details:
1
gpg --card-status
- Save to SmartCard:
1
gpg --card-edit
- Select Key each index [1, 2, 3] and save to SmartCard.
1
key <key index>
- Save key to SmartCard.
1
keytocard
- Save changes.
1 2 3
# If you save then it will delete key from local. # If you don't want to delete then quit by pressing `q`. save