Posts GPG key installation or setup guide
Post
Cancel

GPG key installation or setup guide

Purpose of this guide is to provide a step-by-step guide on how to install and setup GPG key on Ubuntu Server.

GPG Installation

  • Install gnupg:
    1
    2
    
    sudo apt update
    sudo apt install gnupg
    
  • If .gnugpg directory empty then configure gpg using following command:
    1
    
    gpgconf --kill gpg-agent
    

GPG Key Management

  1. Generate a new key pair. (if you don’t have one)
    1
    
    gpg --full-generate-key
    
  • Set ownertrust:
    1
    2
    3
    4
    
    gpg --edit-key <key-id>
    gpg> trust
    # Input: 5 for ultimate trust
    # "q" for save and quit
    
  • Renew gpg expire:
    1
    2
    3
    4
    
    gpg --edit-key <key-id>
    gpg> expire
    # Input: 1y
    # "q" for save and q
    
  • List Secret Keys:
    1
    
    gpg --list-secret-keys
    
  • List Long Secret Keys:
    1
    
    gpg --list-secret-keys --keyid-format LONG
    
  • Export public key:
    1
    
    gpg --armor --export <key-id>
    
  • Delete gpg key:
    1
    
    gpg --delete-keys <key-id>
    
  • Delete gpg secret key:
    1
    
    gpg --delete-secret-keys <key-id>
    

Backup & Restore

  • Backup public key key:
    1
    
    gpg -a --export <email-id> > public-key.asc
    
  • Backup secret key key:
    1
    
    gpg -a --export-secret-keys <email-id> > secret-key.asc
    
  • Backup owner trust:
    1
    
    gpg --export-ownertrust > ownertrust-gpg.txt
    
  • Restore public key key:
    1
    
    gpg --import public-key.asc
    
  • Restore secret key key:
    1
    
    gpg --import secret-key.asc
    
  • Restore owner trust:
    1
    
    gpg --import-ownertrust ownertrust-gpg.txt
    

Encryption & Decryption

1. Encryption & Decryption with key pairs

  • Encrypt file using public key:
    1
    
    gpg --encrypt --recipient <email-id> <file>
    
  • Decrypt file using secret key:
    1
    
    gpg --decrypt <file>.gpg
    

1. Encryption, Decryption & Sign with key pairs

  • Encrypt file using public key and sign with secret key:
    1
    
    gpg --encrypt --recipient <email-id> --sign <file>
    
  • Decrypt file using secret key and verify signature:
    1
    
    gpg --decrypt <file>.gpg
    

1. Encryption & Decryption with password

  • Encrypt with password:
    1
    2
    3
    
    gpg --symmetric <file>
    # or
    gpg -c <file>
    
  • Decrypt with password:
    1
    
    gpg --decrypt <file>.gpg
    

2. Signing & Verification

  • Sign file using secret key:
    1
    
    gpg --sign <file>
    
  • Verify file using public key and verify signature:
    1
    
    gpg --verify <file>.asc
    

Bonus Tips:

1. Configure gpg signing in git

  • Set signing key.
    1
    
    git config --global user.signingkey "<secret_id>"
    
  • Enable GPG signing.
    1
    
    git config --global commit.gpgsign true
    
  • Export GPG_TTY variable.
    1
    
    export GPG_TTY=$(tty)
    

2. Share gpg public key:

  • Share public key using key server:
    1
    2
    
    gpg --keyserver hkps://keys.openpgp.org --send-keys <key-id>
    gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys <key-id>
    

3. Search & Import gpg public key:

  • Search public key using key server:
    1
    2
    
    gpg --keyserver hkps://keys.openpgp.org --search-keys <email-id>
    gpg --keyserver hkps://keyserver.ubuntu.com --search-keys <email-id>
    
  • Import public key:
    1
    2
    
    gpg --keyserver hkps://keys.openpgp.org --recv-keys <key-id>
    gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys <key-id>
    
  • Verify public key using key server:
    1
    2
    
    gpg --keyserver hkps://keys.openpgp.org --verify <key-id>
    gpg --keyserver hkps://keyserver.ubuntu.com --verify <key-id>
    

4. Save to SmartCard:

  • See SmartCard details:
    1
    
    gpg --card-status
    
  • Save to SmartCard:
    1
    
    gpg --card-edit
    
  • Select Key each index [1, 2, 3] and save to SmartCard.
    1
    
    key <key index>
    
  • Save key to SmartCard.
    1
    
    keytocard
    
  • Save changes.
    1
    2
    3
    
    # If you save then it will delete key from local.
    # If you don't want to delete then quit by pressing `q`.
    save