Generate a key
gpg --full-generate-key
Extract the public key to a .pem file. KEY can be the keyid or the fingerprint. Be careful using email: if you have more than one key with the same email, it will take the first one.
gpg --export --armor "${KEY}"
Extract the private key to .pem file. Note: The resulting .pem will still need the passphrase to use.
gpg --export-secret-key --armor "${KEY}"
List the keys in the current keyring
# public keys
gpg --list-keys --keyid-format=long --with-subkey-fingerprints
# private keys
gpg --list-secret-keys --keyid-format=long --with-subkey-fingerprints
Encrypt a file. Note that you will not be able to decrypt this file unless you have the recipient's private key (which you should not have!)
# import the recipient's public key into the key ring
gpg --import recipient_public_key.pem
# encrypt the file with it
gpg --armor --encrypt --recipient "${KEY}" filename
# you will now have a filename.asc
Decrypt a file. Outputs to stdout.
gpg --armor --decrypt filename.asc
Change a passphrase
gpg --edit-key KEY_ID
Then passwd at the prompt