Basic PGP Commands


Generate a key

gpg --full-generate-key

Extract the public key to a .pem file. KEY can be the keyid or the fingerprint. Be careful using email: if you have more than one key with the same email, it will take the first one.

gpg --export --armor "${KEY}"

Extract the private key to .pem file. Note: The resulting .pem will still need the passphrase to use.

gpg --export-secret-key --armor "${KEY}"

List the keys in the current keyring

# public keys
gpg --list-keys --keyid-format=long --with-subkey-fingerprints 
# private keys
gpg --list-secret-keys --keyid-format=long --with-subkey-fingerprints

Encrypt a file. Note that you will not be able to decrypt this file unless you have the recipient's private key (which you should not have!)

# import the recipient's public key into the key ring
gpg --import recipient_public_key.pem
# encrypt the file with it
gpg --armor --encrypt --recipient "${KEY}" filename
# you will now have a filename.asc

Decrypt a file. Outputs to stdout.

gpg --armor --decrypt filename.asc

Change a passphrase

gpg --edit-key KEY_ID

Then passwd at the prompt

Date: 2027-07-10

Tags: linux

Share: