# GPG<!-- TOC depthFrom:1 depthTo:6 withLinks:1 updateOnSave:1 orderedList:0 -

1. # GPG
2.  
3. <!-- TOC depthFrom:1 depthTo:6 withLinks:1 updateOnSave:1 orderedList:0 -->
4.  
5. - [GPG](#gpg)
6. - [Create keys](#create-keys)
7. - [List keys](#list-keys)
8. - [Exporting](#exporting)
9. - [Importing](#importing)
10. - [Deleting](#deleting)
11. - [Fingerprint](#fingerprint)
12. - [Encrypting data](#encrypting-data)
13. - [Decrypting data](#decrypting-data)
14. - [Sharing secret keys](#sharing-secret-keys)
15.  
16. <!-- /TOC -->
17.  
18. ## Create keys
19.  
20. You can select the defaults.
21.  
22. ```bash
23. gpg --gen-key
24. ```
25.  
26. ## List keys
27.  
28. __Public keys__
29.  
30. ```bash
31. gpg --list-keys
32. ```
33.  
34. __Secret keys__
35.  
36. ```bash
37. gpg --list-secret-keys
38. ```
39.  
40.  
41. ## Exporting
42.  
43. __Public key__
44.  
45. ```bash
46. gpg --export -a "UserName" > gpg.public.key
47. ```
48.  
49. > Hint: instead "UserName" you can type email or GPG id
50.  
51. __Secret key__
52.  
53. ```bash
54. gpg --export-secret-key -a "name@domain.com" > gpg.secret.key
55. ```
56.  
57. > Hint: instead "name@domain.com" you can type user name or GPG id
58.  
59.  
60. ## Importing
61.  
62. __Public key__
63.  
64. ```bash
65. gpg --import gpg.public.key
66. ```
67.  
68. __Secret key__
69.  
70. ```bash
71. gpg --allow-secret-key-import --import gpg.secret.key
72. ```
73.  
74.  
75. ## Deleting
76.  
77. __Public key__
78.  
79. ```bash
80. gpg --delete-key "User Name"
81. ```
82.  
83. > Hint: Instead "User Name" you can type GPG id or email
84.  
85.  
86. __Secret key__
87.  
88. ```bash
89. gpg --delete-secret-key 35E82649
90. ```
91.  
92. > Hint: Instead 35E82649 (GPG id) you can type user name or email
93.  
94.  
95. ## Fingerprint
96.  
97. To generate a short list of numbers that you can use via an alternative method to verify a public key, use:
98.  
99. ```bash
100. gpg --fingerprint > gpg.fingerprint
101. ```
102.  
103. This creates the file fingerprint with your fingerprint info.
104.  
105.  
106.  
107. ## Encrypting data
108.  
109. To encrypt data, use:
110.  
111. ```bash
112. gpg -e -u "Sender User Name" -r "Receiver User Name" mydata.tar
113. ```
114.  
115. > Hint: Instead typing user name of sender and receiver, you can type email
116.  
117. There are some useful options here, such as -u to specify the secret key to be used, and -r to specify the public key of the recipient.
118. As an example: gpg -e -u "Charles Lockhart" -r "A Friend" mydata.tar
119. This should create a file called "mydata.tar.gpg" that contains the encrypted data. I think you specify the senders username so that the recipient can verify that the contents are from that person
120.  
121. > NOTE!: mydata.tar is not removed, you end up with two files, so if you want to have only the encrypted file in existance, you probably have to delete mydata.tar yourself.
122.  
123. An interesting side note, I encrypted the preemptive kernel patch, a file of 55,247 bytes, and ended up with an encrypted file of 15,276 bytes.
124.  
125. ## Decrypting data
126.  
127. To decrypt data, use:
128.  
129. ```bash
130. gpg -d mydata.tar.gpg
131. ```
132.  
133. If you have multiple secret keys, it'll choose the correct one, or output an error if the correct one doesn't exist. You'll be prompted to enter your passphrase. Afterwards there will exist the file "mydata.tar", and the encrypted "original," mydata.tar.gpg.
134.  
135. > NOTE: when I originally wrote this cheat sheet, that's how it worked on my system, however it looks now like "gpg -d mydata.tar.gpg" dumps the file contents to standard output. The working alternative (worked on my system, anyway) would be to use "gpg -o outputfile -d encryptedfile.gpg", or using mydata.tar.gpg as an example, I'd run "gpg -o mydata.tar -d mydata.tar.gpg". Alternatively you could run something like "gpg -d mydata.tar.gpg > mydata.tar" and just push the output into a file. Seemed to work either way.
136.  
137. Ok, so what if you're a paranoid bastard and want to encrypt some of your own files, so nobody can break into your computer and get them? Simply encrypt them using yourself as the recipient.
138.  
139.  
140. ## Sharing secret keys
141.  
142. > NOTE!: the following use cases indicate why the secret-key import/export commands exist, or at least a couple ideas of what you could do with them. HOWEVER, there's some logistics required for sharing that secret-key. How do you get it from one computer to another? I guess encrypting it and sending it by email would probably be ok, but I wouldn't send it unencrypted with email, that'd be DANGEROUS.
143.  
144. Use Case *.1 : Mentioned above were the commands for exporting and importing secret keys, and I want to explain one reason of why maybe you'd want to do this. Basically if you want one key-pair for all of your computers (assuming you have multiple computers), then this allows you export that key-pair from the original computer and import it to your other computers.
145.  
146. Use Case *.2 : Mentioned above were the commands for exporting and importing secret keys, and I want to explain one reason of why maybe you'd want to do this. Basically, if you belonged to a group, and wanted to create a single key-pair for that group, one person would create the key-pair, then export the public and private keys, give them to the other members of the group, and they would all import that key-pair. Then a member of the group or someone outside could use the group public key, encrypt the message and/or data, and send it to members of the group, and all of them would be able to access the message and/or data. Basically you could create a simplified system where only one public key was needed to send encrypted stuffs to muliple recipients.