GPG Quick Notes

A cheatsheet for GPG

Generate Keypair:

gpg --full-gen-key

generate revoke certificate:

gpg --gen-revoke [USER-ID]

list keys:

gpg --list-keys


--keyid-format short/long

delete key:

gpg --delete-key [USER-ID]

output key:

gpg --armor --output public-key.txt --export [USER-ID]

upload key:

gpg --send-keys [USER-ID] --keyserver hkp://


gpg --fingerprint [USER-ID]

import key:

gpg --import [key-file]

search on server for key:

gpg --keyserver hkp:// --search-keys [USER-ID]

encrypt for someone:

gpg -r some@mail.x -e file


gpg -d file.gpg

sign data:

gpg --sign file
gpg --clearsign file
gpg --detach-sign file
gpg --armor --detach-sign file

verify sig:

gpg --verify [signature file] [file]

encrypt and sign:

gpg --local-user [sender id] --recipient [receiver id] --armor --sign --encrypt file

add additional email address:

gpg --edit-key [kei/user-id]
adduid (and follow instructions)
trust (optional)

private key export and import:

gpg --export-secret-keys --armor <USER-ID> privkey.asc
gpg --import privkey.asc

export subkeys:

gpg --list-secret-keys --with-subkey-fingerprint
gpg -a --export-secret-subkeys [subkey_id]! > /tmp/subkey.gpg

edit key:

gpg --edit-key <user-id>

passwd #change passphrase  
clean  #compact any user id that is no longer usable (revoked or expired)
revkey #revoke a key
addkey #add a subkey
expire #change expiration time
addduid # add additional names
addphoto # add photo to key
save # save change and quit