Pretty Good Privacy
Disambiguation
OpenPGP | |
---|---|
PGP | |
GPG (GnuPG) |
Common operations
List private (own) keys | gpg -K |
---|---|
Quickly extend keys1 | gpg --quick-set-expire ABCDDEADBEEFABCDC0CCABCD42069ABCD7AFFF2 1y (replace with own key and 1y with expiration date or period.) |
Create a new public/secret key pair | gpg --gen-key |
Export a public key | gpg --armor --output <pubkey.gpg> --export <key-id> |
Export a secret key | gpg --armor --output <privkey.gpg> --export-secret-key <key-id> |
extend subkeys
gpg --edit-key ABCDDEADBEEFABCDC0CCABCD42069ABCD7AFFF2 key 0 expire 1y key 1 expire 1y save
replace old key with new key
When replacing one uncompromised key with a newer (typically longer) one, using a transition period when both keys are trustworthy and participate in the web of trust uses trust transitivity to use links to the old key to trust signatures and links created by the new key. During a transition, both keys are trustworthy but you only use the newer one to sign documents and certify links in the web of trust.
gpg --expert --full-gen-key (9) ECC and ECC (1) Curve 25519 $PGP_NEWKEY_ID=<ID of new key> $PGP_OLDKEY_ID=<ID of old key> # sign new key with old key gpg --default-key $OLDKEY --sign-key $NEWKEY # sign old key with new key gpg --default-key $NEWKEY --sign-key $OLDKEY # export in ASCII armored format gpg --armor --output $NEWKEY.key --export-secret-key $NEWKEY gpg --armor --output $NEWKEY.pub --export $NEWKEY
QR Codes
How do I distribute my pubkey?
see also:
Keyservers
SKS Keyservers | these have some issues |
keyserver.ubuntu.com | Hockeypuck run by the Ubuntu people. |
keys.openpgp.org | |
Mailvelope Key Server | run by people behind the browser Add-On Mailvelope |
Set in Enigmail: Settings → Keyservers, enter comma separated list, e.g.:
vks://keys.openpgp.org, hkps://keys.mailvelope.com, hkp://keyserver.ubuntu.com
upload with GPG
# don't use "vks://" or "hkp://" infront of the domain name! gpg --keyserver keys.example.com --send-keys $KEY_1 $KEY_2
get key manually
gpg2 --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys $PUT_KEY_HERE
further reading
- GPG Howto (Ubuntu Community)
- PGP and you (thoughtbot blog)
- 15 reasons not to start using PGP (secushare)
[1]
note: you may need to extend your subkeys if they had a different expiry date