rtfd/in/public/security/gpg/overview.rst

********
OverView
********

.. todo::

 * setpref, or elsehow at key generation
 * ! suffix to exclude subkeys
 * trust key
 * sign file
 * sign key
 * encrypt for [hidden-]recipient
 * delete secret key
 * import secret key
 * refresh keys

Search
======

.. code:: shell

  gpg --search-keys "Key ID"

Download
========

.. code:: shell

  gpg --receive-keys "KEY ID"

List
====

.. code:: shell

  gpg --list-keys

.. code:: shell

  gpg --list-signatures

Modify
======

.. code:: shell

  gpg --expert --edit-key "KEY ID"

[…]

::

  save

add a subkey to a master key
----------------------------

::

  addkey
  8 → RSA (set your own capabilities)

[…]

::

  q → finished
  4096
  1y → key expires in 1 year
  y → this is correct
  y → really create

sign
^^^^

::

  e → toggle the encrypt capability

.. code:: shell

  gpg --quick-add-key FFIINNGGEERRPPRRIINNTT rsa4096 auth 1y
  gpg --quick-add-key FFIINNGGEERRPPRRIINNTT rsa4096 encr 1y
  gpg --quick-add-key FFIINNGGEERRPPRRIINNTT rsa4096 sign 1y

encrypt
^^^^^^^

::

  s → toggle the sign capability

authenticate
^^^^^^^^^^^^

::

  s → toggle the sign capability
  e → toggle the encrypt capability
  a → toggle the authenticate capability

set expiration date
-------------------

::

  expire
  1y
  y

add another UserID
------------------

::

  adduid
  First Last
  user@domain.tld
  comment
  o

set primary UserID
------------------

::

  uid 1
  primary

Export
======

private key
-----------

.. code:: shell

  gpg --armor --export-secret-keys FFIINNGGEERRPPRRIINNTT > key.gpg

private subkeys
---------------

.. code:: shell

  gpg --armor --export-secret-subkeys FFIINNGGEERRPPRRIINNTT > subkeys.gpg

public key
----------

.. code:: shell

  gpg --armor --export "Key ID" > id.asc

public SSH key
--------------

.. code:: shell

  gpg --armor --export-ssh-key "Key ID" > id.pub

Dump
====

.. code:: shell

  gpg --list-packets

.. code:: shell

  pgpdump pub.asc

Secure
======

hide the master key in an encrypted container
---------------------------------------------

* ~/.gnupg/private-keys-v1.d/KKEEYYGGRRIIPP.key

Revoke
======

.. code:: shell

  gpg --import "FFIINNGGEERRPPRRIINNTT.rev"
  gpg --send-keys "KEY ID"
gpg overview,servers 2019-05-14 08:39:00 +00:00			`********`
			`OverView`
			`********`

			`.. todo::`

			`* setpref, or elsehow at key generation`
			`* ! suffix to exclude subkeys`
gpg todo 2019-05-14 20:01:41 +00:00			`* trust key`
			`* sign file`
			`* sign key`
			`* encrypt for [hidden-]recipient`
			`* delete secret key`
			`* import secret key`
			`* refresh keys`
gpg overview,servers 2019-05-14 08:39:00 +00:00
			`Search`
			`======`

			`.. code:: shell`

			`gpg --search-keys "Key ID"`

			`Download`
			`========`

			`.. code:: shell`

			`gpg --receive-keys "KEY ID"`

			`List`
			`====`

			`.. code:: shell`

			`gpg --list-keys`

gpg list signatures 2019-05-14 18:58:07 +00:00			`.. code:: shell`

			`gpg --list-signatures`

gpg overview,servers 2019-05-14 08:39:00 +00:00			`Modify`
			`======`

			`.. code:: shell`

			`gpg --expert --edit-key "KEY ID"`

			`[…]`

			`::`

			`save`

			`add a subkey to a master key`
			`----------------------------`

			`::`

			`addkey`
			`8 → RSA (set your own capabilities)`

			`[…]`

			`::`

			`q → finished`
			`4096`
			`1y → key expires in 1 year`
			`y → this is correct`
			`y → really create`

			`sign`
			`^^^^`

			`::`

			`e → toggle the encrypt capability`

			`.. code:: shell`

			`gpg --quick-add-key FFIINNGGEERRPPRRIINNTT rsa4096 auth 1y`
			`gpg --quick-add-key FFIINNGGEERRPPRRIINNTT rsa4096 encr 1y`
			`gpg --quick-add-key FFIINNGGEERRPPRRIINNTT rsa4096 sign 1y`

			`encrypt`
			`^^^^^^^`

			`::`

			`s → toggle the sign capability`

			`authenticate`
			`^^^^^^^^^^^^`

			`::`

			`s → toggle the sign capability`
			`e → toggle the encrypt capability`
			`a → toggle the authenticate capability`

			`set expiration date`
			`-------------------`

			`::`

			`expire`
			`1y`
			`y`

			`add another UserID`
			`------------------`

			`::`

			`adduid`
			`First Last`
			`user@domain.tld`
			`comment`
			`o`

			`set primary UserID`
			`------------------`

			`::`

			`uid 1`
			`primary`

			`Export`
			`======`

			`private key`
			`-----------`

			`.. code:: shell`

			`gpg --armor --export-secret-keys FFIINNGGEERRPPRRIINNTT > key.gpg`

			`private subkeys`
			`---------------`

			`.. code:: shell`

			`gpg --armor --export-secret-subkeys FFIINNGGEERRPPRRIINNTT > subkeys.gpg`

			`public key`
			`----------`

			`.. code:: shell`

			`gpg --armor --export "Key ID" > id.asc`

			`public SSH key`
			`--------------`

			`.. code:: shell`

			`gpg --armor --export-ssh-key "Key ID" > id.pub`

			`Dump`
			`====`

gpg list packets 2019-05-14 19:31:10 +00:00			`.. code:: shell`

			`gpg --list-packets`

gpg overview,servers 2019-05-14 08:39:00 +00:00			`.. code:: shell`

			`pgpdump pub.asc`

			`Secure`
			`======`

			`hide the master key in an encrypted container`
			`---------------------------------------------`

			`* ~/.gnupg/private-keys-v1.d/KKEEYYGGRRIIPP.key`

			`Revoke`
			`======`

			`.. code:: shell`

			`gpg --import "FFIINNGGEERRPPRRIINNTT.rev"`
			`gpg --send-keys "KEY ID"`