PGP Key Guide
Generate Key Pair
# Interactive key generation
gpg --full-generate-key
# Non-interactive (batch mode)
gpg --batch --gen-key <<EOF
%no-protection
Key-Type: RSA
Key-Length: 4096
Subkey-Type: RSA
Subkey-Length: 4096
Name-Real: Your Name
Name-Email: [email protected]
Expire-Date: 2y
EOF
Key Management
# List public keys
gpg --list-keys
# Export public key
gpg --export --armor [email protected] > public.asc
# Export private key (keep safe!)
gpg --export-secret-keys --armor [email protected] > private.asc
# Import key
gpg --import public.asc
Encrypt & Decrypt
# Encrypt a file
gpg --encrypt --armor --recipient [email protected] file.txt
# Decrypt
gpg --decrypt file.txt.asc > file.txt
# Encrypt + sign
gpg --encrypt --sign --armor -r [email protected] file.txt
Sign & Verify
# Detached signature
gpg --detach-sign --armor file.txt
# Verify signature
gpg --verify file.txt.asc file.txt
# Clearsign (sign text inline)
gpg --clearsign message.txt
Keyserver Operations
# Upload to keyserver
gpg --keyserver keys.openpgp.org --send-keys KEYID
# Search keyserver
gpg --keyserver keys.openpgp.org --search-keys [email protected]
# Receive/refresh key
gpg --keyserver keys.openpgp.org --recv-keys KEYID
| Concept | Description |
|---|---|
| Public Key | Share freely โ others use it to encrypt messages to you |
| Private Key | Keep secret โ used to decrypt and sign |
| Fingerprint | 40-hex unique identifier for a key |
| Trust Web | PGP's decentralized trust model |