Skip to content

Latest commit

 

History

History
50 lines (40 loc) · 2.21 KB

gpg.md

File metadata and controls

50 lines (40 loc) · 2.21 KB
Raw

GPG

  • See also:
    • Backing up private keys on paper: (1), (2), (3)

Digitally sign and verify a file

Assumes recipient does not yet have sender's public key.

Sender:

  1. gpg --gen-key = Create public and private key pair.
  2. gpg --output file.sig --detatch-sign file.txt = Sign file.txt with private key, producing the signature file file.sig.
  3. gpg --export --armor "pubkey.gpg" > public.asc = Export binary public key to ASCII-encoded string.
  4. Transfer file.sig, file.txt, and public.asc to recipient.

Recipient:

  1. gpg --import public.asc = Import sender's public key.
  2. gpg --verify file.sig file.txt = Verify the file.sig signature of file.txt using sender's public key.

Asymetrically encrypt/decrypt and sign a file

Sender:

  1. Encrpyt file.txt using recipient's public key (assuming it's in the gpg keychain), then sign file.txt using sender's private key:
gpg --encrypt --sign --armor --recipient recipient@example.com file.txt
  1. This produces the encrypted and signed file file.txt.asc.

Recipient: [1], [2]

  1. Decrypt file.txt using recipient's private key and verify sender's signature: 
    gpg --decrypt file.txt.asc > file.txt

Symmetrically encrypt/decrypt a file

  1. Encrypt file.txt into file.gpg using a password that must be provided: 
    gpg --output file.gpg --symmetric file.txt
  2. Decrypt file.gpg into file.txt using the same password used to encrypt file.txt: 
    gpg --decrypt file.gpg