GnuPG cheatsheet

A cheatsheet for GnuPG, the encryption and signing software.

#Getting Started

#Software

Gpg4win and the GPG Suite have OS-specific features.

GnuPG
Gpg4win (Windows)
GPG Suite (macOS)

Sometimes GPG keys are referred as PGP keys. They're interchangeable, as they follow the OpenPGP Standard.

#Create a key-pair

Generate your keys:

$ gpg --generate-key

... or fully configure your keys.

$ gpg --generate-full-keys

Note: Choose a strong passphrase! The encryption is only as strong as your passphrase.

#Key management

List your keys:

$ gpg --list-keys

List your secret keys:

$ gpg --list-secret-keys

Export your public key:

$ gpg --export --armor <ID>

Export your secret key:

$ gpg --export-secret-key --armor <ID>

Delete your public key:

$ gpg --delete-key <ID>

Delete your secret key:

$ gpg --delete-secret-key <ID>

#Encryption

#Symmetric

Encrypt with a passphrase:

$ gpg -c <FILE>

Encrypt as ASCII with -a flag:

$ gpg -ac <FILE>

Set output file path with -o flag:

$ gpg -c <FILE> -o <PATH>

Decrypt with a passphrase:

$ gpg <FILE>

Note: Choose a strong passphrase! The encryption is only as strong as your passphrase.

#Asymmetric

Encrypt using public-private key encryption:

$ gpg -e -r <RECIPIENT> <FILE>

Encrypt as ASCII output with -a flag:

$ gpg -ea -r <RECIPIENT> <FILE>

Encrypt and sign with -s flag:

$ gpg -se -r <RECIPIENT> <FILE>

Add multiple recipients:

$ gpg -e -r <RECIPIENT1> -r <RECIPIENT2> <FILE>

Set output file path with -o flag:

$ gpg -e -o <PATH> -r <RECIPIENT> <FILE>

Decrypt with your private key:

$ gpg <FILE>

Replace <RECIPIENT> with your intended recipient's imported public key ID.

#Importing a public key

Import using a file:

$ gpg --import <FILE>

Import using a link (macOS/Linux):

$ curl <WEBSITE> | gpg --import

Don't forget to sign the imported key:

$ gpg --sign-key <ID>

#Commit Signing

#Local Git Setup

Enable GPG signing:

$ git config --global commit.gpgsign true

Set the signing key:

$ git config --global user.signingkey <ID>

Set location of GPG:

$ git config --global gpg.program <PROGRAM>

Note: Your name and email must match on Git and GnuPG.

#GPG Program List

Replace <PROGRAM> with one of the following:

Platform	Value
Windows	`C:\Program Files (x86)\GnuPG\bin\gpg.exe`
macOS/Linux	/usr/local/bin/gpg

#Exporting your public key

Export as ASCII:

$ gpg --export --armor <ID>

Note: Platforms, like GitHub, may ask you to verify the email you set in Git and GnuPG.

#Windows: Add to Startup Apps

#PowerShell Commands

When you do a full restart, the GPG agent might not automatically start. Add the GnuPG's IPC tool to Startup Apps using PowerShell:

$ $shell = New-Object -ComObject WScript.Shell
$ $shortcut = $shell.CreateShortcut("C:\Users\$($Env:UserName)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gpg-connect-agent.lnk")
$ $shortcut.TargetPath = "C:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exe"
$ $shortcut.Arguments = "/bye"
$ $shortcut.Save()

Start up manually instead:

$ gpgconf --launch gpg-agent

Check if it was successfully added here.