gpg is the OpenPGP part of the GNU Privacy Guard (GnuPG). It is a tool to
provide digital encryption and signing services using the OpenPGP standard.
GnuPG is often used for file encryption as well as to send encrypted
communications such as e-mails. The following is a quick-reference cheat sheet
for GnuPG version 2.x.
Create a new key
For quick key creation, follow the prompts. All the default options are fine.
To create a new key with custom settings:
List public keys
List all public keys in your keyring using the lower-case
-k option; an
List secret keys
List all secret or private keys in your keyring using the upper-case
List all keys with short ID
List all keys with their respective short identifier or octet. In the example
below, the key ID is
C3E456DE shown in the first line. It is the last 8
characters of the full ID shown in line 2.
#To list public keys, use lower-case -k gpg -k --keyid-format=short #Example output pub rsa4096/C3E456DE 2022-10-17 [SC] [expires: 2024-10-16] 44C64B50FA07E40E905F5947FDEE7C1DC3E456DE uid [ultimate] xx
sub rsa4096/9C9AE090 2022-10-17 [E] [expires: 2024-10-16]
Export public key to file
gpg -o public.txt -a --export <KEY ID>
Export private key to file
gpg -o private.txt -a --export-secret-key <KEY ID>
Import a public or private key to your keyring
Add a public or private key to your keyring. Importing will work on any ASCII-armored key file, regardless of extension, e.g. .asc, .pgp, gpg, .txt, etc.
gpg --import public.gpg gpg --import public.txt
Delete a private key from your key ring
gpg --delete-secret-keys <KEY ID>
Delete a public key from your key ring
Important: If a public key has an associated private key, delete the private key first.
gpg --delete-keys <KEY ID>
To perform local symmetric encryption on local files where there is no
recipient, the option
-c is used. This option encrypts the files with a
password as opposed to a key. Note that you will be prompted for a password.
gpg -c filename
Encrypt data using recipient’s public key
To send an encrypted file to a named recipient, it is necessary to possess the
recipient’s public key. In the following example, we are encrypting the
message.txt with the public key we hold for
--recipient specify the required
operations and can be combined as
gpg -er email@example.com message.txt
The output of the above example will be the creation of a new file
message.txt.gpg which can only be decrypted with the private key
belonging to the recipient. The file
message.txt.gpg can now be attached to
and sent as a regular email to
To decrypt and display output in CLI:
gpg -d filename.asc
To decrypt and output to file:
gpg -d filename.asc > output.txt