Some backgrounds
- PGP: Stands for pretty good privacy.
- GPG: Stands for GNU privacy guard.
- PGP was originally developed as a copyrighted freeware under GNU public license but was later made into propriety software because of the USA export laws.
- GPG was a re-write and stripped of any proprietary encryption algorithms version of PGP. It was developed by the GNU community.
- As of 2022, GPG is recommended for all developers.
- For GitHub users, there is also SSH key. How does it differ from GPG key?
- SSH key is used to validate accesses for GitHub repositories.
- GPG key, on the other hand, is for verifying commits.
Well, there are two main differences.
- You may search keys by email address or Key ID at keys.openpgp.org
Usage
Generate keys
# quick and dirty gpg --gen-key # more options gpg --full-generate-key
List keys
# list public keys gpg --list-keys # list secret keys gpg --list-secret-keys
Export public key
# gpg --export --armor _<pub/uid>_ > pubkey.asc gpg --export --armor yanbc > yanbc.pubkey.asc
Import a key from your friend
gpg --import yanbc.pubkey.asc
Edit key
This is a more advanced usage. You can make changes to a key, e.g. trust/disable/delete a certain key, with the following command
# gpg --edit-key _<pub/uid>_ gpg --edit-key yanbc
This will open up a prompt terminal. Type
help for all sub-commands.Encrypt a file
# create a file echo hello > hi.txt # encrypt the file for yanbc and yourself gpg --encrypt --recipient yanbc --recipient your_user_name hi.txt
Decrypt a file
# decrypt to file gpg hi.txt.gpg # decrypt to stdout gpg --decrypt hi.txt.gpg
Backup keys
# backup public keys gpg --export-options backup -o PATH/TO/BACKUP/keyring.gpg --export # backup secret keys gpg --export-options backup -o PATH/TO/BACKUP/keyring.gpg --export-secret-keys
Restore keys
gpg --import-options restore --import PATH/TO/BACKUP/keyring.gpg