GPG Operations

Operations (decrypt, encrypt, sign) using GPG. Setup Yubikey using Export GPG Subkeys to Yubikey.


If you are encrypting files for yourself, use your email address associated with your public key as the recipient.


If the public key is not your own and cannot be found on keyservers, it must be manually imported.

Import a public key from a file.
gpg --import {KEY FILE}
Import a public key from a keyserver.
gpg --recv {KEYID}


The public key can be exported as well for others to encrypt data for you.

Export public key for signing data.
gpg --homedir /some/custom/.gnupg --armor --export > my_public_key.gpg


Encrypt a file for a given recipient.
gpg --armor --batch --trust-model always --encrypt --recipient {GPGID} {FILE}


--trust-model will prevent GPG from warning about untrusted key


echo -n "super_secret_server_stuff" | gpg --armor --batch --trust-model always --encrypt --recipient {GPGID}

Create a Detached Signature

This is used to validate that the GPG encrypted file has not been changed.

Create a detached signature for a given file.
gpg --detach-sign {FILE}.gpg

Validate File Using Detached Signature

Import the public key if needed.
gpg --import {PUBLIC KEY}
Verify the GPG encrypted file.
gpg --verify {FILE}.sig