GPG Operations

Operations (decrypt, encrypt, sign) using GPG. Setup Yubikey using Export GPG Subkeys to Yubikey.

Note

If you are encrypting files for yourself, use your email address associated with your public key as the recipient.

Import

If the public key is not your own and cannot be found on keyservers, it must be manually imported.

Import a public key from a file.

gpg --import {KEY FILE}

Import a public key from a keyserver.

gpg --recv {KEYID}

Export

The public key can be exported as well for others to encrypt data for you.

Export public key for signing data.

gpg --homedir /some/custom/.gnupg --armor --export > my_public_key.gpg

Encrypt

Encrypt a file for a given recipient.

gpg --armor --batch --trust-model always --encrypt --recipient {GPGID} {FILE}

Note

--trust-model will prevent GPG from warning about untrusted key

recipients.

Text.

echo -n "super_secret_server_stuff" | gpg --armor --batch --trust-model always --encrypt --recipient {GPGID}

Create a Detached Signature

This is used to validate that the GPG encrypted file has not been changed.

Create a detached signature for a given file.

gpg --detach-sign {FILE}.gpg

Validate File Using Detached Signature

Import the public key if needed.

gpg --import {PUBLIC KEY}

Verify the GPG encrypted file.

gpg --verify {FILE}.sig

Reference