cheat-fork-echo/cheat/cheatsheets/gpg
Chris Lane f46698b656 Performed a large refactoring
Performed an extensive refactoring on the entire application for the
sake of code-cleanliness.

- Refactored out of an ad-hoc Imperative paradigm into more of a
  functional/declarative paradigm. IMO, this makes the application
  signifcantly easier to understand.

- Moved away from `argparse` and into `docopt` for argument parsing

- Version bump to 2.0.0

- Performed extensive refactoring on the setup.py script. Script should
  install to the system more cleanly now.

- Made minor formatting changes to the --list flag output

- Updated the README

Squashed commit of the following:

commit e5681bd536aa0220cdeb7884cc248db55be408c9
Author: Chris Lane <chris@chris-allen-lane.com>
Date:   Sat Apr 26 23:30:21 2014 -0400

    Fixed many bugs

    Everything seems to work now, I think.

commit 764ec5950cee958eb1b8333ddfcb6bcd45c28429
Author: Chris Lane <chris@chris-allen-lane.com>
Date:   Sat Apr 26 21:51:31 2014 -0400

    Restructuring for the sake of setup.py

    Seem to finally have a working install script

commit 5a866c23857b77ec65070dd8023cd734f2b7c242
Author: Chris Lane <chris@chris-allen-lane.com>
Date:   Sat Apr 26 18:01:11 2014 -0400

    Nits

commit a79954ba5b33d992fa6a32abffb33b161d624e3d
Author: Chris Lane <chris@chris-allen-lane.com>
Date:   Sat Apr 26 17:53:03 2014 -0400

    Implemented search

commit b570a897e9a12c15affe1a72628deae31836dee2
Author: Chris Lane <chris@chris-allen-lane.com>
Date:   Sat Apr 26 17:11:27 2014 -0400

    Nits

commit 1a8d85b44457f1b2131b3e8475c5270b5d0899e3
Author: Chris Lane <chris@chris-allen-lane.com>
Date:   Sat Apr 26 17:02:22 2014 -0400

    Still refactoring across files

    Trying to make the program structure clearer

commit 34dffd6462e492e81ea558e2009a71051b7663c9
Author: Chris Lane <chris@chris-allen-lane.com>
Date:   Sat Apr 26 16:40:37 2014 -0400

    Breaking app into several files

    This is for the sake of code-cleanliness

commit 4825d678ff5f9817ccbf727ef71e5dea15ff2586
Author: Chris Lane <chris@chris-allen-lane.com>
Date:   Sat Apr 26 15:55:19 2014 -0400

    Got syntax highlighting working

commit c37d7a626d451bfca3d4a072eb9fed604085170f
Author: Chris Lane <chris@chris-allen-lane.com>
Date:   Sat Apr 26 15:29:22 2014 -0400

    Reduced verbosity of function names

commit 8e626045186b37dce2480f5af1994ddfa8db79b5
Author: Chris Lane <chris@chris-allen-lane.com>
Date:   Sat Apr 26 15:24:41 2014 -0400

    Refactored argument passing

    Fewer arguments now need to be passed throughout the app.

commit 807ba814650010b3dd1b59d27400b3fb4fcfede7
Author: Chris Lane <chris@chris-allen-lane.com>
Date:   Sat Apr 26 11:40:05 2014 -0400

    Working through the refactor

commit e34e6540d4f8cd727e98aac68289d515a02d5fe6
Author: Chris Lane <chris@chris-allen-lane.com>
Date:   Thu Apr 24 20:00:10 2014 -0400

    Got a basic end-to-end refactor working

    Have re-implemented just the most basic functionality in the "cheat2"
    file.
2014-04-26 23:39:19 -04:00

173 lines
3.5 KiB
Text

# Create a key
gpg --gen-key
# Show keys
To list a summary of all keys
gpg --list-keys
To show your public key
gpg --armor --export
To show the fingerprint for a key
gpg --fingerprint KEY_ID
# Search for keys
gpg --search-keys 'user@emailaddress.com'
# To Encrypt a File
gpg --encrypt --recipient 'user@emailaddress.com' example.txt
# To Decrypt a File
gpg --output example.txt --decrypt example.txt.gpg
# Export keys
gpg --output ~/public_key.txt --armor --export KEY_ID
gpg --output ~/private_key.txt --armor --export-secret-key KEY_ID
Where KEY_ID is the 8 character GPG key ID.
Store these files to a safe location, such as a USB drive, then
remove the private key file.
shred -zu ~/private_key.txt
# Import keys
Retrieve the key files which you previously exported.
gpg --import ~/public_key.txt
gpg --allow-secret-key-import --import ~/private_key.txt
Then delete the private key file.
shred -zu ~/private_key.txt
# Revoke a key
Create a revocation certificate.
gpg --output ~/revoke.asc --gen-revoke KEY_ID
Where KEY_ID is the 8 character GPG key ID.
After creating the certificate import it.
gpg --import ~/revoke.asc
Then ensure that key servers know about the revokation.
gpg --send-keys KEY_ID
# Signing and Verifying files
If you're uploading files to launchpad you may also want to include
a GPG signature file.
gpg -ba filename
or if you need to specify a particular key:
gpg --default-key <key ID> -ba filename
This then produces a file with a .asc extension which can be uploaded.
If you need to set the default key more permanently then edit the
file ~/.gnupg/gpg.conf and set the default-key parameter.
To verify a downloaded file using its signature file.
gpg --verify filename.asc
# Signing Public Keys
Import the public key or retrieve it from a server.
gpg --keyserver <keyserver> --recv-keys <Key_ID>
Check its fingerprint against any previously stated value.
gpg --fingerprint <Key_ID>
Sign the key.
gpg --sign-key <Key_ID>
Upload the signed key to a server.
gpg --keyserver <keyserver> --send-key <Key_ID>
# Change the email address associated with a GPG key
gpg --edit-key <key ID>
adduid
Enter the new name and email address. You can then list the addresses with:
list
If you want to delete a previous email address first select it:
uid <list number>
Then delete it with:
deluid
To finish type:
save
Publish the key to a server:
gpg --send-keys <key ID>
# Creating Subkeys
Subkeys can be useful if you don't wish to have your main GPG key
installed on multiple machines. In this way you can keep your
master key safe and have subkeys with expiry periods or which may be
separately revoked installed on various machines. This avoids
generating entirely separate keys and so breaking any web of trust
which has been established.
gpg --edit-key <key ID>
At the prompt type:
addkey
Choose RSA (sign only), 4096 bits and select an expiry period.
Entropy will be gathered.
At the prompt type:
save
You can also repeat the procedure, but selecting RSA (encrypt only).
To remove the master key, leaving only the subkey/s in place:
gpg --export-secret-subkeys <subkey ID> > subkeys
gpg --export <key ID> > pubkeys
gpg --delete-secret-key <key ID>
Import the keys back.
gpg --import pubkeys subkeys
Verify the import.
gpg -K
Should show sec# instead of just sec.