![[Blue Ribbon Campaign icon]](http://br.eff.org/br.png)
last modified: 2010-02-23 15:56:50
3317 hits
Besides the most useful command shown below, there is of course the
possibility to interactively edit your key-ring:s "gpg --edit-key $KEYID".
Though if you enter "?" you'll get a list of possible commands, this list is not
a complete one (e.g. it misses commands such as "expire", etc.). Check out
man gpg for all possible commands you can use here.
But now, here's most of the stuff which should suffice in everyday life:
Generate a key-pair: gpg --gen-key Upload the key: gpg --send-keys --keyserver pgp.mit.edu $KEYID Revoke a key: Generate revocation certificate: gpg --gen-revoke $KEYID Save the certificate-block in $FILE Import the revocation certificate: gpg --import $FILE Check the key is correctly revoked: gpg --list-sigs $KEYID Should say "[revoked]" in the first line and "rev" in the second Or: gpg --edit-key $KEYID Should say "trust: -/r" Upload the revoked key: gpg --send-keys --keyserver pgp.mit.edu $KEYID List all keys: gpg --list-keys List a specific key: gpg --list-keys $NAME or: gpg --list-keys $KEYID Export the public key (as text-file): gpg --export --armor $KEYID > pubkey.txt Export the private key (as text-file): gpg --export-secret-keys --armor $KEYID > pubkey.txt Import a public or private key: gpg --import $FILE gpg --recv-keys --keyserver pgp.mit.edu $KEYID Interactively edit a key: gpg --edit-key $KEYID Encrypt symmetric (very strong): gpg --cipher-algo RIJNDAEL256 -o $CRYPT-FILE -c $PLAIN-FILE Decrypt symmetric: gpg --cipher-algo RIJNDAEL256 -o $PLAIN-FILE --decrypt $CRYPT-FILE
Though it is highly unlikely you have such a key: ElGamal sign+encrypt key (type 20)
if used with GPG 1.0.2 or later must be considered compromised.
Here is Werner Koch's detailed explanation,
including an easy way to double-check that you don't have such vulnerable keys.