gpg

GNU Privacy Guard encryption and signing tool

TLDR

Generate a new key pair

$ gpg --gen-key

List all keys in the public keyring

$ gpg --list-keys

Encrypt a file for a specific recipient

$ gpg -e -r [recipient_email] [file]

Decrypt a file

$ gpg -d [file.gpg]

Sign a file with your private key

$ gpg --sign [file]

Verify a signature

$ gpg --verify [file.sig]

Export a public key to a file

$ gpg --export -a "[user_id]" > [public.key]

Import a public key

$ gpg --import [public.key]

SYNOPSIS

gpg [--homedir dir] [--options file] [options] command [args]

gpg (GNU Privacy Guard) is a complete and free implementation of the OpenPGP standard as defined by RFC 4880. It allows encrypting and signing data, features a versatile key management system, and provides access modules for public key directories.
GPG supports both symmetric (password-based) and asymmetric (public/private key) encryption. Common use cases include encrypting sensitive files, signing email messages, verifying software package authenticity, and establishing secure communication channels.

PARAMETERS

-e, --encrypt

Encrypt data to one or more recipients

-d, --decrypt

Decrypt data (default if input looks encrypted)

-s, --sign

Make a signature

--verify

Verify a signature

-c, --symmetric

Encrypt with symmetric cipher using a passphrase

-r name, --recipient name

Encrypt for the specified recipient

-u name, --local-user name

Use specified key as the key to sign with

-a, --armor

Create ASCII armored output

-o file, --output file

Write output to specified file

--gen-key

Generate a new key pair

--full-gen-key

Generate a new key pair with dialog for all options

--list-keys

List all keys from the public keyrings

--list-secret-keys

List all keys from the secret keyrings

--import

Import keys from a file

--export

Export keys from the keyring

--delete-keys name

Remove keys from the public keyring

--delete-secret-keys name

Remove keys from the secret keyring

--fingerprint

List keys and their fingerprints

--keyserver url

Specify keyserver to use

--send-keys keyids

Send keys to a keyserver

--recv-keys keyids

Import keys from a keyserver

--batch

Batch mode, never ask for input

--yes

Assume yes on most questions

--passphrase string

Use specified passphrase

CONFIGURATION

~/.gnupg/gpg.conf

User configuration file for default options, keyserver settings, and algorithm preferences.

~/.gnupg/pubring.kbx

Public keyring database storing imported and generated public keys.

~/.gnupg/trustdb.gpg

Trust database for the web of trust model.

CAVEATS

Key management is critical; losing your private key or forgetting the passphrase means permanent loss of access to encrypted data. The web of trust model requires careful key verification to prevent man-in-the-middle attacks. Default algorithms and key sizes should be reviewed periodically as cryptographic standards evolve.

HISTORY

GPG was first released in 1997 by Werner Koch (version 0.0.0), with the first stable release (1.0.0) in 1999, as a free software replacement for PGP (Pretty Good Privacy). It was developed as part of the GNU Project and has since become the de facto standard for email encryption on Unix-like systems. GPG 2.0 introduced a modular architecture in 2006, and version 2.2 brought improved default algorithms and keyserver handling. The project continues to be actively maintained and is widely used by journalists, activists, and security-conscious users worldwide.

gpg