LinuxCommandLibrary

gpg

TLDR

Generate a new key pair

$ gpg --gen-key
copy
List all keys in the public keyring
$ gpg --list-keys
copy
Encrypt a file for a specific recipient
$ gpg -e -r [recipient_email] [file]
copy
Decrypt a file
$ gpg -d [file.gpg]
copy
Sign a file with your private key
$ gpg --sign [file]
copy
Verify a signature
$ gpg --verify [file.sig]
copy
Export a public key to a file
$ gpg --export -a "[user_id]" > [public.key]
copy
Import a public key
$ gpg --import [public.key]
copy

SYNOPSIS

gpg [--homedir dir] [--options file] [options] command [args]

DESCRIPTION

gpg (GNU Privacy Guard) is a complete and free implementation of the OpenPGP standard as defined by RFC 4880. It allows you to encrypt and sign data and communications, features a versatile key management system, and provides access modules for public key directories.
GPG is a command-line tool with features for easy integration with other applications. It supports both symmetric (password-based) and asymmetric (public/private key) encryption. The program creates and manages key pairs for secure communication and can verify digital signatures to ensure data integrity and authenticity.
Common use cases include encrypting sensitive files, signing email messages, verifying software package authenticity, and establishing secure communication channels between parties.

PARAMETERS

-e, --encrypt

Encrypt data to one or more recipients
-d, --decrypt
Decrypt data (default if input looks encrypted)
-s, --sign
Make a signature
--verify
Verify a signature
-c, --symmetric
Encrypt with symmetric cipher using a passphrase
-r name, --recipient name
Encrypt for the specified recipient
-u name, --local-user name
Use specified key as the key to sign with
-a, --armor
Create ASCII armored output
-o file, --output file
Write output to specified file
--gen-key
Generate a new key pair
--full-gen-key
Generate a new key pair with dialog for all options
--list-keys
List all keys from the public keyrings
--list-secret-keys
List all keys from the secret keyrings
--import
Import keys from a file
--export
Export keys from the keyring
--delete-keys name
Remove keys from the public keyring
--delete-secret-keys name
Remove keys from the secret keyring
--fingerprint
List keys and their fingerprints
--keyserver url
Specify keyserver to use
--send-keys keyids
Send keys to a keyserver
--recv-keys keyids
Import keys from a keyserver
--batch
Batch mode, never ask for input
--yes
Assume yes on most questions
--passphrase string
Use specified passphrase

CAVEATS

Key management is critical; losing your private key or forgetting the passphrase means permanent loss of access to encrypted data. The web of trust model requires careful key verification to prevent man-in-the-middle attacks. Default algorithms and key sizes should be reviewed periodically as cryptographic standards evolve.

HISTORY

GPG was first released in 1999 by Werner Koch as a free software replacement for PGP (Pretty Good Privacy). It was developed as part of the GNU Project and has since become the de facto standard for email encryption on Unix-like systems. GPG 2.0 introduced a modular architecture in 2006, and version 2.2 brought improved default algorithms and keyserver handling. The project continues to be actively maintained and is widely used by journalists, activists, and security-conscious users worldwide.

SEE ALSO

ssh(1), openssl(1), age(1), sha256sum(1)

Copied to clipboard