How to Manage GnuPG Keys
Have you issues to remember how to use GnuPG? GnuPG does not have a very user-friendly interface. Usually, I forget how to use it so that I decided to start this page. This is an article about documenting common use cases with GnuPG.
This blog post hopefully becomes a comprehensive guide overtime. However, here is an incomplete list to useful documentation:
Setup Testing Environment
Sometimes, I am confused about German translation of certain command line tools and man pages.
For that reason, it is a personal taste to set export LANG=C
.
In case this directory should be recycled, GPG agent must be restarted with killall gpg-agent
.
Create New Primary Key
The parameters --no-tty
, --batch
and --passphrase=''
suppress any questions.
This is useful in case steps should be automated with some scripts.
I prefer rather Edwards-Curve than RSA nowadays.
Add Subkey
First, list all secret keys with fingerprint: gpg --with-subkey-fingerprints -K
Second, add subkey with following command.
The parameters --no-tty
, --batch
and --passphrase=''
suppress any questions.
I prefer rather Edwards-Curve than RSA nowadays.
Usage of the subkey could be sign
, auth
or encrypt
.
Comma-delimited list of those values are possible.
Set Expire Date of a Subkey
Show fingerprints of all secret keys including subkeys:
gpg --with-subkey-fingerprint -K
Set new expire date with following command:
In case, the primary key is protected with a password. This is an example which is using pass.
If GNUPGHOME=$PWD
is set, it must be unset because pass
is using GnuPG in the background.
Export Secret Subkey without Primary Key
Use --export-secret-subkeys
instead of --export-secret-keys
to avoid an export of the primary key.
Summary
This page contains some useful commands for your daily work. I am curious about your daily use cases with GnuPG! What are your common commands with this tool? How to you protect your primary key? I am looking forward reading from you. Do not hesitate to drop a comment below.