Quick guide to GPG

A quick ref for using GPG.

Generating keys

Choose RSA–2048 or higher.

gpg --expert --gen-key

It’s recommended to set an expiry date (you can always extend it later without affecting your key fingerprint).

Signing

In all the examples below, you can leave out --local-user and GPG will choose the best (sub-)key from your defaults. To force GPG to use a particular key you must append an exclamation point!

• Message plus signature are saved in binary file message.txt.gpg

gpg --sign message.txt

• ASCII-signed message will save the output in message.txt.asc. Message contents appear garbled.

gpg --armor --sign --local-user=213ED790! message.txt

• Detached signature used as email attachment which mailing lists will show as “scrubbed” usually. The signature itself will be stored in message.txt.sig in binary format.

gpg --detachsign message.txt

If you pass --armor it will generate both the signature file (*.sig) as well as the ASCII output (*.asc)

• ASCII-sign (inline PGP) with user specified string as comment. Message contents appear preserved. This is my favourite.

gpg --clearsign --local-user=213ED790! --no-version --comment "URL: http://google.com" message.txt