Rachit Arora
PGP tutorial
Jan 13, 2024Exporting your key
gpg --armor --export WhatEverNameYouWant
- If you want it instead to save it to a file the following command can instead be entered:
gpg --armor --output myPubKey.asc --export WhatEverNameYouWant
gpg --armor -export WhatEverNameYouWant > myPubKey.asc
- To export your private key, you will enter the following command:
gpg --armor --export-secret-keys WhatEverNameYouWant
To export to a file, use either the “–output” or the “>” character methods outlined above. As a reminder, do not EVER share your private key with anyone. The only time you should be exporting your private key is when creating a back up.
Importing a Key
gpg --import path/to/pubkey.asc
where pubkey.asc is the file where you saved the public key you want to import. Here’s the output you should receive:
gpg: key (Expunged): public key "Agora One" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
Fileless method
The Fileless Method To import a key directly, without the use of a file, you can use either the “cat” command, or “echo” along with a pipe character “|” Using “cat”
cat "" | gpg --import
- The output is the same as the other methods:
gpg: key 0B701872: public key "Mun Mun Mun " imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
Signatures and Verification
There are three common scenarios for the use of clearsigning:
- Establishing PGP key lineage. When your current key is set to expire, you might sign a message containing your new key with your old key.
- Important announcements from administrators, developers, or vendors.
- Proving account ownership.
Clearsigning
gpg -a --export key.asc | gpg --clearsign
cat <<END | gpg --clearsign
Verifying Signatures
- What good are signatures if we can’t verify them?
Good signature
cat <<END | gpg --verify
- output:
gpg: Good signature
Bad signature
cat <<END | gpg --verify
- output:
gpg: Bad signature
Have any questions
Do you have any questions? Feel free to reach out to me on twitter or on LinkedIn.