Secure keys and Certificates for encrypt/decrypt and signing

GNU Privacy Guard cheatsheet

To generate a key:

gpg --gen-key

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)

Generally you can select the defaults. Press 1 + Add name, username, email - as needed. Don't forget on proper Passphr4se !

Export keys:

gpg --export -a -o muj-public-armored.shtf

 Import keys:

gpg --import kamarad1-pub.shtf

 In a case, you forget a passphrase, and you cannot use the key,
create a revoke certificate now! when creating keys:

gpg --gen-revoke

Administration of keys:

 gpg --list-keys

gpg --list-sigs

gpg --fingerprint

gpg --list-secret-keys

gpg --delete-key keyUID

gpg --delete-secrete-key 

gpg --edit-key UID

TO sign the key:

gpg --edit-key

 

you can use help to see some other options

check

sign

Sign a keys only in case you are 100% sure they are authentic

To list the keys in your public and secret key ring:

gpg --list-keys --list-secret-keys

gpg --list-secret-keys

To decrypt data, use:

gpg -d zasifrovany.wtf

If you have more secret keys, GPG use a correct one, or give out an error - if the correct one is not in dB. 

 You'll be prompted to enter your passphrase. Afterwards there will exist the file "zasifrovany-rozsifrovany.wtf2", and the encrypted "original," zasifrovany.wtf

-- you can choose filenames and extensions as needed

To communicate with others you must exchange PUBLIC keys.

To generate a short list of numbers that you can use via an alternative method to verify a public key, use:

gpg --fingerprint > fingerprint

This creates the file fingerprint with your fingerprint info.

to export a public key into file public.key:

gpg --export -a "User Name" > public.key

This will create a file called public.key with the ascii representation of the public key for User Name (armored)

Once a key is imported it should be validated. GnuPG uses a powerful and flexible trust model that does not require you to personally validate each key you import.
To import and validate a key, use:

gpg --import public.key

To encrypt data, use:
gpg -e -u "Sender User Name" -r "Receiver User Name" somefile

HOW TO enCRYPT THE FILE

gpg --encrypt ProUzivatelNam datadatadatadatadatadata

gpg -e soubor.txt


 To avoid the risk that somebody else claims to be you, it is very useful to sign everything you encrypt,

To sign file with compression:

gpg --sign bude-sifra.txt

To sign file with clear (so the rest of text is still readable):
 

gpg --clearsign data.txt

To encrypt and signed as well in once:

gpg -u odesilatel -r prijemce --sign --encrypt 2beCrypt.txt

To read a signature - you need to decrypt first:

 

HOW TO deCRYPT THE FILE

gpg --decrypt  bflmpsvznznstrakarsifra.txt

gpg -d fbaif;dgdjfhsdkhlfdf

when encrypted data are signed, you can read signature after decrypt:

 

gpg --verify

 

Or there is a possibility to use --clearsign on encrypted text.

To write signature to special file use:

gpg -b sig.sig