GNU Privacy Guard

More Information

Create a key pair

If this is your first execution of gpg, it may ask you to re-run it ...

gpg --gen-key

Move the mouse and such to help the entropy source.

Note the keyid of the master key, it is the 8 character hex string on the line begining with "pub" and is found right after the '/' character.

Create a revocation cert

It is generally a good idea to create a revocation certificate. It can be used in the future to revoke your key if you feel it has been compromised:

gpg --output revoke.asc --gen-revoke USER-ID

Store the revocation cert is a safe place. Also, you may want to print it out and store it somewhere safe in case of media failure.

Add userids to your key pair

You can bind as many userid's as you like to a key. Each email address that you might want to use to send (or receive) authenticated email from (at) should be added as a seperate userid.

Substitute the "keyid" for your key for "KEYID" in the next command:

gpg --edit-key KEYID

Submit your key to the keyserver

Replace KEYID with the keyid of your key:

gpg --send-key KEYID

Signing another person's key

IMPORTANT! Make absolutely sure that the key you are signing actually belongs to the person it identifies!

Signing a key where you have not verified the identity could help an imposter "steal" that identity.

A good practice here is to have the person who owns the key verify the fingerprint and present photo identification in person.

Once you have established that the key is owned by the person that the key identifies you sign their public key.

First, fetch their public key from a keyserver, if you don't already have it on your ring:

gpg --recv-key KEYID-OR-FINGERPRINT

Next, edit the key and add the signature:

gpg --edit-key KEYID-OR-FINGERPRINT

Update the trust database:

gpg --update-trustdb

Resubmit the signed key back to the keyserver:

gpg --send-key KEYID-OR-FINGERPRINT

Export a key in ascii, for transmission or publication

gpg --export --armor KEYID