gpg --list-keys
gpg --list-secret-keys

Change Passphrase

gpg --edit-key felix
gpg> passwd
gpg> save


Encrypt and Decrypt a File

echo hi > message.txt
gpg -er message.txt

gpg -d message.txt.gpg > hi_again

Export a Key

gpg --armor --export >

Importing and Signing#

Import a key

gpg --import key.asc

Sign a key

gpg --sign-key


echo "Hi Alice!" | gpg -aer > x.txt.asc

Keyservers and OpenKeychain#

Share key with OpenKeychain

gpg --list-keys
fingerprint=$(gpg --list-keys --with-colons felix | grep ^fpr | head -1 | cut -d: -f10)
# e.g. EC34AC4BAE402D3805141363121006BF375F1AB6
# send to keyserver
gpg --keyserver --send-keys $fingerprint
echo -n openpgp4fpr:$fingerprint | qrencode -o /tmp/qr.png
display -filter box -resize 300x300 /tmp/qr.png

Note: web interface wants 0x prefix in search.

Export Openkeychain key:

  • select key

  • advanced

  • share

Read fingerprint from openkeychain

sudo apt-get install -y zbar-tools
zbarcam  # scan QR, check STDOUT

Export local fingerprint as QR using 2qr:

echo -n openpgp4fpr:EC34AC4BAE402D3805141363121006BF375F1AB6 | 2qr

Note the -n to skip the line break.

Trust levels:

Trust another key

gpg --edit-key foo

Further Reading#

ASCII armor#

The --armor option means “use ASCII armor”.

PGP documentation (RFC 4880) uses the term ASCII armor for binary-to-text encoding when referring to Base64.

GUI Clients# is nice



export SOPS_PGP_FP="4F8D9633CA819FDE9A454F2D9C1F4906BF00E5BD,9208D75C0F48FA5DCCAAAEA1D872C97EE9418CD3"
sops foo.yml

There is also a vscode plugin.