# Using GnuPG from the command-line * create a password: ```dd if=/dev/urandom bs=64 count=4 |sha512sum |xxd -ps -r |base64``` * encrypt a password: `gpg -ase -r cba783ef --output=$HOME/path/to/passwords/file.asc` * decrypt a password: `gpg -d --output=- ~/path/to/password/file.asc` * sign software: `gpg -ab file.tar.xz` * verify software: `gpg --verify ~/ffff/smallwideworld-1.9.8.tar.xz.asc` * encrypt a file: `gpg -se -r cba783ef file.bin` * decrypt a file: `gpg -d --output=- ~/path/to/password/file.asc` * encrypt a file: `gpg -se -r cba783ef file.bin` * decrypt a file: `gpg file.bin.gpg` * import a public key: `gpg --import file.asc` * export your public key: `gpg --export -a cba783ef` * generate a key: `gpg --gen-key` OR `gpg --full-gen-key` * Query a key from keyserver: `gpg --recv-key keyid` * Query a key from specific keyserver: `gpg --keyserver pgp.mit.edu --recv-key keyid` * Upload your key to a specific keyserver: `gpg --keyserver pgp.mit.edu --send-key cba783ef` ## Options RSA is significantly more secure than DSA and Elgamal according to recent cryptography research. Both RSA and DSA have bad failure modes especially concerning weak random number generators. Key expiry is a major pain for new users. Setting an expiry of 1 year will almost always cause your key to expire unexpectedly, so know what you're getting into if you're setting your key to expire. Passwords for GnuPG keys are important, but don't create a password you're going to forget quickly. To get it fresh in your memory, use your newly created password at least 5 times over the first day. ## Advanced usage * Unexpire a key `gpg --edit-key keyid` `expire` `key 1` `expire` `save` Remember when unexpiring a key you must reset the expiry date for all sub keys. * Learn more about a PGP file: `gpg --list-packets file.asc` * Sign a commit with git: `git commit -S` * Show signatures in git log: `git log --show-signature`