gpg Cheatsheet - Launch Pad

__ _______________________ _________._________________________ \_ _____/ \______ \ / _ \ / _____/ / _____/ | | \_ _____/ | __) | _/ / /_\ \ / \ ___ / \ ___ | | | __)_ | \ | | \ / | \ \ \_\ \ \ \_\ \ | |___ | \ \___ / |____|_ / \____|__ / \______ / \______ / |_______ \ /_______ / \/ \/ \/ \/ \/ \/ \/

Quick reference for gpg (GNU Privacy Guard), used for encryption, signing, and key management following the OpenPGP standard.

Key management

gpg --full-generate-key – interactive key generation.
gpg --list-keys / gpg --list-secret-keys – list public/secret keys.
gpg --delete-key <ID> – delete a public key.
gpg --delete-secret-key <ID> – delete a secret key.

Export / import keys

gpg --export -a <ID> > public.asc – export public key (ASCII armored).
gpg --export-secret-keys -a <ID> > secret.asc – export secret key (backup only).
gpg --import public.asc – import a key.
gpg --recv-key <ID> – fetch from keyserver (if configured).

Encrypt / decrypt

gpg -e -r <recipient> file – encrypt to recipient’s key.
gpg -d file.gpg – decrypt a file.
echo "secret" | gpg -e -r <recipient> > secret.txt.gpg – encrypt from stdin.

Signing

gpg -s file – create a binary signature.
gpg -sa file – create an ASCII-armored signature.
gpg --clear-sign file – cleartext sign (visible content + signature block).
gpg --verify file.sig file – verify a detached signature.

Trust and IDs

gpg --edit-key <ID> – manage key, set trust, add UIDs, etc.
gpg --fingerprint <ID> – show key fingerprint.
Verify fingerprints out-of-band (in person, chat, etc.) before trusting.

Tips

Use a modern key type (ed25519 or cv25519) where available.
Back up your secret key and revoke certificate somewhere safe.
Combine gpg with pass and git for a simple password manager.