GPG stands for GnuPG, GNU Privacy Guard.
wnoguchi@lasthope:~/.gnupg$ ls -ld ~/.gnupg/ drwx------ 5 wnoguchi wnoguchi 4096 Feb 6 18:56 /home/wnoguchi/.gnupg/ wnoguchi@lasthope:~/.gnupg$ ls -l ~/.gnupg/ total 36 drwx------ 2 wnoguchi wnoguchi 4096 Feb 4 12:48 crls.d -rw-rw-r-- 1 wnoguchi wnoguchi 44 Jan 30 15:11 gpg-agent.conf drwx------ 2 wnoguchi wnoguchi 4096 Feb 6 18:55 openpgp-revocs.d drwx------ 2 wnoguchi wnoguchi 4096 Feb 4 12:18 private-keys-v1.d -rw-rw-r-- 1 wnoguchi wnoguchi 6997 Feb 4 20:36 pubring.kbx -rw-rw-r-- 1 wnoguchi wnoguchi 4530 Feb 4 12:48 pubring.kbx~ -rw------- 1 wnoguchi wnoguchi 1200 Jan 30 10:38 trustdb.gpg
If you not configured default keys for signing or encryption in ~/.gnupg/gpg.conf
.
gpg --default-key ABCDEF123456 ...
If you feel this argument harmful, configure already ~/.gnupg/gpg.conf
default-key ABCDEF123456
gpg --export --armor EB46F8D643EF3A7CD686C002B4A5CEBBF13A8F59 | tee -a /var/tmp/wataru.noguchi.keys.gpg.asc
gpg --recv-keys D94AA3F0EFE21092
gpg: key D94AA3F0EFE21092: 2 duplicate signatures removed gpg: key D94AA3F0EFE21092: 64 signatures not checked due to missing keys gpg: /home/wnoguchi/.gnupg/trustdb.gpg: trustdb created gpg: key D94AA3F0EFE21092: public key "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>" imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1
gpg --fetch-keys https://pg1x.com/files/public-keys/gpg/wataru.noguchi.asc
Following command generates ASCII based signature SHA512SUMS.gpg of SHA512SUMS. I think most commonly used for software verification checksum files.
gpg --detach-sign --armor --output SHA512SUMS.gpg SHA512SUMS
gpg --sign-key ABCDEF123456
wnoguchi@hotaru:~/focal$ gpg --verify SHA256SUMS.gpg SHA256SUMS gpg: Signature made Thu 23 Apr 2020 10:46:21 PM JST gpg: using RSA key D94AA3F0EFE21092 gpg: Good signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092
Verify SHA256 Checksum
grep ubuntu-20.04-live-server-amd64.iso SHA256SUMS | sha256sum -c
ubuntu-20.04-live-server-amd64.iso: OK
gpg --encrypt --sign --recipient 'wnoguchi@gp1x.com' gitlab-recovery-codes.txt
gpg --encrypt --sign --default-recipient-self gitlab-recovery-codes.txt
If you not configured encryption key, get error:
wnoguchi@lasthope:~/Downloads$ gpg --encrypt --sign --recipient 'wnoguchi@gp1x.com' gitlab-recovery-codes.txt gpg: error retrieving 'wnoguchi@gp1x.com' via WKD: No data gpg: wnoguchi@gp1x.com: skipped: No data gpg: gitlab-recovery-codes.txt: sign+encrypt failed: No data
gpg -o gitlab-recovery-codes.txt --decrypt gitlab-recovery-codes.txt.gpg
for future
gpg --output ~/.gnupg/openpgp-revocs.d/EB46F8D643EF3A7CD686C002B4A5CEBBF13A8F59.rev --gen-revoke EB46F8D643EF3A7CD686C002B4A5CEBBF13A8F59
wnoguchi@lasthope:~/.gnupg$ mkdir openpgp-revocs.d wnoguchi@lasthope:~/.gnupg$ chmod 700 openpgp-revocs.d wnoguchi@lasthope:~/.gnupg$ gpg --output ~/.gnupg/openpgp-revocs.d/EB46F8D643EF3A7CD686C002B4A5CEBBF13A8F59.rev --gen-revoke EB46F8D643EF3A7CD686C002B4A5CEBBF13A8F59 sec rsa4096/B4A5CEBBF13A8F59 2020-03-07 Wataru Noguchi <wnoguchi@pg1x.com> Create a revocation certificate for this key? (y/N) y Please select the reason for the revocation: 0 = No reason specified 1 = Key has been compromised 2 = Key is superseded 3 = Key is no longer used Q = Cancel (Probably you want to select 1 here) Your decision? 1 Enter an optional description; end it with an empty line: > Reason for revocation: Key has been compromised (No description given) Is this okay? (y/N) y ASCII armored output forced. Revocation certificate created. Please move it to a medium which you can hide away; if Mallory gets access to this certificate he can use it to make your key unusable. It is smart to print this certificate and store it away, just in case your media become unreadable. But have some caution: The print system of your machine might store the data and make it available to others!
trust my key or someone trust key
gpg: Signature made Sun 07 Feb 2021 10:50:14 AM JST gpg: using RSA key EB46F8D643EF3A7CD686C002B4A5CEBBF13A8F59 gpg: Good signature from "Wataru Noguchi <wnoguchi@pg1x.com>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: EB46 F8D6 43EF 3A7C D686 C002 B4A5 CEBB F13A 8F59
gpg --edit-key <id> trust
wnoguchi@lasthope:~/Downloads$ gpg --edit-key EB46F8D643EF3A7CD686C002B4A5CEBBF13A8F59 trust gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. sec rsa4096/B4A5CEBBF13A8F59 created: 2020-03-07 expires: 2022-03-07 usage: SC trust: unknown validity: unknown ssb rsa4096/0B01C2C37A3C328D created: 2020-03-07 expires: 2022-03-07 usage: E [ unknown] (1). Wataru Noguchi <wnoguchi@pg1x.com> sec rsa4096/B4A5CEBBF13A8F59 created: 2020-03-07 expires: 2022-03-07 usage: SC trust: unknown validity: unknown ssb rsa4096/0B01C2C37A3C328D created: 2020-03-07 expires: 2022-03-07 usage: E [ unknown] (1). Wataru Noguchi <wnoguchi@pg1x.com> Please decide how far you trust this user to correctly verify other users' keys (by looking at passports, checking fingerprints from different sources, etc.) 1 = I don't know or won't say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately m = back to the main menu Your decision? 5 Do you really want to set this key to ultimate trust? (y/N) y sec rsa4096/B4A5CEBBF13A8F59 created: 2020-03-07 expires: 2022-03-07 usage: SC trust: ultimate validity: unknown ssb rsa4096/0B01C2C37A3C328D created: 2020-03-07 expires: 2022-03-07 usage: E [ unknown] (1). Wataru Noguchi <wnoguchi@pg1x.com> Please note that the shown key validity is not necessarily correct unless you restart the program. gpg> quit