Skip to main content
UmmIt

A Guide to GPG Keys: Managing, Importing, and Verifying

·434 words·3 mins· loading · loading ·
GPG Linux
UmmIt
Author
UmmIt
Loves to write about technology, and cybersecurity related topics :)
Table of Contents

What is GPG?
#

GPG, or GNU Privacy Guard, is a powerful open-source encryption software that provides cryptographic privacy and authentication for data communication. GPG keys play a central role in GPG’s functionality, enabling secure communication and verification of data integrity. In this guide, we’ll explore GPG keys and how to manage, import, delete, list, and verify them.

What Are GPG Keys?
#

At its core, GPG uses a pair of keys to secure your data: the public key and the private key. These keys are mathematically related but serve different purposes:

  • Public Key: This key is used to encrypt data and verify digital signatures. It can be shared openly with others.
  • Private Key: This key is used to decrypt data and create digital signatures. It must be kept secret and should never be shared.

Importing GPG Keys
#

Importing GPG keys is essential for establishing trust with other users and organizations. It allows you to verify data they’ve signed and encrypt data specifically for them. To import a GPG key, you can use the gpg --import command:

gpg --import mykey.asc

This command imports a GPG key from the mykey.asc file into your keyring.

Listing GPG Keys
#

Managing keys efficiently involves keeping track of them. To list your GPG keys, use the gpg --list-keys and gpg --list-secret-keys commands:

gpg --list-keys

This command displays a list of your public keys:

pub   rsa2048/0xDEADBEEF 2018-01-01
uid                  John Doe <[email protected]>
sub   rsa2048/0xC0FFEE01 2018-01-01

The output shows the key ID, key type (RSA), creation date, user ID, and any subkeys.

gpg --list-secret-keys

This command lists your secret (private) keys.

Deleting GPG Keys
#

If you need to remove a GPG key from your keyring, use the gpg --delete-key command followed by the key’s ID:

gpg --delete-key DEADBEEF

Replace DEADBEEF with the actual key ID.

Verifying Signatures with GPG
#

GPG allows you to verify the authenticity and integrity of files and messages by checking their digital signatures. To verify a signature, use the gpg --verify command:

gpg --verify file.tar.gz.sig

This command verifies the signature on the file.tar.gz archive using the associated .sig file.

Receiving Keys from a Key Server
#

When you need someone’s public key for secure communication, you can retrieve it from a key server using gpg --recv-key:

gpg --recv-key DEADBEEF

Replace DEADBEEF with the key ID of the key you want to retrieve. GPG will fetch the key from a key server and add it to your keyring.

Conclusion
#

GPG keys are the foundation for secure communication and data authentication. In this lesson, you will learn how to manage, import, list, delete, and validate.

Related

Mastering the Find Command: A Guide to Locating Specific File Extensions
·559 words·3 mins· loading · loading
Find Linux Tree
Super Handy Linux Command Tips That Will Transform Your Terminal Experience
·923 words·5 mins· loading · loading
Linux Terminal
Mastering Data Synchronization with Rsync: A Comprehensive Guide
·1265 words·6 mins· loading · loading
Linux Rsync
Building the Linux Kernel on your Linux System (systemd-boot): Step-by-Step Guide
··3748 words·18 mins· loading · loading
Linux Kernel
Using Different Linux Kernel Versions with systemd-boot and Bootctl
·582 words·3 mins· loading · loading
Linux Bootctl Boot-Loader
Navigating Linux Kernel Variants: Performance, Stability, Security, and Innovation
·437 words·3 mins· loading · loading
Linux Kernel