Creating and Managing a GPG Key Pair
We'll go over how to create, edit, set a passphrase, revoke, export, backup and restore a GPG key pair.
This video is going to focus on getting your key pair set up and go over the 90% of what you may encounter in your day to day when wanting to manage your key pair.
Going Over Everything
- 0:47 – Using your gpg key for encrypting files, signing commits & password managers
- 1:58 – Installing the gpg command line tool
- 2:27 – Customizing your gnupg home directory (only for the sake of this video)
- 3:18 – Checking to see if you already have a gpg key pair
- 3:52 – Generating a secure gpg key pair with an expiration date
- 7:56 – Editing your key, specifically updating your expiration date
- 10:13 – Changing your gpg passphrase and keeping it safe
- 11:35 – Creating a revoke certificate to maybe revoke your key pair on demand
- 16:34 – Backing up and restoring your key pair and associated files
- 18:09 – Exporting your gpg public key so you can share it with others
- 19:51 – Configuring your gpg agent to cache your passphrase for a week
- 21:42 – Recap
Here’s a reference to the commands run on video:
Install GnuPG on Debian / Ubuntu
sudo apt-get install gnupg # Fix your gnupg home directory's permissions. chmod 0700 ~/.gnupg/ # Optionally customize your gpg home directory (I only did it for the sake of the video). export GNUPGHOME=/tmp/gnupg
List your GPG keys
Generate a new GPG key pair
gpg --full-generate-key # Pick RSA / RSA (1), 4096 bits and choose an expiration date.
Edit your GPG key’s expiration date
gpg --edit-key firstname.lastname@example.org # key 0 # expire [pick a new exp date] # key 1 # expire [pick a new exp date] # save
Here’s a list of other things you can edit: https://www.gnupg.org/gph/en/manual/r899.html
Change your GPG key’s passphrase
gpg --passwd email@example.com
Generate and import a GPG revoke certificate
# You can skip this step if you're using GnuPG version 2.1 or above. gpg --output revoke-nickexample.asc --gen-revoke firstname.lastname@example.org # Revoke the GPG key. gpg --import revoke-nickexample.asc
Export your GPG public key
# Echo your public key to stdout. gpg --export --armor email@example.com # Write your public key to a file. gpp --export --armor --output nickexample.gpg.pub firstname.lastname@example.org
Backup and restore your GPG key pair
You can backup the entire
~/.gnupg/ directory and restore it as needed. This is beneficial because it includes your GPG key pair, trust ring, gpg configuration and everything else that GnuPG needs to work.
Alternatively you can run this command to backup just your private key, which includes your public key too:
gpg --export-secret-keys --output --armor nickexample.gpg email@example.com
You should never share this directory or private key with anyone.
Export your GPG public key
# Echo your public key to stdout. gpg --export --armor firstname.lastname@example.org # Write your public key to a file. gpg --export --armor --output nickexample.gpg.pub email@example.com
This public key is safe to share with others.
Were you able to get your GPG key pair set up? Let me know below.