Learn Docker With My Newest Course

Dive into Docker takes you from "What is Docker?" to confidently applying Docker to your own projects. It's packed with best practices and examples. Start Learning Docker →

Updated on November 17th, 2020 in #linux

Creating and Managing a GPG Key Pair

blog/cards/creating-and-managing-a-gpg-key-pair.jpg

We'll go over how to create, edit, set a passphrase, revoke, export, backup and restore a GPG key pair.

Quick Jump: Going Over Everything | Cheatsheet

You can use your GPG key pair to encrypt files, sign your git commits, use it as an encryption strategy for various password managers like pass and more.

This video is going to focus on getting your key pair set up and go over the 90% of what you may encounter in your day to day when wanting to manage your key pair.

Going Over Everything

Timestamps

  • 0:47 – Using your gpg key for encrypting files, signing commits & password managers
  • 1:58 – Installing the gpg command line tool
  • 2:27 – Customizing your gnupg home directory (only for the sake of this video)
  • 3:18 – Checking to see if you already have a gpg key pair
  • 3:52 – Generating a secure gpg key pair with an expiration date
  • 7:56 – Editing your key, specifically updating your expiration date
  • 10:13 – Changing your gpg passphrase and keeping it safe
  • 11:35 – Creating a revoke certificate to maybe revoke your key pair on demand
  • 16:34 – Backing up and restoring your key pair and associated files
  • 18:09 – Exporting your gpg public key so you can share it with others
  • 19:51 – Configuring your gpg agent to cache your passphrase for a week
  • 21:42 – Recap

Cheatsheet

Here’s a reference to the commands run on video:

Install GnuPG on Debian / Ubuntu
sudo apt-get install gnupg

# Fix your gnupg home directory's permissions.
chmod 0700 ~/.gnupg/

# Optionally customize your gpg home directory (I only did it for the sake of the video).
export GNUPGHOME=/tmp/gnupg
List your GPG keys
gpg --list-keys
Generate a new GPG key pair
gpg --full-generate-key

# Pick RSA / RSA (1), 4096 bits and choose an expiration date.
Edit your GPG key’s expiration date
gpg --edit-key nick@example.com

# key 0
# expire [pick a new exp date]
# key 1
# expire [pick a new exp date]
# save

Here’s a list of other things you can edit: https://www.gnupg.org/gph/en/manual/r899.html

Change your GPG key’s passphrase
gpg --passwd nick@example.com
Generate and import a GPG revoke certificate
# You can skip this step if you're using GnuPG version 2.1 or above.
gpg --output revoke-nickexample.asc --gen-revoke nick@example.com

# Revoke the GPG key.
gpg --import revoke-nickexample.asc
Export your GPG public key
# Echo your public key to stdout.
gpg --export --armor nick@example.com

# Write your public key to a file.
gpp --export --armor --output nickexample.gpg.pub nick@example.com
Backup and restore your GPG key pair

You can backup the entire ~/.gnupg/ directory and restore it as needed. This is beneficial because it includes your GPG key pair, trust ring, gpg configuration and everything else that GnuPG needs to work.

Alternatively you can run this command to backup just your private key, which includes your public key too:

gpg --export-secret-keys --output --armor nickexample.gpg nick@example.com

You should never share this directory or private key with anyone.

Export your GPG public key
# Echo your public key to stdout.
gpg --export --armor nick@example.com

# Write your public key to a file.
gpg --export --armor --output nickexample.gpg.pub nick@example.com

This public key is safe to share with others.

Were you able to get your GPG key pair set up? Let me know below.

Never Miss a Tip, Trick or Tutorial

Like you, I'm super protective of my inbox, so don't worry about getting spammed. You can expect a few emails per month (at most), and you can 1-click unsubscribe at any time. See what else you'll get too.

Comments