c8h4/c8h4.io
1
0
Fork 0
Code Issues Actions Activity
c8h4.io/content/gpg-cheatsheet.md
Christoph Heiss 25ce4282b5
content: gpg-cheatsheet: Add instructions too also list expired subkeys 
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
2023-09-21 19:22:58 +02:00

100 lines
2.4 KiB
Markdown
Raw Blame History

---
title: gpg cheatsheet
date: 2023-04-21T16:40:56+02:00
---
### List secret key with its subkeys:
```shell {lineanchors=list}
$ gpg --list-secret-keys --keyid-format long
```
### List secret key with all (including expired) subkeys:
```shell {lineanchors=list}
$ gpg --list-secret-keys --keyid-format long --list-options show-unusable-subkeys
```
### Add a new subkey:
```shell {lineanchors=add}
$ gpg --edit-key <masterkey-id>
gpg> addkey
...
gpg> save
```
### Add a new email/identity to existing key:
```shell {lineanchors=adduid}
$ gpg --edit-key <masterkey-id>
gpg> adduid
...
gpg> save
```
### Transfer subkey to other workstation:
```shell {lineanchors=transfer}
$ gpg --export --armor <masterkey-id> >masterkey-public.asc
$ gpg --export-secret-key --armor <subkey-id>! >subkey-private.asc
# on the target machine:
$ gpg --import masterkey-public.asc
$ gpg --import subkey-private.asc
# afterwards, shred the private key securely:
shred -u subkey-private.asc
```
### Or, transfer over ssh directly (might not work depending on setup):
```shell {lineanchors=transfer-ssh}
$ gpg --export --armor <masterkey-id> \
| ssh <target-host> 'gpg --import'
$ gpg --export-secret-key --armor <subkey-id>! \
| ssh <target-host> 'gpg --import'
```
### Check what keys are available on target:
```shell {lineanchors=check}
$ gpg --list-secret-keys --with-keygrip
```
### If the secret master key (`sec`) is available (no `#` suffix), delete it:
```shell {lineanchors=delete-sec}
$ gpg-connect-agent 'DELETE_KEY <master-keygrip>' /bye
```
### Reorder UID priorities:
```shell {lineanchors=reorder}
# Suppose Bob has these three identities, in that order:
[ unknown] (1). Bob <bob@example.com>
[ unknown] (2) Bob (work) <bob@example.company>
[ unknown] (3) Bob (git) <code@example.com>
# But now Bob wants to have them in this order:
[ unknown] (1). Bob <bob@example.com>
[ unknown] (2) Bob (git) <code@example.com>
[ unknown] (3) Bob (work) <bob@example.company>
# The dot after the number in parentheses indicates the
# currently selected key.
# Now, to reorder:
$ gpg --edit-key ...
gpg> uid 2
gpg> primary
gpg> save
$ gpg --edit-key ...
gpg> uid 3 # uid of next in order
gpg> primary
gpg> save
# Repeat as often as needed, in reverse order they should appear in.
```
### Some more useful links/explanations:
- [How to un-revoke an key/uid](https://lists.gnupg.org/pipermail/gnupg-users/2007-April/030724.html)
Reference in a new issue View git blame Copy permalink