100 lines
2.4 KiB
Markdown
100 lines
2.4 KiB
Markdown
---
|
|
title: gpg cheatsheet
|
|
date: 2023-04-21T16:40:56+02:00
|
|
---
|
|
|
|
### List secret key with its subkeys:
|
|
|
|
```shell {lineanchors=list}
|
|
$ gpg --list-secret-keys --keyid-format long
|
|
```
|
|
|
|
### List secret key with all (including expired) subkeys:
|
|
|
|
```shell {lineanchors=list}
|
|
$ gpg --list-secret-keys --keyid-format long --list-options show-unusable-subkeys
|
|
```
|
|
|
|
### Add a new subkey:
|
|
|
|
```shell {lineanchors=add}
|
|
$ gpg --edit-key <masterkey-id>
|
|
gpg> addkey
|
|
...
|
|
gpg> save
|
|
```
|
|
|
|
### Add a new email/identity to existing key:
|
|
|
|
```shell {lineanchors=adduid}
|
|
$ gpg --edit-key <masterkey-id>
|
|
gpg> adduid
|
|
...
|
|
gpg> save
|
|
```
|
|
|
|
### Transfer subkey to other workstation:
|
|
|
|
```shell {lineanchors=transfer}
|
|
$ gpg --export --armor <masterkey-id> >masterkey-public.asc
|
|
$ gpg --export-secret-key --armor <subkey-id>! >subkey-private.asc
|
|
# on the target machine:
|
|
$ gpg --import masterkey-public.asc
|
|
$ gpg --import subkey-private.asc
|
|
# afterwards, shred the private key securely:
|
|
shred -u subkey-private.asc
|
|
```
|
|
|
|
### Or, transfer over ssh directly (might not work depending on setup):
|
|
|
|
```shell {lineanchors=transfer-ssh}
|
|
$ gpg --export --armor <masterkey-id> \
|
|
| ssh <target-host> 'gpg --import'
|
|
$ gpg --export-secret-key --armor <subkey-id>! \
|
|
| ssh <target-host> 'gpg --import'
|
|
```
|
|
|
|
### Check what keys are available on target:
|
|
|
|
```shell {lineanchors=check}
|
|
$ gpg --list-secret-keys --with-keygrip
|
|
```
|
|
|
|
### If the secret master key (`sec`) is available (no `#` suffix), delete it:
|
|
|
|
```shell {lineanchors=delete-sec}
|
|
$ gpg-connect-agent 'DELETE_KEY <master-keygrip>' /bye
|
|
```
|
|
|
|
### Reorder UID priorities:
|
|
|
|
```shell {lineanchors=reorder}
|
|
# Suppose Bob has these three identities, in that order:
|
|
[ unknown] (1). Bob <bob@example.com>
|
|
[ unknown] (2) Bob (work) <bob@example.company>
|
|
[ unknown] (3) Bob (git) <code@example.com>
|
|
|
|
# But now Bob wants to have them in this order:
|
|
[ unknown] (1). Bob <bob@example.com>
|
|
[ unknown] (2) Bob (git) <code@example.com>
|
|
[ unknown] (3) Bob (work) <bob@example.company>
|
|
|
|
# The dot after the number in parentheses indicates the
|
|
# currently selected key.
|
|
|
|
# Now, to reorder:
|
|
$ gpg --edit-key ...
|
|
gpg> uid 2
|
|
gpg> primary
|
|
gpg> save
|
|
$ gpg --edit-key ...
|
|
gpg> uid 3 # uid of next in order
|
|
gpg> primary
|
|
gpg> save
|
|
# Repeat as often as needed, in reverse order they should appear in.
|
|
```
|
|
|
|
### Some more useful links/explanations:
|
|
|
|
- [How to un-revoke an key/uid](https://lists.gnupg.org/pipermail/gnupg-users/2007-April/030724.html)
|