What is GPG / PGP?

GnuPG (aka GPG) is an implementation of standard known as PGP (Pretty Good Privacy). It uses a system of “Public” and “Private” keys for the encryption and signing of message or data.

Private Key

Private keys are the first half of a GPG key which is used to decrypt messages that are encrypted using public keys.
Also used for signing messages - a way to prove that you own the key.
Obviously, you must not share the private keys anywhere.

Public Key

Public keys are the second half of a GPG key which is used to encrypt messages for the owner of private key.
It is safe to share it anywhere publicly, as it can only be used to encrypt messages for the owner of the private key. In simple terms, owning just the public key is useless unless you own the private key.

Why Use GPG?

GPG (GNU Privacy Guard) provides encryption and digital signing to:

Protect the confidentiality and integrity of your communications.
Authenticate the sender of messages or files.

GPG Usage

Generating Key Pair

To use GPG, first you must generate a key pair:

gpg --generate-key

Note: Use “gpg --full-generate-key” for a full featured key generation dialog.

Follow prompts to choose:
- Key type (usually RSA is recommended for beginners).
- Key Size (2048 bits minimum; 4096 bits offer stronger security).
- Expiration Date (optional, but recommended).
- Your used ID information (name, email).
- A strong passphrase to protect your private key.

List GPG Keys

gpg -k #shows public keys   | gpg --list-keys
gpg -K #showw private keys  | gpg --list-secret-keys

Note: Use --keyid-format LONG to see more details of key IDs in long format.

Delete GPG Keys

--delete-keys (removes only the public key)
--delete-secret-keys(removes only the private key)
--delete-secret-and-public-keys (removes both public & private key)

Example:

$ gpg --delete-secret-and-public-keys "Test"
gpg (GnuPG) 2.4.7; Copyright (C) 2024 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


sec  ed25519/096719FFE9848B1D 2025-08-20 Test <test@mail.com>

Delete this key from the keyring? (y/N) Y
This is a secret key! - really delete? (y/N) Y

pub  ed25519/096719FFE9848B1D 2025-08-20 Test <test@mail.com>

Delete this key from the keyring? (y/N) y

Export Public Keys

~$ gpg -k
[keyboxd]
---------
pub   ed25519 2025-08-20 [SC] [expires: 2028-08-19]
      B68B0C6CF2DCFA3528010218096719FFE9848B1D
uid           [ultimate] Test <test@mail.com>
sub   cv25519 2025-08-20 [E] [expires: 2028-08-19]

Export using your “Name” or “Email”:

gpg --armor --export "Test" #using name
gpg --armor --export "test@mail.com" #using email

Export using your GPG KeyID:

# copy the code below the "pub" line
gpg --armor --export B68B0C6CF2DCFA3528010218096719FFE9848B1D

Note: --armor shows the public key in human readable format.

Import Public Keys

Import others public keys to your keyring to encrypt messages for them:

# use this file: gpg --export "Test" > public_key.asc
gpg --import public_key.asc

Sign & Verify

To Prove Authenticity

gpg --sign file.txt
#to sign as another private key owner
gpg --default-key SIGNING_KEY --sign file.txt
# replace SIGNING_KEY with EMAIL/NAME

To check authenticity of a signed message.

gpg --verify file.txt.gpg
#to verify as another private key owner
gpg --default-key "Test" --verify file.txt.gpg

Encrypt & Decrpt

#encrypt
gpg -e -r "Recipient NAME or EMAIL or SIGNING_KEY" file.txt

#decrypt
gpg -d -r "Recipient NAME or EMAIL or SIGNING_KEY" file.txt.gpg > decrypted.txt

Note: Using -r allows to you perform actions as another private key owner, otherwise it uses the default GPG key available in your system.

Things To Know

GPG Keyring

A GPG Keyring is essentially a collection of database of public and private key that GPG stores and manages for you. It organizes and holds your keys for encryption, decryption, and signing operations.

How It Works?

You can import keys into keyring from trusted sources or export keys to share.

Basically, the public keys are frequently access and stored unencrypted since they are openly shared.
Private keys are kept encrypted with your passphrase for security and stored separately to protect again unauthorized use.

Keyring Components

Public keyring:

Stores the public keys of your and others. These keys are used to encrypt messages or verify signatures.
Stored in a file named pubring.kbx.

Private keyring:

Stored your private keys, which are kept encrypted and protected. These keys allow you to decrypt messages and create digital signatures.
Stored in folder named private-keys-v1.d.

What is GPG / PGP?#

Private Key#

Public Key#

Why Use GPG?#

GPG Usage#

Generating Key Pair#

List GPG Keys#

Delete GPG Keys#

Export Public Keys#

Import Public Keys#

Sign & Verify#

Encrypt & Decrpt#

Things To Know#

GPG Keyring#

How It Works?#

Keyring Components#