Title: GPG2 cheatsheet
       Author: Solène
       Date: 06 September 2019
       Tags: security
       Description: 
       
       ## Introduction
       
       I don't use gpg a lot but it seems the only tool out there for
       encrypting data
       which "works" and widely used.
       
       So this is my personal cheatsheet for everyday use of gpg.
       
       In this post, I use the command `gpg2` which is the binary to GPG
       version 2.
       On your system, "gpg" command could be gpg2 or gpg1.
       You can use `gpg --version `if you want to check the real version
       behind gpg
       binary.
       
       In your *~/.profile* file you may need the following line:
       
           export GPG_TTY=$(tty)
       
       
       ## Install GPG
       
       The real name of GPG is GnuPG, so depending on your system the package
       can be
       either gpg2, gpg, gnupg, gnugp2 etc...
       
       On OpenBSD, you can install it with: `pkg_add gnupg--%gnupg2`
       
       
       ## GPG Principle using private/public keys
       
       - YOU make a private and a public key (associated with a mail)
       - YOU give the public key to people
       - PEOPLE import your public key into they keyring
       - PEOPLE use your public key from the keyring
       - YOU will need your password everytime
       
       I think gpg can do much more, but read the manual for that :)
       
       
       ## Initialization
       
       We need to create a public and a private key.
       
           solene$ gpg2 --gen-key
           gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation,
       Inc.
           This is free software: you are free to change and redistribute it.
           There is NO WARRANTY, to the extent permitted by law.
       
       generation dialog.
       
       
       validate
       with "O" if you are okay with the input. You will get ask for a
       passphrase
       after.
       
           Email address: solene@domain.example
           You selected this USER-ID:
               "Solene <solene@domain.example>"
       
           We need to generate a lot of random bytes. It is a good idea to
       perform
           some other action (type on the keyboard, move the mouse, utilize
       the
           disks) during the prime generation; this gives the random number
           generator a better chance to gain enough entropy.
           We need to generate a lot of random bytes. It is a good idea to
       perform
           some other action (type on the keyboard, move the mouse, utilize
       the
           disks) during the prime generation; this gives the random number
           generator a better chance to gain enough entropy.
           gpg: key 368E580748D5CA75 marked as ultimately trusted
           gpg: revocation certificate stored as
       '/home/solene/.gnupg/openpgp-revocs.d/7914C6A7439EADA52643933B368E58074
       8D5CA75.rev'
           public and secret key created and signed.
       
                 7914C6A7439EADA52643933B368E580748D5CA75
           uid                    Solene <solene@domain.example>
           sub   rsa2048 2019-09-06 [E] [expires: 2021-09-05]
       
       The key will expire in 2 years, but this is okay.
       This is a good thing, if you stop using the key, it will die silently
       at it
       expiration time.
       If you still use it, you will be able to extend the expiracy time and
       people
       will be able to notice you still use that key.
       
       ## Export the public key
       
       If someone asks your GPG key, this is what they want:
       
           gpg2 --armor --export solene@domain.example > solene.asc
       
       
       ## Import a public key
       
       Import the public key:
       
           gpg2 --import solene.asc
       
       If you want to mark this signature as trusted:
       
           gpg --edit-key FINGERPRINT_HERE
           > sign
           # do you want to sign? (y/n): y
           > save
       
       
       
       ## Delete a public key
       
       In case someone change their public key, you will want to delete it to
       import a
       new one, replace $FINGERPRINT by the actual fingerprint of the public
       key.
       
           gpg2 --delete-keys $FINGERPRINT
       
       
       ## Encrypt a file for someone
       
       If you want to send file *picture.jpg* to remote@mail then use the
       command:
       
           gpg2 --encrypt --recipient remote@domain.example picture.jpg >
       picture.jpg.gpg
       
       You can now send picture.jpg.gpg to remote@mail who will be able to
       read the
       file with his/her private key.
       
       You can use `--armor`` parameter to make the output plaintext, so you
       can put
       it into a mail or a text file.
       
       
       ## Decrypt a file
       
       Easy!
       
           gpg2 --decrypt image.jpg.gpg > image.jpg
       
       
       ## Get public key fingerprint
       
       The fingerprint is a short string made out of your public key and can
       be
       embedded in a mail (often as a signature) or anywhere.
       
       It allows comparing a public key you received from someone with the
       fingerprint
       that you may find in mailing list archives, twitter, a html page etc..
       if the
       person spreaded it somewhere. This allow to multiple check the
       authenticity of
       the public key you received.
       
       it looks like:
       
           4398 3BAD 3EDC B35C 9B8F  2442 8CD4 2DFD 57F0 A909
       
       This is my real key fingerprint, so if I send you my public key, you
       can use
       the fingerprint from this page to check it matches the key you
       received!
       
       You can obtain your fingerprint using the following command:
       
           solene@t480 ~ $ gpg2 --fingerprint
           pub   rsa4096 2018-06-08 [SC]
                 4398 3BAD 3EDC B35C 9B8F  2442 8CD4 2DFD 57F0 A909
           uid          [  ultime ] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
           sub   rsa4096 2018-06-08 [E]
       
       
       ## Add a new mail / identity
       
       If for some reason, you need to add another mail to your GPG key (like
       personal/work keys) you can create a new identity with the new mail.
       
       Type `gpg2 --edit-key solene@domain.example` and then in the prompt,
       type `adduid`
       and answer questions.
       
       You can now export the public key with a different identity.
       
       
       ## List known keys
       
       If you want to get the list of keys you imported, you can use
       
           gpg2 -k
       
       
       ## Testing
       
       If you want to do some tests, I'd recommend making new users on your
       system,
       exchanges their keys and try to encrypt a message from one user to
       another.
       
       I have a few spare users on my system on which I can ssh locally for
       various
       tests, it is always useful.