Appearance
GPG Cheatsheet
This is a quick reference for the most common GPG commands. It assumes you already have a key pair.
Use this for files, signing, and Git commits.
Key Management
| Task | Command (Linux) | Notes |
|---|---|---|
| List your keys | gpg --list-keys | Shows public keys |
| List secret keys | gpg --list-secret-keys | Shows private keys |
| Generate a new key pair | gpg --full-generate-key | Follow prompts, choose type and passphrase |
| Export public key | gpg --export -a "Name" > public.key | Send this to others |
| Export private key | gpg --export-secret-keys -a "Name" > private.key | Backup only, never share |
| Import a key | gpg --import filename.key | For receiving someone’s public key |
| Create revocation certificate | gpg --output revoke.asc --gen-revoke "Name" | Keep offline |
Encrypt / Decrypt Files
| Task | Command | Notes |
|---|---|---|
| Encrypt a file | gpg -e -r "Recipient Name" file.txt | Produces file.txt.gpg |
| Decrypt a file | gpg -d file.txt.gpg > file.txt | Requires private key |
| Encrypt for multiple recipients | gpg -e -r "Alice" -r "Bob" file.txt | Only listed recipients can decrypt |
Sign / Verify Files
| Task | Command | Notes |
|---|---|---|
| Sign a file (detached) | gpg --detach-sign file.txt | Creates file.txt.sig |
| Verify signature | gpg --verify file.txt.sig file.txt | Checks file integrity and signer |
| Sign a file (inline) | gpg --clearsign file.txt | Signature embedded in the file |
Git Commit Signing
| Task | Command | Notes |
|---|---|---|
| Set default GPG key in Git | git config --global user.signingkey <KEY_ID> | Use your private key ID |
| Sign a commit | git commit -S -m "Commit message" | -S signs the commit |
| Verify commits | git log --show-signature | Shows which commits are signed |
Tips
- Always backup your private key and revocation certificate
- Never share your private key
- Use strong passphrases and rotate keys if compromised
- Check your key fingerprints before sharing