edgecase
Author: StJohn Piano
Published: 2019-04-01
Datafeed Article 94
This article has been digitally signed by Edgecase Datafeed.
This article has been digitally signed by its author.
4677 words - 1490 lines - 38 pages





CONTENTS



- List of Commands
- Basic GPG Commands
- Basic GPG Commands With Example Output
- Additional Information










LIST OF COMMANDS



1) Create key
2) Display key
2a) Display public key details
2b) Display private key details
3) Display details of all keys
3a) Display details of all public keys
3b) Display details of all private keys
4) Export key
4a) Export public key
4b) Export private key
5) Delete key
5a) Delete public key
5b) Delete private key
6) Import key
6a) Import public key
6b) Import private key
7) Sign a file using a specific key, producing a detached signature file
8) Verify the detached signature of a file, checking that the signature was made by a specific key
9) Encrypt a message file to a specific public key
10) Decrypt an encrypted message file, checking that the decryption was performed using a specific private key.















BASIC GPG COMMANDS





These commands were tested on GPG 1.4.10 on Centos 7.6.
Link: Testing GPG 1.4.10.
For some commands, not all possible input types were tested. The tested input types are listed in the "Additional Information" section.




Notes:
- These commands emphasise the use of real names, fingerprints, and ASCII armor.
- A GPG 'key' is really a keypair - a private key and a public key.
- A GPG key contains a primary keypair and a subkeypair. The primary keypair is used for signing. The subkeypair is used for encryption. Other people's encrypted messages are encrypted to the public subkey. The private subkey is used to decrypt messages.
- A key fingerprint is (or should be) derived in some way from the hash of a public key. It is a shorthand way to reference the key in a manner that has a good uniqueness guarantee but is shorter than the entire key. User-assigned names can always be duplicated by a third party, who might wish to create a counterfeit key. A short key ID (the last 8 characters of the fingerprint) is insecure because it is feasible for a third party to attempt to generate another key with the same short key ID. Sadly, GPG appears to rely internally much more on the short key ID than on the fingerprint. I have attempted, as much as possible, to choose GPG workflows that rely on the fingerprint. The real name may be used for convenience, but the fingerprint should be used within scripts.
- Problem: I was unable to specify a key by fingerprint when decrypting an encrypted file. I found that the public key contains a subkey, to which messages are encrypted. This subkey's short key ID is displayed in the output of the decryption command. I couldn't find a way to show the subkey's fingerprint in the output of the decryption command. I did find that the command
gpg --list-packets message.txt.asc
displays the subkey's long key ID.




1) Create key

gpg --gen-key


Interactive steps during key generation:
- 1) key type = "1" (RSA and RSA)
- 2) key size = "4096"
- 3) expiry period = "0" (never)
- 4) confirm expiry period = "y"
- 5) real name = "[your name or handle]"
- 6) email address = "[your email address]"
- 7) comment = "[comment or empty string]"
- 8) confirm real name, email address, and comment = "o"
- 9) passphrase = "[passphrase or empty string]"
- 10) confirm passphrase = "[passphrase or empty string]"
- 11) [wait for random bytes to be generated]

Warning: If you input a passphrase, you must record / remember it, else later you will not be able to access your key (GPG uses the passphrase to encrypt the key data).




2) Display key


2a) Display public key details

gpg --list-keys [key]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. The fingerprint should not include spaces.

Add
--fingerprint
to the command to also display the key fingerprint.


2b) Display private key details

gpg --fingerprint --list-secret-keys [key]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. The fingerprint should not include spaces.




3) Display details of all keys


3a) Display details of all public keys

gpg --list-keys


Add
--fingerprint
to the command to also display the key fingerprint.


3b) Display details of all private keys

gpg --list-secret-keys


Add
--fingerprint
to the command to also display the key fingerprint.




4) Export key


4a) Export public key

gpg --armor --export [key]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. The fingerprint should not include spaces.

Redirect the output to a file to save the key.


4b) Export private key

gpg --armor --export-secret-keys [key]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. The fingerprint should not include spaces.

Redirect the output to a file to save the key.




5) Delete key


5a) Delete public key

gpg --delete-keys [key]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. The fingerprint should not include spaces.

Note: This command won't work if an associated private key is stored in the GPG internal database. You have to delete the private key first.


5b) Delete private key

gpg --delete-secret-keys [key]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. The fingerprint should not include spaces.



6) Import key


6a) Import public key

gpg --import [file_name]


where [file_name] is the name of the file containing a GPG public key.


6b) Import private key

gpg --import [file_path]


where [file_name] is the name of the file containing a GPG private key.

Note: Importing a private key causes GPG to construct and store the corresponding public key.




7) Sign a file using a specific key, producing a detached signature file

gpg --detach-sign --armor --local-user [key] [file_name]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. The fingerprint should not include spaces.

and where [file_name] is the name of the file-to-be-signed.

Notes:
- The detached signature file will have the name
[file_name].asc
.
- The option
--output [output_file_name]
allows you to specify the name of the detached signature file. I have not tested this.




8) Verify the detached signature of a file, checking that the signature was made by a specific key

gpg --verify [file_name].asc [file_name]


where [file_name].asc is the name of the detached signature file and [file_name] is the name of the original file.

Add
--status-fd 1
to the command to also display the fingerprint of the key that made the signature.

Use
grep
to filter the output for a specific fingerprint and
wc -l
to turn this into a binary result (0 or 1). This works only because the fingerprint (without spaces) will be included on only 1 line of the output.

Note: I found that the GPG output is sent to stderr. Redirecting it to stdout using
2>&1
stops it being printed to the terminal when using
grep
+
wc -l
.




9) Encrypt a message file to a specific public key

gpg --encrypt --recipient [key] --armor [file_name]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. The fingerprint should not include spaces.

and where [file_name] is the name of the file-to-be-encrypted.

Notes:
- The encrypted file will be called
[file_name].asc
.
- The option
--output [output_file_name]
allows you to specify the name of the encrypted file. I have not tested this.




10) Decrypt an encrypted message file, checking that the decryption was performed using a specific private key.

gpg --decrypt --output [file_name] [file_name].asc


where [file_name] is the name of the decrypted file (to be created by this command) and [file_name].asc is the name of the detached signature file.

Notes:
- A GPG key contains a primary keypair and a subkeypair. The primary keypair is used for signing. The subkeypair is used for encryption. Other people's encrypted messages are encrypted to the public subkey. The private subkey is used to decrypt messages.
- You will be able to see that the short key ID in the decryption output is not that of the main public key. This short key ID will be visible in the output of
gpg --list-keys
as the short key ID of the subkey of the main public key.

The earlier item "8) Verify the detached signature of a file, checking that the signature was made by a specific key" describes how to use the tools
grep
and
wc -l
to produce a binary result for checking that a particular fingerprint is present in the output. A similar approach can be used here to check that a specific short key ID is present in the output, although this is insecure. Checking for a long key ID or fingerprint would be much better.

The
gpg --list-packets [encrypted_file_name]
command can be used to view the long key ID of the public subkey of the main public key to which the file is encrypted. However, I don't know how to choose a public key in the GPG database and display the long key ID of its public subkey.




















BASIC GPG COMMANDS WITH EXAMPLE OUTPUT





1) Create key

gpg --gen-key


Interactive steps during key generation:
- 1) key type = "1" (RSA and RSA)
- 2) key size = "4096"
- 3) expiry period = "0" (never)
- 4) confirm expiry period = "y"
- 5) real name = "[your name or handle]"
- 6) email address = "[your email address]"
- 7) comment = "[comment or empty string]"
- 8) confirm real name, email address, and comment = "o"
- 9) passphrase = "[passphrase or empty string]"
- 10) confirm passphrase = "[passphrase or empty string]"
- 11) [wait for random bytes to be generated]

Warning: If you input a passphrase, you must record / remember it, else later you will not be able to access your key (GPG uses the passphrase to encrypt the key data).

Example:

[spiano@localhost ~]$ gpg --gen-key

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 4096 Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 0 Key does not expire at all Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>" Real name: Test Key 1 Email address: n/a Not a valid email address Email address: n@a Comment: You selected this USER-ID: "Test Key 1 <n@a>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key. You don't want a passphrase - this is probably a *bad* idea! I will do it anyway. You can change your passphrase at any time, using this program with the option "--edit-key". We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. +++++ .........................+++++ We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ..........+++++ ..+++++ gpg: key 479D9006 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u pub 4096R/479D9006 2019-03-04 Key fingerprint = 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04





2) Display key


2a) Display public key details

gpg --list-keys [key]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. The fingerprint should not include spaces.

Add
--fingerprint
to the command to also display the key fingerprint.

Example:

[spiano@localhost ~]$ gpg --list-keys "Test Key 1"

pub 4096R/479D9006 2019-03-04 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04


479D9006 is the short key ID.

Example:

[spiano@localhost work]$ gpg --fingerprint --list-keys "Test Key 1"

pub 4096R/479D9006 2019-03-04 Key fingerprint = 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04


Note that the fingerprint is displayed with spaces, but is not used with spaces in commands.


2b) Display private key details

gpg --fingerprint --list-secret-keys [key]


where [key] is any of the following: real name, short key ID, email address, or fingerprint.

Example:

[spiano@localhost work]$ gpg --fingerprint --list-secret-keys "Test Key 1"

sec 4096R/479D9006 2019-03-04 Key fingerprint = 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006 uid Test Key 1 <n@a> ssb 4096R/36BDD5FA 2019-03-04


Note "sec" instead of "pub" in the output in the first row. I think that this is "secret" vs "public".




3) Display details of all keys


3a) Display details of all public keys

gpg --list-keys


Add
--fingerprint
to the command to also display the key fingerprint.

Example:

[spiano@localhost work]$ gpg --list-keys

/home/spiano/.gnupg/pubring.gpg ------------------------------- pub 4096R/E4D7C711 2019-03-06 uid Test Key 2 <n@a2> sub 4096R/4F6DFEEC 2019-03-06 pub 4096R/479D9006 2019-03-04 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04


Example:

[spiano@localhost work]$ gpg --list-keys --fingerprint

/home/spiano/.gnupg/pubring.gpg ------------------------------- pub 4096R/E4D7C711 2019-03-06 Key fingerprint = BA9A 077B 050C 3FC0 6459 7E7C 98D3 EFED E4D7 C711 uid Test Key 2 <n@a2> sub 4096R/4F6DFEEC 2019-03-06 pub 4096R/479D9006 2019-03-04 Key fingerprint = 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006 uid Test Key 1 <n@a> sub 4096R/36BDD5FA 2019-03-04



3b) Display details of all private keys

gpg --list-secret-keys


Add
--fingerprint
to the command to also display the key fingerprint.

Example:

[spiano@localhost work]$ gpg --list-secret-keys

/home/spiano/.gnupg/secring.gpg ------------------------------- sec 4096R/E4D7C711 2019-03-06 uid Test Key 2 <n@a2> ssb 4096R/4F6DFEEC 2019-03-06 sec 4096R/479D9006 2019-03-04 uid Test Key 1 <n@a> ssb 4096R/36BDD5FA 2019-03-04


Example:

[spiano@localhost work]$ gpg --list-secret-keys --fingerprint

/home/spiano/.gnupg/secring.gpg ------------------------------- sec 4096R/E4D7C711 2019-03-06 Key fingerprint = BA9A 077B 050C 3FC0 6459 7E7C 98D3 EFED E4D7 C711 uid Test Key 2 <n@a2> ssb 4096R/4F6DFEEC 2019-03-06 sec 4096R/479D9006 2019-03-04 Key fingerprint = 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006 uid Test Key 1 <n@a> ssb 4096R/36BDD5FA 2019-03-04





4) Export key


4a) Export public key

gpg --armor --export [key]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. The fingerprint should not include spaces.

Redirect the output to a file to save the key.

Example:

[spiano@localhost work]$ gpg --armor --export "Test Key 1" > test_key_1.txt


Example:

[spiano@localhost ~]$ gpg --armor --export "Test Key 1"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)

mQINBFx9UOMBEADPgXOY7zfS6QLGpj99bLbuLHvi7u4X0mnbBBk0GnBvMFquDV2S
LNgZSW9m0HMS6EMGUHqeVJDXNSGaCroZV90TPIO8rKXbtjGalbxYcKSMpHERJgLu
siiDsTvoLzXV+8Qti2Lt4ti+Khbm19y6hyJ4TnBM572Yykl9M7TA3TP8bwiAsYRB
xM3+kygw4NDujRw/lLCyEtXY52GSaA7QWDE13Kx+lf6g5/BL5Kk2MGVCA/sXK6XX
RRQiA8awoeJ+hkpXPwKl75LINOVS0Ite7Ry7VQK3WeEm2qriglE097bC8tCoKFgI
5Jok23KuhypImBR8K+B1zpOPAEi0tL9xa06rnwZLd+wIvaX+1l4GQTuBNzDtHn+Z
55DBQLkDWJWHXSLtWkzwcxoluGs+BAnWm+XfLLhjTZxW0EXtuQWw3A8jkEmHNsYu
/DR1A33MrvHj7RnkSzqNoA3YfY+0hHSqtlDAyntzbX3bzuJK1u/3zZrlcrvQxIBa
T1u4KLf9WbT35fgm45RQKSb29BgjIMnJgGdWmanEApK+vRJz/+5ShFP/SkurZh0i
VarlDoDaC6d8hEeF/XfZYMw7BpBnPqz7Pqie9OHsUTmlQazyqPihkBJkzPsEJ1ug
2GkyJ+Lhdc/KR3tFYEWdvC9FaTn5af8tsr17VrCim3MQTV2CR97dOWyiowARAQAB
tBBUZXN0IEtleSAxIDxuQGE+iQI3BBMBAgAhBQJcfVDjAhsDBgsJCAcDAgYVCAIJ
CgsDFgIBAh4BAheAAAoJEOBMkylHnZAGW/kP+wYrE8ZgclkPmPCQx0g+39DS2K6y
Vj26vqj7qDwySJHF3jzEzVC72MYFiFz4yNd4z2ndLEuDSpO0hXpS3de8EZgTm6TM
wUrHq0+MIexn5tirPEl0lcznCVohL777TAmOqgYlxRm3n4tu3i7N2NPDcvAQPiOR
XWi+/NUhUIN4Y+bwq4LDd5uGc99KgnCmw4pfsWD6t4ldr7jc5FLRNuw4NfnepLet
KXFsQsEsoC+rwFdSM4fPXvw7/Ux9OIRwIm2MuCQNHd4jsgIhU8xnlZi1aO2ZyIB6
Lqiooc1lM9H15nzoxYFpIBePt9w5ANfagPX6s2plm/e1XfsWHpTkn5BGq9efRbsi
8XPD/tnnNZ5PSwn6DHqY2ZVS98/qQY0QvFvwemJfvGIVzlHzI4zyIPEL82QyszKr
vRyFhpO+qSlYcijA6m4CMI9tanGNtkvz8vtts454EkfpnqXILURA2hZWQZ5vzPzT
vzUa0iwnSNabF+2+fw+nhW7fQNN06X4XW/oLeV6TFPi/6br8/Vp/MmresLJGUXG8
xj6qKJEghuiZVcUc/qj2d86nqV/kcVpgci+1FQNMx+AI1ZDbmTKh0z1Y6ehjR9wa
bh4CTSdW8A3oyrLd7JL56K4ZeYCMDkh/wiMufO/5ZZyq1G1Sg5ZNXypBr82jfeUo
/Tp4U2XiXO6HFpeDuQINBFx9UOMBEADnYdm7WbfuA8yFtq9WuZJ404IbMYuO9+aR
eBbpEoP5TWWlijV4CmZZ736ipQDCiDgLWWJqj90F3nkIjqneXfiqMphlX0e+lKeS
E1ldP5qAzF7FxTzpT5je0K6WVwbICRV6GZD2O4FOuQPciBeH7y7X0ZCjTjoCG5lN
sOYSwq6rucK7RY5UoVktwKq2ly06txfDgd1ONLu+I422qbm6zVKKkQJmZIhsVgjn
RhWheI7G1kOTpeAqbu8QXpcFRI50JUKq1RiT1H/kN9iKvvh9kE4r2I+qN7hRS2m5
TAUfUgdJ/hwPotxljXyl1g4jSXcJu5xDeCjnJ06AEUyxNKtFJfSXHK2ZP7YtAQ9M
mvL4ff1FY3gtYn+3AbBKHveC5yy9PtTIgqXF57IRRaaMRbKDcWvy2/4kGevXAxK8
wSJnemGHbB0+HTjUl7tpm3Ry9klPp8QEbK79+SbQgR5lAo3WC2OlVLU1KRR4KS2S
VBzO5VL1PEszwKK7sUo/KQdTagUjLMkCoTshjM7sDPkdp/zC4/gsRYIqdS6iKmna
hua8+ZcYrdYUmdNH6LbgCxr5TcOQARo3O9VIw0tUt7Fe8wuvmY20hyHZmVba5FYT
kE7jsG3TUdn6rlmA9/cwuw020okXfBkLT5sR+D09ftcPync+P4KSqESvsRmWAlit
wegODV8gYwARAQABiQIfBBgBAgAJBQJcfVDjAhsMAAoJEOBMkylHnZAGBFkP/2xA
EjoaPy45ZhA6oBvJAK9uo0F9HU7RkJVPUDQvVAkQ+FMNFgkzdi2HVOK1Eb6r/FHP
2b9MMirVeE9UHE+iTvR7UfNZ9TKMdxDB6lUb4yVIRBb/rxk87NDPCVNPA7gYnyEq
M4tVLOvHLo/0B16cZZQaSfhXbCw2q+Py04dSw/H2CTCqFQGCYcSMk8eJrjRutK+N
43N7FBRpH6G2FsxtJzPS0EmD9+ajQVnR47zJhpkkAETMz5i56RfxGNkJpveq81yl
a83c6+WrpIoMpkJyUp40/loNoeMANClS2hreh7ch1yFZh/wEjQ2+T5xe6/h2zY6b
4HuOeKrktK4diS4HqEWO1mQpAvbcAS2ucSmu62rD00dGqp6KOPmp8bHG8dIZ9O8x
URdhrJWtQPOMmH9VXFfR0V+ulH/QsSuQaZzBXMoEzmTadZmSvDUmIv1e+er1w0nE
hgVAO99q0+Nv70yKMDAkSnCGZDwIL3g51+Z6wMfhehqrCykOGelob473hQ4tSeqD
LxkebYcO2KQMzqHPfuPWxvxuxb5WwvpaaYhJBISa1ZS4Kcip2O0q+o0uC6OSdYH6
vkMFfhirQGjxW8sGRT8ZuXayhivosjvVnB3GYDAVQbnjFT3VaHSPYISB3XFB0kyK
vFJtgLbNt9CHOZAXrSD3AJFdgkONTfyRbF/5Rw+x
=vmax
-----END PGP PUBLIC KEY BLOCK-----





4b) Export private key

gpg --armor --export-secret-keys [key]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. The fingerprint should not include spaces.

Redirect the output to a file to save the key.

Example:

[spiano@localhost work]$ gpg --armor --export-secret-keys "Test Key 1" > test_key_1.txt.secret


[spiano@localhost work]$ cat test_key_1.txt.secret

-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)

lQcYBFx9UOMBEADPgXOY7zfS6QLGpj99bLbuLHvi7u4X0mnbBBk0GnBvMFquDV2S
LNgZSW9m0HMS6EMGUHqeVJDXNSGaCroZV90TPIO8rKXbtjGalbxYcKSMpHERJgLu
siiDsTvoLzXV+8Qti2Lt4ti+Khbm19y6hyJ4TnBM572Yykl9M7TA3TP8bwiAsYRB
xM3+kygw4NDujRw/lLCyEtXY52GSaA7QWDE13Kx+lf6g5/BL5Kk2MGVCA/sXK6XX
RRQiA8awoeJ+hkpXPwKl75LINOVS0Ite7Ry7VQK3WeEm2qriglE097bC8tCoKFgI
5Jok23KuhypImBR8K+B1zpOPAEi0tL9xa06rnwZLd+wIvaX+1l4GQTuBNzDtHn+Z
55DBQLkDWJWHXSLtWkzwcxoluGs+BAnWm+XfLLhjTZxW0EXtuQWw3A8jkEmHNsYu
/DR1A33MrvHj7RnkSzqNoA3YfY+0hHSqtlDAyntzbX3bzuJK1u/3zZrlcrvQxIBa
T1u4KLf9WbT35fgm45RQKSb29BgjIMnJgGdWmanEApK+vRJz/+5ShFP/SkurZh0i
VarlDoDaC6d8hEeF/XfZYMw7BpBnPqz7Pqie9OHsUTmlQazyqPihkBJkzPsEJ1ug
2GkyJ+Lhdc/KR3tFYEWdvC9FaTn5af8tsr17VrCim3MQTV2CR97dOWyiowARAQAB
AA/9EHz5SfwsI+Km+VDpd5ZlXLyFJY2VtqfeCGylcgntyC//7JecSUqt6yh2JSXI
FwcEmGJZs+4FSkxq/JoAmpXsN6SV1S6kyTYLb/yY6DAfKxu/7jxmfEAEzx4MpBDo
RrYIKxRJypw9W7Ltee9KFzo4p3WYH8xEOPlN6JhssuyAvny2IL+6Qh2YvrNDvMqI
X4Qv6+9tMOElQ+Ry0Nba4nw3gM+llzNk9bUoV2d2eJtU2G+HippJxbaz+FXzekKK
xEH4c0FK/RNxxt3JIRD4GhVeNJZ3LkmChftXG8N+H2bVi10O7mWyRRahFu+nB64u
0nDfI9S6s7Gz8Od1X4KDOchsijrpfmCeh9YIGc039lItEbN01DW4QCza7/FwP0zw
rZG7zvjTl6lM3y/7bI67bV6QcuUiFunyyKfrmLA9F7VABkitm5sZq02SIoyg2+oL
s9Yk89Ep5n9A1J1BH7hDi6jz+/4V4poegyM+0Wg7tOP8MbXD70T2uroOwHLs1WUp
Z9oqGa/XCUVwGyqEsq2+viGvzOFKP5r2HpvLcio0TgX7Kb+z20R6rP/nJUDBx6vx
/Hk0+9V05B2OWQfegIfA0c6xLasu2DbT5/Adb2Byyl/4M368AFBHMxZ2V8j6TAfb
5pK9OHfW+anN2nl+4zf/QOq7czhhdC2kGSPib0sSjI6e0+UIAONvJbLMRtSL4QGY
U6b11yerSaz4g98qv3xTIJz28guGmCW1mS98tggFpcZqXtVk//FwEw2rd1KuQVZh
bLchoVHv5sPJfU8hExIO9uPW60V9l0kOly+C/oH9lIazmWAYoglo7v7JVJpfHWIW
mbbmTlHcEfesAe8WEvsyCCmgTPZT4QC2HgC+/ZAycIq8SInaKBFS92aVDCVYaEbw
aHKaX3aYXxG1Aftd2Wpl+9SAdFo9jxxzXsYg7SVCk2DV4J2Jl6MOkWlzpLfq4LfR
oqvVR7F1TR+x95aBFkPPOTbxj9WCv7hNU+0zwWMqeoNoarbXJteGAcQIrcNMrq1R
KOAUptcIAOmRh3HzOIe+d1Xm+hlOfpogdZMt9uKD5/CVVnh32EdkNOzjapbXTE0W
pFnXaCSatR9DGafngL/fRPYIoPD0UNPy6vcdg1TDWCwC7Vh7v5Alp8bGouKHK8fR
fkkN1agjFRdBbmJPsEpEkKJKsxOg90l/XZ21tZGtw/fAyVAX9fNbCDfUbqZ7jyyZ
XgJnq0TEp8fryIsX8g/xy4l690EuBglzlqSW2pdNHI6L9rwyJWFYi16JQZTSKSvt
VOxZi/eFNtbmlOfRExhNqPE3xJM+fe5YNxPg2YZEUhk27dLeAqqc85+wcObGaMvp
Q2xH0Kz65+LnQHV5u8o3NjGH/t31RRUIAIQJComBlJaS0gTpPndQb4StDAy4Qd1Y
CPWuhhOzNA8hwW3rq8MWjkVOR7VSWGtDIcccYydsJj09QzYWgaRFxynGkcjiC0oE
NRq+U+BuSSWhtWVfEsalWkyTdrbyNH53KIUB1MO56/xPaGRpGFj+nl1oWF6XUnGQ
zMiFBS1fLYQrHBiZ+JPnCwhhbRRLgGRyX33tH2oGZ8ga63cgfBWjiH6Aso4KLFeo
kvz/qAs8Rx2Px84I9F2f0lBEGO///Zri/hFoR+4sPez1M5StydhiXXKfJLFBWPuW
uTB9NYexrXK3VSXj388pvOHzl/l/wYD2Jj4gtqW5U3NP67b9+J6cifSS0rQQVGVz
dCBLZXkgMSA8bkBhPokCNwQTAQIAIQUCXH1Q4wIbAwYLCQgHAwIGFQgCCQoLAxYC
AQIeAQIXgAAKCRDgTJMpR52QBlv5D/sGKxPGYHJZD5jwkMdIPt/Q0tiuslY9ur6o
+6g8MkiRxd48xM1Qu9jGBYhc+MjXeM9p3SxLg0qTtIV6Ut3XvBGYE5ukzMFKx6tP
jCHsZ+bYqzxJdJXM5wlaIS+++0wJjqoGJcUZt5+Lbt4uzdjTw3LwED4jkV1ovvzV
IVCDeGPm8KuCw3ebhnPfSoJwpsOKX7Fg+reJXa+43ORS0TbsODX53qS3rSlxbELB
LKAvq8BXUjOHz178O/1MfTiEcCJtjLgkDR3eI7ICIVPMZ5WYtWjtmciAei6oqKHN
ZTPR9eZ86MWBaSAXj7fcOQDX2oD1+rNqZZv3tV37Fh6U5J+QRqvXn0W7IvFzw/7Z
5zWeT0sJ+gx6mNmVUvfP6kGNELxb8HpiX7xiFc5R8yOM8iDxC/NkMrMyq70chYaT
vqkpWHIowOpuAjCPbWpxjbZL8/L7bbOOeBJH6Z6lyC1EQNoWVkGeb8z80781GtIs
J0jWmxftvn8Pp4Vu30DTdOl+F1v6C3lekxT4v+m6/P1afzJq3rCyRlFxvMY+qiiR
IIbomVXFHP6o9nfOp6lf5HFaYHIvtRUDTMfgCNWQ25kyodM9WOnoY0fcGm4eAk0n
VvAN6Mqy3eyS+eiuGXmAjA5If8IjLnzv+WWcqtRtUoOWTV8qQa/No33lKP06eFNl
4lzuhxaXg50HGARcfVDjARAA52HZu1m37gPMhbavVrmSeNOCGzGLjvfmkXgW6RKD
+U1lpYo1eApmWe9+oqUAwog4C1liao/dBd55CI6p3l34qjKYZV9HvpSnkhNZXT+a
gMxexcU86U+Y3tCullcGyAkVehmQ9juBTrkD3IgXh+8u19GQo046AhuZTbDmEsKu
q7nCu0WOVKFZLcCqtpctOrcXw4HdTjS7viONtqm5us1SipECZmSIbFYI50YVoXiO
xtZDk6XgKm7vEF6XBUSOdCVCqtUYk9R/5DfYir74fZBOK9iPqje4UUtpuUwFH1IH
Sf4cD6LcZY18pdYOI0l3CbucQ3go5ydOgBFMsTSrRSX0lxytmT+2LQEPTJry+H39
RWN4LWJ/twGwSh73gucsvT7UyIKlxeeyEUWmjEWyg3Fr8tv+JBnr1wMSvMEiZ3ph
h2wdPh041Je7aZt0cvZJT6fEBGyu/fkm0IEeZQKN1gtjpVS1NSkUeCktklQczuVS
9TxLM8Ciu7FKPykHU2oFIyzJAqE7IYzO7Az5Haf8wuP4LEWCKnUuoipp2obmvPmX
GK3WFJnTR+i24Asa+U3DkAEaNzvVSMNLVLexXvMLr5mNtIch2ZlW2uRWE5BO47Bt
01HZ+q5ZgPf3MLsNNtKJF3wZC0+bEfg9PX7XD8p3Pj+CkqhEr7EZlgJYrcHoDg1f
IGMAEQEAAQAP/2wq4NxGUYd6DCs4X5jF8RT+H9UxoMHp30aDIwa7iqnJxmqQhXWE
OxvxK7zCMWw/vR+FHk6dyaA8RE29T+kt+hkqxPajB8mu+fV+iSjgGoz6vZVsIxEZ
DmifmvaaYYezQ3CMsimCYO1Z7dWzY3i/VqE7DYhighjJKS5aM/xyObD7Cu98UVD8
CtIqP0RTwSexP3E87SXp3hjByzao+rQ610sDBmGyvtoSkF/58hPF5c1LjlTgVz7P
FICND8G9LnFal+N/8ljtnwokF12pcEZW50x1FZhoKwkKHbcrtDtToCe1nQ2sP6dT
8QEf5AUYC4enxqH98vU4+WhCbh1rd2PAnioA3hAvQVsqLg0vOPKhH9o/1ZEy90jR
Kn/VBaSpwnsFxhf8M7F6jt3wX5l0jKkTUIFaXLJTlOSlNgif5FxQ1Nn0l4KzYqo7
9JDcrns7ONSrGN6SvGbhNu3Wy/pyaFMNWDB3Fxd7a5tnSs1qa1A1HlhJGCP+AMz0
7snE5bTeZOG5rpyV+NGq8pruHGNcVBF/jHbnfuteqB5E9rfi23Igbr2YWlGicj3Q
qCSFIQkb3w7vPcAL2nNI0PvW1aorHNT4Q4g+TElmWub86MSENX+LkzdVDmi1JdQl
q5VIBSinjAs+y3N946FH8PFhNpNvG+1To8x42kE2Yvw73Snky78mEgu9CADqgLIm
s44f/SIYa0vI+tb1S5nUIbyZJyXULcof4eqeCq8eAyVUd64nPUdD+QmZryTrXshm
DWtvr38n9WcT0NyB50RThpm1nJ1Br9uoZrZeMPFpfwJU6oTHNfvER4leM1O8eTa+
OSY3WfJaPosOOZdsV/bmi6F3IVkpZ1wGm8NHFGquzaZ+r38oBHeP5pEC/s1ABkS2
BoemhqZHeFqWqgKFQifsmw/JSnWnaLJK92qg7hAYs/aQ11IvMEI+A3UWTjzwB3yq
mJHcERJwkldtgrTQDg5Ga/hDTsraDv+lGH6BiMXvR565AUNumJBYnCQpB9QNJOAH
0UEGKOJT4wU5Mn8PCAD8l+xL56g+5nqhj+1dCkHyZKsdbSqlid93KEdB/LxXUxPQ
KxvjM9UEvN7ZCg7X1ClfxDJ+aTMJGAxjPDc3kzSUte8AXoERDEmdObO8u3lKIT39
TzHrb8mt4qss6cjkXCJBwo35Ql1uNG3RlDX9uSRlaANZt9JoSSd6HMMEhooX6ZeL
krRZNapPySYdgYnqDH1VEv3pNQn3RLAfGZTrQpDdzpHSdUkDyYF6dQG2jcWTANac
nWHcp2JSNnHmeji1AJo43+q6l6dXYC2QePS3X/Vuk4c0XTTZ8YpmroVZJJ7JkV4N
XVrCg57mkfEIFeGRnP+EOkCiYhmkxx6mQLqFIIltB/93z0sWF/laXKhAowLDFI0F
du1a3rIkzkyBlXIizCdYZGAfS6+7uAm0KUQuH2JlyIjJDBYWiAeZG27cAr9ltWCx
8jreSwsET8qVUmOpswbKHUESQ9CIPtM2orhQPqXKPxnxPiYx79NTopKPy2r7LAtc
vz0dzpXI39BgqbTFttIPOIIvTjCHEHnutF4zfrkfqKfUWccJrAZjClG02rbPuwRV
uaVtrfv7L6mCW79c78XieCIzEOZWMoWgIM5nx9EekHo9eBGD0eOue7X6PXOgOzw9
de9PR6QbUxqdT3rySzbY8l/ViEEs5h5Jxg+4emZEPzZOkHSrJDs3ZKnlsrLdwy89
bBmJAh8EGAECAAkFAlx9UOMCGwwACgkQ4EyTKUedkAYEWQ//bEASOho/LjlmEDqg
G8kAr26jQX0dTtGQlU9QNC9UCRD4Uw0WCTN2LYdU4rURvqv8Uc/Zv0wyKtV4T1Qc
T6JO9HtR81n1Mox3EMHqVRvjJUhEFv+vGTzs0M8JU08DuBifISozi1Us68cuj/QH
XpxllBpJ+FdsLDar4/LTh1LD8fYJMKoVAYJhxIyTx4muNG60r43jc3sUFGkfobYW
zG0nM9LQSYP35qNBWdHjvMmGmSQARMzPmLnpF/EY2Qmm96rzXKVrzdzr5aukigym
QnJSnjT+Wg2h4wA0KVLaGt6HtyHXIVmH/ASNDb5PnF7r+HbNjpvge454quS0rh2J
LgeoRY7WZCkC9twBLa5xKa7rasPTR0aqnoo4+anxscbx0hn07zFRF2Gsla1A84yY
f1VcV9HRX66Uf9CxK5BpnMFcygTOZNp1mZK8NSYi/V756vXDScSGBUA732rT42/v
TIowMCRKcIZkPAgveDnX5nrAx+F6GqsLKQ4Z6WhvjveFDi1J6oMvGR5thw7YpAzO
oc9+49bG/G7FvlbC+lppiEkEhJrVlLgpyKnY7Sr6jS4Lo5J1gfq+QwV+GKtAaPFb
ywZFPxm5drKGK+iyO9WcHcZgMBVBueMVPdVodI9ghIHdcUHSTIq8Um2Ats230Ic5
kBetIPcAkV2CQ41N/JFsX/lHD7E=
=+Zl9
-----END PGP PRIVATE KEY BLOCK-----





5) Delete key


5a) Delete public key

gpg --delete-keys [key]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. The fingerprint should not include spaces.

Note: This command won't work if an associated private key is stored in the GPG internal database. You have to delete the private key first.

Example:

[spiano@localhost work]$ gpg gpg --delete-keys "Test Key 1"

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


pub 4096R/479D9006 2019-03-04 Test Key 1 <n@a>

Delete this key from the keyring? (y/N) y



5b) Delete private key

gpg --delete-secret-keys [key]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. The fingerprint should not include spaces.

Example:

[spiano@localhost work]$ gpg --delete-secret-keys 22D2012D82FA14F44A3AC9BEE04C9329479D9006

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. sec 4096R/479D9006 2019-03-04 Test Key 1 <n@a> Delete this key from the keyring? (y/N) y This is a secret key! - really delete? (y/N) y





6) Import key


6a) Import public key

gpg --import [file_name]


where [file_name] is the name of the file containing a GPG public key.

Example:

[spiano@localhost work]$ gpg --import test_key_1.gpg

gpg: key 479D9006: public key "Test Key 1 <n@a>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)



6b) Import private key

gpg --import [file_path]


where [file_name] is the name of the file containing a GPG private key.

Note: Importing a private key causes GPG to construct and store the corresponding public key.

Example:

[spiano@localhost work]$ gpg --import test_key_1.txt.secret

gpg: key 479D9006: secret key imported gpg: key 479D9006: public key "Test Key 1 <n@a>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) gpg: secret keys read: 1 gpg: secret keys imported: 1





7) Sign a file using a specific key, producing a detached signature file

gpg --detach-sign --armor --local-user [key] [file_name]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. The fingerprint should not include spaces.

and where [file_name] is the name of the file-to-be-signed.

Notes:
- The detached signature file will have the name
[file_name].asc
.
- The option
--output [output_file_name]
allows you to specify the name of the detached signature file. I have not tested this.

Example:

[spiano@localhost work]$ ls -1

foo.txt

[spiano@localhost work]$ gpg --detach-sign --armor --local-user BA9A077B050C3FC064597E7C98D3EFEDE4D7C711 foo.txt


[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc

[spiano@localhost work]$ cat foo.txt.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAABAgAGBQJcgRhqAAoJEJjT7+3k18cR0FIQAJbOhNiY78cdkNqYaGTjyE01
aL1VVYjEC4JgsXPPn4WPi6jVv2gEYodhGaDxSIv/KOQlPrnqj7cdFjhPlg1xwFme
WT9vxXuwFb1+iVDJR+2LcH/P+pabCnTjp2QGh4+dus0FdKqDvcZ4XVVIEqytp7aD
Mz29gAxoxgy4dl9NUidHK3j3H7mUh92e8CTBJIyUgYN62t+mHq+y6DgJ5aRe2etA
Dt3/LeW1+pj4Hmg61OcOe3WRZ/UqebrvaUM+o63DWpdxolNQlgrM17uWxg9+FPgh
acOhq9g2nANl7ZFaeSQ43EitBVAbuIxmAJ0p9jjVIJCZHC4W6PhHPkW8zBHIvKaJ
TmgizHYZN6VlcnNdnfn0oacRDxCZbeqoSirK2a8v/KpUvJVs+KoigIBUf/i1I+98
Xn+PbBn6msuavG/S7rA95WYZMWXy0ZoUCcjEN+2TW4D/FKGZPPXqUJ2pf0GIq5fw
fMQcJVoBw8NnZbCh0VgDy5N8Gr7rfrmalkrTuZhOYEW77rPOQVtWLiIQ6dcS80wz
aAqstMz2VAFwWdNpynT5QvD/tBroztEp/YSepaLXJR66fxwWKOaOZdKGyS5flhzm
J0Wwe4YTVjAVrtnWEkhp9tVFIgBG0gmePfBpFyHwHCso9/1u0dhF9KZ+fKMqMZB0
SeO8M+xeSvzm1/BGdPmn
=rve+
-----END PGP SIGNATURE-----


Note: The
gpg --list-packets [detached_signature_file_name]
command can be used to view the long key ID of the public key that signed the file. Perhaps the fingerprint is not included in the signature file (ideally, it would be).

Example:

[spiano@localhost work]$ gpg --list-packets foo.txt.asc

:signature packet: algo 1, keyid 98D3EFEDE4D7C711 version 4, created 1551964266, md5len 0, sigclass 0x00 digest algo 2, begin of digest d0 52 hashed subpkt 2 len 4 (sig created 2019-03-07) subpkt 16 len 8 (issuer key ID 98D3EFEDE4D7C711) data: [4096 bits]





8) Verify the detached signature of a file, checking that the signature was made by a specific key

gpg --verify [file_name].asc [file_name]


where [file_name].asc is the name of the detached signature file and [file_name] is the name of the original file.

Add
--status-fd 1
to the command to also display the fingerprint of the key that made the signature.

Use
grep
to filter the output for a specific fingerprint and
wc -l
to turn this into a binary result (0 or 1). This works only because the fingerprint (without spaces) will be included on only 1 line of the output.

Note: I found that the GPG output is sent to stderr. Redirecting it to stdout using
2>&1
stops it being printed to the terminal when using
grep
+
wc -l
.

Example:

[spiano@localhost work]$ gpg --verify foo.txt.asc foo.txt

gpg: Signature made Wed 06 Mar 2019 09:39:34 PM GMT using RSA key ID 479D9006
gpg: Good signature from "Test Key 1 <n@a>"


Example:

[spiano@localhost work]$ gpg --verify --status-fd 1 foo.txt.asc

gpg: Signature made Thu 07 Mar 2019 12:59:23 PM GMT using RSA key ID 479D9006 [GNUPG:] SIG_ID 2y1gNDe4vfd+U2ZNylv1foWsORk 2019-03-07 1551963563 [GNUPG:] GOODSIG E04C9329479D9006 Test Key 1 <n@a> gpg: Good signature from "Test Key 1 <n@a>" [GNUPG:] VALIDSIG 22D2012D82FA14F44A3AC9BEE04C9329479D9006 2019-03-07 1551963563 0 4 0 1 2 00 22D2012D82FA14F44A3AC9BEE04C9329479D9006 [GNUPG:] TRUST_UNDEFINED gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 22D2 012D 82FA 14F4 4A3A C9BE E04C 9329 479D 9006


Note: In the previous example, I think that GPG took the signature file name "foo.txt.asc" and checked for the implied presence of an original file "foo.txt", which did actually exist.

Next: Use
grep
to filter the output for a specific fingerprint and
wc -l
to turn this into a binary result (0 or 1).

Example:

[using Test Key 1 fingerprint]
[spiano@localhost work]$ gpg --status-fd 1 --verify foo.txt.asc foo.txt 2>&1 | grep 22D2012D82FA14F44A3AC9BEE04C9329479D9006 | wc -l

1

[using Test Key 2 fingerprint]
[spiano@localhost work]$ gpg --status-fd 1 --verify foo.txt.asc foo.txt 2>&1 | grep BA9A077B050C3FC064597E7C98D3EFEDE4D7C711 | wc -l

0


Note: I found that the GPG output is sent to stderr. Redirecting it to stdout using
2>&1
stops it being printed to the terminal when using
grep
+
wc -l
.




9) Encrypt a message file to a specific public key

gpg --encrypt --recipient [key] --armor [file_name]


where [key] is any of the following: real name, short key ID, email address, or fingerprint. The fingerprint should not include spaces.

and where [file_name] is the name of the file-to-be-encrypted.

Notes:
- The encrypted file will be called
[file_name].asc
.
- The option
--output [output_file_name]
allows you to specify the name of the encrypted file. I have not tested this.

Example:

[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc
test_key_1.private.asc
test_key_1.public.asc

[spiano@localhost work]$ echo "hello world 2" > message.txt


[spiano@localhost work]$ cat message.txt

hello world 2

[spiano@localhost work]$ gpg --encrypt --recipient "Test Key 2" --armor message.txt


[spiano@localhost work]$ ls -1

foo.txt
foo.txt.asc
message.txt
message.txt.asc
test_key_1.private.asc
test_key_1.public.asc

[spiano@localhost work]$ cat message.txt.asc

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.10 (GNU/Linux)

hQIMA277c+dPbf7sAQ//Vy84fj6up/ugMxYhf5byyk4nfY1S1PvOPKWK2hcYwDRR
BDEfBnSBw2+UifPDIItY5y3Aa68R1/hS8CZX0kyXeBnn+mjHlvECUxXPTCwYHm8Z
Hz9rSfLLt4kaZe4gNbOQi4sztjDZq8r0/rV/dTe7hBHw8e5KlFm8MZ0enEpbSHFi
9hq8aUO2QmP368+a+qw9jG59w6R+adWL1nN9SCI3pvQj1Oxh1JCMCPsmV63ot72k
EMy8D6iJNGmigxrIOpeonHEkKxGy8cqa0fTcfHVBc0MGDUebMxd/VvaKNpbqS+eh
NGq6HcS8rPZHJsjIwLSSEl60eH7DplWJrRTG1p94oYM9UbWywWguTC+xNNsDHG/A
mrkvRKx2pwA3UUzperOqcpGLCjEQs1u9DT9scwRnXIn1zGOT5bAnGki7iLucBJHq
KfglkCF6uEdY90tmEPq7nVTCnqpKvA5Sio1aLyseitP/VOIHdjkIexoqJk3Hb8kN
xyZvvKgDzc/c1zVjdheBu3TYRCAPodRHPne4glJXPRS72CZOrVLaMamNZAx6Ad7/
fr0ah83krDg5bN86yMKcIgTzN69nt/hCtwUNNSAIo6PYKoGnsgxtAdnEra1UVkGw
pmV1oteniWzHD3MTtw3NOjbK2pFFkKZDFR3xBWOb4ZUvGTdtNSklc4Vq4n94aVjS
VAFhpUrJrnXpFi8I6SndEqZwBCAC4L5NH4gFqT0TbEBEPQDakgNRsH3S4KLmSt0o
My+XJD9Tu9fKjL/kvcGUFJ9/5xrxCILYBxE8BIsicfw+r11ezA==
=QfVh
-----END PGP MESSAGE-----





10) Decrypt an encrypted message file, checking that the decryption was performed using a specific private key.

gpg --decrypt --output [file_name] [file_name].asc


where [file_name] is the name of the decrypted file (to be created by this command) and [file_name].asc is the name of the detached signature file.

Notes:
- A GPG key contains a primary keypair and a subkeypair. The primary keypair is used for signing. The subkeypair is used for encryption. Other people's encrypted messages are encrypted to the public subkey. The private subkey is used to decrypt messages.
- You will be able to see that the short key ID in the decryption output is not that of the main public key. This short key ID will be visible in the output of
gpg --list-keys
as the short key ID of the subkey of the main public key.

Example:

[spiano@localhost work]$ gpg --decrypt --output message2.txt message2.txt.asc

gpg: encrypted with 4096-bit RSA key, ID 4F6DFEEC, created 2019-03-06 "Test Key 2 <n@a2>"


The earlier item "8) Verify the detached signature of a file, checking that the signature was made by a specific key" describes how to use the tools
grep
and
wc -l
to produce a binary result for checking that a particular fingerprint is present in the output. A similar approach can be used here to check that a specific short key ID is present in the output, although this is insecure. Checking for a long key ID or fingerprint would be much better.

The
gpg --list-packets [encrypted_file_name]
command can be used to view the long key ID of the public subkey of the main public key to which the file is encrypted. However, I don't know how to choose a public key in the GPG database and display the long key ID of its public subkey.

Example:

[spiano@localhost work]$ gpg --list-packets message.txt.asc

:pubkey enc packet: version 3, algo 1, keyid 6EFB73E74F6DFEEC data: [4095 bits] :encrypted data packet: length: 84 mdc_method: 2 gpg: encrypted with 4096-bit RSA key, ID 4F6DFEEC, created 2019-03-06 "Test Key 2 <n@a2>" :compressed packet: algo=2 :literal data packet: mode b (62), created 1551960343, name="message.txt", raw data: 14 bytes





















ADDITIONAL INFORMATION





1) Create key

- It might be possible to use an empty string "" for email address. I haven't tested this.
- It's possible to just not perform any action while random bytes are being generated. I don't know how much this helps or hinders.
- When I chose not to use a passphrase, GPG insisted on generating one. Not sure if a passphrase was actually generated or if GPG only reported that it was.




2) Display key


2a) Display public key details

- I have tested: real name.
- The fingerprint is displayed with spaces, but is not used with spaces in commands.


2b) Display private key details

- I have tested: real name.




3) Display details of all keys


3a) Display details of all public keys


3b) Display details of all private keys




4) Export key


4a) Export public key

- I have tested: real name, short key ID, email address, fingerprint, long key ID.


4b) Export private key

- I have tested: real name, fingerprint.




5) Delete key


5a) Delete public key

- I have tested: real name, fingerprint.


5b) Delete private key

- I have tested: real name, fingerprint.




6) Import key


6a) Import public key

- I have only tested this command with a public key that was in GPG's binary format.
- It may be possible to use a file path instead of only a file name. I have not tested this.


6b) Import private key

- I have tested that importing a private key causes GPG to construct and store the corresponding public key.




7) Sign a file using a specific key, producing a detached signature file

- I have tested: real name, fingerprint.
- It may be possible to use a file path instead of only a file name. I have not tested this.
- The
gpg --list-packets [detached_signature_file_name]
command can be used to view the long key ID of the public key that signed the file. Perhaps the fingerprint is not included in the signature file (ideally, it would be).




8) Verify the detached signature of a file, checking that the signature was made by a specific key

- It may be possible to use a file path instead of only a file name. I have not tested this.




9) Encrypt a message file to a specific public key

- I have tested: real name, fingerprint.




10) Decrypt an encrypted message file, checking that the decryption was performed using a specific private key.

- It may be possible to use a file path instead of only a file name. I have not tested this.
- The
gpg --list-packets [encrypted_file_name]
command can be used to view the long key ID of the public subkey of the main public key to which the file is encrypted.














[start of notes]



This material was originally published in the article Testing GPG 1.4.10, in the section Basic GPG Commands. It has been edited for republication.


[end of notes]