Skip to content

Elevating Security with GnuPG: A Comprehensive Guide

Discover the power of GnuPG for securing your communications and data. This guide provides essential insights into configuring GnuPG for new users, generating keys, and managing secure sockets. Learn how to seamlessly integrate GnuPG into your workflow, ensuring your digital security is top-notch. Whether you're backing up keys, exporting public keys, or setting up GnuPG for the first time, this guide has you covered with practical commands and expert tips.

Default options for new users

If you want to setup some default options for new users, put configuration files in /etc/skel/.gnupg/. When the new user is added in system, files from here will be copied to its GnuPG home directory. There is also a simple script called addgnupghome which you can use to create new GnuPG home directories for existing users:

addgnupghome $LOGNAME

Permission denied errors gets fixed by set the correct permissions

chown -R $(whoami) ~/.gnupg/
chmod 600 ~/.gnupg/*
chmod 700 ~/.gnupg

Add to bashrc

# Set GPG TTY
# ----------------
export GPG_TTY=$(tty)
gpg-connect-agent updatestartuptty /bye >/dev/null
unset SSH_AGENT_PID
if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
  export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
fi
if ! pgrep -x -u "${USER}" gpg-agent >/dev/null 2>&1; then
  gpg-connect-agent /bye >/dev/null 2>&1
fi

Generate a key

gpg --full-gen-key

Export Public key

Edit filename, this is an example

gpg --output private.pgp --armor --export-secret-key username@email

Export public key (id)

gpg --output public.pgp --armor --export username@email

Send keys to a server

gpg --keyserver pgp.mit.edu --send-keys 8AD6C58AD226F84B
gpg --keyserver keyserver.ubuntu.com --send-keys 5BDA4A6D5D9A1C3DF4C5F0F78AD6C58AD226F84B
gpg --keyserver keys.openpgp.org --send-keys 5BDA4A6D5D9A1C3DF4C5F0F78AD6C58AD226F84B 

gpgconf --list-dirs

View all keys

gpg --list-keys

List secret keys

gpg --list-secret-keys

Kill running socket

gpgconf --kill dirmngr

Launch run socket

gpgconf --launch dirmngr
Backup GnuPG configuration/keyring 
(umask 077 && tar -caf $HOME/gnupg-backup_`date +%Y%m%d_%H%M%S`.tar.xz -C ${HOME} .gnupg)