random/docs/gpg.md

# Create a key
`gpg --expert --full-generate-key`
* RSA (set your own capabilities)
* Set to Certify only.
* 4096
* 2020-01-01

`gpg --expert --edit-key <userid>`
* `addkey` (Create 3, one for sign, encrypt, authenticate)
* `adduid`
* `save`

# Backup key
* `mv ~/.gnupg/secring.gpg ~/.backup/gpg/`
* `mv ~/.gnupg/pubring.gpg ~/.backup/gpg/`
* `gpg -a --export-secret-key <userid> > secret_key.gpg`
* `gpg -a --export-secret-subkeys <userid> > secret_subkeys.gpg`
* `gpg --delete-secret-keys <userid>`
* `gpg --import secret_subkeys.gpg`
* `gpg --list-secret-keys`
* `rm secret_subkeys.gpg`

# Revoke cert
* `gpg -a --output revoke.asc --gen-revoke '<fingerprint>'`

# Import/Export public key
* `gpg --import public.key`
* `gpg --output public.key --armor --export <userid>`

# Import/Export private key
* `gpg --export-secret-keys --armor <userid> > privkey.asc`
* `gpg --import privkey.asc`

# Edit keys
* `gpg --edit-key <userid>`

# List (secret) keys
* `gpg --list-keys`
* `gpg --list-secret-keys`

# Encrypt/Decrypt
* `gpg --recipient user-id --encrypt doc`
* `gpg --output doc --decrypt doc.gpg`

or...

* `gpg -c --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 --s2k-count 65536 doc`
* `gpg --output doc --decrypt doc.gpg`

# Signing
* `gpg --output doc.sig --sign doc`
* `gpg --output doc.sig --clearsign doc`
* `gpg --output doc.sig --detach-sig doc`

# Verify
* `gpg --verify doc.sig`
* `gpg --verify archlinux-version.iso.sig`
* `gpg --verify archlinux-version.iso.sig /path/to/archlinux-version.iso`
* `gpg --with-fingerprint <keyfile>`

# Send keys
* `gpg --send-keys <userid>`
* `gpg --refresh-keys`

# Get keys
* `gpg --recv-key '<fingerprint>'`
* `gpg --fingerprint '<fingerprint>'`

# Sign key
* `gpg --lsign-key '<fingerprint>'`

or...

* `gpg --sign-key '<fingerprint>'`