Install gnupg;
$ sudo prt-get depinst gnupg
Create a skeleton configuration to be copied by useradd to each user home directory;
$ sudo mkdir /etc/skel/.gnupg $ sudo cp /usr/share/gnupg/gpg-conf.skel /etc/skel/.gnupg/gpg.conf
$ chmod 700 ~/.gnupg $ chmod -R 600 ~/.gnupg/*
Options for creating a DSA and ElGamal key;
Generate keys;
$ gpg2 --full-gen-key gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 2 DSA keys may be between 1024 and 3072 bits long. What keysize do you want? (2048) 2048 Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 6m Key expires at Tue May 30 20:29:36 2017 WEST Is this correct? (y/N) y GnuPG needs to construct a user ID to identify your key. Real name: User Name Email address: user@core.privat-server.net Comment: user at external dot org You selected this USER-ID: "User Name (user at core) <user@core.privat-server.net>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
This will create the follow files;
.gnupg/pubring.gpg .gnupg/random_seed .gnupg/secring.gpg .gnupg/trustdb.gp
List keys;
$ gpg --list-keys /home/droid/.gnupg/pubring.kbx ------------------------------ pub dsa3072/EE29B7D3 2016-05-30 [SC] [expires: 2017-05-30] uid [ultimate] User Name (user at core ) <user@core.privat-server.net> sub elg2112/9BC2DC12 2016-05-30 [E] [expires: 2017-05-30]
In this case pub key ID is EE29B7D3, add to .profile;
export GPGKEY=0xEE29B7D3
Key Management;
$ gpg --list-keys $ gpg --list-secret-keys $ gpg --fingerprint $ gpg --delete-key UID $ gpg --delete-secret-key $ gpg --edit-key UID
$ gpg --edit-key KEYID adduid
Follow the instructions and then select the user you want to revoque, where N is the UID of the user;
$ gpg --edit-key KEYID uid N revuid save
Public keys can be exported in binary format or ASCII-armored format. To export binary format;
$ gpg --list-keys
$ gpg --output user.gpg --export user@localhost
Generate an ASCII version of your public key;
$ gpg --armor --output user.asc --export 'User Name'
The primary public key's ID is referenced in the pub line after the key size, for example the key created above, the short key ID is EE29B7D3:
gpg --keyserver search.keyserver.net --send-key EE29B7D3
Is very easy to import public keys;
$ gpg --import user.gpg
To list imported keys;
$ gpg --list-keys
Configure GnuPG to automatically fetch public keys, uncomment following line to ~/.gnupg/gpg.conf;
keyserver-options auto-key-retrieve
And add a server, in this example wwwkeys.pgp.net;
keyserver wwwkeys.pgp.net keyserver search.keyserver.net keyserver pgp.mit.edu
Test your configuration as described by Justin R. Miller Mutt Gnupg Howto;
$ gpg --recv-keys 0xC9C40C31
Confirm;
gpg --list-keys justin