A list of common GPG commands.

brew install gnupg

gpg --gen-key

gpg --export --armor [optional email or name?] > publickey.asc

gpg --import theirpublickey.asc

gpg --list-keys

gpg --list-secret-keys

gpg --edit-key [email or username]

trust (invoke trust command on the key)
5 (ultimate trust)
y (if prompted)
quit

gpg --encrypt --recipient [email or username] [filename.txt]

If you want to encrypt a file so that only you can decrypt it, then specify yourself as the email or username:

gpg --encrypt --recipient [your username or email] [filename.txt]

If you want to encrypt a file so that only a group can decrypt it, define the group in your gpg.conf file (see below) and then specify that group in the recipient parameter:

gpg --encrypt --recipient [group name] [filename.txt]

And the shortened version of these commands:

gpg -e -r [recipient] [filename.txt]

gpg --decrypt [filename.txt]

Omit --decrypt if the file is a binary file.

gpg [filename.txt.gpg]

gpg --output output.txt --sign doc.txt

gpg --clearsign doc.txt

gpg --output output.txt --detach-sig doc.txt

gpg --output output.txt --decrypt signed.sig

gpg --verify signed.txt

gpg --verify doc.sig doc.txt

The GPG agent will act as a cache for your private key. It's a daemon that runs on your machine in the background. Should be started as a system service during boot.

To interact with the agent there is the command gpg-connect-agent. That opens a command line interface like Telnet to the agent where you can issue commands and the agent will answer.

gpg-connect-agent 'keyinfo --list' /bye

GPG software configuration is stored in your home directory at ~/.gnupg/gpg.conf.

You list the members of a group by some attribute of their public key found in your GPG keyring; this is typically a person's name or email address (or partials of either of these).

group spies = nick, steve, chris

http://blog.ghostinthemachines.com/2015/03/01/how-to-use-gpg-command-line/ https://www.gnupg.org/gph/en/manual/x135.html